Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or...
Transcript of Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or...
![Page 1: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/1.jpg)
Part 3 ⎯ Protocols 1
Authentication Protocols
![Page 2: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/2.jpg)
Part 3 ⎯ Protocols 2
Protocol❑ Human protocols ⎯ the rules followed in
human interactions o Example: Asking a question in class
❑ Networking protocols ⎯ rules followed in networked communication systems o Examples: HTTP, FTP, etc.
❑ Security protocol ⎯ the (communication) rules followed in a security application o Examples: SSL, IPSec, Kerberos, etc.
![Page 3: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/3.jpg)
Part 3 ⎯ Protocols 3
Protocols❑ Protocol flaws can be very subtle ❑ Several well-known security protocols
have significant flaws o Including WEP, GSM, and IPSec
❑ Implementation errors can also occur o Recently, IE implementation of SSL
❑ Not easy to get protocols right…
![Page 4: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/4.jpg)
Part 3 ⎯ Protocols 4
Ideal Security Protocol❑ Must satisfy security requirements
o Requirements need to be precise ❑ Efficient
o Minimize computational requirement o Minimize bandwidth usage, delays…
❑ Robust o Works when attacker tries to break it o Works if environment changes (slightly)
❑ Easy to implement, easy to use, flexible… ❑ Difficult to satisfy all of these!
![Page 5: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/5.jpg)
Part 3 ⎯ Protocols 6
Secure Entry to NSA
![Page 6: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/6.jpg)
Part 3 ⎯ Protocols 6
Secure Entry to NSA1. Insert badge into reader
![Page 7: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/7.jpg)
Part 3 ⎯ Protocols 6
Secure Entry to NSA1. Insert badge into reader2. Enter PIN
![Page 8: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/8.jpg)
Part 3 ⎯ Protocols 6
Secure Entry to NSA1. Insert badge into reader2. Enter PIN3. Correct PIN?
![Page 9: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/9.jpg)
Part 3 ⎯ Protocols 6
Secure Entry to NSA1. Insert badge into reader2. Enter PIN3. Correct PIN?
Yes? Enter
![Page 10: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/10.jpg)
Part 3 ⎯ Protocols 6
Secure Entry to NSA1. Insert badge into reader2. Enter PIN3. Correct PIN?
Yes? Enter No? Get shot by security guard
![Page 11: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/11.jpg)
Part 3 ⎯ Protocols 7
ATM Machine Protocol
![Page 12: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/12.jpg)
Part 3 ⎯ Protocols 7
ATM Machine Protocol1. Insert ATM card
![Page 13: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/13.jpg)
Part 3 ⎯ Protocols 7
ATM Machine Protocol1. Insert ATM card2. Enter PIN
![Page 14: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/14.jpg)
Part 3 ⎯ Protocols 7
ATM Machine Protocol1. Insert ATM card2. Enter PIN3. Correct PIN?
![Page 15: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/15.jpg)
Part 3 ⎯ Protocols 7
ATM Machine Protocol1. Insert ATM card2. Enter PIN3. Correct PIN?
Yes? Conduct your transaction(s)
![Page 16: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/16.jpg)
Part 3 ⎯ Protocols 7
ATM Machine Protocol1. Insert ATM card2. Enter PIN3. Correct PIN?
Yes? Conduct your transaction(s) No? Machine (eventually) eats card
![Page 17: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/17.jpg)
Part 3 ⎯ Protocols 8
Identify Friend or Foe (IFF)
Namibia K
Angola
SAAF Impala
K
Russian MIG
![Page 18: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/18.jpg)
Part 3 ⎯ Protocols 8
Identify Friend or Foe (IFF)
Namibia K
Angola
1. N
SAAF Impala
K
Russian MIG
![Page 19: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/19.jpg)
Part 3 ⎯ Protocols 8
Identify Friend or Foe (IFF)
Namibia K
Angola
1. N
2. E(N,K)SAAF Impala
K
Russian MIG
![Page 20: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/20.jpg)
Part 3 ⎯ Protocols 9
MIG in the Middle
Namibia K
Angola
SAAF Impala
K
Russian MiG
![Page 21: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/21.jpg)
Part 3 ⎯ Protocols 9
MIG in the Middle
Namibia K
Angola
1. N
SAAF Impala
K
Russian MiG
![Page 22: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/22.jpg)
Part 3 ⎯ Protocols 9
MIG in the Middle
Namibia K
Angola
1. N
2. N
SAAF Impala
K
Russian MiG
![Page 23: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/23.jpg)
Part 3 ⎯ Protocols 9
MIG in the Middle
Namibia K
Angola
1. N
2. N
3. NSAAF Impala
K
Russian MiG
![Page 24: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/24.jpg)
Part 3 ⎯ Protocols 9
MIG in the Middle
Namibia K
Angola
1. N
2. N
3. N
4. E(N,K)SAAF Impala
K
Russian MiG
![Page 25: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/25.jpg)
Part 3 ⎯ Protocols 9
MIG in the Middle
Namibia K
Angola
1. N
2. N
3. N
4. E(N,K)
5. E(N,K)
SAAF Impala
K
Russian MiG
![Page 26: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/26.jpg)
Part 3 ⎯ Protocols 9
MIG in the Middle
Namibia K
Angola
1. N
2. N
3. N
4. E(N,K)
5. E(N,K)
6. E(N,K)
SAAF Impala
K
Russian MiG
![Page 27: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/27.jpg)
Part 3 ⎯ Protocols 10
Authentication Protocols
![Page 28: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/28.jpg)
Part 3 ⎯ Protocols 11
Authentication❑ Alice must prove her identity to Bob
o Alice and Bob can be humans or computers ❑ May also require Bob to prove he’s Bob (mutual
authentication) ❑ Probably need to establish a session key ❑ May have other requirements, such as
o Public keys, symmetric keys, hash functions, … o Anonymity, plausible deniability, perfect forward
secrecy, etc.
