CS138-lecture-20210511

Network security cont. #

RSA cont. #

image_2021-05-11-09-01-24 image_2021-05-11-09-02-54

Authentication #

image_2021-05-11-09-12-03 image_2021-05-11-09-13-24

ap = authentication protocol (fictional)

image_2021-05-11-09-13-41 image_2021-05-11-09-13-57 image_2021-05-11-09-14-40 image_2021-05-11-09-15-18 image_2021-05-11-09-16-13 image_2021-05-11-09-17-22 image_2021-05-11-09-17-49 image_2021-05-11-09-19-16 image_2021-05-11-09-20-41 image_2021-05-11-09-24-42

Challenge-response mechanism for authentication:

  1. Using symmetric shared key, Kab K_{ab}
    1. Alice sends the message to bob saying “I am alice”
    2. Bob generates a random one-time use nonce, and encrypts it with the shared key R=Kab(nonce) R = K_{ab}(\text{nonce})
    3. Alice decrypts R R based on the symmetric key Kab K_{ab} . Alice sends the result to Bob.
    4. Bob matches the response, if it matches then it authenticates Alice.

This still relies on the transfer of the symmetric key. Also, Bob can spoof himself as Alice, and vice versa.

image_2021-05-11-09-36-13

Here, anyone could create their own public/private key combination to respond to Bob.

image_2021-05-11-09-41-05 image_2021-05-11-09-43-32 image_2021-05-11-09-46-03 image_2021-05-11-09-46-50 image_2021-05-11-09-48-49 image_2021-05-11-09-51-14

Hashing m1 m_1 should not equal to the hash of m2 m_2 , however it is possible. Read more on MD5.

image_2021-05-11-09-55-10

So instead of Bob asking Alice for her public key, he should ask for her certificate.

image_2021-05-11-10-00-30

Securing e-mail #

image_2021-05-11-10-01-47 image_2021-05-11-10-04-10 image_2021-05-11-10-06-18 image_2021-05-11-10-07-52