network security and it’s issues presenter prosanta gope advisor prof. tzonelih hwang quantum...
TRANSCRIPT
![Page 1: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/1.jpg)
Network Security and It’s Issues
Presenter
Prosanta Gope
AdvisorProf. Tzonelih
Hwang
Quantum Information and Network Security Lab, NCKU,2015
![Page 2: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/2.jpg)
Flash Back
Part 3 Protocols 2
![Page 3: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/3.jpg)
Outline
Network Security Basics. Understating the Purpose of Mutual
Authentication Symmetric Key based Mutual
Authentication. Public Key based Mutual Authentication. Understating Secure Socket Layer (SSL)
![Page 4: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/4.jpg)
Network Security Basics
![Page 5: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/5.jpg)
Network Security Services
Confidentiality Integrity Authentication Nonrepudiation Access Control Availability
![Page 6: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/6.jpg)
Network Security Services Confidentiality
Maintaining the privacy of data Integrity
Detecting that the data is not tampered with Authentication
Establishing proof of identity Nonrepudiation
Ability to prove that the sender actually sent the data Access Control
Access to information resources are regulated Availability
Computer assets are available to authorized parties when needed
SERVICES
![Page 7: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/7.jpg)
Something Well-known in Network Security World
![Page 8: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/8.jpg)
Friends and enemies: Alice, Bob, Trudy
Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages
securesender
securereceiver
channel data, control messages
data data
Alice Bob
Trudy
![Page 9: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/9.jpg)
Protocol Human protocols the rules followed in
human interactionso Example: Asking a question in class
Networking protocols rules followed in networked communication systemso Examples: HTTP, FTP, etc.
Security protocol the (communication) rules followed in a security applicationo Examples: SSL, IPSec, Kerberos, etc.
![Page 10: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/10.jpg)
Ideal Security Protocol Must satisfy security requirements
o Requirements need to be precise Efficient
o Small computational requiremento Small bandwidth usage, minimal delays…
Robusto Works even if environment changes
Easy to use & implement, flexible… Difficult to satisfy all of these!
![Page 11: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/11.jpg)
Secure Entry to NSA
1. Insert badge into reader2. Enter PIN3. Correct PIN?
Yes? EnterNo? Get shot by security guard
![Page 12: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/12.jpg)
ATM Machine Protocol
1. Insert ATM card2. Enter PIN3. Correct PIN?
Yes? Conduct your transaction(s)No? Machine (eventually) eats card
![Page 13: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/13.jpg)
Authentication Protocols
![Page 14: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/14.jpg)
Authentication
Alice must prove her identity to Bobo Alice and Bob can be humans or computers
May also require Bob to prove he’s Bob (mutual authentication)
Probably need to establish a session key May have other requirements, such as
o Use public keyso Use symmetric keyso Use hash functionso Anonymity, etc., etc.
![Page 15: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/15.jpg)
Simple Authentication
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
Simple and may be OK for standalone system But insecure for networked system
o Subject to a replay attack (next 2 slides)o Also, Bob must know Alice’s password
![Page 16: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/16.jpg)
Authentication Attack
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
Trudy
![Page 17: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/17.jpg)
Authentication Attack
Bob
“I’m Alice”
Prove it
My password is “frank”Trudy
This is an example of a replay attack How can we prevent a replay?
![Page 18: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/18.jpg)
Simple Authentication
Alice Bob
I’m Alice, my password is “frank”
More efficient, but… … same problem as previous version
![Page 19: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/19.jpg)
Better Authentication
Alice Bob
“I’m Alice”
Prove it
h(Alice’s password)
Better since it hides Alice’s passwordo From both Bob and Trudy
But still subject to replay
![Page 20: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/20.jpg)
Challenge-Response To prevent replay, use challenge-response
o Goal is to ensure “freshness”
Suppose Bob wants to authenticate Aliceo Challenge sent from Bob to Alice
Challenge is chosen so that… o Replay is not possible
o Only Alice can provide the correct response
o Bob can verify the response
![Page 21: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/21.jpg)
Nonce To ensure freshness, can employ a nonce
o Nonce == number used once
What to use for nonces?o That is, what is the challenge?
What should Alice do with the nonce?o That is, how to compute the response?
How can Bob verify the response? Should we rely on passwords or keys?
![Page 22: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/22.jpg)
Challenge-Response
Bob
“I’m Alice”
Nonce
h(Alice’s password, Nonce)
Nonce is the challenge The hash is the response Nonce prevents replay, ensures freshness Password is something Alice knows Note: Bob must know Alice’s pwd to verify
Alice
![Page 23: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/23.jpg)
Generic Challenge-Response
Bob
“I’m Alice”
Nonce
Something that could only be
Alice from Alice (and Bob can verify)
In practice, how to achieve this? Hashed password works, but… Encryption is better here (Why?)
