Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro To Secure Comm. Exercise 3. Problem The following scenario is suggested for establishing session keys  Alice and Bob share a secret (key phrase/password)

Published byCaroline Sturdy Modified over 9 years ago

Similar presentations

Presentation on theme: "Intro To Secure Comm. Exercise 3. Problem The following scenario is suggested for establishing session keys  Alice and Bob share a secret (key phrase/password)"— Presentation transcript:

1 Intro To Secure Comm. Exercise 3

2 Problem The following scenario is suggested for establishing session keys  Alice and Bob share a secret (key phrase/password)  Alice generates Session key K and send E P (K) to Bob  Bob receives E P (K), deciphers and uses K as the new session key. What are the threats to the model? Is this solution secure against an eavesdropper?

3 Solution The solution is problematic when a password is used. Passwords are susceptible to dictionary attack. The eavesdropper may discover p and thus the session key k (and may discover any other session keys) Suggest a better protocol

4 Solution Alice Generates pub A and priv A. Alice sends E P (pub A ) to Bob Bob deciphers and sends to Alice Pub A (k) Alice sends to Bob E k (challengeA) Bob responds E k (challengeA||challengeB) Alice responds (challengeB) What cryptographic method is E?

5 Solution The cryptographic method is a MAC Why not simply use an encryption method?

6 Problem Some designs attempt to provide message authentication by sending the encryption of the message concatenated with its hash (or simply with an error detection code). Namely, they send Encrypt(Message||Hash(Message)), and hope that in so doing, they achieve encryption and authentication together. Show that this design is insecure (an attacker can modify a message and it would still be considered authentic). Hint: this is easy to show, when using one-time-pad or OFB mode encryption.

7 Solution Assuming OTP is used and ADV knows some information about the message. ADV knows the algorithm, so knows which hash function is used. Knowing so, he can figure out the key encrypting the message (known plain text). Since he knows the message and hash of the message, he can figure out the key encrypting the hash. ADV can now calculate new message and new hash for the message and replace them.

8 Solution ADV’s playout:  k m =m  c m (revealing the key of m)  k h(m) =h(m)  c h(m)  Forge: m’  k m ||h(m’)  k h(m) This is a poor MAC because it isn’t even immune to KMA.

9 Problem Often CAs are single entities which provide  user registraion/identification  certificate creation What may be the problems associated with that model?

10 Solution CA may be single point of failure CA may not be able to supply the demand CA may be easier to corrupt/perform DOS

11 Registration Authority CA combines two functions:  Validate identity of source of public key  Sign public key with attributes (identity, others) CA secret key required only to sign cert  Identify by separate registration authority Exercise: motivate by analyzing threat!

12 RA – Registration Authority Also called LRA – Local RA Goal: Off-load some work of CA to LRAs Support all or some of:  Identification  User key generation/distribution passwords/shared secrets and/or public/private keys  Interface to CA  Key/certificate management Revocation initiation Key recovery

13 CA – Certification Authority Issuer/Signer of the certificate  Binds public key w/ identity+attributes Enterprise CA Individual as CA (PGP)  Web of trust “Global” or “Universal” CAs  VeriSign, Equifax, Entrust, CyberTrust, Identrus, … Trust is the key word

14 Problem Define the threats to the above model  What type of threats/ADV can harm the solution?

15 Solution External Attackers Operators Viruses controlling CA pc’s

16 Alice (subject) Alice proves her identity And provides P A Alice, P A Sign(Priv CA,(Alice,P A )) Secure Hardware Operator Enter PIN or smartcard

17 Problem What may be the problem of the secured hardware box?

18 Solution Lack of UI at the hardware Trojan may send bogus certificates than what the operator approved Hardware only certifies one certificate per smartcard (good thing) but wrong certificate may still be used.

19 A better solution Integrate UI with secure hardware Secure log to go over issues/suspected certificates What if found a “corrupted” certificate?  May revoke it by publishing CRL

Download ppt "Intro To Secure Comm. Exercise 3. Problem The following scenario is suggested for establishing session keys  Alice and Bob share a secret (key phrase/password)"

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chapter 9: Key Management

Chapter 9: Key Management
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
1 Intro To Encryption Exercise 8. 2 Simple MAC Functions MAC k (x)=int(x||k mod 2 32 )  For any k>2 32 any x is a forgery  K is exposed so we can calculate.

1 Intro To Encryption Exercise 8. 2 Simple MAC Functions MAC k (x)=int(x||k mod 2 32 )  For any k>2 32 any x is a forgery  K is exposed so we can calculate.

Similar presentations

Ads by Google