Cryptography

and Network
Security
User Authentication
Remote User-Authentication
Principles
• The process of verifying an identity claimed by or
for a system entity

• An authentication process consists of two steps:

Verification
• Presenting an step
identifier to the • Presenting or generating
security system authentication information
that corroborates the
binding between the entity
Identificatio and the identifier
n step
Means of User Authentication
Something the individual knows Something the individual
• Examples include a password, a possesses
personal identification number • Examples include cryptographic
(PIN), or answers to a keys, electronic keycards, smart
prearranged set of questions cards, and physical keys
There are four general
• This is referred to as a token
means of
authenticating a user’s
identity, which can be
used alone or in
combination
Something the individual is Something the individual does
(static biometrics) (dynamic biometrics)
• Examples include recognition by • Examples include recognition by
fingerprint, retina, and face voice pattern, handwriting
characteristics, and typing rhythm

• For network-based user authentication, the most important

methods involve cryptographic keys and something the
individual knows, such as a password
 Mutual Authentication
• Protocols which enable communicating parties to
satisfy themselves mutually about each other’s identity
and to exchange session keys
Central to the
problem of
authenticated
key exchange
are two issues:
Timeliness
• Important because of the threat
of message replays Confidentiality
• Such replays could allow an • Essential identification
opponent to: and session-key
• compromise a session key information must be
• successfully impersonate communicated in
another party encrypted form
• disrupt operations by • This requires the prior
presenting parties with existence of secret or
messages that appear public keys that can be
genuine but are not used for this purpose
 Replay Attacks
1. The simplest replay attack is one in which the opponent simply
copies a message and replays it later

2. An opponent can replay a timestamped message within the valid

time window

3. An opponent can replay a timestamped message within the valid

time window, but in addition, the opponent suppresses the
original message; thus, the repetition cannot be detected

4. Another attack involves a backward replay without modification

and is possible if symmetric encryption is used and the sender
cannot easily recognize the difference between messages sent
and messages received on the basis of content (Reflection
Attack)
 Approaches to Coping
With Replay Attacks
• Attach a sequence number to each message used in an authentication exchange
• A new message is accepted only if its sequence number is in the proper order
• Difficulty with this approach is that it requires each party to keep track of the last
sequence number for each claimant it has dealt with
• Generally not used for authentication and key exchange because of overhead

• Timestamps
• Requires that clocks among the various participants be synchronized
• Party A accepts a message as fresh only if the message contains a timestamp that,
in A’s judgment, is close enough to A’s knowledge of current time

• Challenge/response
• Party A, expecting a fresh message from B, first sends B a nonce (challenge) and
requires that the subsequent message (response) received from B contain the correct
nonce value

• Binding – In all cases, cryptographic means must be used to insure that neither
cut-and-paste nor message modification is possible without detection
 One-Way Authentication
One application for which
encryption is growing in A second requirement is
popularity is electronic that of authentication
mail (e-mail)
• Header of the e-mail • The recipient wants some
message must be in the assurance that the message
clear so that the message is from the alleged sender
can be handled by the
store-and-forward e-mail
protocol, such as SMTP or
X.400
• The e-mail message should
be encrypted such that the
mail-handling system is not
in possession of the
decryption key
See Chapter 19 on securing email
Remote User-Authentication Using
Symmetric Encryption
A two-level hierarchy of symmetric keys can be
used to provide confidentiality for
communication in a distributed environment
• Strategy involves the use of a trusted key
distribution center (KDC)
• Each party shares a secret key, known as a
master key, with the KDC
• KDC is responsible for generating keys to be
used for a short time over a connection between
two parties and for distributing those keys using
the master keys to protect the distribution
 Mutual Authentication
(Needham/Schroeder protocol)
 Mutual Authentication
(Needham/Schroeder protocol)

•Denning proposes to overcome this weakness by a modification to the

Needham/Schroeder protocol that includes the addition of a timestamp
to steps 2 and 3

•T is a timestamp that assures A and B that the session key has only
just been generated. Thus, both A and B know that the key distribution
is a fresh exchange. A and B can verify timeliness by checking that
 Mutual Authentication
(Denning protocol)