![Page 24: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/24.jpg)
Symmetric Key Notation Encrypt plaintext P with key K
C = E(P,K) Decrypt ciphertext C with key K
P = D(C,K) Here, we are concerned with attacks on
protocols, not attacks on cryptoo So, we assume crypto algorithms are secure
![Page 25: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/25.jpg)
Authentication: Symmetric Key Alice and Bob share symmetric key K Key K known only to Alice and Bob Authenticate by proving knowledge of
shared symmetric key How to accomplish this?
o Cannot reveal key, must not allow replay (or other) attack, must be verifiable, …
![Page 26: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/26.jpg)
Authentication with Symmetric Key
Alice, K Bob, K
“I’m Alice”
E(R,K)
Secure method for Bob to authenticate Alice Alice does not authenticate Bob
So, can we achieve mutual authentication?
R
![Page 27: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/27.jpg)
Mutual Authentication?
Alice, K Bob, K
“I’m Alice”, R
E(R,K)
E(R,K)
What’s wrong with this picture? “Alice” could be Trudy (or anybody else)!
![Page 28: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/28.jpg)
Mutual Authentication Since we have a secure one-way
authentication protocol… The obvious thing to do is to use the
protocol twiceo Once for Bob to authenticate Aliceo Once for Alice to authenticate Bob
This has got to work…
![Page 29: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/29.jpg)
Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(RA, K)
E(RB, K)
This provides mutual authentication… …or does it? See the next slide
![Page 30: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/30.jpg)
Mutual Authentication Attack
Bob, K
1. “I’m Alice”, RA
2. RB, E(RA, K)
Trudy
Bob, K
3. “I’m Alice”, RB
4. RC, E(RB, K)
Trudy
5. E(RB, K)
![Page 31: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/31.jpg)
Let’s Resolve this Problem
![Page 32: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/32.jpg)
Symmetric Key Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(“Bob”,RA,K)
E(“Alice”,RB,K)
Do these “insignificant” changes help? Yes!
![Page 33: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/33.jpg)
Problem Statement
In Symmetric Key based Authentication
Protocol Alice and Bob need to have a
Shared Secret Key, Where Distribution of
Keys among the Participants is a tedious
Job.
![Page 34: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/34.jpg)
Welcome to the World of Public-Key Crypto-
System
![Page 35: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/35.jpg)
35
Public Keys and Trust
Public Key: PA
Secret key: SA
Public Key: PB
Secret key: SB
How are public keys stored?
How to obtain the public key?
How does Bob know or ‘trusts’ that PA is Alice’s public key?
![Page 36: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/36.jpg)
36
Distribution of Public Keys
Public announcement: users distribute public keys to recipients or broadcast to community at large
Publicly available directory: can obtain greater security by registering keys with a public directory
Public Key Can Also Achieve Through CA
![Page 37: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/37.jpg)
Public Key Notation Encrypt M with Alice’s public key: {M}Alice
Sign M with Alice’s private key: [M]Alice
Anybody can use Alice’s public key Only Alice can use her private key
![Page 38: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/38.jpg)
Public Key Authentication
Alice Bob
“I’m Alice”
{R}Alice
R
Is this secure? Trudy can get Alice to decrypt anything!
![Page 39: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/39.jpg)
Public Key Authentication
Alice Bob
“I’m Alice”
R
[R]Alice
Is this secure? Trudy can get Alice to sign anything!
![Page 40: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/40.jpg)
Public Keys Generally, a bad idea to use the same
key pair for encryption and signing Instead, should have…
o …one key pair for encryption/decryption…o …and a different key pair for
signing/verifying signatures
![Page 41: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/41.jpg)
Session Key Usually, a session key is required
o I.e., a symmetric key for a particular sessiono Used for confidentiality and/or integrity
How to authenticate and establish a session key (i.e., shared symmetric key)?o When authentication completed, want Alice and
Bob to share a session keyo Trudy cannot break the authentication…o …and Trudy cannot determine the session key
![Page 42: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/42.jpg)
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R,K}Alice
{R +1,K}Bob
Is this secure?o Alice is authenticated and session key is secureo Alice’s “nonce”, R, useless to authenticate Bobo The key K is acting as Bob’s nonce to Alice
No mutual authentication
![Page 43: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/43.jpg)
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[R,K]Bob
[R +1,K]Alice
Is this secure?o Mutual authentication (good), but…o … session key is not secret (very bad)
![Page 44: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/44.jpg)
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
{[R,K]Bob}Alice
{[R +1,K]Alice}Bob
Is this secure? Seems to be OK Mutual authentication and session key!
