• Home

  • Documents

  • Authentication and Key Agreement – Flexibility in credentials – Modern, publically...
9
Authentication and Key Agreement Flexibility in credentials Modern, publically analysed/available cryptographic primitives Freshness guarantees PFS? Mutual authentication Identity hiding for supplicant/end-user No key re-use Fast re-key Fast handoff Efficiency not an overarching concern: Protocol runs only 1/2^N-1 packets, on average DOS resistance

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Embed Size (px)

Citation preview

Page 1: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Authentication and Key Agreement– Flexibility in credentials

– Modern, publically analysed/available cryptographic primitives

– Freshness guarantees

– PFS?

– Mutual authentication

– Identity hiding for supplicant/end-user

– No key re-use

– Fast re-key

– Fast handoff

– Efficiency not an overarching concern:● Protocol runs only 1/2^N-1 packets, on average

– DOS resistance

Page 2: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Credentials flexibility

● Local security policy dictates types of credentials used by end-users

● Legacy authentication compatibility extremely important in market

● Examples:– username/password– Tokens (SecurID, etc)– X.509 certificates

Page 3: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Algorithms

● Algorithms must provide confidentiality and integrity of the authentication and key agreement.

● Public-key encryption/signature– RSA– ECC– DSA

● PFS support– D-H

Page 4: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Freshness

● Most cryptographic primitives require strong random material that is “fresh”.– Not a protocol issue, per se, but a design requirement

nonetheless

Page 5: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Mutual Authentication

● Both sides of authentication/key agreement must be certain of identity of other party.

● Symmetric RSA/DSA schemes (public-keys on both sides)

● Asymmetric schemes– Legacy on end-user side– RSA/DSA on authenticator side

Page 6: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Identity hiding

● Important to hide end-user identity in some situations (public shared networks, for example).– DISTINCT from hiding MAC address

● IPSEC has gone down this road, and has much experience.

● Not as easy as it sounds—active attacks make it harder.

Page 7: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Fast rekey/fast handoff

● Ability to create fresh keying material without undergoing slow authentication path (requiring username/password again, for example).

● In mobile environments, ability to transition without re-doing initial authentication.

Page 8: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Efficiency

● CPU efficiency not a serious concern, since this protocol will be used relatively infrequently.

● On-the-wire efficiency may be important in low-bandwidth scenarios, but again protocol is not run that often, compared to MACsec.

Page 9: Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

DOS resistance

● Modern key-agreement protocols fertile ground for DOS attacks.

● Look to other schemes (IKE, for example) to provide guidance.

● No perfect anti-DOS schemes– Increase unpleasantnesss for attacker– Detect and throw away bogosity at the earliest,

cheapest point in the protocol.


PKG - Freshness in Packaging

PKG - Freshness in Packaging

Design
OUTPUT PRIMITIVES Computer Graphics. OUTPUT PRIMITIVES Output Primitives: Basic geometric structures used to describe scenes. (points, straight line

OUTPUT PRIMITIVES Computer Graphics. OUTPUT PRIMITIVES Output Primitives: Basic geometric structures used to describe scenes. (points, straight line

Documents
Rtk Primitives

Rtk Primitives

Documents
Harvesting Fresh Trees on the Farm - MAPAQ · Harvesting Fresh Trees on the Farm • Freshness definitions ... Freshness • Frequently, freshness is defined by a point when your

Harvesting Fresh Trees on the Farm - MAPAQ · Harvesting Fresh Trees on the Farm • Freshness definitions ... Freshness • Frequently, freshness is defined by a point when your

Documents
OpenGL L01-Primitives

OpenGL L01-Primitives

Software
Freshness Cues

Freshness Cues

Design
Drawing Geometric Objects Drawing Primitives OpenGL sets three types of drawing primitives Points Lines Polygons, e.g, traingles All primitives

Drawing Geometric Objects Drawing Primitives OpenGL sets three types of drawing primitives Points Lines Polygons, e.g, traingles All primitives

Documents
Geometric Primitives

Geometric Primitives

Documents
Filled-Area Primitives-I Graphics (CS602) ... Filled-Area Primitives-I So far we have covered some output primitives that is drawing primitives like

Filled-Area Primitives-I Graphics (CS602) ... Filled-Area Primitives-I So far we have covered some output primitives that is drawing primitives like

Documents
Polygon primitives

Polygon primitives

Education
Data Freshness

Data Freshness

Documents
Output Primitives Gm

Output Primitives Gm

Documents
CG - Output Primitives

CG - Output Primitives

Education
GPAC Sealed For Freshness

GPAC Sealed For Freshness

Documents
Drawing Primitives

Drawing Primitives

Documents
Publically available, online mapping system - pollinators.ie · ZActionsfor Pollinators(pollinators.biodiversityireland.ie) is a publically available, online mapping system. It allows

Publically available, online mapping system - pollinators.ie · ZActionsfor Pollinators(pollinators.biodiversityireland.ie) is a publically available, online mapping system. It allows

Documents
Cryptographic primitives

Cryptographic primitives

Documents
DIS Shariah Services Brochure Publically Published

DIS Shariah Services Brochure Publically Published

Documents
Citizen #4 - Hello Freshness

Citizen #4 - Hello Freshness

Documents
Java Primitives

Java Primitives

Documents
Opengl Primitives Examples

Opengl Primitives Examples

Documents
Out Put Primitives

Out Put Primitives

Documents
Policies & Procedures - myDOCS - Publically Accessible Content

Policies & Procedures - myDOCS - Publically Accessible Content

Documents
List of Lynx Primitives of Lynx... · 2020. 4. 7. · List of Lynx Primitives This Guide contains the entire list of Lynx primitives. The primitives constitute the permanent Lynx

List of Lynx Primitives of Lynx... · 2020. 4. 7. · List of Lynx Primitives This Guide contains the entire list of Lynx primitives. The primitives constitute the permanent Lynx

Documents
Intel Performance Primitives

Intel Performance Primitives

Documents
CS527 Software Security - Software BugsFrom Software Bugs to Attack Primitives Attack primitives areexploitbuildingblocks Software bugs maptoattack primitives,i.e.,enable computation

CS527 Software Security - Software BugsFrom Software Bugs to Attack Primitives Attack primitives areexploitbuildingblocks Software bugs maptoattack primitives,i.e.,enable computation

Documents
Preemptive Freshness Management 3-2-17 - Zest Labs · Preemptive Freshness Management Empowering Workers to Improve Delivered Freshness ... the‐field experience. A solution that

Preemptive Freshness Management 3-2-17 - Zest Labs · Preemptive Freshness Management Empowering Workers to Improve Delivered Freshness ... the‐field experience. A solution that

Documents
Modern Primitives

Modern Primitives

Documents
UNIT 3 Data Mining Primitives, Languages, and System ...€3 Data Mining Primitives, Languages, and ... clustering LecturLecturee‐18 ‐‐Data mining primitives: ... – Integrating

UNIT 3 Data Mining Primitives, Languages, and System ...€3 Data Mining Primitives, Languages, and ... clustering LecturLecturee‐18 ‐‐Data mining primitives: ... – Integrating

Documents
2IV60 6 Primitives

2IV60 6 Primitives

Documents