![Page 29: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/29.jpg)
Part 3 ⎯ Protocols 12
Authentication
![Page 30: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/30.jpg)
Part 3 ⎯ Protocols 12
Authentication❑ Authentication on a stand-alone computer is
relatively simple
![Page 31: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/31.jpg)
Part 3 ⎯ Protocols 12
Authentication❑ Authentication on a stand-alone computer is
relatively simpleo For example, hash a password with a salt
![Page 32: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/32.jpg)
Part 3 ⎯ Protocols 12
Authentication❑ Authentication on a stand-alone computer is
relatively simpleo For example, hash a password with a salto “Secure path,” attacks on authentication
software, keystroke logging, etc., can be issues
![Page 33: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/33.jpg)
Part 3 ⎯ Protocols 12
Authentication❑ Authentication on a stand-alone computer is
relatively simpleo For example, hash a password with a salto “Secure path,” attacks on authentication
software, keystroke logging, etc., can be issues❑ Authentication over a network is challenging
![Page 34: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/34.jpg)
Part 3 ⎯ Protocols 12
Authentication❑ Authentication on a stand-alone computer is
relatively simpleo For example, hash a password with a salto “Secure path,” attacks on authentication
software, keystroke logging, etc., can be issues❑ Authentication over a network is challenging
o Attacker can passively observe messages
![Page 35: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/35.jpg)
Part 3 ⎯ Protocols 12
Authentication❑ Authentication on a stand-alone computer is
relatively simpleo For example, hash a password with a salto “Secure path,” attacks on authentication
software, keystroke logging, etc., can be issues❑ Authentication over a network is challenging
o Attacker can passively observe messageso Attacker can replay messages
![Page 36: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/36.jpg)
Part 3 ⎯ Protocols 12
Authentication❑ Authentication on a stand-alone computer is
relatively simpleo For example, hash a password with a salto “Secure path,” attacks on authentication
software, keystroke logging, etc., can be issues❑ Authentication over a network is challenging
o Attacker can passively observe messageso Attacker can replay messageso Active attacks possible (insert, delete, change)
![Page 37: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/37.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
![Page 38: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/38.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
“I’m Alice”
![Page 39: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/39.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
“I’m Alice”
Prove it
![Page 40: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/40.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
![Page 41: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/41.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
❑ Simple and may be OK for standalone system
![Page 42: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/42.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
❑ Simple and may be OK for standalone system❑ But highly insecure for networked system
![Page 43: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/43.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
❑ Simple and may be OK for standalone system❑ But highly insecure for networked system
o Subject to a replay attack (next 2 slides)
![Page 44: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/44.jpg)
Part 3 ⎯ Protocols 13
Simple Authentication
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
❑ Simple and may be OK for standalone system❑ But highly insecure for networked system
o Subject to a replay attack (next 2 slides)o Also, Bob must know Alice’s password
![Page 45: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/45.jpg)
Part 3 ⎯ Protocols 14
Authentication Attack
Alice Bob
Trudy
![Page 46: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/46.jpg)
Part 3 ⎯ Protocols 14
Authentication Attack
Alice Bob
Trudy
![Page 47: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/47.jpg)
Part 3 ⎯ Protocols 14
Authentication Attack
Alice Bob
“I’m Alice”
Trudy
![Page 48: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/48.jpg)
Part 3 ⎯ Protocols 14
Authentication Attack
Alice Bob
“I’m Alice”
Prove it
Trudy
![Page 49: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/49.jpg)
Part 3 ⎯ Protocols 14
Authentication Attack
Alice Bob
“I’m Alice”
Prove it
My password is “frank”
Trudy
![Page 50: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/50.jpg)
Part 3 ⎯ Protocols 15
Authentication Attack
BobTrudy
![Page 51: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/51.jpg)
Part 3 ⎯ Protocols 15
Authentication Attack
Bob
“I’m Alice”
Trudy
![Page 52: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/52.jpg)
Part 3 ⎯ Protocols 15
Authentication Attack
Bob
“I’m Alice”
Prove it
Trudy
![Page 53: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/53.jpg)
Part 3 ⎯ Protocols 15
Authentication Attack
Bob
“I’m Alice”
Prove it
My password is “frank”Trudy
![Page 54: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/54.jpg)
Part 3 ⎯ Protocols 15
Authentication Attack
Bob
“I’m Alice”
Prove it
My password is “frank”Trudy
❑ This is an example of a replay attack
![Page 55: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/55.jpg)
Part 3 ⎯ Protocols 15
Authentication Attack
Bob
“I’m Alice”
Prove it
My password is “frank”Trudy
❑ This is an example of a replay attack❑ How can we prevent a replay?
![Page 56: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/56.jpg)
Part 3 ⎯ Protocols 16
Simple Authentication
Alice Bob
![Page 57: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/57.jpg)
Part 3 ⎯ Protocols 16
Simple Authentication
Alice Bob
I’m Alice, my password is “frank”
![Page 58: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/58.jpg)
Part 3 ⎯ Protocols 16
Simple Authentication
Alice Bob
I’m Alice, my password is “frank”
❑ More efficient, but…
![Page 59: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/59.jpg)
Part 3 ⎯ Protocols 16
Simple Authentication
Alice Bob
I’m Alice, my password is “frank”
❑ More efficient, but…❑ … same problem as previous version
![Page 60: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/60.jpg)
Part 3 ⎯ Protocols 17
Better Authentication
Alice Bob
![Page 61: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/61.jpg)
Part 3 ⎯ Protocols 17
Better Authentication
Alice Bob
“I’m Alice”
![Page 62: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/62.jpg)
Part 3 ⎯ Protocols 17
Better Authentication
Alice Bob
“I’m Alice”
Prove it
![Page 63: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/63.jpg)
Part 3 ⎯ Protocols 17
Better Authentication
Alice Bob
“I’m Alice”
Prove it
h(Alice’s password)
![Page 64: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/64.jpg)
Part 3 ⎯ Protocols 17
Better Authentication
Alice Bob
“I’m Alice”
Prove it
h(Alice’s password)
❑ This approach hides Alice’s password o From both Bob and Trudy
![Page 65: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/65.jpg)
Part 3 ⎯ Protocols 17
Better Authentication
Alice Bob
“I’m Alice”
Prove it
h(Alice’s password)
❑ This approach hides Alice’s password o From both Bob and Trudy
❑ But still subject to replay attack
![Page 66: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/66.jpg)
Part 3 ⎯ Protocols 18
Challenge-Response❑ To prevent replay, use challenge-response
o Goal is to ensure “freshness” ❑ Suppose Bob wants to authenticate Alice
o Challenge sent from Bob to Alice ❑ Challenge is chosen so that…
o Replay is not possible o Only Alice can provide the correct response o Bob can verify the response
![Page 67: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/67.jpg)
Part 3 ⎯ Protocols 19
Nonce
![Page 68: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/68.jpg)
Part 3 ⎯ Protocols 19
Nonce❑ To ensure freshness, can employ a nonce
o Nonce == number used once
![Page 69: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/69.jpg)
Part 3 ⎯ Protocols 19
Nonce❑ To ensure freshness, can employ a nonce
o Nonce == number used once ❑ What to use for nonces?
