CS 736 Reviews - Spring 2016

1. Summary
In this paper the authors provide an overview of protocols for decentralized authentication in networks using encryption techniques. The authors address the problem of enforcing secure communication over an insecure network, especially when the network is large without a system to provide centralized authentication information. This paper describes concise step-by-step description of how to properly implement authentication in three useful scenarios, using both tradition symmetric/shared key cryptography and the public-key cryptography techniques.

2.Confusion
* Many have pointed that it is vulnerable to man-in-the-middle attack. I would be interested to learn more about it.
* There was no prototype done. How scalable is the implementation of the protocol? How well were these protocols received?

1. Summary
The authors have approached the idea of secure communication over a connected network with the decentralized authentication, keeping in mind there is no single authority in a distributed system. Conventional and public key encryption key mechanisms have been used to achieve the goals of secure data transfer between two machines.
Authentication server is used to provide various network addresses associated with a SimpleName, that could be the address of that principal's mail system buffer. Authenticated 2-way, one-way and signed communication protocols have been taken up with the two ways of authentication. The basic idea is to develop a holistic solution with minimum assumption of network-wide services.

2. Question
What are the various subtle errors that can lead to security vulnerability? Is it the coding ones - for instance buffer overflow or are there others as well.
On another note, what if these networks are communicating over wireless networks, we still don't have any mechanisms to prevent DDOS attacks that can lead to draining of batteries in portable devices with limited power storage.

Summary
This paper presents protocols to mutually authenticate the identity of the communicating parties in a decentralized setting where the communication network is unsecure and intruder can snoop, record, replay or alter messages. These protocols rely on one or more trusted well known authentication servers. The paper describes how to achieve authentication in such an environment using public key and private key algorithms for interactive communication between two parties, one-way communication and digital signatures.

Confusion
1. There is a footnote on how to prevent cryptanalytic attacks. I didn’t understand it.
2. Why is the message between authentication servers (1.11) sent in plain text?
3. What is seriation?

Summary:
This paper discusses the use of encryption for providing secure authentication in large networks. It presents a set of protocols that help provide encrypted authenticated communication over insecure networks. Mentions about a sequence of steps and message exchanges to apply symmetric-key and public-key cryptography to establish authenticated communcation between machines on a network in 3 useful forms: online/interactive sessions, one-way sessions (such as email), and off-line digital signatures for non-repudation.

Confusion:
The goals of preventing traffic analysis , withholding matching clear text and cipher text from eavesdropper and ensuring instantaneous detection of tampering, could you discuss these while explaining security protocols ?

1. Summary
This paper describes protocols that use central servers and encryption to provide authentication between computers in a network.

Confusion
Could you make clear (what we are supposed to understand of) the actual technical details? Could you talk about how encryption actually provides authentication (i.e., how encryption actually communicates "This person actually sent this exact message.")?

Summary:
This paper describes a decentralized approach of using encryption for authentication in large networks. The authors discuss about how authentication is done is done in interactive communication applications as well as one-way communication applications. They also give details regarding how digital signatures can be used to provide integrity. The authors give high-level details about how symmetric as well as asymmetric algorithms can be used to achieve the desired goals (with details of preventing replay attacks).

Confusion:
I did not quite understand how one can prevent replay attacks when private-public keys are used.

1. Summary
The paper presents the use of encryption to achieve authentic communication by verifying the identity of communicating principals. This needs to be done in a distributed setting in a large network of computers. The authors have presented protocols to handle authentic interactive two-way communication, one-way communication and signed communication using both conventional and public-key encryption algorithms.

2. Confusion
Why is public key system preferred for signed communication? How are the protocols verified to not contain subtle errors? How much of an overhead does establishment of authentic communication take?

Summary:
The authors describes various protocols for decentralized authentication (>1 authentication servers) in various cases in a large scale network such as interactive communication, one-way communication, two-way communication and digital signatures using conventional and public key algorithms and how these protocols help protect users from impersonating attacks. Additionally, the paper briefly explains the conventional and public key algorithms using 2 nodes and also describes the implementation of the authentication servers.

