advanced software engineering (cse870) instructor: dr. b...
TRANSCRIPT
AuthenticationAdvanced Software Engineering (CSE870)
Instructor: Dr. B. ChengContact info: chengb at cse dot msu dot edu
Eduardo DiazDan Fiedler
Andres Ramirez
Road Map
?Introduction to Authentication?Needham-Schroeder, Otway-Rees, Kerberos
?Commonalities?Additional Requirements?Class Diagrams?State Diagrams?Conclusions
Authentication
?Meet:?Alice (Staff)
?Bob (MISys)
Authentication
?Purpose?Key exchange.?Allow Alice to secretly communicate with Bob using a shared
cryptographic key.
?Methods?Private keys, shared keys, public keys…
?Potential Problems?Trustworthy??Safe handling of private keys?
Needham-Schroeder
1. Alice Cathy: {Alice || Bob || rand1}2. Cathy Alice: {Alice || Bob || rand1}Ksess
|| {Alice || Ksess}kbob}kalice
3. Alice Bob: {Alice || ksess}kbob
4. Bob Alice: {rand2}ksess
5. Alice Bob: {rand2 - 1}ksess
Needham Schroeder
?Motive??Prevent replay attacks?A valid data transmission is retransmitted
maliciously.
?Nonces?Randomly generated numbers to identify
exchanges.?Key idea: Cathy is trusted by Alice and
Bob.
Otway-Rees
1. Alice Bob: num || Alice || Bob || { rand1 || num || Alice|| Bob}kalice
2. Bob Cathy: num || Alice || Bob ||{rand1 || num || Alice || Bob}kalice || {rand2 || num || Alice || Bob}kbob
3. Cathy Bob: num || {rand1 || ksess}kalice || {rand2 || ksess}kbob
4. Bob Alice: num || {rand1 || ksess}kalice
Otway-Rees
?Motivation?Needham-Schroeder assumes all cryptographic
keys are secure… in practice generated pseudorandomly… but it can be predicted.
?Num?Verify that num agrees through the exchanges.
?Key Idea?Cathy is again the trustworthy element.
Kerberos
1. Alice Cerberus: Alice || Barnum2. Cerberus Alice: {kalice,barnum}kalice || Talice,barnum
3. Alice Barnum: Guttenberg || Aalice,barnum ||Talice,barnum
4. Barnum Alice: Alice || {kalice,guttenberg}kalicebarnum
|| Talice,guttenberg
5. Alice Guttenberg: Aalice,guttenberg ||Talice,guttenberg
6. Guttenberg Alice: {t+1}kalice,guttenberg
Kerberos
?What is T??Talice,barnum = Barnum || {Alice || Alice Address ||
valid time || kalice,barnum}kbarnum
?What is A??{Alice || generation time || kt}kalice,barnum?Kt… not used.
Kerberos
?Motivation?Separate authentication of the user to ticket granting
server and resource being requested.
?2 Servers?Authenticate first?Obtain ticket second
?Key Idea:?Time windows?Separation of trusted parties
Commonalities
?Message Passing?Authentication Requests?Encryption / Decryption?Key Passing?… other than that, not much!?Each protocol has slight variants.
Additional Requirements
?Same as other groups plus:?Incorporate 2 design patterns?1 must be a security design pattern?Strategy Design Pattern (encryption algorithms)?Single Access Point (entry and logging)
?Instantiate the framework at MISys?At the whitebox level
Whitebox Class Diagram
N.S. Class Diagram
O.R. Class Diagram
Kerberos Class Diagram
Whitebox Class Diagram-MISys
State Diagrams, NS
State Diagrams, N.S.
State Diagram, O.R.
State Diagram, O.R.
State Diagram, Kerberos
Graybox Class Diagram
BlackBox Class Diagram
Conclusions
?Questions?