Professional Documents
Culture Documents
Auth KDS
Auth KDS
Auth KDS
Mahalingam Ramkumar
Department of CSE
Mississippi State University
So we have a shared secret...
● What next?
● Alice and Bob share a secret K
● How do they determine that they do?
● Challenge-Response Protocols
– Alice issues a challenge
– Bob replies
● Now Alice knows that Bob is authentic
– Bob issues a challenge
– Alice responds
● Now Bob knows Alice is authentic
Two-way Authentication
Rb
E(K,Rb)
Alice Bob
Ra
E(K,Ra)
Two-way Authentication
Simplified
A, Ra
Rb, E(K,Ra)
Alice Bob
E(K,Rb)
Not so simple!
(Reflection Attack)
A, Ra
Rb, E(K,Ra)
A, Rb
Not
Alice Rb2, E(K,Rb) Bob
E(K,Rb)
Ra
Rb, HMAC(Ra,Rb,A,B,K)
Alice Bob
HMAC(Ra,Rb,K)
Key Establishment
Diffie - Helman
Large prime p , generator, g
Alice picks a
p , g , ≡ga mod p
Bob picks b
b
≡g mod p
Alice Bob
a b ab
K A B ≡ ≡ ≡g mod p
Man in the Middle
Large prime p , generator, g
Alice picks a
p , g , ≡ga mod p
Oscar picks w
w Bob picks b
p , g , ≡g mod p
w
≡g mod p
Alice Os b
≡g mod p Bob
aw
K AB 1≡g mod p bw
K AB2≡g mod p
n a , ea
ea
n b , e b , K1≡K b mod na
Alice calculates
d
K b≡K1 mod na
Alice
a
eb
Bob
K2≡K a mod n b
Bob calculates
d
Ka≡K2 mod n b
b
K A B=Ka ⊕K b
Key Establishment with
Asymmetric Crypto
● Exchange public keys
● Established secret based on public and
private keys
● Alice – public key X
● What prevents Oscar from saying X is his
public key?
● Somebody has to certify that X is indeed
Alice's public key
● Who can do that?
– How?
● PKI (Public Key Infrastructure)
Certificate Authority
● CA signs public keys with the CA's private
key
● Everybody has access to CA's public key
– Public knowledge
– Announced in reputable sources (like
newspapers)
– Preloaded in all computers (or browsers)
● Only CA can sign / revoke certificates
● Anybody can verify a certificate
● X.509 certificate
X.509 Formats
Version
Algorithm/
Cert S.No
Parameters
Algorithm/
Parameters Issuer Name
Issuer Update date
Validity- Not Next Update
Before / After
Subject Revoked
Algorithms Certificates
Parameters .
Key .
Issuer ID V1 Signature
Subject ID
V2
Extensions Revocation List
V3
Signature
Certificate
Certificate Authorities
● CA<<X>> - certificate of X issued by CA
● Y<<X>> - certificate of X issued by Y
● Not very practical to have a single global
certificate authority
● Issuing certificates is a commercial service
● Verisign, Microsoft, Entrust, beTrusted,
eOriginal, SecureNet .....hundreds of issuers!
● If Alice and Bob have different CA's how can
they verify each other's certificates?
Certificate Trees
X Y
A B C D
X<<A>> X<<B>> Y<<C>> Y<<D>>
UX UX UY UY
A and B can verify each other's certificate C and D can verify each other's certificate
X<<Y>>
Y<<X>>
X Y
X<<Y>> Y<<X>>
A B C D
X<<A>> X<<B>> Y<<C>> Y<<D>>
UX,UY UX,UY UY,UX UY,UX
A and B can verify each other's certificate C and D can verify each other's certificate
T<<Y>>
T<<X>>
X Y
Y<<T>>
A B C D
X<<A>> X<<B>> Y<<C>> Y<<D>>
UX,UY UX,UY UY,UX UY,UX
A and B can verify each other's certificate C and D can verify each other's certificate
2
Number of unique values of aij is n1 / 2
The TA's secrets are ={aij }
A≡G A x≡F x , A mod p
B≡G B x≡F x ,B mod p
G A x,G B x are n degree polynomials in one variable
Coeffcients of G A x are the n+1 secrets A
Coeffcients of G B x are the n+1 secrets B
KA B≡G A B=G B B≡F A ,B
The scheme is n-secure
n or less nodes, pooling all their secrets cannot break the system
n+1 nodes can!