Confusion:
In public key algorithms, how is the AS’s public key sent securely. Since most of the requests to the Authentication Server do not require too much CPU, can’t a single AS with a backup node (just in case of failure as in GFS) handle very large networks?

Summary
This paper presents protocols for decentralized authentication within large networks, which can function efficiently without relying on a single network clock or a single network name management authority. Motivated by the need for a functionally integrated solution that works similarly for both conventional and public-key encryption algorithms, these protocols are designed to address three typical scenarios of encrypted communication- authenticated interactive communication, authenticated one-way communication and signed communication.

Confusion
Given that vulnerabilities can still be found even in a protocol like Needham-Schroeder 17 years after its widespread adoption, how does one evaluate and argue for correctness of one protocol over the other for secure encrypted network communication?

Summary
The authors discuss the use of encryption to achieve authenticated communication in computer networks. Secure communication in case of online communication (interactive protocols), offline communication (proving identity to receiving party) and signed communication (author and content provable to third parties) are discussed. The author achieves these through the use of authentication server, end-to-end encryption, nonces and timestamps, tickets and certificates and a characteristic cryptographic hash function.

Confusion
How are replay attacks handled?
Seriation.

1. Summary
The paper uses existing symmetric and asymmetric encryption techniques to develop protocols for various communication scenarios. Unsecure interconnected networks are the most common means of communication however they suffer from various challenges such as snooping, replaying of messages, man in the middle attacks etc. Having a single trusted certificate authority is not a scalable solution in this scenario. The authors design protocols keeping all the above restrictions in mind for interactive, one way or signed communication. They do so assuming multiple certificate authorities and try to reduce the dependence on these authorities whenever possible by caching the required data on the principles.
2. Confusion
I am not sure about how the servers and principles do not need to maintain transaction state between messages especially when these messages may contain nonce identities?

Summary

Objective :
Decentralized protocols for authentication over networks, with minimum assumption of network-wide services.

Functions :
Authenticated 2-way communication.
Authenticated one-way communication.
Signed communication – origin and integrity authenticated to a 3rd party.

Encryption Algorithms :
Conventional – Shared secret Key .
Public Key cryptography – Shared public, secret private key.

Protocols for each of the three functions are laid out, with discussions on utilization of both families of encryption algorithms. The authors also briefly discuss naming and authentication. While the protocols lay down the framework for the specified problem, some parts require more elaboration of details to make a complete solution.

Confusion
1. What kinds of information can lead to vulnerabilities?
2. Related note, what kinds of attacks are possible / done ?

1. Summary
The authors have come up with designs which showcase how to build protocols such as one-way communication, mail and digital communication using the public-key cryptosystems. They also describe how this is similar to the existing conventional technique - since the number of protocol messages are comparable (if cached). However, there was no evaluation presented which could establish the credibility and merely remains as a proof of concept.

2. Confusion
I don’t have a background about the cryptographic systems in general and hence it is difficult to understand what were subtleties and challenges in those times.
Last line of section 6 mentions that “Only at step (1.11) does anything special have to be done to ensure lack of connection state”. I would like to discuss it in detail.

Summary
The paper presents secured protocols that can be used in networks with decentralized authentication aiming for attaining three security objectives- namely allowing authenticated interactive communication, authenticated one-way communication (eg: e-mail) and digital signatures which can be verified by a third party to prevent non - repudiation. The paper was one of the forerunners in its field and initiated the design of cryptographic protocol. Both symmetric(conventional) and asymmetric(public-key ) cryptographic solutions are discussed in the paper along with countermeasures against attacks like replay attacks(via time stamps), man in the middle attack and the concept of a trusted third party (authentication server) based key distribution.
Confusion
What is the need for secure operations if the authentication server stores the private keys directly?

