![Page 1: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/1.jpg)
AuthenticationAdvanced Software Engineering (CSE870)
Instructor: Dr. B. ChengContact info: chengb at cse dot msu dot edu
Eduardo DiazDan Fiedler
Andres Ramirez
![Page 2: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/2.jpg)
Road Map
?Introduction to Authentication?Needham-Schroeder, Otway-Rees, Kerberos
?Commonalities?Additional Requirements?Class Diagrams?State Diagrams?Conclusions
![Page 3: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/3.jpg)
Authentication
?Meet:?Alice (Staff)
?Bob (MISys)
![Page 4: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/4.jpg)
Authentication
?Purpose?Key exchange.?Allow Alice to secretly communicate with Bob using a shared
cryptographic key.
?Methods?Private keys, shared keys, public keys…
?Potential Problems?Trustworthy??Safe handling of private keys?
![Page 5: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/5.jpg)
Needham-Schroeder
1. Alice Cathy: {Alice || Bob || rand1}2. Cathy Alice: {Alice || Bob || rand1}Ksess
|| {Alice || Ksess}kbob}kalice
3. Alice Bob: {Alice || ksess}kbob
4. Bob Alice: {rand2}ksess
5. Alice Bob: {rand2 - 1}ksess
![Page 6: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/6.jpg)
Needham Schroeder
?Motive??Prevent replay attacks?A valid data transmission is retransmitted
maliciously.
?Nonces?Randomly generated numbers to identify
exchanges.?Key idea: Cathy is trusted by Alice and
Bob.
![Page 7: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/7.jpg)
Otway-Rees
1. Alice Bob: num || Alice || Bob || { rand1 || num || Alice|| Bob}kalice
2. Bob Cathy: num || Alice || Bob ||{rand1 || num || Alice || Bob}kalice || {rand2 || num || Alice || Bob}kbob
3. Cathy Bob: num || {rand1 || ksess}kalice || {rand2 || ksess}kbob
4. Bob Alice: num || {rand1 || ksess}kalice
![Page 8: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/8.jpg)
Otway-Rees
?Motivation?Needham-Schroeder assumes all cryptographic
keys are secure… in practice generated pseudorandomly… but it can be predicted.
?Num?Verify that num agrees through the exchanges.
?Key Idea?Cathy is again the trustworthy element.
![Page 9: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/9.jpg)
Kerberos
1. Alice Cerberus: Alice || Barnum2. Cerberus Alice: {kalice,barnum}kalice || Talice,barnum
3. Alice Barnum: Guttenberg || Aalice,barnum ||Talice,barnum
4. Barnum Alice: Alice || {kalice,guttenberg}kalicebarnum
|| Talice,guttenberg
5. Alice Guttenberg: Aalice,guttenberg ||Talice,guttenberg
6. Guttenberg Alice: {t+1}kalice,guttenberg
![Page 10: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/10.jpg)
Kerberos
?What is T??Talice,barnum = Barnum || {Alice || Alice Address ||
valid time || kalice,barnum}kbarnum
?What is A??{Alice || generation time || kt}kalice,barnum?Kt… not used.
![Page 11: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/11.jpg)
Kerberos
?Motivation?Separate authentication of the user to ticket granting
server and resource being requested.
?2 Servers?Authenticate first?Obtain ticket second
?Key Idea:?Time windows?Separation of trusted parties
![Page 12: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/12.jpg)
Commonalities
?Message Passing?Authentication Requests?Encryption / Decryption?Key Passing?… other than that, not much!?Each protocol has slight variants.
![Page 13: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/13.jpg)
Additional Requirements
?Same as other groups plus:?Incorporate 2 design patterns?1 must be a security design pattern?Strategy Design Pattern (encryption algorithms)?Single Access Point (entry and logging)
?Instantiate the framework at MISys?At the whitebox level
![Page 14: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/14.jpg)
Whitebox Class Diagram
![Page 15: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/15.jpg)
N.S. Class Diagram
![Page 16: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/16.jpg)
O.R. Class Diagram
![Page 17: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/17.jpg)
Kerberos Class Diagram
![Page 18: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/18.jpg)
Whitebox Class Diagram-MISys
![Page 19: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/19.jpg)
State Diagrams, NS
![Page 20: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/20.jpg)
State Diagrams, N.S.
![Page 21: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/21.jpg)
State Diagram, O.R.
![Page 22: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/22.jpg)
State Diagram, O.R.
![Page 23: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/23.jpg)
State Diagram, Kerberos
![Page 24: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/24.jpg)
Graybox Class Diagram
![Page 25: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/25.jpg)
BlackBox Class Diagram
![Page 26: Advanced Software Engineering (CSE870) Instructor: Dr. B ...cse870/Lectures/SS2007/MiniProjectPresentations/... · Authentication?Purpose?Key exchange.?Allow Alice to secretly communicate](https://reader030.vdocuments.site/reader030/viewer/2022040904/5e786a01ffcef579c80d3c8f/html5/thumbnails/26.jpg)
Conclusions
?Questions?