SlideShare une entreprise Scribd logo

Authentication (Distributed computing)

Télécharger en tant que PPT, PDF
Sri Prasanna
Sri Prasanna
Technologie
1  sur  56
Authentication Protocols Paul Krzyzanowski [email_address] [email_address] Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.
Authentication ,[object Object],[object Object]
Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Authentication ,[object Object],[object Object],[object Object],[object Object]
Reusable passwords ,[object Object],[object Object],[object Object],[object Object],[object Object]
Reusable passwords ,[object Object],[object Object],[object Object],[object Object],[object Object]
Reusable passwords ,[object Object],[object Object],[object Object],[object Object],[object Object]
One-time password ,[object Object],[object Object],[object Object],[object Object]
Skey authentication ,[object Object],[object Object],[object Object]
Skey authentication ,[object Object],[object Object],[object Object],[object Object],give this list to Alice
Skey authentication ,[object Object],[object Object],[object Object]
Skey authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]
Two-factor authentication with an authenticator card ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenge-Response authentication “ alice” Alice network host look up alice’s key, K generate random challenge number C R ’ = f( K , C ) R = f( K , C ) R = R ’ ? “ alice” C R ’ “ welcome” an eavesdropper does not see K
SecurID card Username: paul Password: 1234 032848 PIN passcode from card + Something you know Something you have ,[object Object],[object Object],[object Object],[object Object],Password: 354982 Passcode changes every 60 seconds
SecurID card ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SecurID ,[object Object],[object Object],[object Object]
SKID2/SKID3 authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SKID2/SKID3 authentication Alice chooses a random number (nonce) R A and sends it to Bob R A Bob
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob chooses a random number (nonce): R B. He computes H K (R A , R B ,”bob”) and sends it to Alice with R B Bob shows that he can encrypt Alice’s nonce
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Alice receives R B and has R A . Computes: H K (R A , R B ,”bob”) compares result to verify that Bob was able to encrypt data with key K . Authentication is complete as far as Alice is concerned (Bob knows the key).
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Now Alice has to convince Bob ( mutual authentication ) H K (R B , “alice”) Bob Alice demonstrates that she can encrypt Bob’s nonce
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob computes H K (R B , “alice”) and compares Alice’s message. If they match, he trusts Alice’s identity Key point : Each party permutes data generated by the other. Challenge the other party with data that will be different each time. H K (R B , “alice”) Bob
Combined authentication and key exchange
Wide-mouth frog ,[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key destination time stamp – prevent replay attacks sender
Wide-mouth frog ,[object Object],[object Object],[object Object],[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key destination time stamp – prevent replay attacks sender Trent:
Wide-mouth frog ,[object Object],[object Object],[object Object],[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key source time stamp – prevent replay attacks Trent: E B (T T ,”alice”, K) Bob
Wide-mouth frog ,[object Object],[object Object],[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key source time stamp – prevent replay attacks Bob: E B (T T ,”alice”, K) Bob
Wide-mouth frog ,[object Object],Alice E K (M) Bob
Kerberos ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Kerberos ,[object Object],[object Object],[object Object],[object Object]
Kerberos ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Authenticate, get permission ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],{“Bob’s server”, S} A Alice Authentication Server (AS) {“Alice”, S} B TICKET sealed envelope
Send key ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],{“Alice”, S} B , T S Alice Bob sealed envelope
Authenticate recipient ,[object Object],[object Object],Alice Bob {“Bob’s Server”, T} S
Kerberos key usage ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ticket Granting Service (TGS) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using Kerberos ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],{“TGS”, S} A {“Alice”, S} TGS
Using Kerberos ,[object Object],[object Object],Alice sends session key, S, to TGS Alice receives session key for rlogin service & ticket to pass to rlogin service {“rlogin@somehost”, S’} S {“Alice”, S’} R {“Alice”, S} TGS ,T S rlogin TGS session key for rlogin ticket for rlogin server on somehost
Public key authentication ,[object Object],[object Object],[object Object],[object Object],Like SKID, demonstrate we can encrypt or decrypt a nonce:
Public key authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]
Public key authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
X.509 Certificates ,[object Object],[object Object],[object Object],version serial # algorithm, params issuer validity time distinguished name public key (alg, params, key) signature of CA
X.509 certificates ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
Transport Layer Security (TLS) aka Secure Socket Layer (SSL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Secure Sockets Layer (SSL) client server ,[object Object],hello(version, protocol) hello(version, protocol) certificate (or public key) hello done certificate (or none)
Secure Sockets Layer (SSL) client server ,[object Object],client authenticates server server authenticates client encrypt with server’s private key client nonce E(nonce) client decrypts nonce with server’s public key server nonce E(nonce) server decrypts with client’s public key encrypt with client’s private key
Secure Sockets Layer (SSL) client server 3. Establish session key (for symmetric cryptography) encrypt with server’s public key server decrypts with server’s public key pick a session key E(session key) set cipher mode [optional]
Secure Sockets Layer (SSL) client server E S (data) 4. Exchange data (symmetric encryption) encrypt and decrypt with session key and symmetric algorithm (e.g. RC4)
The end.

