Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: " Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large."— Presentation transcript:

1  Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large numbers to extract key  Must use brute-force  One-way hash functions o Collision-free, collision-resistant o MD5, SHA  DES, AES (not on exams)

2  Confidentiality, integrity, non-repudiation o M, E(M), H(M), E(H(M)), H(E(M)) o M + H(M) – integrity, H(M) must be stored not sent o M + E(H(M)) – integrity, non-repudiation (PK) o M + H(E(M)) – no sense o E(M) + H(M) – integrity, confidentiality o E(M) + E(H(M)) – integrity, confidentiality, non- repudiation (use different keys) o E(M) + H(E(M)) – integrity, confidentiality

3

4  Key management is where much security weakness lies o Choosing keys o Storing keys o Communicating keys

5  Technically easy o Distribute shared keys to each entity we want to communicate with  But it doesn’t scale o Hundreds of servers… o Times thousands of users… o Yields ~ million keys

6  Alice creates a secret key, encrypts it with Bob’s public key and sends it off  Bob decrypts the message with his private key  Use shared key for further communication  This is how many applications work  Could communicate using public key cryptography but it’s slow

7  Exchange a secret with someone you never met while shouting in a room full of people  Alice and Bob agree on g and large n  Alice chooses random a, sends  Bob chooses random b, sends  Alice takes Bob’s message and calculates  Bob does the same; now they both know shared secret

8  Alice sends to Bob her public key Pub(A)  Mallory captures this and sends to Bob Pub(M)  Bob sends to Alice his public key Pub(B)  Mallory captures this and sends to Alice Pub(M)  Now Alice and Bob correspond through Mallory who can read all their messages

9  First four steps are the same o Alice sends to Bob her public key Pub(A) o Mallory captures this and sends to Bob Pub(M) o Bob sends to Alice his public key Pub(B) o Mallory captures this and sends to Alice Pub(M)  Alice encrypts a message in Pub(M) but sends half to Bob – Mallory cannot recover this message and duplicate it  This works if Mallory cannot mimic Alice’s and Bob’s messages

10  Alice and Bob need not exchange keys directly to communicate o Alice generates a random session key K o She obtains Bob’s public key from a database and encrypts K with that E B (K) o She sends both the message encrypted with K, E K (M) and a key E B (K) to Bob  This is how most real-world protocols work

11  Step toward Needham-Schroeder and Kerberos mechanisms  Key-distribution tied to authentication o If you know who you share a key with, authentication is easy – they just send you something encrypted with that key (must be something you’ve chosen)

12  Proving knowledge of shared key o Nonce = Non repeating, random value But where does K AB come from? Alice Bob NANA K AB (N A ) NBNB K AB (N B )

13  KDC = Key Distribution Center o Everyone shares a key with KDC, e.g., C shares K C  User C sends request to KDC that they want to communicate with the server S – need K CS  KDC generates a key: K cs o Encrypted for each participant: K c (K cs ), K s (K cs ) o K s (K cs ) called ticket o Ticket plus K cs called credentials o Ticket is opaque and forwarded with application request  No keys ever traverse net in the clear

14 Third-party authentication service o Distributes session keys for authentication, confidentiality, and integrity KDC 1. C, S, N C 2. K C (N C, K CS, S, K S (K CS, C )) CS 3.K S (K CS, C ) 4.K CS (N S ) 5.K CS (N S -1) Problem: replay attack in step 3 Fix: use timestamps

15  What happens if attacker does get session key K CS ? o Answer: Can reuse old session key to answer challenge-response, generate new requests, etc

16  Replace (or supplement) nonce in request/reply with timestamp o K C (K CS, S, N C, t) and K S (K CS, C, t) in steps 2,3

17  Server has no guarantee that K CS is fresh  If an attacker gets hold of K C key he can impersonate C to anyone o The only solution is for KDC to tell everyone that K C was revoked  Protocol assumes all users of it are good guys

18  Introduce Ticket Granting Server (TGS) o Issues timed keys to resources  Users log on to authentication server (AS)  AS+TGS = KDC  Uses timestamps with a lifetime instead of nonces o Fixes freshness problem from Needham-Shroeder

19  Chosen paper must talk about cryptography, authentication, authorization or policy o Select from venues listed on the class Web page o Email me your chosen paper to verify it fits the topic  Write 2-4 page report o Summary of problem, why is it important and hard, solution summary, evaluation and results, your opinion and your ideas o Originality, clearness, writing style o Proof-read!! o Start now!

Download ppt " Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
A less formal view of the Kerberos protocol J.-F. Pâris.

A less formal view of the Kerberos protocol J.-F. Pâris.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,

Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Authentication & Kerberos

Authentication & Kerberos
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

Similar presentations

Ads by Google