chapter 14 from cryptography and network security fourth edition written by william stallings, and...
TRANSCRIPT
![Page 1: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/1.jpg)
Chapter 14
From Cryptography and Network Security Fourth Edition written by William Stallings,
and Lecture slides by Lawrie Brown, the Australian Defence Force Academy, University College, UNSW
![Page 2: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/2.jpg)
Authentication ApplicationsDeveloped to support application-level
authentication and digital signaturesMost widely used services:
Kerberos X.509
Kerberos – a private-key authentication service
X.509 – a public-key directory authentication service
![Page 3: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/3.jpg)
Kerberos
![Page 4: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/4.jpg)
KerberosDeveloped as part of Project Athena at MITSymmetric encryption
using no public keysProvides centralised private-key third-party
authentication in a distributed networkVersion 4 and 5
![Page 5: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/5.jpg)
Kerberos MotivationProvide security in a distributed architecture
consisting of dedicated user workstations (clients), and distributed or centralized servers
Require the user to prove his identity for each service invoked
Require that servers prove their identity to clients
Secure, Reliable, Transparent, and Scalable
![Page 6: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/6.jpg)
Kerberos SchemeTrusted third party authentication serviceUses a protocol based on Needham and
Schroeder [NEED78], see Chapter 7Clients and servers trust Kerberos to mediate
their mutual authentication
![Page 7: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/7.jpg)
Kerberos Version 4Uses DES, in a rather elaborate protocol, to
provide authenticationUses an Authentication Server (AS)
Knows all user passwords, and stores in a DBShares a unique secret key with each serverSend an encrypted ticket granting ticketTGT contains a lifetime and timestamp
![Page 8: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/8.jpg)
Kerberos Version 4Uses a Ticket Granting Server (TGS)
Issues tickets to users authenticated by ASEncrypted with a key only known by AS and
TGSReturns a service granting ticket
Service granting ticket contains timestamp and lifetime
![Page 9: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/9.jpg)
Kerberos DialogProblem: lifetime and no server authenticate to
userUses a session keyMessage Exchanges (see table 14.1)
AS exchange to obtain ticket-granting ticketTGS exchange to obtain service granting ticketClient/Server authentication exchange to obtain
service
See table 14.2, Elements of the Kerberos Version 4 Protocol
![Page 10: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/10.jpg)
Kerberos Overview
![Page 11: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/11.jpg)
Kerberos Realmsa Kerberos environment consists of:
a Kerberos servera number of clients, all registered with serverapplication servers, sharing keys with server
A Kerberos RealmSet of managed nodes that share the same
Kerberos database
![Page 12: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/12.jpg)
Multiple KerberiKerberos server in each realm shares a
secret key with one anotherThere must be trust between the serversi.e. each server are registered with one
another
Does not scale well
![Page 13: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/13.jpg)
Kerberos Realms
![Page 14: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/14.jpg)
Kerberos Version 5Fixes version 4 environmental shortcomingsNew elements for AS exchange:
Realm, Options, Times, NonceClient/server authentication exchange
Subkey, sequence number
Kerberos Ticket Flags (see table 14.4)
![Page 15: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/15.jpg)
X.509part of X.500 series
distributed servers maintaining user information database
defines framework for authentication services directory may store public-key certificateswith public key of user signed by certification
authority
also defines authentication protocols
![Page 16: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/16.jpg)
X.509uses public-key cryptology & digital signatures
algorithms not standardised, but RSA recommendedX.509 certificates are widely used
Public key certificate associated with each userGenerated by some trusted CA
Certification Authority (CA) issues certificatesThe notation CA<<A>> represents a certificate for a
client A signed by CA
![Page 17: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/17.jpg)
X.509 Certificatesissued by a Certification Authority (CA),
containing: version 1, 2, or 3 serial number (unique within CA) identifying certificate signature algorithm identifier issuer X.500 name (CA) period of validity (from - to dates) subject X.500 name (name of owner) subject public-key info (algorithm, parameters, key) issuer unique identifier (v2+) subject unique identifier (v2+) extension fields (v3) signature (of hash of all fields in certificate)
![Page 18: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/18.jpg)
X.509 Certificates
![Page 19: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/19.jpg)
Obtaining a User CertificateCertificate notation: CA{…}
Any user with CA’s public key can verify the user public key that was certified
No party other than the CA can modify the certificate without being detected
because cannot be forged, certificates can be placed in a public directory
![Page 20: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/20.jpg)
CA Hierarchyif both users share a common CA then they
are assumed to know its public key otherwise CA's must form a hierarchy use certificates linking members of
hierarchy to validate other CA's each CA has certificates for clients (forward)
and parent (backward) each client trusts parents certificates enable verification of any certificate from
one CA by users of all other CAs in hierarchy
![Page 21: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/21.jpg)
CA Hierarchy
![Page 22: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/22.jpg)
Certificate Revocation certificates have a period of validity may need to revoke before expiry:
1. user's private key is compromised2. user is no longer certified by this CA3. CA's certificate is compromised
CA’s maintain list of revoked certificates the Certificate Revocation List (CRL)
users should check certificates with CA’s CRL
![Page 23: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/23.jpg)
Authentication ProceduresX.509 includes three alternative
authentication procedures: One-Way Authentication Two-Way Authentication Three-Way Authentication all use public-key signatures
See Figure 14.6 for Authentication Procedures
![Page 24: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/24.jpg)
One-Way Authentication1 message ( A->B) used to establish
the identity of A and that message is from A message was intended for B integrity & originality of message
message must include timestamp, nonce, B's identity and is signed by A
may include additional info for Beg session key
![Page 25: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/25.jpg)
Two-Way Authentication2 messages (A->B, B->A) which also
establishes in addition:the identity of B and that reply is from B that reply is intended for A integrity & originality of reply
reply includes original nonce from A, also timestamp and nonce from B
may include additional info for A
![Page 26: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/26.jpg)
Three-Way Authentication3 messages (A->B, B->A, A->B) which
enables above authentication without synchronized clocks
has reply from A back to B containing signed copy of nonce from B
means that timestamps need not be checked or relied upon
![Page 27: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/27.jpg)
X.509 Version 3has been recognised that additional
information is needed in a certificate email/URL, policy details, usage constraints
rather than explicitly naming new fields defined a general extension method
extensions consist of:extension identifiercriticality indicatorextension value
![Page 28: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/28.jpg)
Certificate Extensionskey and policy information
convey info about subject & issuer keys, plus indicators of certificate policy
certificate subject and issuer attributessupport alternative names, in alternative
formats for certificate subject and/or issuercertificate path constraints
allow constraints on use of certificates by other CA’s
![Page 29: Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence](https://reader036.vdocuments.site/reader036/viewer/2022062305/56649cef5503460f949bd8c0/html5/thumbnails/29.jpg)
Public Key Infrastructure