1. ​Summary​
This paper discusses the use of existing encryption techniques for authentication in a large network of computers and the challenges associated with it. The two types of encryption discussed in the paper are the conventional encryption algorithm and the public key encryption algorithm. The paper talks about protocols to establish secure communication between two parties, means to provide one way communication and methods to provide evidence to a third party that a particular communication is exactly as received from the sender.
5. ​Questions​
1) In one way communication with public key, why does A have to encrypt the header with PKB while sending it to B
2) What constitutes an insecure system? If a third party knows that A and B are communicating with each other considered insecure even though it cannot determine the information being communicated? Could we discuss different variations of an insecure system and any subtle cases that may arise?
3) In a communication system with caching, why is there a need for double handshake between A and B, why cant the previous method (1.4 and 1.5 in the paper) work directly?

Summary
The paper presents a series of protocols that use encryption to achieve authenticated two-way communication, one-way communication and signed communications over a large network. Conventional and public-key encryption algorithms are used as the basis for protocols. The protocols mentioned just expose the authentication issues and aren't full-proof solutions to network security.

Confusion
The paper starts by saying that they target decentralized authorization but subtly keeps oscillating in the use of master server and caches. Are caches really used predominantly for decentralized authorization ? If yes, then how safe is it ?

Summary
This paper develops protocols for authentication and secure communication in a decentralized environment. An authentication server(s) acts as a trusted database for secret keys of clients. Protocols using both symmetric and asymmetric encryption are presented for setting up two-way secure communication, authenticating messages and guaranteeing integrity of messages (signatures). The protocols provide safety from intrusive attacks like replaying of past protocol messages and snooping of communication in a man in the middle style.

Confusion
What is seriation?
Is this the first paper to talk about key-exchange protocols and digital signatures?

1.Summary:
This paper is about the design of decentralized secure protocols for communication between parties through authentication servers, authenticated one-way communication for mail systems and communication using digital signatures using conventional and public key encryption algorithms. The authors elaborate the steps involved in both the algorithms for each of the protocol and compare their efficiency.

2.Confusion:
1) Handling of replay attacks.
2) Nonce identifier in public key algorithm for one-way communication.

Summary
The paper explains authentication protocols which were designed on the basis of conventional and public-key encryption algorithms. These protocols were intended to be used for establishing secure, authenticated communication on an untrusted computer network and handled scenarios involving two-way interactive communication, one way communication (as found in mail system) and signed communication (by use of digital signatures). The protocol designs rely on the presence of one / multiple authentication servers to facilitate client name lookup and authentication in the network. They also use caching of frequently used protocol-related state to reduce the cost for establishing secure communication.

Questions / confusion
1. What does the paper mean by decentralized authentication, when the protocol design assumes the presence of authentication servers as a key component? Is 'decentralized' simply referring to the presence of multiple authentication servers in the network?

2. The paper mentions that the proposed protocols do not have mechanisms for preventing traffic analysis and eavesdropping of matching cleartext - ciphertext pairs, and ensuring instantanous detection of tampering. How have these problems been addressed in current day authentication protocols?

1. Summary
This paper presents protocol for decentralized authentication in an attempt to expose its issues that can be used in networks between principals involving interactive communication, one-way communication and signed communication verified by third party without any network-wide security guarantees. Authors base protocols on both public key and conventional algorithms with aim to analogously utilize optimization tips of both techniques like timestamps, caching, maintaining integrity and security.
2. Confusion
How would principal generate unique nonce identifier each time? Would it be sensible to allow AS maintain this so that it could be reuse across different parties? How does the recipient principal distinguish when sender is communicating via conventional or public key means?

Security
Summary
This paper discusses the methods to have a secured communication between any two entities in a large-scale open(=insecure) network. The goals are to achieve privacy, integrity and authenticity through protocols of symmetric, asymmetric, and digital signatures in the presence of an attacker who can disguise, or alter and replay messages. Key exchange is done through trusted decentralized authentication servers. Major design objective was it should be computationally hard to find the key, even when this key is the only secret in the entire communication system.
Confusion
How is replay attack prevented by just having the identifier in case of the public key encryption? What is the exact packet formation they use in public key encryption scheme?

