收藏
下载资源

安全协议4.2

上传人:ji****n 文档编号:54544505 上传时间:2018-09-14 格式:PPT 页数:22 大小:281.50KB
返回 下载 相关 举报
安全协议4.2_第1页
第1页 / 共22页
安全协议4.2_第2页
第2页 / 共22页
安全协议4.2_第3页
第3页 / 共22页
安全协议4.2_第4页
第4页 / 共22页
安全协议4.2_第5页
第5页 / 共22页
点击查看更多>>
资源描述

《安全协议4.2》由会员分享,可在线阅读,更多相关《安全协议4.2(22页珍藏版)》请在金锄头文库上搜索。

1、1,Authentication protocols,中国矿业大学计算机科学与技术学院,2,4.2 Protocols Using Shared Key Cryptography,3,Authentication with Symmetric Key,Alice, KAB,Bob, KAB,“Im Alice”,E(R,KAB),Secure method for Bob to authenticate Alice,Alice does not authenticate Bob,Can we achieve mutual authentication?,R,4,Mutual Authentic

2、ation?,Alice,Bob,“Im Alice”, R,E(R,KAB),E(R,KAB),Whats wrong with this picture? “Alice” could be Trudy (or anybody else)!,5,Mutual Authentication,Since we have a secure one-way authentication protocol The obvious thing to do is to use the protocol twice Once for Bob to authenticate Alice Once for Al

3、ice to authenticate Bob This has to work,6,Mutual Authentication,Alice,Bob,“Im Alice”, RA,RB, E(RA,KAB),E(RB,KAB),This provides mutual authentication or does it?,7,Mutual Authentication Attack,Bob,1. “Im Alice”, RA,2. RB, E(RA,KAB),Trudy,Bob,3. “Im Alice”, RB,4. RC, E(RB,KAB),Trudy,5. E(RB,KAB),8,Mu

4、tual Authentication,Our one-way authentication protocol not secure for mutual authentication Protocols are subtle! The “obvious” thing may not be secure Also, if assumptions or environment changes, protocol may not work This is a common source of security failure For example, Internet protocols,9,Sy

5、mmetric Key Mutual Authentication,Alice,Bob,“Im Alice”, RA,RB, E(“Bob”,RA,KAB),E(“Alice”,RB,KAB),Do these “insignificant” changes help? Yes!,10,Notation,Notation A, B :The two users who wish to share a new session key S :A trusted server MK :Encryption of message M with key K to provide confidential

6、ity and integrity M K : Encryption of message M with key K to provide confidentiality MK :One-way transformation of message M with K to provide integrity,11,Entity Authentication Protocols,1. AB: NA 2. B A : NB, u(KAB, NA, ) 3. AB: NA , v(KAB, NB, ),Bird等人的协议,1. IAB: NI 2. B IA : NB, u(KAB, NI, ) 1.

7、 IBA: NB(I为了回答B,开始一个新会话,询问A) 2. A IB : NA, u(KAB, NB, ) 3. IA B: u(KAB, NB, ) (I假冒A与B建立会话),u,v 相同时,存在Oracle attack,12,AB: TA, BKAB,ISO/IEC9798-2 protocols One-pass unilateral authentication protocol(timestamp),two-pass unilateral authentication protocol(nonce),1. B A : NB 2. AB: NB, BKAB,three-pass

8、mutual authentication protocol(nonces),two-pass mutual authentication protocol(timestamp),AB: TA, BKAB BA: TB, AKAB,1. B A : NB 2. AB: NA, NB, BKAB 3. BA : NB, NAKAB,13,1. AB: A 2. BA : NB 3. AB: NBKAS 4. BS : A, NBKASKBS 5. SB: NBKBS,Woo-Lam unilateral authentication protocol,B,A,S,1. A,2. NB,3. NB

9、KAS,4. A, NBKASKBS,5. NBKBS,14,1. IAB: A 1.IB: I 2. BIA : NB 2. BI : NB 3. IAB: R 3. IB: NBKIS 4. BS : A, RKBS 4. BS : I, NBKIS KBS 5. SB: NBKBS,Abadis attack,B,I(IA),S,1. 1,2. 2,3. 3,4. 4,5. NBKBS,I starts two runs with B, in one of which I claims to be A. B accepts the run in which I is masqueradi

10、ng as A and rejects the other run.,15,Server-less key establishment,KAB : The long-term key iniitially shared by A and B KAB : the value of the new session key,16,AB: TA, BKAB KAB = f(KAB, TA),ISO/IEC11770-2 server-less protocols,Mechanism 2,AB: KAB KAB,Mechanism 3,AB: TA, B, KAB KAB,1. B A : NB 2.

11、AB: NB, B, KAB KAB,Mechanism 4,1. AB: TA, B, FAB KAB 2. B A : TB, A, FBA KAB KAB = f(FAB, FBA)密钥材料F,Mechanism 5,1. B A : NB 2. AB: NA, NB, B, FAB KAB 2. B A : NB, NA, FBA KAB KAB = f(FAB, FBA),Mechanism 6, KAB提供机密性与完整性,Mechanism 1,17,Server-based key establishment,A, B: two users wishing to establis

12、h a session key S : the server KAS , KBS : long-term keys initially shared by A and S, and by B and S KAB : session key to be shared by A and B,18,1. A S : A, B, NA 2. S A : NA, B, KAB, KAB, AKBSKAS 3. A B : KAB,AKBS 4. B A : NBKAB 5. A B : NB - 1 KAB,Needham-Schroeder shared key protocol,1,2,3,4,5,

13、19,1. A S : A, B 2. S A : B, KAB, TS, A, KAB, TSKBSKAS 3. A B : A, KAB, TSKBS,Denning-Sacco protocol,Denning-Sacco attack: An intruder uses a compromised session key to masquerade as A to B.,A,B,S,1,2,3,20,1. A B : A, NA 2. B S : A, NA, B, NB 3. S B : KAB, A, NBKBS, KAB, B, NAKAS 4. B A :KAB, B, NAK

14、AS,Bauer-Berson-Feiertag protocol,Bauer attack: An intruder who learns the long-term key A can impersonate A even after the compromise is detected and the long-term key replaced.,A,B,S,21,Key establishment using multiple servers,If one or more servers become unavailable, it may still be possible for

15、 the users to establish a session key. If one or more servers are untrustworthy, users may still be able to establish a good key.,22,Gongs multi-server protocol KA,i, KB,i : A,B与服务器Si共享的长期密钥 秘密共享:A持有x,x可以从x1, x2, xn中的t个恢复; B持有y, y可以从y1, y2, yn中的t个恢复,1. A B : A, B, NA , A, B, xi , cc(x) KA,i 2. B Si : A, B, NA, NB , A, B, xi , cc(x) KA,i , B, A, yi , cc(y) KB,i 3. SiB: B , NA, yi , cci(y) KA,i , A , NB, xi , cci(x)KB,i 4. B A : B , NA, y1 , cc1(y) KA,1 , B , NA, yn , ccn(y) KA,n , NAKAB, NB 5. A B : NBKAB,A,B,Si,1,2,3,4,5,

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 中学教育 > 初中教育

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号