o That is, what is the challenge?
![Page 70: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/70.jpg)
Part 3 ⎯ Protocols 19
Nonce❑ To ensure freshness, can employ a nonce
o Nonce == number used once ❑ What to use for nonces?
o That is, what is the challenge?❑ What should Alice do with the nonce?
o That is, how to compute the response?
![Page 71: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/71.jpg)
Part 3 ⎯ Protocols 19
Nonce❑ To ensure freshness, can employ a nonce
o Nonce == number used once ❑ What to use for nonces?
o That is, what is the challenge?❑ What should Alice do with the nonce?
o That is, how to compute the response?❑ How can Bob verify the response?
![Page 72: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/72.jpg)
Part 3 ⎯ Protocols 19
Nonce❑ To ensure freshness, can employ a nonce
o Nonce == number used once ❑ What to use for nonces?
o That is, what is the challenge?❑ What should Alice do with the nonce?
o That is, how to compute the response?❑ How can Bob verify the response?❑ Should we use passwords or keys?
![Page 73: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/73.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
BobAlice
![Page 74: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/74.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Alice
![Page 75: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/75.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Nonce
Alice
![Page 76: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/76.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Nonce
h(Alice’s password, Nonce)Alice
![Page 77: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/77.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Nonce
h(Alice’s password, Nonce)
❑ Nonce is the challengeAlice
![Page 78: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/78.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Nonce
h(Alice’s password, Nonce)
❑ Nonce is the challenge❑ The hash is the response
Alice
![Page 79: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/79.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Nonce
h(Alice’s password, Nonce)
❑ Nonce is the challenge❑ The hash is the response❑ Nonce prevents replay (ensures freshness)
Alice
![Page 80: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/80.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Nonce
h(Alice’s password, Nonce)
❑ Nonce is the challenge❑ The hash is the response❑ Nonce prevents replay (ensures freshness)❑ Password is something Alice knows
Alice
![Page 81: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/81.jpg)
Part 3 ⎯ Protocols 20
Challenge-Response
Bob
“I’m Alice”
Nonce
h(Alice’s password, Nonce)
❑ Nonce is the challenge❑ The hash is the response❑ Nonce prevents replay (ensures freshness)❑ Password is something Alice knows❑ Note: Bob must know Alice’s pwd to verify
Alice
![Page 82: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/82.jpg)
Part 3 ⎯ Protocols 21
Generic Challenge-Response
BobAlice
![Page 83: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/83.jpg)
Part 3 ⎯ Protocols 21
Generic Challenge-Response
Bob
“I’m Alice”
Alice
![Page 84: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/84.jpg)
Part 3 ⎯ Protocols 21
Generic Challenge-Response
Bob
“I’m Alice”
Nonce
Alice
![Page 85: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/85.jpg)
Part 3 ⎯ Protocols 21
Generic Challenge-Response
Bob
“I’m Alice”
Nonce
Something that could only beAlice from Alice, and Bob can verify
![Page 86: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/86.jpg)
Part 3 ⎯ Protocols 21
Generic Challenge-Response
Bob
“I’m Alice”
Nonce
Something that could only beAlice from Alice, and Bob can verify
❑ In practice, how to achieve this?
![Page 87: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/87.jpg)
Part 3 ⎯ Protocols 21
Generic Challenge-Response
Bob
“I’m Alice”
Nonce
Something that could only beAlice from Alice, and Bob can verify
❑ In practice, how to achieve this?❑ Hashed password works, but…
![Page 88: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/88.jpg)
Part 3 ⎯ Protocols 21
Generic Challenge-Response
Bob
“I’m Alice”
Nonce
Something that could only beAlice from Alice, and Bob can verify
❑ In practice, how to achieve this?❑ Hashed password works, but…❑ …encryption is much better here (why?)
![Page 89: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/89.jpg)
Part 3 ⎯ Protocols 22
Symmetric Key Notation❑ Encrypt plaintext P with key K C = E(P,K) ❑ Decrypt ciphertext C with key K P = D(C,K) ❑ Here, we are concerned with attacks on
protocols, not attacks on cryptography o So, we assume crypto algorithms are secure
![Page 90: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/90.jpg)
Part 3 ⎯ Protocols 23
Authentication: Symmetric Key❑ Alice and Bob share symmetric key K❑ Key K known only to Alice and Bob ❑ Authenticate by proving knowledge of
shared symmetric key ❑ How to accomplish this?