1. Summary
In this paper, the authors present protocols for decentralized authentication in large networks of computers, based on conventional encryption algorithms as well public-key encryption. The authors have discussed various aspects of authentication - protocols for establishing interactive connections, authentication servers, one-way communication and digital signatures. The main idea is to highlight the challenges in implementing authentication in such large networks.
2. Confusions
Can you explain what behaviours are considered to be okay and not okay. For example, is it okay for an intruder to know the identity of the principal to which a specific principal is talking to?
What exactly is “seriation” and why is it important?
While using conventional encryption in interactive connection establishment (initiated by A towards B), why does caching at A require a 2-way handshake?
In one-way communication using public-key encryption, why is header from A->B encrypted using PKB?

A network with large number of computers may not a central machine or system that contains authoritative descriptions. This paper proposes protocols for decentralized authentication for two-way communication, one-way communication and digital signatures using conventional and public-key encryption.

COnfusion:
what is the process of seriation?
How do you evaluate if a system is secure?

Summary:
In networks without a central authority, it can be difficult to perform basic security functions such as authentication, key distribution, and secure communication. In this paper, the authors propose several protocols for decentralized authentication with a variety of different criteria: one- and two-way communication, multiple authentication servers, and digital signatures. Implementation methods with both conventional and public-key algorithms are discussed for each requirement.

Confusion:
What specific role does caching play? What can be cached, and how to verify that the cache has not been corrupted?
The paper is focused on "decentralized" authentication, but there is a heavy emphasis on authentication servers to act as middlemen between two clients. Is this really decentralized? What happens if the servers are corrupted/attacked/crashed?

Summary
This paper discusses several protocols to achieve authentication in interactive communication, one-way communication and signature verification using both conventional and public-key encryption algorithms.

Confusion
When multiple authentication servers are involved, how do they verify the identity of each other? If a master server is used, is this still considered “decentralized”?

Summary
The paper presents authentication protocol in networks which are very large and there no central system for authorization. They explain the implementation of Authentication servers , one -way communication , and signed communication using both public key encryption algorithms and conventional encryption algorithms and also provide details of how an intruder can be avoided to modify the communications.
Confusion:
Can you please explain how is the validity of authentication server checked. How can an intruder be avoided to pretend as authentication server.
How is it in conventional algorithms the secret key of A,B is known to AS.

1. Summary
The paper describes simple protocols which achieve authentication using any one of symmetric or public-key cryptographic techniques. These protocols are designed to not overly rely on network-wide services and can work equally well with stateful and connectionless network protocols.

2. Confusion
- I was wondering what steps need to be taken in the protocols mentioned in the paper if we need to make sure that an even an all powerful third-party (like the government) cannot snoop the communication between A and B if the communicating parties don't want the third party to know the contents of their communication.
- The authors talk about "seriation" a couple of times, I did not quite understand the term.

Summary
This main focus of this paper is explaining how decentralized authentication can be done in a large-scale network. They talk about how authentication is done in interactive applications (with caching reducing message overhead), one-way communication applications like emails and how signatures are used to provide integrity, authenticity and accountability (with both being under same and different ASes). They provide examples for all these protocols for both conventional symmetric key and asymmetric (public-key) algorithms with the main focus being on how these protocols work and also how it protects the system from replay, masquerading attacks etc.

Confusion
I did not understand how replay attacks are avoided in public-key algorithm for interactive connections? They claim that there is scope for using combination of both forms of encryption (hybrid approach). What kind of systems/applications today use this hybrid approach?

Summary
This main focus of this paper is explaining how decentralized authentication can be done in a large-scale network. They talk about how authentication is done in interactive applications (with caching reducing message overhead), one-way communication applications like emails and how signatures are used to provide integrity, authenticity and accountability (with both being under same and different ASes). They provide examples for all these protocols for both conventional symmetric key and asymmetric (public-key) algorithms with the main focus being on how these protocols work and also how it protects the system from replay, masquerading attacks etc.

Confusion
I did not understand how replay attacks are avoided in public-key algorithm for interactive connections? They claim that there is scope for using combination of both forms of encryption (hybrid approach). What kind of systems/applications today use this hybrid approach?

