Authentication
Security Handshake Pitfalls 2
1 IT352 | Network Security
|Najwa AlGhamdi
Mediated Authentication ( With KDC)
• KDC has a database consists of all users’ keys.
• Simple Protocol
Problems • Potential delayed key delivery to
Bob. – Alice could send message to Bob as
soon as she got KAB from KDC , while Bob didn’t receive the key yet.
IT352 | Network Security |Najwa AlGhamdi
2
Alic
e
Bo
b KDC
Alice wants Bob
KA{Bob, KAB}
KB{Alice, KAB}
Mediated Authentication ( With KDC)
• Since Alice is going to communicate with Bob any , KDC gives Alice the information KDC would pass it to Bob using Ticket.
.
• This protocol should be followed by mutual authentication.
IT352 | Network Security |Najwa AlGhamdi
3
Alic
e
Bo
b KDC
Alice wants Bob
KA{Bob, KAB}, ticketB
where ticketB= KB{Alice, KAB}
Alice, ticketB
Mediated Authentication ( With KDC)
Needham-Schroeder
• A classic protocol for authentication using KDC.
• Nonce is used.
• Nonce : a number that is used only once. It could be
1. a sequence number.
2. Large random number
3. Timestamp.
IT352 | Network Security |Najwa AlGhamdi
4
Mediated Authentication ( With KDC)
Needham-Schroeder
IT352 | Network Security |Najwa AlGhamdi
5
Alic
e
Bo
b
KDC
N1, Alice, Bob
KA{N1, Bob, KAB, ticketB} where ticketB= KB{KAB, Alice}
ticketB, KAB{N2}
KAB{N2-1, N3}
KAB{N3-1}
Mediated Authentication ( With KDC)
Needham-Schroeder
• The purpose of Nonce N1 is to assure Alice that she is really talking to KDC
IT352 | Network Security |Najwa AlGhamdi
6
Alic
e
Bo
b
KDC
N1, Alice, Bob
KA{N1, Bob, KAB, ticketB} where ticketB= KB{KAB, Alice}
ticketB, KAB{N2}
KAB{N2-1, N3}
KAB{N3-1}
Mediated Authentication ( With KDC)
Needham-Schroeder
• KDC will give back generated to Alice and Bob.
• “Bob” is added to insure that this ticket is issued
for Bob.
IT352 | Network Security |Najwa AlGhamdi
7
Alic
e
Bo
b
KDC
N1, Alice, Bob
KA{N1, Bob, KAB, ticketB} where ticketB= KB{KAB, Alice}
ticketB, KAB{N2}
KAB{N2-1, N3}
KAB{N3-1}
Mediated Authentication ( With KDC)
Needham-Schroeder
• Alice Send an encrypted challenge N2 with
ticket to Bob.
IT352 | Network Security |Najwa AlGhamdi
8
Alic
e
Bo
b
KDC
N1, Alice, Bob
KA{N1, Bob, KAB, ticketB} where ticketB= KB{KAB, Alice}
ticketB, KAB{N2}
KAB{N2-1, N3}
KAB{N3-1}
Mediated Authentication ( With KDC)
Needham-Schroeder
• Bob proves he know KAB because he use it to extract N2.
IT352 | Network Security |Najwa AlGhamdi
9
Alic
e
Bo
b
KDC
N1, Alice, Bob
KA{N1, Bob, KAB, ticketB} where ticketB= KB{KAB, Alice}
ticketB, KAB{N2}
KAB{N2-1, N3}
KAB{N3-1}
Mediated Authentication ( With KDC)
Needham-Schroeder
• Alice proves he know KAB because he use it to extract N3.
IT352 | Network Security |Najwa AlGhamdi
10
Alic
e
Bo
b
KDC
N1, Alice, Bob
KA{N1, Bob, KAB, ticketB} where ticketB= KB{KAB, Alice}
ticketB, KAB{N2}
KAB{N2-1, N3}
KAB{N3-1}
Mediated Authentication ( With KDC)
Security Vulnerability in Needham-Schroeder
• Happens when Trudy manages to capture a previous key used by Alice. Then Trudy will simply discover the shared key.
Expanded Needham-Schroeder
• Two Additional messages will be added
1. Alice will request a nonce from Bob .
2. Alice will pass this nonce to KDC , then KDC will package this nonce in the ticket to Bob.
Mediated Authentication ( With KDC)
Expanded Needham-Schroeder
• Two Additional messages will be added
1. Alice will request a nonce from Bob .
2. Alice will pass this nonce to KDC , then KDC will package this nonce in the ticket to Bob.
Alic
e
Bo
b KDC
N1, Alice, Bob, KB{NB}
KA{N1, Bob, KAB, ticketB} where ticketB= KB{KAB, Alice, NB}
ticketB, KAB{N2}
KAB{N2-1, N3}
KAB{N3-1}
hello
KB{NB}
Mediated Authentication ( With KDC)
Otway-Rees
• Alice will use two nonces .
Alic
e
Bo
b KDC
NC, KA{NA, KAB}, KB{NB, KAB}
KA{NA, NC, “Alice”, “Bob”} KB{NB, NC, “Alice”, “Bob”}
NC, “Alice”, “Bob”, KA{NA, NC, “Alice”, “Bob”}
KA{NA, KAB}
KAB{anything recognizable}