o Cannot reveal key, must not allow replay (or other) attack, must be verifiable, …
![Page 91: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/91.jpg)
Part 3 ⎯ Protocols 24
Authenticate Alice Using Symmetric Key
Alice, K Bob, K
![Page 92: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/92.jpg)
Part 3 ⎯ Protocols 24
Authenticate Alice Using Symmetric Key
Alice, K Bob, K
“I’m Alice”
![Page 93: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/93.jpg)
Part 3 ⎯ Protocols 24
Authenticate Alice Using Symmetric Key
Alice, K Bob, K
“I’m Alice”
R
![Page 94: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/94.jpg)
Part 3 ⎯ Protocols 24
Authenticate Alice Using Symmetric Key
Alice, K Bob, K
“I’m Alice”
E(R,K)
R
![Page 95: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/95.jpg)
Part 3 ⎯ Protocols 24
Authenticate Alice Using Symmetric Key
Alice, K Bob, K
“I’m Alice”
E(R,K)
❑ Secure method for Bob to authenticate Alice
R
![Page 96: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/96.jpg)
Part 3 ⎯ Protocols 24
Authenticate Alice Using Symmetric Key
Alice, K Bob, K
“I’m Alice”
E(R,K)
❑ Secure method for Bob to authenticate Alice❑ But, Alice does not authenticate Bob
R
![Page 97: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/97.jpg)
Part 3 ⎯ Protocols 24
Authenticate Alice Using Symmetric Key
Alice, K Bob, K
“I’m Alice”
E(R,K)
❑ Secure method for Bob to authenticate Alice❑ But, Alice does not authenticate Bob❑ So, can we achieve mutual authentication?
R
![Page 98: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/98.jpg)
Part 3 ⎯ Protocols 25
Mutual Authentication?
Alice, K Bob, K
![Page 99: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/99.jpg)
Part 3 ⎯ Protocols 25
Mutual Authentication?
Alice, K Bob, K
“I’m Alice”, R
![Page 100: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/100.jpg)
Part 3 ⎯ Protocols 25
Mutual Authentication?
Alice, K Bob, K
“I’m Alice”, R
E(R,K)
![Page 101: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/101.jpg)
Part 3 ⎯ Protocols 25
Mutual Authentication?
Alice, K Bob, K
“I’m Alice”, R
E(R,K)
E(R,K)
![Page 102: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/102.jpg)
Part 3 ⎯ Protocols 25
Mutual Authentication?
Alice, K Bob, K
“I’m Alice”, R
E(R,K)
E(R,K)
❑ What’s wrong with this picture?
![Page 103: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/103.jpg)
Part 3 ⎯ Protocols 25
Mutual Authentication?
Alice, K Bob, K
“I’m Alice”, R
E(R,K)
E(R,K)
❑ What’s wrong with this picture?❑ “Alice” could be Trudy (or anybody else)!
![Page 104: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/104.jpg)
Part 3 ⎯ Protocols 26
Mutual Authentication❑ Since we have a secure one-way
authentication protocol… ❑ The obvious thing to do is to use the
protocol twice o Once for Bob to authenticate Alice o Once for Alice to authenticate Bob
❑ This has got to work…
![Page 105: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/105.jpg)
Part 3 ⎯ Protocols 27
Mutual Authentication
Alice, K Bob, K
![Page 106: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/106.jpg)
Part 3 ⎯ Protocols 27
Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
![Page 107: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/107.jpg)
Part 3 ⎯ Protocols 27
Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(RA, K)
![Page 108: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/108.jpg)
Part 3 ⎯ Protocols 27
Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(RA, K)
E(RB, K)
![Page 109: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/109.jpg)
Part 3 ⎯ Protocols 27
Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(RA, K)
E(RB, K)
❑ This provides mutual authentication…
![Page 110: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/110.jpg)
Part 3 ⎯ Protocols 27
Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(RA, K)
E(RB, K)
❑ This provides mutual authentication…❑ …or does it? Subject to reflection attack
o Next slide
![Page 111: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/111.jpg)
Part 3 ⎯ Protocols 28
Mutual Authentication Attack
Bob, KTrudy
![Page 112: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/112.jpg)
Part 3 ⎯ Protocols 28
Mutual Authentication Attack
Bob, K
1. “I’m Alice”, RA
Trudy
![Page 113: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/113.jpg)
Part 3 ⎯ Protocols 28
Mutual Authentication Attack
Bob, K
1. “I’m Alice”, RA
2. RB, E(RA, K)
Trudy
![Page 114: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/114.jpg)
Part 3 ⎯ Protocols 28
Mutual Authentication Attack
Bob, K
1. “I’m Alice”, RA
2. RB, E(RA, K)
Trudy
Bob, KTrudy
![Page 115: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/115.jpg)
Part 3 ⎯ Protocols 28
Mutual Authentication Attack
Bob, K
1. “I’m Alice”, RA
2. RB, E(RA, K)
Trudy
Bob, K
3. “I’m Alice”, RB
Trudy
![Page 116: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/116.jpg)
Part 3 ⎯ Protocols 28
Mutual Authentication Attack
Bob, K
1. “I’m Alice”, RA
2. RB, E(RA, K)
Trudy
Bob, K
3. “I’m Alice”, RB
4. RC, E(RB, K)
Trudy
![Page 117: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/117.jpg)
Part 3 ⎯ Protocols 28
Mutual Authentication Attack
Bob, K
1. “I’m Alice”, RA
2. RB, E(RA, K)
Trudy
Bob, K
3. “I’m Alice”, RB
4. RC, E(RB, K)
Trudy
5. E(RB, K)
![Page 118: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/118.jpg)
Part 3 ⎯ Protocols 29
Mutual Authentication❑ Our one-way authentication protocol is
not secure for mutual authentication o Protocols are subtle! o In this case, “obvious” solution is not secure
❑ Also, if assumptions or environment change, protocol may not be secure o This is a common source of security failure o For example, Internet protocols
![Page 119: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/119.jpg)
Part 3 ⎯ Protocols 30
Symmetric Key Mutual Authentication
Alice, K Bob, K
![Page 120: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/120.jpg)
Part 3 ⎯ Protocols 30
Symmetric Key Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
![Page 121: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/121.jpg)
Part 3 ⎯ Protocols 30
Symmetric Key Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(“Bob”,RA,K)
![Page 122: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/122.jpg)
Part 3 ⎯ Protocols 30
Symmetric Key Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(“Bob”,RA,K)
E(“Alice”,RB,K)
![Page 123: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/123.jpg)
Part 3 ⎯ Protocols 30
Symmetric Key Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(“Bob”,RA,K)
E(“Alice”,RB,K)
❑ Do these “insignificant” changes help?