•An attempt is made to respond to the concerns about Suppress-replay

attacks and at the same time fix the problems in the Needham/Schroeder
protocol. Subsequently, an inconsistency in this latter protocol was noted
and an improved strategy was presented in.
 Suppress-Replay Attacks
• The Denning protocol requires reliance on clocks that are
synchronized throughout the network

• A risk involved is based on the fact that the distributed

clocks can become unsynchronized as a result of sabotage
on or faults in the clocks or the synchronization
mechanism

• The problem occurs when a sender’s clock is ahead of the

intended recipient’s clock
• An opponent can intercept a message from the sender and
replay it later when the timestamp in the message becomes
current at the recipient’s site
• Such attacks are referred to as suppress-replay attacks
 Mutual Authentication

•This protocol provides an effective, secure means for A and B to establish

a session with a secure session key
 Kerberos
• Authentication service developed as part of Project Athena at MIT

• A workstation cannot be trusted to identify its users correctly to

network services. In particular, the following three threats exits:
• A user may gain access to a particular workstation and pretend to be
another user operating from that workstation
• A user may alter the network address of a workstation so that the
requests sent from the altered workstation appear to come from the
impersonated workstation
• A user may eavesdrop on exchanges and use a replay attack to gain
entrance to a server or to disrupt operations

• Kerberos provides a centralized authentication server whose function

is to authenticate users to servers and servers to users
• Relies exclusively on symmetric encryption, making no use of public-key
encryption
 Kerberos Requirements
• The first published report on Kerberos listed the
following requirements:
• A network • Should be highly
eavesdropper should reliable and should
not be able to obtain the employ a distributed
necessary information server architecture
to impersonate a user with one system able
to back up another
Secure Reliable

Transpare
Scalable
nt

• The system should be • Ideally, the user should not be

capable of supporting aware that authentication is
large numbers of taking place beyond the
clients and servers requirement to enter a password
 Kerberos Version 4
• Makes use of DES to provide the authentication service

• Authentication server (AS)

• Knows the passwords of all users and stores these in a centralized database
• Shares a unique secret key with each server

• Ticket
• Created once the AS accepts the user as authentic; contains the user’s ID and
network address and the server’s ID
• Encrypted using the secret key shared by the AS and the server

• Ticket-granting server (TGS)

• Issues tickets to users who have been authenticated to AS
• Each time the user requires access to a new service the client applies to the TGS
using the ticket to authenticate itself
• The TGS then grants a ticket for the particular service
• The client saves each service-granting ticket and uses it to authenticate its user to
a server each time a particular service is requested
 Table 15.1 (page 464 in textbook)
Summary of Kerberos Version 4 Message Exchanges
(This table can be found on pages 467 – 468 in the textbook)
(page 3 of 3)
 Kerberos Realms
and Multiple Kerberi
• A full-service Kerberos environment consisting of a
Kerberos server, a number of clients, and a number
of application servers requires that:
• The Kerberos server must have the user ID and
hashed passwords of all participating users in its
database; all users are registered with the Kerberos
server
• The Kerberos server must share a secret key with
each server; all servers are registered with the
Kerberos server
• The Kerberos server in each interoperating realm
shares a secret key with the server in the other realm;
the two Kerberos servers are registered with each
other
 Differences Between
Versions 4 and 5
Version 5 is intended to
address the limitations of
version 4 in two areas:
Environmental Technical deficiencies
shortcomings • Double encryption
• Encryption system dependence • PCBC encryption
• Internet protocol dependence • Session keys
• Message byte ordering • Password attacks
• Ticket lifetime
• Authentication forwarding
• Interrealm authentication
 Table 15.3
Summary of Kerberos Version 5 Message Exchanges
 Table 15.4

Kerberos
Version 5
Flags

(Table can be found on

page 474 in textbook)
 Summary
• Remote
user-authentication
principles
• Mutual authentication
• One-way authentication

• Remote
user-authentication using
symmetric encryption
• Mutual authentication
• One-way authentication

• Kerberos
• Motivation