Recommandé

Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 AuthenticationInformation Technology
 
Transactions and Concurrency Control
Transactions and Concurrency ControlTransactions and Concurrency Control
Transactions and Concurrency ControlDilum Bandara
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Event Driven programming(ch1 and ch2).pdf
Event Driven programming(ch1 and ch2).pdfEvent Driven programming(ch1 and ch2).pdf
Event Driven programming(ch1 and ch2).pdfAliEndris3
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)Zara Nawaz
 

Recommandé

Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 AuthenticationInformation Technology
 
Transactions and Concurrency Control
Transactions and Concurrency ControlTransactions and Concurrency Control
Transactions and Concurrency ControlDilum Bandara
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Event Driven programming(ch1 and ch2).pdf
Event Driven programming(ch1 and ch2).pdfEvent Driven programming(ch1 and ch2).pdf
Event Driven programming(ch1 and ch2).pdfAliEndris3
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)Zara Nawaz
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoastken_kitahara
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Windows PowerShell
Windows PowerShellWindows PowerShell
Windows PowerShellSandun Perera
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Securitysecdevmel
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security ConceptsMohit Saxena
 
Session hijacking
Session hijackingSession hijacking
Session hijackingGayatri Kapse
 
kerberos
kerberoskerberos
kerberossameer farooq
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipherVasuki Ramasamy
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Sri Prasanna
 
Key Exchange
Key ExchangeKey Exchange
Key Exchangephanleson
 

Contenu connexe

Tendances

Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoastken_kitahara
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Securitysecdevmel
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security ConceptsMohit Saxena
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipherVasuki Ramasamy
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 

Tendances (20)

SSL
SSLSSL
SSL
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoast
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Windows PowerShell
Windows PowerShellWindows PowerShell
Windows PowerShell
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.net
 
Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security Concepts
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
 
kerberos
kerberoskerberos
kerberos
 
Traditional symmetric-key cipher
Traditional symmetric-key cipherTraditional symmetric-key cipher
Traditional symmetric-key cipher
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 

Similaire à Authentication (Distributed computing)

Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Sri Prasanna
 
Key Exchange
Key ExchangeKey Exchange
Key Exchangephanleson
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Martin Kobetic
 
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuCryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuHasin Hayder
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.pptMIBrand
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.pptShounakDas16
 
Key Digital Signatures
Key Digital SignaturesKey Digital Signatures
Key Digital Signaturesphanleson
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortalsM A Hossain Tonu
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)neonaveen
 

Similaire à Authentication (Distributed computing) (20)

Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)
 
