Slides for lecture 24

utterlypanoramicSecurity

Nov 30, 2013 (3 years and 8 months ago)

71 views

CMSC 414

Computer (and Network) Security


Lecture 24

Jonathan Katz


Administrative stuff…


Please fill out course evaluation


On line


Link from course homepage


Brief remarks on project…

Otway
-
Rees


A

B: N
C
, K
A
(N
A
, N
C
, Alice, Bob)


B

KDC: K
A
(…), K
B
(N
B
, N
C
, Alice, Bob)


KDC checks that N
C

is the same…


KDC

B: N
C
, K
A
(N
A
, K
AB
), K
B
(N
B
, K
AB
)


B

A: K
A
(…)


A

B: K
AB
(timestamp)


Note: KDC already authenticated Bob

Analysis?


N
C

should be unpredictable, not just a nonce


Otherwise, can impersonate B to KDC


Send first message: (next N
C
), “garbage”


B forwards to KDC along with encryption of the
next N
C


Next time A initiates a conversation, replay previous
message from B

More about nonces…


Important to understand what qualities the
nonce needs to satisfy in order for protocol
to be secure


Used once? Unpredictable? Random?


Note that long random nonces have negligible
probability of being re
-
used


E.g., challenge
-
response or reverse
challenge
-
response

A word about “random”


Random numbers needed for all of
cryptography


Difficult to generate “good” random numbers


Possibilities:


“Real” (i.e., hardware) RNG


Cryptographic/non
-
cryptographic PRNG


Must use long (random, unpredictable) seed!!


Generate from user behavior

Authentication tokens


Authentication may be based on:


What you know (e.g., passwords)


What you have (e.g., token)


What you are (e.g., biometrics)


Best security practice is to combine two (or
more) of these…


Using tokens/biometrics alone is useless
without a secure protocol!

Authentication tokens


Advantages


Difficult to reproduce


Can “store” larger secrets


Psychological barrier to giving out your token


Disadvantages


Can be stolen


Combine with PIN/password


Can be lost


Expensive; may require custom hardware

Authentication tokens


Magnetic stripe card


Simply records data and later reveals it


Non
-
trivial, but not too difficult, to copy


“Smart card”


Embedded CPU/memory


Carries out an interactive protocol

Smart cards


PIN protected memory card


Information on card can be read only with
correct PIN


After many wrong guesses, card “locks” itself


“Crypto” card


Card stores key used to perform cryptographic
operations (perhaps only with correct PIN)


Tamper resistant
---

impossible to obtain key or
duplicate card

Smart cards


Readerless smart card


Card interacts directly with the user via
keyboard and/or monitor interface


E.g., secureID


Does not require special hardware

Biometrics (briefly)


“What you are…”


Many possibilities:


Fingerprints/handprints


Retinal scans


Etc.

Notes about biometrics


Insecure if biometric data sent in the clear!


Need to use cryptographically
-
secure protocol


Not clear how to use biometric data as a
cryptographic key


Data changes slightly every time it is scanned


Data is not random, although it has high entropy

Note about biometrics


Biometric data can be forged!


E.g., fingerprints…

Review: checklist


Whether eavesdropping, posing as either
party, or acting as a “man
-
in
-
the
-
middle”,
an attacker should be unable to:


Learn the contents of messages


Insert messages


“Hijack” a conversation between two parties


Impersonate either party, or learn information
allowing impersonation in the future


Perform an off
-
line dictionary attack (ideally)

Continued…


In addition, when posing as either party an
attacker should be unable to:


Trick the other party into “doing something
useful” (e.g., signing an arbitrary message)

Continued…


If the server’s database is compromised
(and even if further eavesdropping occurs),
an attacker should be unable to:


Impersonate the user to this server (ideally; not
always the case
---

recall that an off
-
line
dictionary attack is always possible)


Impersonate the user to
other

servers


Decrypt old conversations (forward secrecy)

Final remark


It is not always necessary to achieve
all

these goals


If shared secret is cryptographically strong, off
-
line password guessing is not a concern


In some environments, certain attacks may be
less feasible and therefore not a concern

An overview of
network

security

Network layers


Application


Transport


Network


Data link


Physical

Examples


Application layer: PGP, SSH


Transport layer: SSL/TLS


Network layer: IPSec


Not usually done at the data link level…


Can’t really be done at the physical level

Security in what layer?


Depends on the purpose…


What information needs to be protected?


What is the attack model?


Who shares keys in advance?


Should the user be involved?


E.g., a network
-
layer protocol cannot
authenticate two end
-
users to each other


Also affects efficiency, ease of deployment