Summary
This main focus of this paper is explaining how decentralized authentication can be done in a large-scale network. They talk about how authentication is done in interactive applications (with caching reducing message overhead), one-way communication applications like emails and how signatures are used to provide integrity, authenticity and accountability (with both being under same and different ASes). They provide examples for all these protocols for both conventional symmetric key and asymmetric (public-key) algorithms with the main focus being on how these protocols work and also how it protects the system from replay, masquerading attacks etc.

Confusion
I did not understand how replay attacks are avoided in public-key algorithm for interactive connections? They claim that there is scope for using combination of both forms of encryption (hybrid approach). What kind of systems/applications today use this hybrid approach?

Summary
This main focus of this paper is explaining how decentralized authentication can be done in a large-scale network. They talk about how authentication is done in interactive applications (with caching reducing message overhead), one-way communication applications like emails and how signatures are used to provide integrity, authenticity and accountability (with both being under same and different ASes). They provide examples for all these protocols for both conventional symmetric key and asymmetric (public-key) algorithms with the main focus being on how these protocols work and also how it protects the system from replay, masquerading attacks etc.

Confusion
I did not understand how replay attacks are avoided in public-key algorithm for interactive connections? They claim that there is scope for using combination of both forms of encryption (hybrid approach). What kind of systems/applications today use this hybrid approach?

Summary:
The paper describes two classes of encryption algorithms, namely the conventional encryption algorithm where the same key is used for encryption and decryption, and public key cryptography, in large networks of computers. The algorithms are compared in terms of number of messages needed to setup initial contact and subsequent messaging in the context of interactive messaging, mail communication networks and digitally signed networks.

Confusion:
The recent encrpytion feature added to Whatsapp uses the Perfect Forward Secrecy technique, which from the first glance seems similar to the conventional algortihm that the paper talks about. How is this technique able to scale to millions of users, with a separate key used for every message?
https://www.quora.com/How-secure-is-WhatsApps-new-end-to-end-encryption

1. Summary
The paper argues that the protocols of public key encryption and conventional algorithm( symmetric key encryption) are strikingly similar and support functionalities like interactive , one-way (eg. mail exchange) and signed communications. Caching improves performance in both the cases and both the protocols supports multiple authentication servers for large networks. The paper concludes by saying that the selection of a particular cryptographic technique should be based on requirements of the system being designed and not based on protocol design.

2. Confusions
How does a node get authentication server’s public key securely?
If the protocols are nearly same, why is public key encryption considered slower than symmetric key encryption? ( In cases where public key encryption is used for key exchange and the communication happens on symmetric key encryption)

1. Summary
In the paper the authors propose two protocols for secure message communications with decentralized authentication. The two protocols support conventional data encryption and public-key encryption, respectively. An intruder is assumed to be able to interpose all communication paths, thus can manipulate messages or emit false material. Therefore the protocols have to be able to not only encrypt data for privacy, but also verify the validity of the message and the identity of the sender for integrity. The basis of such protocols relies on each client computer belonging to an authentication server which knows the client’s key or public key, and that the servers have set up a secure communication channel. The resulting protocols show similar overhead in establishing communication.
5. Confusion
Comparing to the decentralized authentication model, how the authentication scheme would be different if all authentications (or message passing?) are done on a single server?

Summary:/b> The authors present protocols to provide secure communication in an insecure network, which is so large that a central authentication server can’t be used. The semantics of the protocols didn’t differ much with the means of encryption (conventional/public-key), perhaps, a cause for the large scale adoption of these protocols. They discuss implementing authentication servers, one-way communication and digital signatures using their protocols.
Confusion: How do you evaluate how secure a protocol is? Even if a single attack has been shown, the protocol is basically redundant! They talk of personal computers as secure environments. But once a PC is connected to a network, its environment is not isolated. How do you safeguard this secure environment from the network, assuming no adversaries within the system?

Summary : Secure communication in an environment of multiple computers, emphasizes minimal reliance on network-wide services and the need to decentralize authentication to eliminate the bottleneck inherent in having a single central machine for authentication. Risks inherent in such scenarios include an intruder attack which can alter/copy parts of the message, replay the message or create a false message. The authors in this paper motivated by the above problem statement put forth protocols for decentralized authentication comprising of authenticated establishments for interactive communication between two principals, management of authenticated one-way communication services(for example mail server), digital signature to verify authenticity of sender and guarantee of integrity of documents. They build these protocols by considering conventional and public-key encryption algorithms as basis and outline the successive cryptographic transactions in each case.

