بخشی از پاورپوینت

--- پاورپوینت شامل تصاویر میباشد ----

اسلاید 1 :

Password Vulnerabilities

  • Writing them down
  • Stolen passwords (via eavesdropping)

–Trojan Horse

  • Poor password choice

–Easy to guess, easy to remember

–People use the same password multiple times

–Passwords changed infrequently

  • Offline attacks

–Search through password dictionary

اسلاید 2 :

Survey of 3,289 Passwords

  • With no constraints on choice of password

–15 were a single ASCII letter.

–72 were strings of two ASCII letters.

–464 were strings of three ASCII letters.

–47 were strings of four alphanumerics.

–706 were five letters, all upper-case or all lower-case.

–605 were six letters, all lower case.

اسلاید 3 :

Strong Authentication

  • In strong authentication, one entity ‘proves’ its identity to another by demonstrating knowledge of a secret known to be associated with that entity, without revealing that secret itself during the protocol.
  • Also called `challenge-response’ authentication.
  • Use cryptographic mechanisms to protect messages in protocol:

–Encryption.

–Integrity mechanism (e.g. MAC).

–Digital signature.

اسلاید 4 :

Encryption-based Unilateral Authentication

1.A     B:  ‘Hi Bob, I’m Alice’

2.B     A:  R  (challenge)

3.A     B:  {R || B}K  (response)

      (Here, {X}K means string X encrypted under key K, and || means concatenation of strings.)

اسلاید 5 :

Security of the Protocol

  • Eve ‘sees’ R and {R || B}K. Because of idealised encryption, she should learn nothing about K.
  • Bob gets his challenge R back again, in an encrypted form that only Alice can prepare. This allows him to be sure of origin and integrity of the message.
  • But Mallory can impersonate Bob easily: so Bob not authenticated to Alice. Only unilateral authentication (of Alice to Bob).

اسلاید 6 :

Replay Attack

  • Mallory can’t prepare the correct response {R || B}K to Bob’s challenge because he doesn’t know K.
  • But R must be unpredictable: otherwise Mallory can masquerade as Alice in a subsequent protocol run, replaying Alice’s response.

اسلاید 7 :

  • The replay attack shows that origin and integrity checking are not enough – we also need a means of checking freshness of messages and liveness of principals.
  • Freshness: assurance that message has not been used previously and originated within an acceptably recent timeframe.
  • Liveness: assurance that message sent by a principal within an acceptably recent timeframe.
  • Three main methods for providing freshness:

–Nonce (Number used ONCE).

–Sequence numbers

–Time-stamps (clock-based or `logical’ time-stamps).

اسلاید 8 :

Standard bilateral Authentication

  • Alice and Bob share (strong) key k
  • Simple challenge-response type protocol: (Na,Nb - nonces)

اسلاید 9 :

Attack on Simple Protocol

  • “Oracle Attack”

اسلاید 10 :

Protocol Fix?

  • Modified challenge-response type protocol:
در متن اصلی پاورپوینت به هم ریختگی وجود ندارد. برای مطالعه بیشتر پاورپوینت آن را خریداری کنید