Computer Systems Security Lecture 6 Authentication II
› Password Authentication over a Network – Challenge-Response
– One-Time Password
Copyright By PowCoder代写 加微信 powcoder
– Strong Password Protocols
› Master Password – Single Sign-On
› Importance of Multiple Factor Authentication › Digital Certificate and Certificate Authority
I want to authenticate myself over the Internet. Should I send the password
directly to the server?
Password Authentication over a Network
› Transmit password in the clear
– Passive attack
› Password sniffing
– Active attack
› Impersonation of
Challenge-Response
› Let f be a secret function that is known only to Alice and Bob, – or a public-known function, with one of the input parameters that is a
secret to Alice and Bob.
› In a challenge-response protocol,
– Bob sends a random message C to Alice
– Alice replies with R = f(C)
– Bob validates R by computing it separately
Challenge-Response
› Problem?
One-time Passwords
A one-time password is a password that is invalidated as soon
as it is used.
Lamport’s Hash (S/Key)
› Let H be a one-way hash function
› Alice chooses an initial seed K0 – and calculates
K1 = H(K0) K2 = H(K1) …
Kn = H(Kn-1)
Lamport’s Hash (S/Key)
– Alice sends Kn to Bob.
– Bob initializes the database entry.
› Authentication
– Alice sends Kn-1 to Bob.
– Bob checks if Kn = H(Kn-1).
– If yes, Alice is authenticated.
› Bob replaces Kn with Kn-1 in his database › How about the next authentication?
Lamport’s Hash (S/Key)
› Questions
– What should be stored by Alice?
– What should be stored by Bob?
– Why does H have to be one-way?
– Do we need to assume that H is collision-resistant?
Weak Password
› Alice has a “weak” password pwd. – E.g., a memorable passphrase
› Bob stores a hash W = h(pwd) of the password.
› Alice’s workstation knows how to calculate W on the fly, once Alice types in her password.
› Use W in a way that does not give any hints on pwd.
Authentication Protocols
› An authentication protocol is an exchange of messages between two parties in order to authenticate at least one of the parties.
› The followings demonstrate various protocols for authentication with increment security considerations.
Encryption-with-Password
Encryption-with-Password + PKC
An Improved Version
Encrypted Key Exchange (EKE)
Strong Password Protocols
› EKE is one example of Strong Password Protocols
– Secure against eavesdropper
› No available plaintext-ciphertext pairs for dictionary attack.
– Secure against impersonation
› MalicemustguessthecorrectWinordertoimpersonateBobinthefirst message flow.
› Soitachievesmutualauthentication
– Bob must know W to encrypt PKE(K) correctly.
– Alice must know W (and her private key) to recover K and use K to encrypt RA correctly
› Remarks: A Strong Password Protocol are not the same as “setting a strong password” as we saw in Lecture 5.
– It is an authentication protocol that fulfills the above security requirements.
Master Password
› Rather than remembering dozens of passwords, and thus choosing very simple and weak passwords, or reusing passwords, we can use a master password.
› The idea
– you make the master password a good one, apply the appropriate rules to maintain its security, and never remember any of the others passwords derived from it.
Single Sign-On
› Single Sign-On (SSO) is designed to reduce the volume of authentication information, in other words, the number of passwords, that need to be remembered.
› What is the idea?
– Sign in once and access a lot of online resources.
Single Sign-On
› User is registered with multiple entities which share information.
› Centralized authentication generates a “token” which can be used for authentication to access independent systems.
– Microsoft Account – https://www.microsoft.com/en-us/account
– Facebook – https://developers.facebook.com/docs/facebook- login/multiple-providers
– Google Sign-In – https://developers.google.com/identity/
Case Study – Google Sign-In
qatarairways.com
openrice.com
airbnb.com
Case Study – Google Sign-In
› Google Sign-In uses OAuth protocol
– An authorization framework enables a third-party application to obtain limited access to an HTTP service on behalf of a resource owner, either
› by orchestrating an approval interaction between the resource owner and the HTTP service, or
› by allowing the third-party application to obtain access on its own behalf. › The current version adopted is 2.0
– https://developers.google.com/identity/protocols/OAuth2
Case Study – Google Sign-In
› The authorization sequence begins when your application redirects a browser to a Google URL; the URL includes query parameters that indicate the type of access being requested.
› Google handles the user authentication, session selection, and user consent.
› The result is an authorization code, which the application can exchange for an access token.