Confusion :
1. In section 4 - Protocol 2(Public Key) it is unclear as to how Double Encryption addresses the risk of public keys not being secret.
2. In section 7 - I did not understand how in the case of Conventional algorithm - secret key, CK implicitly provides information regarding connection between header and message whereas in the case of Public-Key - how does nonce identifier I, provide this explicitly?
3. How does the signature protocol gain advantage in case of conventional algorithm over public-key algorithms that is stated at the end of section 8

Summary
This paper highlights protocols for decentralized authentication in a network with minimal reliance on a network wide service or a centralized authoritative machine.Protocols for authenticated interactive communication , authenticated one way communication and signed communication or digital signatures are provided.For each of the above, protocols using conventional algorithms as well as public-key algorithms are provided as well as insight into how common attacks like replay, snooping or eavesdropping may be handled.

Confusion
How is replay attack prevented in establishing interactive connections for public key algorithms?I understand how it works with conventional algorithms.
Why is double encryption used during the ensuing communication in the above case?
What does seriation of encryption blocks mean?

summary
In the large system environment, there are more than couples of authentication servers which has a roll to provide authentications for secure communication. For this environment, each servers needs to contact other servers to get information of a client which tries to communicate with in another authentication server. In order to support communication held on different servers and environments, time-stamps given by senders not central clock and digital signatures are proposed for establishment of secure communication.

Confusion
How does A or B know the AS’s public key in public key algorithm? Is it possible for the intruder know the AS’s public key? If not, how to prevent the intruder from getting the AS’s public key?
What is the relationship between PKA and SKA?
In the case of digital signatures, who provides the KA and KB, or the SKA(PKA), SKB(PKB)?

Summary
This paper reinforces the importance of encryption to achieve de-centralized authenticated communication in computer networks. The authors present protocols to achieve authenticated interactive communication, one-way communication and signed communication using both conventional and asymmetric encryption schemes. They also describe how their protocols detect and tackle eavesdropping, replay-attacks, tampering, etc... while maximizing network efficiency and ensuring privacy alongside efficiency.

Confusion
What is the difference between a connection and a session ??
How do current systems defend themselves against DoS/DDoS ??
How is seriation ensured in these protocols ??
It would be really interesting to learn more about how communicating principals handle a malicious authentication server ??

Summary

This paper proposes protocols for decentralized authentication for two-way communication, one-way communication and digital signatures using conventional and public-key encryption. Irrespective of the encryption algorithms used, the protocols are strikingly similar.

Confusion

1. Is caching part of the secure environment? If its not, how can one ensure that cache is not being breached upon by an intruder?
2. Is Nonce used only once in the context of the communication between A and B or its for the entire network? Who ensures that Nonce is never repeated?

1. Summary
In this paper, the authors provide protocols for authentication and integrity when communicating through an unsecure network. Using both symmetric and asymmetric encryption, any two clients can communicate securely after going through a key exchange protocol. In addition, the authors propose a protocol to send digital signatures to prove one’s identity. Furthermore, the authors provide a protocol that does not need the receiver to be online at the time of send.
5. Confusion
What exactly is the process of seriation of encryption blocks?

Summary In networked communications, distributing keys for secure communication, as well as validating the identity of all principles involved in a communication is challenging, as communications may be snooped, captured, and replayed by third parties. Moreover, a central certification and distribution authority for identities and keys is clearly infeasible in internetworked systems, due to the volume of requests. The authors present protocols which allow for the establishment of one-way and two-way communication between principles in a system with multiple name authorities, as well as a protocol for signing communications; each of these protocols is presented in a version compatible with symmetric-key cryptography, as well as a public-key version.

ConfusionThey authors hand-wave past the notion of hierarchically arranged name authorities. I'm curious what possibilities exist for handling malicious name authorities, particularly ones who act subtly (i.e. silently facilitating bulk data collection for later use).