How to avoid the playback attack?
Use a challenge resposnse protocol:
to prove Alice “live”, Bob sends Alice nonce, R.
Alice must return R, encrypted with shared secret key.
Nonce: number (R) used only once-in-a-lifetime.
Can we authenticate using public key techniques?
YES + use nonce AND public key cryptography
Bob computes:
(KA+ (KA-(R)) = R
he knows only Alice
has the private
key, that encrypted R
Man in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice).
Difficult to detect:
Symmetric key problem:
Solution:
Public key problem:
Solution:
How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other?
Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.
For each service request, client uses the short-term key for that service and the ticket he received from TGS.
1. Course Introduction: Security basic concepts
2. Access Control models: Authentication and authorization mechanisms
6. Role Based Access Control standard (v3)
7. XACML: extensible Access Control Markup Language
8. Authentication Protocols in distributed system
10. Java Authentication and Authorization Service (JAAS)
11. Network security
12. Network security, security protocols: PGP, SSL