![Page 124: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/124.jpg)
Part 3 ⎯ Protocols 30
Symmetric Key Mutual Authentication
Alice, K Bob, K
“I’m Alice”, RA
RB, E(“Bob”,RA,K)
E(“Alice”,RB,K)
❑ Do these “insignificant” changes help?❑ Yes!
![Page 125: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/125.jpg)
Part 3 ⎯ Protocols 31
Public Key Notation❑ Encrypt M with Alice’s public key: {M}Alice ❑ Sign M with Alice’s private key: [M]Alice ❑ Then
o [{M}Alice ]Alice = M o {[M]Alice }Alice = M
❑ Anybody can use Alice’s public key ❑ Only Alice can use her private key
![Page 126: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/126.jpg)
Part 3 ⎯ Protocols 32
Public Key Authentication
Alice Bob
![Page 127: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/127.jpg)
Part 3 ⎯ Protocols 32
Public Key Authentication
Alice Bob
“I’m Alice”
![Page 128: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/128.jpg)
Part 3 ⎯ Protocols 32
Public Key Authentication
Alice Bob
“I’m Alice”
{R}Alice
![Page 129: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/129.jpg)
Part 3 ⎯ Protocols 32
Public Key Authentication
Alice Bob
“I’m Alice”
{R}Alice
R
![Page 130: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/130.jpg)
Part 3 ⎯ Protocols 32
Public Key Authentication
Alice Bob
“I’m Alice”
{R}Alice
R
❑ Is this secure?
![Page 131: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/131.jpg)
Part 3 ⎯ Protocols 32
Public Key Authentication
Alice Bob
“I’m Alice”
{R}Alice
R
❑ Is this secure?❑ Trudy can get Alice to decrypt anything!
Prevent this by having two key pairs
![Page 132: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/132.jpg)
Part 3 ⎯ Protocols 33
Public Key Authentication
Alice Bob
![Page 133: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/133.jpg)
Part 3 ⎯ Protocols 33
Public Key Authentication
Alice Bob
“I’m Alice”
![Page 134: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/134.jpg)
Part 3 ⎯ Protocols 33
Public Key Authentication
Alice Bob
“I’m Alice”
R
![Page 135: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/135.jpg)
Part 3 ⎯ Protocols 33
Public Key Authentication
Alice Bob
“I’m Alice”
R
[R]Alice
![Page 136: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/136.jpg)
Part 3 ⎯ Protocols 33
Public Key Authentication
Alice Bob
“I’m Alice”
R
[R]Alice
❑ Is this secure?
![Page 137: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/137.jpg)
Part 3 ⎯ Protocols 33
Public Key Authentication
Alice Bob
“I’m Alice”
R
[R]Alice
❑ Is this secure?❑ Trudy can get Alice to sign anything!
o Same a previous ⎯ should have two key pairs
![Page 138: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/138.jpg)
Part 3 ⎯ Protocols 34
Public Keys❑ Generally, a bad idea to use the same
key pair for encryption and signing ❑ Instead, should have…
o …one key pair for encryption/decryption and signing/verifying signatures…
o …and a different key pair for authentication
![Page 139: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/139.jpg)
Part 3 ⎯ Protocols 35
Session Key❑ Usually, a session key is required
o A symmetric key for current session o Used for confidentiality and/or integrity
❑ How to authenticate and establish a session key (i.e., shared symmetric key)? o When authentication completed, Alice and Bob
share a session key o Trudy cannot break the authentication… o …and Trudy cannot determine the session key
![Page 140: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/140.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
![Page 141: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/141.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
![Page 142: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/142.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R, K}Alice
![Page 143: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/143.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R, K}Alice
{R +1, K}Bob
![Page 144: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/144.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R, K}Alice
{R +1, K}Bob
❑ Is this secure?
![Page 145: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/145.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R, K}Alice
{R +1, K}Bob
❑ Is this secure?o Alice is authenticated and session key is secure
![Page 146: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/146.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R, K}Alice
{R +1, K}Bob
❑ Is this secure?o Alice is authenticated and session key is secureo Alice’s “nonce”, R, useless to authenticate Bob
![Page 147: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/147.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R, K}Alice
{R +1, K}Bob
❑ Is this secure?o Alice is authenticated and session key is secureo Alice’s “nonce”, R, useless to authenticate Bobo The key K is acting as Bob’s nonce to Alice
![Page 148: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/148.jpg)
Part 3 ⎯ Protocols 36
Authentication & Session Key
Alice Bob
“I’m Alice”, R
{R, K}Alice
{R +1, K}Bob
❑ Is this secure?o Alice is authenticated and session key is secureo Alice’s “nonce”, R, useless to authenticate Bobo The key K is acting as Bob’s nonce to Alice
❑ No mutual authentication
![Page 149: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/149.jpg)
Part 3 ⎯ Protocols 37
Public Key Authentication and Session Key
Alice Bob
![Page 150: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/150.jpg)
Part 3 ⎯ Protocols 37
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
![Page 151: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/151.jpg)
Part 3 ⎯ Protocols 37
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[R, K]Bob
![Page 152: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/152.jpg)
Part 3 ⎯ Protocols 37
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[R, K]Bob
[R +1, K]Alice
![Page 153: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/153.jpg)
Part 3 ⎯ Protocols 37
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[R, K]Bob
[R +1, K]Alice
❑ Is this secure?
