Secure password-based cipher suite for TLS: The importance of end-to-end security - PowerPoint PPT Presentation

About This Presentation
Title:

Secure password-based cipher suite for TLS: The importance of end-to-end security

Description:

Secure password-based cipher suite for TLS: The importance of end-to ... MACk(...) Message Authentication Code on ... with key k. Hi. Pseudo-randon functions ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 9
Provided by: template1
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Secure password-based cipher suite for TLS: The importance of end-to-end security


1
Secure password-based cipher suite for TLSThe
importance of end-to-end security
  • Marie L.S. Dumont
  • CS 265

2
Why integration of DH-EKE in TLS?
  • Case Study Web Banking
  • Authentication, Confidentiality and Integrity
  • Sending passwords on one-way authenticated SSL
    Channels
  • Heavy burden on the user
  • SSL with Client Certification
  • Requires proper protection of clients keys
  • SSL Channels with DH-EKE passwords
  • Resistant to (offline) dictionary attack
  • Eliminates the requirement of a PKI

3
Diffie-Hellman Encrypted Key Exchange (DH-EKE)
  • Client Server
  • (password pwd) (password pwd)
  • x ? Zp-1
  • Êpwd(hx)
  • y ? Zp-1, Kmstr ? (hx)y,
  • C1 ? domain(E) Êpwd(hy),
    EKmstr(C1)
  • Kmstr ? (hy)x,
  • C2 ? domain(E)
  • EKmstr (C1, C2)
  • verify response
  • EKmstr(C2)
  • verify response

4
Refined DH-EKE
  • Client Server
  • (password pwd) (password pwd)
  • x ? Zp-1
  • Kauth H1(pwd, IDC, IDS)
  • ÊKauth(hx)
  • y ? Zq,
  • Kauth H1(pwd, IDC, IDS)
  • Kmstr ? (hx)(y((p-1)/q))
    Kconf ? G1(Kmstr),
  • Ksess ? G2(Kmstr) 
  • gy, MACKconf(1, ÊKauth(hx), gy)
  • Kmstr ?(gy)(x (mod q))
  • Kconf ? G1(Kmstr),
  • Ksess ? G2(Kmstr)
  • abort if MAC not ok
  •   MACKconf(2, ÊKauth(hx), gy)
  • abort if MAC not OK

5
Overview of TLS
  • Client Server
  • ClientHello
  • ServerHello,
  • Certificate,
    ServerKeyExchange, CertificateRequest,

  • ServerHelloDone
  •  
  • Certificate, ClientKeyExchange,
    CertificateVerify,
  • ChangeCipherSpec,
  • Finished
  •  

  • ChangeCipherSpec

  • Finished
  •   
  • Application Data
  • ? ----------------------------------
    -----------------------------------------------?

6
Integration of DH-EKE in TLS
  • Client Server
  • (password pwd) (v gKvrfy, Kauth )
  • ClientHello
  •   choose y, yeR Zq
  •   ServerHello, ServerKeyExchange
    (gy, gy),

  • ServerHelloDone
  •   derive Kauth and Kvrfy from
  • pwd and choose , x eR Zp-1
  • ClientKeyExchange (ÊKauth(
    hx))
  •   calculate premaster
    secret pms
    H3((hx)(y(p-1/q)),vy)
  • ChangeCipherSpec,
  • Finished (MACG3(pms) (ÊKauth( hx),
    gy, ))
  •   calculate premaster secret
  • pms H3((gy)(x (mod q)), (gy)Kvrfy)
  • accept if Finished OK
  • ChangeCipherSpec,
  • Finished (MACG4(pms) (ÊKauth(hx),
    gy, ))
  •   accept if Finished OK

7
Notations
   
8
Conclusion
  • Password-based protocols
  • can be made secure
  • no (trusted) storage
  • minimal in Infrastructure requirements
  • Integration of DH-EKE in TLS
  • is as non-intrusive as possible
  • requires minimal number of flows
  • has competitive performance
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Secure password-based cipher suite for TLS: The importance of end-to-end security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!