Data Security Principles and Authentication Protocols
Learn about user authentication, mutual authentication, one-way authentication, and the importance of encryption in ensuring confidentiality and timeliness in secure communication. Explore symmetric encryption for remote user authentication and the role of Kerberos in facilitating secure network connections.
Uploaded on | 0 Views
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Mustansiriyah University Faculty of Engineering User Authentication Course name: Data Security Computer Engineering Dep. Lecturer: Fatimah Al-Ubaidy Class: Third Year Remote User Authentication Principles User Authentication is the basis for most types of access control and for user accountability. This process consists of two steps: 1- Identification step: Presenting an identifier to the security system 2- Verification step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier. The Mutual Authentication: An important application area is that of mutual authentication protocols. Such protocols enable communicating parties to satisfy themselves mutually about each other s identity and to exchange session keys. Central to the problem of authenticated key exchange are two issues: confidentiality and timeliness. To prevent masquerade and to prevent compromise of session keys, essential identification and session-key information must be communicated in encrypted form. The second issue, timeliness, is important because of the threat of message replays. Such replays, at worst, could allow an opponent to compromise a session key or successfully impersonate another party. One-Way Authentication One application for which encryption is growing in popularity is electronic mail (e-mail). The very nature of electronic mail, and its chief benefit, is that it is not necessary for the sender and receiver to be online at the same time. Instead, the e-mail message is forwarded to the receiver s electronic mailbox, where it is buffered until the receiver is available to read it. 1
Mustansiriyah University Faculty of Engineering User Authentication Course name: Data Security Computer Engineering Dep. Lecturer: Fatimah Al-Ubaidy Class: Third Year The envelope or header of the e-mail message must be in the clear, so that the message can be handled by the store-and-forward e-mail protocol, such as the Simple Mail Transfer Protocol (SMTP) or X.400. A second requirement is that of authentication. Typically, the recipient wants some assurance that the message is from the alleged sender. Remote User-Authetication using Symmetric Encryption: a. Mutual Authentication: A two-level hierarchy of symmetric encryption keys can be used to provide confidentiality for communication in a distributed environment. In general, this strategy involves the use of a trusted key distribution center (KDC). Each party in the network shares a secret key, known as a master key, with the KDC. The KDC is responsible for generating keys to be used for a short time over a connection between two parties, known as session keys, and for distributing those keys using the master keys to protect the distribution. b. One-Way Authentication: Using symmetric encryption, the decentralized key distribution scenario is impractical. This scheme requires the sender to issue a request to the intended recipient, await a response that includes a session key, and only then send the message. With some refinement, the KDC strategy can be used for encrypted electronic mail such that it avoid requiring that the recipient (B) be online at the same time as the sender (A). where N1 is a nonce. 2
Mustansiriyah University Faculty of Engineering User Authentication Course name: Data Security Computer Engineering Dep. Lecturer: Fatimah Al-Ubaidy Class: Third Year Kerberos: Kerberos is an authentication protocol which allows only legitimate users to access the intended services over the internet. The Kerberos provides a mechanism for mutual authentication between entities before a secure network connection is established. Kerberos uses symmetric key encryption and runs as a third-party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal. The KDC has three main components: 1- An authentication server (AS) that performs client authentication. If the client is authenticated successfully the AS issues a ticket called TGT (Ticket Granting Ticket). TGT proves to other servers that client has been authenticated . 2- A ticket granting server (TGS) that issues service tickets that are based on the initial ticket-granting tickets (TGTs). 3- A principals database (db) of secret keys for all the users and services that it maintains. 3
Mustansiriyah University Faculty of Engineering User Authentication Course name: Data Security Computer Engineering Dep. Lecturer: Fatimah Al-Ubaidy Class: Third Year Main entities in The Kerberos flow: Main entities involved in Kerberos flow: 1- Client: Initiates the communication for a service request. Acts on behalf of the user. 2- Server: The application server with the service the user wants to access. 3- Key Distribution Center (KDC) 4