![Page 154: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/154.jpg)
Part 3 ⎯ Protocols 37
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[R, K]Bob
[R +1, K]Alice
❑ Is this secure?o Mutual authentication (good), but…
![Page 155: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/155.jpg)
Part 3 ⎯ Protocols 37
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[R, K]Bob
[R +1, K]Alice
❑ Is this secure?o Mutual authentication (good), but…o … session key is not protected (very bad)
![Page 156: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/156.jpg)
Part 3 ⎯ Protocols 38
Public Key Authentication and Session Key
Alice Bob
![Page 157: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/157.jpg)
Part 3 ⎯ Protocols 38
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
![Page 158: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/158.jpg)
Part 3 ⎯ Protocols 38
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
{[R, K]Bob}Alice
![Page 159: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/159.jpg)
Part 3 ⎯ Protocols 38
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
{[R, K]Bob}Alice
{[R +1, K]Alice}Bob
![Page 160: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/160.jpg)
Part 3 ⎯ Protocols 38
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
{[R, K]Bob}Alice
{[R +1, K]Alice}Bob
❑ Is this secure?
![Page 161: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/161.jpg)
Part 3 ⎯ Protocols 38
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
{[R, K]Bob}Alice
{[R +1, K]Alice}Bob
❑ Is this secure?❑ No! It’s subject to subtle MiM attack
o See the next slide…
![Page 162: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/162.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice BobTrudy
![Page 163: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/163.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
Trudy
![Page 164: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/164.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
Trudy
2. “I’m Trudy”, R
![Page 165: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/165.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
Trudy
2. “I’m Trudy”, R
3. {[R, K]Bob}Trudy
![Page 166: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/166.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
4. {[R, K]Bob}Alice
Trudy
2. “I’m Trudy”, R
3. {[R, K]Bob}Trudy
![Page 167: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/167.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
4. {[R, K]Bob}Alice
5. {[R +1, K]Alice}BobTrudy
2. “I’m Trudy”, R
3. {[R, K]Bob}Trudy
![Page 168: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/168.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
4. {[R, K]Bob}Alice
5. {[R +1, K]Alice}BobTrudy
2. “I’m Trudy”, R
3. {[R, K]Bob}Trudy
6. time out
![Page 169: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/169.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
4. {[R, K]Bob}Alice
5. {[R +1, K]Alice}Bob
❑ Trudy can get [R, K]Bob and K from 3.
Trudy
2. “I’m Trudy”, R
3. {[R, K]Bob}Trudy
6. time out
![Page 170: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/170.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
4. {[R, K]Bob}Alice
5. {[R +1, K]Alice}Bob
❑ Trudy can get [R, K]Bob and K from 3.❑ Alice uses this same key K
Trudy
2. “I’m Trudy”, R
3. {[R, K]Bob}Trudy
6. time out
![Page 171: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/171.jpg)
Part 3 ⎯ Protocols 39
Public Key Authentication and Session Key
Alice Bob
1. “I’m Alice”, R
4. {[R, K]Bob}Alice
5. {[R +1, K]Alice}Bob
❑ Trudy can get [R, K]Bob and K from 3.❑ Alice uses this same key K ❑ And Alice thinks she’s talking to Bob
Trudy
2. “I’m Trudy”, R
3. {[R, K]Bob}Trudy
6. time out
![Page 172: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/172.jpg)
Part 3 ⎯ Protocols 40
Public Key Authentication and Session Key
Alice Bob
![Page 173: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/173.jpg)
Part 3 ⎯ Protocols 40
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
![Page 174: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/174.jpg)
Part 3 ⎯ Protocols 40
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[{R, K}Alice]Bob
![Page 175: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/175.jpg)
Part 3 ⎯ Protocols 40
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[{R, K}Alice]Bob
[{R +1, K}Bob]Alice
![Page 176: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/176.jpg)
Part 3 ⎯ Protocols 40
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[{R, K}Alice]Bob
[{R +1, K}Bob]Alice
❑ Is this secure?
![Page 177: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/177.jpg)
Part 3 ⎯ Protocols 40
Public Key Authentication and Session Key
Alice Bob
“I’m Alice”, R
[{R, K}Alice]Bob
[{R +1, K}Bob]Alice
❑ Is this secure?❑ Seems to be OK
o Anyone can see {R, K}Alice and {R +1, K}Bob
![Page 178: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/178.jpg)
Part 3 ⎯ Protocols 45
Public Key Authentication
![Page 179: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/179.jpg)
Part 3 ⎯ Protocols 45
Public Key Authentication❑ Sign and encrypt with nonce…
![Page 180: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/180.jpg)
Part 3 ⎯ Protocols 45
Public Key Authentication❑ Sign and encrypt with nonce…
o Insecure
![Page 181: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/181.jpg)
Part 3 ⎯ Protocols 45
Public Key Authentication❑ Sign and encrypt with nonce…
o Insecure❑ Encrypt and sign with nonce…
![Page 182: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/182.jpg)
Part 3 ⎯ Protocols 45
Public Key Authentication❑ Sign and encrypt with nonce…
o Insecure❑ Encrypt and sign with nonce…
o Secure
![Page 183: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/183.jpg)
Part 3 ⎯ Protocols 45
Public Key Authentication❑ Sign and encrypt with nonce…
o Insecure❑ Encrypt and sign with nonce…
o Secure❑ Protocols can be subtle!
![Page 184: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/184.jpg)
Part 3 ⎯ Protocols 47
Perfect Forward Secrecy
![Page 185: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/185.jpg)
Part 3 ⎯ Protocols 47
Perfect Forward Secrecy❑ Consider this “issue”…
o Alice encrypts message with shared key K and sends ciphertext to Bob
o Trudy records ciphertext and later attacks Alice’s (or Bob’s) computer to recover K
o Then Trudy decrypts recorded messages
![Page 186: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/186.jpg)
Part 3 ⎯ Protocols 47
Perfect Forward Secrecy❑ Consider this “issue”…
o Alice encrypts message with shared key K and sends ciphertext to Bob
o Trudy records ciphertext and later attacks Alice’s (or Bob’s) computer to recover K
o Then Trudy decrypts recorded messages❑ Perfect forward secrecy (PFS): Trudy
cannot later decrypt recorded ciphertext o Even if Trudy gets key K or other secret(s)
![Page 187: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/187.jpg)
Part 3 ⎯ Protocols 47
Perfect Forward Secrecy❑ Consider this “issue”…
o Alice encrypts message with shared key K and sends ciphertext to Bob
o Trudy records ciphertext and later attacks Alice’s (or Bob’s) computer to recover K
o Then Trudy decrypts recorded messages❑ Perfect forward secrecy (PFS): Trudy
cannot later decrypt recorded ciphertext o Even if Trudy gets key K or other secret(s)
❑ Is PFS possible?
