复旦大学：《信息安全》教学课件_10 Authentication Kerberos

Information Security 10 Authentication Basic protocol constructions Kerberos Chapterl4 and supplements 復大软件学院 LiT

LiJT 1 Information Security 10 Authentication – Basic protocol constructions – Kerberos Chapter14 and supplements

内容间的联系 安全理论 密码学 基本理论成熟 应用相当广泛 访问控制、认证、 PK、数字证书等 什么是 信息安全? 讨论、总结、清晰 代码安全 网络安全 復大软件学院 LiT

LiJT 2 内容间的联系 密码学 基本理论-成熟 安全理论 应用相当广泛 访问控制、认证、 PKI、数字证书等 什么是 信息安全? 讨论、总结、清晰 代码安全 网络安全

Review:安全层次 应用安全 系统安全 网络安全 安全协议 安全的密码算法 3 復大软件学院 LiT

LiJT 3 Review: 安全层次 安全的密码算法 安全协议 网络安全 系统安全 应用安全

Outline of talk · Definitions Passwords Unix Passwords One time passwords Challenge-response techniques Basic protocol constructions Also one-time Authentication Involving TTP Needham-Schroeder Kerberos 復大软件学院 LiT

LiJT 4 Outline of Talk • Definitions • Passwords – Unix Passwords – One time passwords • Challenge-response techniques – Basic protocol constructions – Also “one-time” • Authentication Involving TTP – Needham-Schroeder – Kerberos

Definitions Authentication a claimant tries to show a verifier that the claimant is as declared Identification Entity Authentication 復大软件学院 LiT

LiJT 5 Definitions Authentication: • A claimant tries to show a verifier that the claimant is as declared – Identification –Entity Authentication

Basis of uthentication Something known-passwords PINS, keys ■■ Something possessed-cards handhelds Something inherent-biometrics 6 復大软件学院 LiT

LiJT 6 Basis of Authentication • Something known - passwords, PINs, keys… • Something possessed - cards, handhelds… • Something inherent - biometrics

Definitions Claimant (A): The party that claims a certain identity [and provides evidence of possessing the identity e.g. through possessing a specific secret Verifier(B): The party that verifies the identity of the claimant(accepts or rejects e.g. through verifying the possession of the secret by claimant 復大软件学院 LiT

LiJT 7 Definitions • Claimant (A): The party that claims a certain identity [and provides evidence of possessing the identity] – e.g. through possessing a specific secret • Verifier (B): The party that verifies the identity of the claimant (accepts or rejects) – e.g. through verifying the possession of the secret by claimant

Definitions 单向 Unilatera| authentication 双向 Mutua| authentication 8 復大软件学院 LiT

LiJT 8 Definitions • 单向 Unilateral authentication • 双向 Mutual authentication

Definitions Data-Origin authentication message authentication Data Integrity Entity Authentication 復大软件学院 LiT

LiJT 9 Definitions • Data-Origin Authentication – message authentication • Data Integrity • Entity Authentication

Definitions Data-Origin authentication Data Integrity Early textbooks, viewed these two notions with no essential difference However, two very different notions Auth necessarily involves communications involves identifying the source of a message the most significantly, freshness of a message liveness of the message source message is fresh or not should be determined by apps 復大软件学院 LiT

LiJT 10 Definitions • Data-Origin Authentication • Data Integrity – Early textbooks, viewed these two notions with no essential difference – However, two very different notions • Auth. necessarily involves communications • involves identifying the source of a message • the most significantly, freshness of a message; liveness of the message source. – message is fresh or not should be determined by apps