week two orientation
TRANSCRIPT
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 1/18
Manjunath Mattam
Security Protocols
Week 2
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 2/18
• Welcome back, after vacation..
• This is week 2, Security protocols
•
Next week new course, Web security.• Did you finish the homework?
– Reading assignment and ZK Proof
–
Text book – Completed TLS?
• Security Foundations course result ready.
Administrative issues
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 3/18
Zero Knowledge proof
• Did you pick scenarios during vacation?discussion
• Objective: Show possession of a secret toanother party without disclosing thatsecret.
• This requires:
– Interactive proofs
– Require complex, bandwidth intense protocols
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 4/18
Example Scenarios:
• All users in the system keep backup filesencrypted with secret key of users. – Alice wants Bob to send a file, Bob can not open
these encrypted files therefore chances of sending a
wrong file is more. – Alice with out sending the secret key how does she
communicate exact file?
• Alice wants to login her bank account – Alice calls her bank, and for authentication she was
asked to disclose 3rd digit and 9th digit of herpassword/debit card.
• Is this Zero Knowledge proof?
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 5/18
Zero Knowledge proof
• Is it possible to prove a statement withoutyielding anything beyond its validity?
• Such proofs are called zero knowledgeproof.
• What is a proof?
– Prover
– Verification process.
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 6/18
ZK Proof
• Features:
– Verifier cannot learn anything from theprotocol
– The prover cannot cheat the verifier
– Verifier cannot cheat the prover
– The verifier cannot pretend to be prover in a
third party.
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 7/18
Demo
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 8/18
Authentication
• Principal: Legitimate owner of a given identity.• Claimant: Entity attempting to be authenticated
as principal.• Authentication factors:
– Claimant demonstrates knowledge of something – Claimant demonstrates possession of something
– Claimant demonstrates some required characteristics(immutable)
–
Claimant provides evidence that he/she is atparticular place. – Claimant provides proof that he/she is authenticated
by trusted third party.
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 9/18
Authentication
• Weak Authentication – PINs, Passwords, Bio metric, One time pads.
• Challenge response authentication – One party sends the challenge, Second party sends a
response in pre-agreed manner that demonstratesidentity.
– If communication is monitored, old responses shouldnot provide useful information for futureidentifications.
– Challenge response with Zero knowledge proof• Use zk proof to allow Alice to demonstrate knowledge of a
secret with out revealing the secret (or any other usefulinformation) to Bob.
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 10/18
Multi-factor authentication
• Reliance on a single factor is ofteninsufficient.
• Multifactor authentication is combination ofmore than one factor.
• Unilateral Authentication: Just one party toa communication activity authenticatesother party (like in TLS).
• Mutual authentication.
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 11/18
How to solve following scenarios?
• Google, MSN, Yahoo.
• Skype, Ebay, Paypal
•
One ecommerce transaction many partiesand many servers.
• Many servers in one network, many
usernames and passwords.• Secure tunnel – proxy server in between.
• How many passwords can you remember?
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 12/18
NT Lan Manager (NTLM)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 13/18
Kerberos
• One time authentication for multiple networkservices; developed by MIT in 1980s.
• Strong symmetric cryptography.
•
Usage of tickets, and time stamps.• Kerberos Server (Key distribution Center – the
KDC). Divided into 2 services – Authentication Service
– Ticket Granting Service• All network servers treat KDC as trusted third
party.
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 14/18
How it works?
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 15/18
Needham – Schroeder Protocol
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 16/18
Kerberos in detail
• Authentication server has list of all users andtheir passwords.
• Authentication server also has shared secret keywith ticket granting server.
• Client authenticates himself to AS. Serverresponds with ticket.
• When ever client wants to communicate withother servers, he will have to approach TGS first
with ticket given by AS.• TGS server gives another ticket for
corresponding network server.
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 17/18
Reading Assignment
• Improvements in conventional PKI wisdom
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 18/18
Thank you.