![Page 188: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/188.jpg)
Part 3 ⎯ Protocols 48
Perfect Forward Secrecy❑ Suppose Alice and Bob share key K ❑ For perfect forward secrecy, Alice and Bob
cannot use K to encrypt ❑ Instead they must use a session key KS and
forget it after it’s used ❑ Can Alice and Bob agree on session key KS in
a way that provides PFS?
![Page 189: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/189.jpg)
Part 3 ⎯ Protocols 49
Naïve Session Key Protocol
Alice, K Bob, K
![Page 190: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/190.jpg)
Part 3 ⎯ Protocols 49
Naïve Session Key Protocol
Alice, K Bob, K
E(KS, K)
![Page 191: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/191.jpg)
Part 3 ⎯ Protocols 49
Naïve Session Key Protocol
Alice, K Bob, K
E(KS, K)
E(messages, KS)
![Page 192: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/192.jpg)
Part 3 ⎯ Protocols 49
Naïve Session Key Protocol
❑ Trudy could record E(KS, K)
Alice, K Bob, K
E(KS, K)
E(messages, KS)
![Page 193: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/193.jpg)
Part 3 ⎯ Protocols 49
Naïve Session Key Protocol
❑ Trudy could record E(KS, K)❑ If Trudy later gets K then she can get KS
o Then Trudy can decrypt recorded messages
Alice, K Bob, K
E(KS, K)
E(messages, KS)
![Page 194: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/194.jpg)
Part 3 ⎯ Protocols 49
Naïve Session Key Protocol
❑ Trudy could record E(KS, K)❑ If Trudy later gets K then she can get KS
o Then Trudy can decrypt recorded messages❑ No perfect forward secrecy in this case
Alice, K Bob, K
E(KS, K)
E(messages, KS)
![Page 195: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/195.jpg)
Part 1 ⎯ Cryptography 121
Diffie-Hellman
![Page 196: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/196.jpg)
Part 1 ⎯ Cryptography 122
Diffie-Hellman Key Exchange❑ Invented by Williamson (GCHQ) and,
independently, by D and H (Stanford) ❑ A “key exchange” algorithm
o Used to establish a shared symmetric key o Not for encrypting or signing
❑ Based on discrete log problem o Given: g, p, and gk mod p o Find: exponent k
![Page 197: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/197.jpg)
Part 1 ⎯ Cryptography 123
Diffie-Hellman❑ Let p be prime, let g be a generator
o For any x ∈ {1,2,…,p-1} there is n s.t. x = gn mod p ❑ Alice selects her private value a ❑ Bob selects his private value b ❑ Alice sends ga mod p to Bob ❑ Bob sends gb mod p to Alice ❑ Both compute shared secret, gab mod p❑ Shared secret can be used as symmetric key
![Page 198: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/198.jpg)
Part 1 ⎯ Cryptography 124
Diffie-Hellman❑ Public: g and p ❑ Private: Alice’s exponent a, Bob’s exponent b
Alice, a Bob, b
![Page 199: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/199.jpg)
Part 1 ⎯ Cryptography 124
Diffie-Hellman❑ Public: g and p ❑ Private: Alice’s exponent a, Bob’s exponent b
Alice, a Bob, b
ga mod p
![Page 200: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/200.jpg)
Part 1 ⎯ Cryptography 124
Diffie-Hellman❑ Public: g and p ❑ Private: Alice’s exponent a, Bob’s exponent b
Alice, a Bob, b
ga mod p
gb mod p
![Page 201: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/201.jpg)
Part 1 ⎯ Cryptography 124
Diffie-Hellman❑ Public: g and p ❑ Private: Alice’s exponent a, Bob’s exponent b
Alice, a Bob, b
ga mod p
gb mod p
❑ Alice computes (gb)a = gba = gab mod p ❑ Bob computes (ga)b = gab mod p❑ They can use K = gab mod p as symmetric key
![Page 202: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/202.jpg)
Part 1 ⎯ Cryptography 125
Diffie-Hellman❑ Suppose Bob and Alice use Diffie-Hellman
to determine symmetric key K = gab mod p ❑ Trudy can see ga mod p and gb mod p
o But… ga gb mod p = ga+b mod p ≠ gab mod p ❑ If Trudy can find a or b, she gets K❑ If Trudy can solve discrete log problem,
she can find a or b
![Page 203: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/203.jpg)
Part 1 ⎯ Cryptography 126
Diffie-Hellman❑ Subject to man-in-the-middle (MiM) attack
Alice, a Bob, bTrudy, t
![Page 204: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/204.jpg)
Part 1 ⎯ Cryptography 126
Diffie-Hellman❑ Subject to man-in-the-middle (MiM) attack
Alice, a Bob, b
ga mod p
Trudy, t
![Page 205: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/205.jpg)
Part 1 ⎯ Cryptography 126
Diffie-Hellman❑ Subject to man-in-the-middle (MiM) attack
Alice, a Bob, b
ga mod p
Trudy, t
gt mod p
![Page 206: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/206.jpg)
Part 1 ⎯ Cryptography 126
Diffie-Hellman❑ Subject to man-in-the-middle (MiM) attack
Alice, a Bob, b
ga mod p
gb mod p
Trudy, t
gt mod p
![Page 207: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/207.jpg)
Part 1 ⎯ Cryptography 126
Diffie-Hellman❑ Subject to man-in-the-middle (MiM) attack
Alice, a Bob, b
ga mod p
gb mod p
Trudy, t
gt mod p
gt mod p
![Page 208: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/208.jpg)
Part 1 ⎯ Cryptography 126
Diffie-Hellman❑ Subject to man-in-the-middle (MiM) attack
Alice, a Bob, b
ga mod p
gb mod p
Trudy, t
gt mod p
gt mod p
❑ Trudy shares secret gat mod p with Alice ❑ Trudy shares secret gbt mod p with Bob ❑ Alice and Bob don’t know Trudy is MiM
![Page 209: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/209.jpg)
Part 1 ⎯ Cryptography 127
Diffie-Hellman❑ How to prevent MiM attack?
o Encrypt DH exchange with symmetric key o Encrypt DH exchange with public key o Sign DH values with private key o Other?