![Page 45: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/45.jpg)
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[{R,K}Alice]Bob
[{R +1,K}Bob]Alice
Is this secure? Seems to be OK
![Page 46: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/46.jpg)
Perfect Forward Secrecy Consider this “issue”…
o Alice encrypts message with shared key K and sends ciphertext to Bob
o Trudy records ciphertext and later attacks Alice’s (or Bob’s) computer to recover K
o Then Trudy decrypts recorded messages
Perfect forward secrecy (PFS): Trudy cannot later decrypt recorded ciphertexto Even if Trudy gets key K or other secret(s)
Is PFS possible?
![Page 47: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/47.jpg)
Naïve Session Key Protocol
Trudy could record E(KS, K) If Trudy later gets K then she can get KS
o Then Trudy can decrypt recorded messages
Alice, K Bob, K
E(KS, K)
E(messages, KS)
![Page 48: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/48.jpg)
Then How to Achieve Perfect Forward Secrecy
(PFS)
![Page 49: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/49.jpg)
With the Help of Diffie-Hellman Key-Agreement Protocol
![Page 50: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/50.jpg)
Key Agreement: Diffie-Hellman Protocol
Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Zp*, p and g public.
K = (gb mod p)a = gab mod p
ga mod p
gb mod p
K = (ga mod p)b = gab mod p
Pick random, secret aCompute and send ga mod p
Pick random, secret bCompute and send gb mod p
![Page 51: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/51.jpg)
MIM in Diffie-Hellmanga mod n
gb mod n
gc mod n
gc mod n
Alice computes gac mod n and Bob computes gbc mod n !!!
![Page 52: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/52.jpg)
Oh! No..Can Anyone Help Me to Achieve PFS?
![Page 53: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/53.jpg)
Perfect Forward Secrecy
Session key KS = gab mod p Alice forgets a, Bob forgets b So-called Ephemeral Daffier-Hellman Neither Alice nor Bob can later recover KS
Are there other ways to achieve PFS?
Alice: K, a Bob: K, b
E(ga mod p, K)
E(gb mod p, K)
![Page 54: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/54.jpg)
Mutual Authentication, Session Key and PFS
Alice Bob
“I’m Alice”, RA
RB, [{RA, gb mod p}Alice]Bob
[{RB, ga mod p}Bob]Alice
Session key is SK = gab mod p Alice forgets a and Bob forgets b If Trudy later gets Bob’s and Alice’s secrets,
she cannot recover session key SK
![Page 55: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/55.jpg)
Three-Party Mutual Authentication
andKey-Distribution
UsingSymmetric-Key Crypto System
Part 3 Protocols 55
![Page 56: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/56.jpg)
Meet Our Participants
Part 3 Protocols 56
![Page 57: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/57.jpg)
Part 3 Protocols 57
Trudy
Alice Bob
Can be Treated as Server
![Page 58: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/58.jpg)
Assumptions
Part 3 Protocols 58
![Page 59: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/59.jpg)
Part 3 Protocols 59
Trudy
Alice Bob
𝑲 𝒂𝒕𝑲 𝒃𝒕
?Share Key𝑰𝑫𝒂
𝑰𝑫𝒃
![Page 60: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/60.jpg)
TrudyM1
M2M
3M4
Gen:NaNx=Na Va=h(Na || Kat || IDa)M1:{IDa, Nx, Va}
Gen:NbNy=Nb Vb=h(Nb || Kbt || IDb)M2 :{IDb, Ny, Vb}
Check:?Va, ?VbGen: KabM3 :{Kab || Na}M4 :{Kab || Nb}
Na=Nx Nb=Ny
![Page 61: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/61.jpg)
TrudyM1
M2M
3M4
Decrypt: M3Check: ? NaGet : Kab
Check:?Va, ?VbGen: KabM3 :{Kab || Na}M4 :{Kab || Nb}
Decrypt: M4Check: ? NbGet : Kab
Kab
![Page 62: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/62.jpg)
Secure communication
![Page 63: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/63.jpg)
Understanding SSL
Part 3 Protocols 63
![Page 64: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/64.jpg)
64
古早密碼學
古典密碼學資安號
Privacy Integrity Authentication
Network Security Services
Authentication
![Page 65: Network Security and It’s Issues Presenter Prosanta Gope Advisor Prof. Tzonelih Hwang Quantum Information and Network Security Lab, NCKU,2015](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c02c1a28abf838cd93d7/html5/thumbnails/65.jpg)
THANK YOU
I have questions…