engg meterial

1. Authentication and Authorization
• Authentication is the process of verifying a
principal’s identity (but how to define
“identity”?)
– Who the person is
– Or, what the person is
• Authorization is the process of determining
whether a principal can perform certain actions
– What the person can do
– Typically based on authentication result
1

2. Authentication in Cyber Space
• Authentication based on what you know.
– If you know a secret, then you are linked to an
“identity”
– The secret needs to be associated with the
identity beforehand (authentication state)
• Authentication protocol is the process of
proving that one knows the secret, a.k.a
“credential.”
2

3. Simple Password Authentication
User Name,
Password
/etc/shadow
Authentication state
3

4. Password Verification
Hash
Function
User-entered
Password
Password hash
stored on file
e.g. /etc/shadow
H1
H1==H2?
H2
OK
FAIL
Y
N
4

5. Hash function and salt
• A “salt” is used to increase the input space of a
hash function
– Even though a cryptographic function H is hard to
invert, if the number of possible inputs to H is small, a
brute-force search can easily find the pre-image from
a given hash
– If we append the input string with a salt and apply H
on the whole string, then the number of possible
inputs to the hash function is increased S fold where
S is the number of all possible salts.
– For password hash, the salt is used to mitigate
dictionary attack
5

6. What is a dictionary attack?
• Pre-compute the hash of commonly used
passwords
• Looking up a password from the hash
takes only constant time if the password
falls into the dictionary
6

7. Password verification with salt
Hash
Function
Password
Salt, Hash on file
e.g. /etc/shadow
H1==H2?
H2
OK
FAIL
Y
N
S
7
(S, H1)

8. Challenge-Response Protocol
• Objective: Bob (prover) convinces Alice (verifier)
that he knows the secret, while not leaking the
secret to anyone (including Alice)
• Threat model: insecure communication channel
– Cryptographic primitives unbreakable
– Attacker can do anything else:
• Intercept messages
• Replace messages
• Inject messages
• Re-order messages
• Encrypt/decrypt a message if he knows the keys
8

9. Challenge-Response Protocol
• General process
– Verifier picks a challenge message and send it to prover.
– Prover produces a response using the secret and sends
the response back to the verifier
– Verifier checks whether the response is valid
• Requirements
– Protect Verifier: if Bob does not know the secret, the
protocol shall fail
– Protect Prover: the secret shall not be revealed in the
process, not even to the verifier (computationally infeasible
to infer)
9

10. Using MAC in authentication
protocol
Alice Bob
Mallory
Secret K
Secret K
m, MAC(m,K)
m
10

11. Authentication based on
symmetric encryption
Alice Bob
Mallory
Secret key K
Secret key K
11

12. Authentication based on
symmetric encryption
Alice Bob
Mallory
Secret key K
Secret key K
12
m
{m}K

13. Two-party authentication protocol
based on public-key crypto
Alice Bob
Mallory
Bob’s private
key SK
Bob’s public
key PK
…
…
13

14. SSH public key-based
authentication
Secure channel
{m}Kpub
H(m)
H is a cryptographic
hash function
~/.ssh/id_dsa
Private key Kpriv
(Passphrase-protected)
Client
(Bob)
~/.ssh/.authorized_keys
Public key Kpub
Server
(Alice)
14

15. SSH Public Key-based
Authentication
• What is a secure channel?
– Messages sent are encrypted by a shared secret key
– Messages are authenticated using MAC
– The SSH public key-based authentication is used by the
server to authenticate the user at the other end of the
secure channel
– SSH also supports other kinds of authentication, such as
password authentication, which needs a secure channel.
• This challenge-response protocol is better than
asking the client to sign a challenge message
– Server gains zero knowledge
– The hash function is to protect the private key from a
chosen-ciphertext attack
15

16. SSH Agent
• The private key must be protected by a
passphrase.
– The passphrase is used to generate a key to
encrypt the private key stored in the file
system.
• An SSH agent can load the private key
into memory and perform the challenge-
response protocol on behalf of the user.
16

17. Using SSH Agent
Server
(Alice)
SSH
Client
SSH
Agent
~/.ssh/id_dsa
Client
(Bob)
SSH
Server
~/.ssh/authorized_keys
challenge c
response r
c r
17

18. Using SSH Agent
• SSH agent stores private keys in memory and performs
crypto calculation
– User only needs to enter passphrase when the agent retrieves
the private key
• Communication between SSH client and agent mediated
through file-system protection
– An SSH client can only connect to an agent started by the same
user, except for user root, who can connect to any user’s agent
• Advantage: user does not need to type in passphrase to
decrypt the private key every time he wants to log in.
18

19. Agent Forwarding
SSH
Client
SSH
Agent
~/.ssh/id_dsa
SSH
Server
r
c
c r
SSH
Client
c
r
r
c
19
Server
(Alice)
Client
(Bob)

20. Agent Forwarding
• Alice can contact the SSH agent on Bob through
the SSH channel if Bob allows his agent
connection to be forwarded to Alice
– SSH client on Alice becomes “man in the middle”
– Useful when the user on Bob wants to login to other
machines from Alice
– root user can always connect to forwarded agents
– Bob’s private key never leaves his machine; when
Bob tears down the connection with Alice, root on
Alice will no longer be able to impersonate Bob
20

21. Exercise after class
• Set up public key-based authentication
using SSH agent for logging into
departmental Linux machines (e.g.,
grad.csee.usf.edu).
– Generate your public/private key pair
– Upload your public key to the server
– Figure out how to use SSH agent
– Find a clever way to start/connect to your
SSH agent
21