❑ At this point, DH may look pointless… o …but it’s not (more on this later)
❑ You MUST be aware of MiM attack on Diffie-Hellman
![Page 210: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/210.jpg)
Part 3 ⎯ Protocols 50
Perfect Forward Secrecy❑ We can use Diffie-Hellman for PFS ❑ Recall: public g and p
Alice, a Bob, b
![Page 211: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/211.jpg)
Part 3 ⎯ Protocols 50
Perfect Forward Secrecy❑ We can use Diffie-Hellman for PFS ❑ Recall: public g and p
Alice, a Bob, b
ga mod p
![Page 212: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/212.jpg)
Part 3 ⎯ Protocols 50
Perfect Forward Secrecy❑ We can use Diffie-Hellman for PFS ❑ Recall: public g and p
Alice, a Bob, b
ga mod p
gb mod p
![Page 213: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/213.jpg)
Part 3 ⎯ Protocols 50
Perfect Forward Secrecy❑ We can use Diffie-Hellman for PFS ❑ Recall: public g and p
❑ But Diffie-Hellman is subject to MiMAlice, a Bob, b
ga mod p
gb mod p
![Page 214: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/214.jpg)
Part 3 ⎯ Protocols 50
Perfect Forward Secrecy❑ We can use Diffie-Hellman for PFS ❑ Recall: public g and p
❑ But Diffie-Hellman is subject to MiM❑ How to get PFS and prevent MiM?
Alice, a Bob, b
ga mod p
gb mod p
![Page 215: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/215.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
Alice: K, a Bob: K, b
![Page 216: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/216.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
Alice: K, a Bob: K, b
E(ga mod p, K)
![Page 217: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/217.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
Alice: K, a Bob: K, b
E(ga mod p, K)
E(gb mod p, K)
![Page 218: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/218.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
❑ Session key KS = gab mod p
Alice: K, a Bob: K, b
E(ga mod p, K)
E(gb mod p, K)
![Page 219: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/219.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
❑ Session key KS = gab mod p❑ Alice forgets a, Bob forgets b
Alice: K, a Bob: K, b
E(ga mod p, K)
E(gb mod p, K)
![Page 220: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/220.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
❑ Session key KS = gab mod p❑ Alice forgets a, Bob forgets b❑ This is known as Ephemeral Diffie-Hellman
Alice: K, a Bob: K, b
E(ga mod p, K)
E(gb mod p, K)
![Page 221: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/221.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
❑ Session key KS = gab mod p❑ Alice forgets a, Bob forgets b❑ This is known as Ephemeral Diffie-Hellman❑ Neither Alice nor Bob can later recover KS
Alice: K, a Bob: K, b
E(ga mod p, K)
E(gb mod p, K)
![Page 222: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/222.jpg)
Part 3 ⎯ Protocols 51
Perfect Forward Secrecy
❑ Session key KS = gab mod p❑ Alice forgets a, Bob forgets b❑ This is known as Ephemeral Diffie-Hellman❑ Neither Alice nor Bob can later recover KS❑ Are there other ways to achieve PFS?
Alice: K, a Bob: K, b
E(ga mod p, K)
E(gb mod p, K)
![Page 223: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/223.jpg)
Part 3 ⎯ Protocols 52
Mutual Authentication, Session Key and PFS
Alice Bob
![Page 224: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/224.jpg)
Part 3 ⎯ Protocols 52
Mutual Authentication, Session Key and PFS
Alice Bob
“I’m Alice”, RA
![Page 225: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/225.jpg)
Part 3 ⎯ Protocols 52
Mutual Authentication, Session Key and PFS
Alice Bob
“I’m Alice”, RA
RB, [RA, gb mod p]Bob
![Page 226: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/226.jpg)
Part 3 ⎯ Protocols 52
Mutual Authentication, Session Key and PFS
Alice Bob
“I’m Alice”, RA
RB, [RA, gb mod p]Bob
[RB, ga mod p]Alice
![Page 227: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/227.jpg)
Part 3 ⎯ Protocols 52
Mutual Authentication, Session Key and PFS
Alice Bob
“I’m Alice”, RA
RB, [RA, gb mod p]Bob
[RB, ga mod p]Alice
❑ Session key is K = gab mod p
![Page 228: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/228.jpg)
Part 3 ⎯ Protocols 52
Mutual Authentication, Session Key and PFS
Alice Bob
“I’m Alice”, RA
RB, [RA, gb mod p]Bob
[RB, ga mod p]Alice
❑ Session key is K = gab mod p❑ Alice forgets a and Bob forgets b
![Page 229: Authentication Protocols - jaferian.comjaferian.com/nyit/3-key_exchange.pdf · Identify Friend or Foe (IFF) Namibia K Angola SAAF Impala K Russian MIG. Part 3 ⎯ Protocols 8 Identify](https://reader031.fdocuments.net/reader031/viewer/2022030504/5ab0b1f07f8b9a6b468b9d38/html5/thumbnails/229.jpg)
Part 3 ⎯ Protocols 52
Mutual Authentication, Session Key and PFS
Alice Bob
“I’m Alice”, RA
RB, [RA, gb mod p]Bob
[RB, ga mod p]Alice
❑ Session key is K = gab mod p❑ Alice forgets a and Bob forgets b❑ If Trudy later gets Bob’s and Alice’s secrets,
she cannot recover session key K