› The application uses the access token to access a Google API.
Source: https://developers.google.com/identity/protocols/OAuth2
How should I trust that a public key obtained from the Internet belongs to
Digital Certificate
Certification Authority (CA) & Digital Certificate
› A certification authority (CA) is an entity which issues digital certificates to all participants, including itself.
› A digital certificate is a data object which binds a set of relevant information together.
– The set of information includes the certificate owner’s identity and his public key.
– The CA certifies the binding by (digitally) signing over the data.
Certification Authority (CA) & Digital Certificate
› A digital certificate has the following components:
– owner-id and public-key
› the identifier (name) and the public key of the owner of the certificate, respectively
– other-info
› the issuing CA’s name, the certificate serial number, the owner’s e-mail address and other related information (such as her organization, address, etc.)
– signature
› The digital signature of the CA
– The CA uses its private key to sign on the rest of the data in the certificate
Trusting CA
› By signing the certificate, the CA
– vouches for the validity of the information contained in the certificate. Specifically, it certifies that the public key contained in the certificate belongs to the participant identified by owner- id.
– ensures that data integrity is maintained (by virtue of the signature).
Trusting CA
› Our trust in the CA is based on that it
– has a well defined and rigorously followed procedure for validating the owner’s identity and related information in the certificate;
– uses a secure system to carry out its functions;
– has adequate level of responsibility for its liability.
› The CA publishes its Certification Practice Statement (CPS) which covers policies and liabilities.
› Example: Hongkong Post e-Cert CPS
– https://www.hongkongpost.gov.hk/product/cps/ecert/index.html
Creating a Digital Certificate
› You can create a “self-signed” digital certificate using OpenSSL
https://www.digitalocean.com/community/tutorials/openssl- essentials-working-with-ssl-certificates-private-keys-and-csrs
› You can also apply a digital certificate for your personal use and/or your website using paid service
– Read: https://comodosslstore.com/ssl-types
– Question: Find out the validation methods for Domain Validation (DV)
Digital Certificate Standard
› In order to facilitate interoperability, ITU-T (a UN standards organization) defined the standard X.509 which includes the format of digital certificates.
› The main fields in a X.509 certificate are:
– subject’s (owner’s) identity;
– time of validity of the certification (starting and expiration dates);
– public key of subject (and public key algorithm and key length used); – name of issuing CA;
– serial number of the certificate (as assigned by the issuing CA);
– signature of the CA on this certificate (and signature algorithm used).
X.509 Certificate Format
Source: https://docs.microsoft.com/en-us/windows/desktop/seccertenroll/about-x-509-public-key-certificates
Certificate Revocation
› There are cases when a certificate has to be made invalid before its expiry date
– For example, when an employee leaves an organization, or when a participant’s private key has been compromised.
› Certificate Revocation List (CRL)
– The CA should periodically, or on demand basis, distribute CRL (which is signed by the CA) listing the serial numbers of the certificates that have been revoked.
– A participant using a certificate should check the latest CRL from the CA, to determine if the certificate is still valid.
Public-Key Infrastructure
› Public Key Infrastructure (PKI) consists of all pieces needed to securely use public key cryptography
– Key generation and management
– Certification authorities, digital certificates – Certificate revocation lists (CRLs)
Public-Key Infrastructure and E-commerce
› PKI can be used to ensure secure transactions on the open Internet. This is especially important to foster e- commerce development.
› PKI implementation provides a solution for the technical aspects of electronic transactions.
– To bring such transactions to equivalent footing as traditional transactions requires formal recognition by the community.
– Many countries have established legislation governing electronic transactions.
Public-Key Infrastructure in
› In , the “Electronic Transaction Ordinance” (https://www.ogcio.gov.hk/en/our_work/regulation/eto/ ) was January 2000 and updated in June 2004.
– Gives legal status to electronic records and transactions, digital signatures;
– Gives recognition to the first public CA, which went into operation in February 2000: Post e-Cert
Why is digital certificate still not popular?
› The concepts of digital certificate is complicated for the general public
› It is not convenient to use/store the cert and its private key
› Most online services normally do not require a digital certificate
– opt for other authentication means, like password and single sign-on
› Password Authentication over a Network – Challenge-Response
– One-Time Password
– Strong Password Protocols
› Master Password – Single Sign-On
› Digital Certificate and Certificate Authority
› (2005). Introduction to Computer Security. .
– Chapter 11.3 – 11.4
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com