Key Exchange
Key ExchangeKey Exchange
Key Exchange
 
13
1313
13
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
1329 n 9460
1329 n 94601329 n 9460
1329 n 9460
 
network security
network security network security
network security
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003
 
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuCryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
 
Crypto2
Crypto2Crypto2
Crypto2
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
 
Key Digital Signatures
Key Digital SignaturesKey Digital Signatures
Key Digital Signatures
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortals
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppt
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.ppt
 
needed.ppt
needed.pptneeded.ppt
needed.ppt
 

Plus de Sri Prasanna

Qr codes para tech radar
Qr codes para tech radarQr codes para tech radar
Qr codes para tech radarSri Prasanna
 
Qr codes para tech radar 2
Qr codes para tech radar 2Qr codes para tech radar 2
Qr codes para tech radar 2Sri Prasanna
 
Network and distributed systems
Network and distributed systemsNetwork and distributed systems
Network and distributed systemsSri Prasanna
 
Introduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clustersIntroduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clustersSri Prasanna
 
Mapreduce: Theory and implementation
Mapreduce: Theory and implementationMapreduce: Theory and implementation
Mapreduce: Theory and implementationSri Prasanna
 
Other distributed systems
Other distributed systemsOther distributed systems
Other distributed systemsSri Prasanna
 

Plus de Sri Prasanna (20)

Qr codes para tech radar
Qr codes para tech radarQr codes para tech radar
Qr codes para tech radar
 
Qr codes para tech radar 2
Qr codes para tech radar 2Qr codes para tech radar 2
Qr codes para tech radar 2
 
Test
TestTest
Test
 
Test
TestTest
Test
 
assds
assdsassds
assds
 
assds
assdsassds
assds
 
asdsa
asdsaasdsa
asdsa
 
dsd
dsddsd
dsd
 
About stacks
About stacksAbout stacks
About stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
Network and distributed systems
Network and distributed systemsNetwork and distributed systems
Network and distributed systems
 
Introduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clustersIntroduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clusters
 
Mapreduce: Theory and implementation
Mapreduce: Theory and implementationMapreduce: Theory and implementation
Mapreduce: Theory and implementation
 
Other distributed systems
Other distributed systemsOther distributed systems
Other distributed systems
 

Dernier

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Dernier (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Authentication (Distributed computing)

  • 1. Authentication Protocols Paul Krzyzanowski [email_address] [email_address] Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Challenge-Response authentication “ alice” Alice network host look up alice’s key, K generate random challenge number C R ’ = f( K , C ) R = f( K , C ) R = R ’ ? “ alice” C R ’ “ welcome” an eavesdropper does not see K
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. SKID2/SKID3 authentication Alice chooses a random number (nonce) R A and sends it to Bob R A Bob
  • 20. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob chooses a random number (nonce): R B. He computes H K (R A , R B ,”bob”) and sends it to Alice with R B Bob shows that he can encrypt Alice’s nonce
  • 21. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Alice receives R B and has R A . Computes: H K (R A , R B ,”bob”) compares result to verify that Bob was able to encrypt data with key K . Authentication is complete as far as Alice is concerned (Bob knows the key).
  • 22. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Now Alice has to convince Bob ( mutual authentication ) H K (R B , “alice”) Bob Alice demonstrates that she can encrypt Bob’s nonce
  • 23. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob computes H K (R B , “alice”) and compares Alice’s message. If they match, he trusts Alice’s identity Key point : Each party permutes data generated by the other. Challenge the other party with data that will be different each time. H K (R B , “alice”) Bob
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54. Secure Sockets Layer (SSL) client server 3. Establish session key (for symmetric cryptography) encrypt with server’s public key server decrypts with server’s public key pick a session key E(session key) set cipher mode [optional]
  • 55. Secure Sockets Layer (SSL) client server E S (data) 4. Exchange data (symmetric encryption) encrypt and decrypt with session key and symmetric algorithm (e.g. RC4)