Authentication Using Symmetric Keys Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Authentication Using Symmetric Keys Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University
Authentication Using Symmetric Keys Assumption -Without Trusted Third Party:each pair of parties share a secret key K -With Trusted Third Party:each party shares a secret key K with the 3rd party Threat model: -Message injection Inject a new message into a channel -Message modification Modify a message in a channel Message loss Delete a message in a channel -Message replay ●Replay an old message 2
2 Authentication Using Symmetric Keys Assumption ─ Without Trusted Third Party: each pair of parties share a secret key K ─ With Trusted Third Party: each party shares a secret key K with the 3rd party Threat model: ─ Message injection ● Inject a new message into a channel ─ Message modification ● Modify a message in a channel ─ Message loss ● Delete a message in a channel ─ Message replay ● Replay an old message
Without Trusted Third Party-Version 1 Alice Bob A,n,(nKAB Question:What is wrong with this authentication protocol? -Answer:vulnerable to replay attack. -How to fix this problem? 3
3 Without Trusted Third Party – Version 1 Question: What is wrong with this authentication protocol? ─ Answer: vulnerable to replay attack. ─ How to fix this problem? Alice Bob A, n, {n}KAB
Without Trusted Third Party-Version 2 Alice A Bob n (n KAB Question:What is wrong with this authentication protocol? -Answer:no session key is established,and no mutual authentication. -How to fix this problem?-Add session key kab and a nounce m from Alice 4
4 Without Trusted Third Party – Version 2 Question: What is wrong with this authentication protocol? ─ Answer: no session key is established, and no mutual authentication. ─ How to fix this problem? - Add session key kab, and a nounce m from Alice Alice A Bob n {n}KAB
Without Trusted Third Party-Final Version Alice A Bob n (n,Kab)KaB:m m kab Key management problems in authentication protocols without trusted third party: -1.Every pair of users need to have a shared secret key-too many keys. -2.Hard to manage:when a user joins a group,every one in the group needs to configure a new key with this person. -Solution:use a trusted third party-reduce n2 keys to n keys. 5
5 Without Trusted Third Party – Final Version Key management problems in authentication protocols without trusted third party: ─ 1. Every pair of users need to have a shared secret key – too many keys. ─ 2. Hard to manage: when a user joins a group, every one in the group needs to configure a new key with this person. ─ Solution: use a trusted third party – reduce n2 keys to n keys. Alice A Bob n {n, kab}KAB, m {m} kab
With Trusted Third Party-Version 1 Version 1: Alice A Bob n Authentication (n KA Center A,(nKA nKa Question:Is this authentication protocol secure? -Answer:No.Vulnerable to man-in-the-middle attacks. 6
6 With Trusted Third Party – Version 1 Version 1: Question: Is this authentication protocol secure? ─ Answer: No. Vulnerable to man-in-the-middle attacks. Alice A Bob n {n}KA A, {n}KA {n}KB Authentication Center
Attacks on Version 1 with 3rd Party Man-in-the-middle attack I am Robert I am Alice Alice Robert Bob A n Authentication Center A,(nika (nKB How to defend against this attack? -Solution:add principal name to prevent (n}k from being reused by attacker. 7
7 Man-in-the-middle attack How to defend against this attack? ─ Solution: add principal name to prevent {n}KA from being reused by attacker. Alice Bob A n {n}KA A, {n}KA {n}KB Authentication Center Robert A n {n}KA Attacks on Version 1 with 3rd Party I am Robert I am Alice
With Trusted Third Party -Version 2 Alice A Bob n Authentication (n,B)KA Center A,{n,BKA→ nKB Question:Is this authentication protocol secure? -Answer:No. 8
8 With Trusted Third Party – Version 2 Question: Is this authentication protocol secure? ─ Answer: No. Alice A Bob n {n, B}KA A, {n, B}KA {n}KB Authentication Center
Attacks on Version 2 with 3rd Party I am Alice Robert Bob A n Let me modify msg A,(n,B)KR Robert A,(n,B)KR Authentication R,(n,B)KR Center How to defend against this attack? -Solution:add principal name into nKB 9
9 Attacks on Version 2 with 3rd Party How to defend against this attack? ─ Solution: add principal name into {n}KB. Bob R, {n, B}KR {n}KB Authentication Center Robert A n A, {n, B}KR Robert A, {n, B}KR I am Alice Let me modify msg
With Trusted Third Party-Version 3 Alice A Bob n Authentication (n,B)KA Center A,{n,BKA→ Symmetry is not goodn A'KB Question:Is this authentication protocol secure? Answer:No. Hint:message symmetry in authentication protocols is not good. 10
10 With Trusted Third Party – Version 3 Question: Is this authentication protocol secure? ─ Answer: No. Hint: message symmetry in authentication protocols is not good. Alice A Bob n {n, B}KA A, {n, B}KA {n, A}KB Authentication Center Symmetry is not good