Week Two Orientation
-
Upload
suman-martha -
Category
Documents
-
view
220 -
download
0
Transcript of Week Two Orientation
![Page 1: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/1.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 1/18
Manjunath Mattam
Security Protocols
Week 2
![Page 2: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/2.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 2/18
• Welcome back, after vacation..
• This is week 2, Security protocols
•
Next week new course, Web security.• Did you finish the homework?
– Reading assignment and ZK Proof
–
Text book – Completed TLS?
• Security Foundations course result ready.
Administrative issues
![Page 3: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/3.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 3/18
Zero Knowledge proof
• Did you pick scenarios during vacation?discussion
• Objective: Show possession of a secret toanother party without disclosing thatsecret.
• This requires:
– Interactive proofs
– Require complex, bandwidth intense protocols
![Page 4: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/4.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 4/18
Example Scenarios:
• All users in the system keep backup filesencrypted with secret key of users. – Alice wants Bob to send a file, Bob can not open
these encrypted files therefore chances of sending a
wrong file is more. – Alice with out sending the secret key how does she
communicate exact file?
• Alice wants to login her bank account – Alice calls her bank, and for authentication she was
asked to disclose 3rd digit and 9th digit of herpassword/debit card.
• Is this Zero Knowledge proof?
![Page 5: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/5.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 5/18
Zero Knowledge proof
• Is it possible to prove a statement withoutyielding anything beyond its validity?
• Such proofs are called zero knowledgeproof.
• What is a proof?
– Prover
– Verification process.
![Page 6: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/6.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 6/18
ZK Proof
• Features:
– Verifier cannot learn anything from theprotocol
– The prover cannot cheat the verifier
– Verifier cannot cheat the prover
– The verifier cannot pretend to be prover in a
third party.
![Page 7: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/7.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 7/18
Demo
![Page 8: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/8.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 8/18
Authentication
• Principal: Legitimate owner of a given identity.• Claimant: Entity attempting to be authenticated
as principal.• Authentication factors:
– Claimant demonstrates knowledge of something – Claimant demonstrates possession of something
– Claimant demonstrates some required characteristics(immutable)
–
Claimant provides evidence that he/she is atparticular place. – Claimant provides proof that he/she is authenticated
by trusted third party.
![Page 9: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/9.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 9/18
Authentication
• Weak Authentication – PINs, Passwords, Bio metric, One time pads.
• Challenge response authentication – One party sends the challenge, Second party sends a
response in pre-agreed manner that demonstratesidentity.
– If communication is monitored, old responses shouldnot provide useful information for futureidentifications.
– Challenge response with Zero knowledge proof• Use zk proof to allow Alice to demonstrate knowledge of a
secret with out revealing the secret (or any other usefulinformation) to Bob.
![Page 10: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/10.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 10/18
Multi-factor authentication
• Reliance on a single factor is ofteninsufficient.
• Multifactor authentication is combination ofmore than one factor.
• Unilateral Authentication: Just one party toa communication activity authenticatesother party (like in TLS).
• Mutual authentication.
![Page 11: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/11.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 11/18
How to solve following scenarios?
• Google, MSN, Yahoo.
• Skype, Ebay, Paypal
•
One ecommerce transaction many partiesand many servers.
• Many servers in one network, many
usernames and passwords.• Secure tunnel – proxy server in between.
• How many passwords can you remember?
![Page 12: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/12.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 12/18
NT Lan Manager (NTLM)
![Page 13: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/13.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 13/18
Kerberos
• One time authentication for multiple networkservices; developed by MIT in 1980s.
• Strong symmetric cryptography.
•
Usage of tickets, and time stamps.• Kerberos Server (Key distribution Center – the
KDC). Divided into 2 services – Authentication Service
– Ticket Granting Service• All network servers treat KDC as trusted third
party.
![Page 14: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/14.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 14/18
How it works?
![Page 15: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/15.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 15/18
Needham – Schroeder Protocol
![Page 16: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/16.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 16/18
Kerberos in detail
• Authentication server has list of all users andtheir passwords.
• Authentication server also has shared secret keywith ticket granting server.
• Client authenticates himself to AS. Serverresponds with ticket.
• When ever client wants to communicate withother servers, he will have to approach TGS first
with ticket given by AS.• TGS server gives another ticket for
corresponding network server.
![Page 17: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/17.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 17/18
Reading Assignment
• Improvements in conventional PKI wisdom
![Page 18: Week Two Orientation](https://reader031.fdocuments.us/reader031/viewer/2022021117/577d24f71a28ab4e1e9dd029/html5/thumbnails/18.jpg)
8/3/2019 Week Two Orientation
http://slidepdf.com/reader/full/week-two-orientation 18/18
Thank you.