Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2: Protocol Building Blocks

Published byDamian Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 2: Protocol Building Blocks"— Presentation transcript:

1 Chapter 2: Protocol Building Blocks
Dulal C. Kar

2 Intro To Protocols A protocol is a series of steps, involving two or more parties, designed to accomplish a task Characteristics of a protocol All parties must know the protocol All parties must agree to follow it Must be unambiguous Must be complete A cryptographic protocol is a protocol that uses cryptography to prevent or detect eavesdropping and cheating

3 Arbitrated Protocols Arbitrator Protocol example with lawyer
A disinterested third party trusted to complete a protocol Ex: lawyer, banker, notary public Protocol example with lawyer Alice gives title to lawyer Bob gives check to Alice Alice deposits check Lawyer gives title to Bob if check gets cleared within a specific time; otherwise lawyer returns title back to Alice

4 Problems with Computer Arbitrators
Two parties are likely to be suspicious of a faceless arbitrator Computer network must bear the cost of maintaining an arbitrator Delay inherent in any arbitrated protocol Arbitrator becomes a vulnerable point for attackers Trent Arbitrator Bob Alice

5 Adjudicated Protocols
Arbitrated protocols are costly Arbitrated protocols can be subdivided into two lower-level subprotocols Non-arbitrated subprotocol Arbitrated subprotocol Executed only in exceptional cases when there is a dispute. Special arbitrator – called adjudicator

6 Adjudicated Protocols (cont’d)
Non-arbitrated subprotocol (executed every time) Alice and Bob negotiate the terms of the contract Alice signs the contract Bob signs the contract Adjudicated subprotocol (executed only in case of a dispute): Alice and Bob appear before a judge Alice presents her evidence Bob presents his evidence The judge rules on the evidence

7 Adjudicated Computer Protocols
Rely on parties to be honest A body of data exists so that a trusted third party could determine if someone cheated Cheater’s identity can be detected Inevitability of detection acts as a preventive and discourages cheating

8 Self-Enforcing Protocols
No arbitrator required Protocol itself guarantees fairness A party can detect whether other party is trying to cheat and therefore, can stop immediately Unfortunately, there is not a self-enforcing protocol for every situation

9 Attacks Against Protocols
Cryptographic attacks Attacks against cryptographic algorithms used in protocols Attacks against cryptographic techniques used to implement the algorithms and protocols Attacks against the protocols themselves Passive attacks Eavesdrop on some or all of the protocol Active attacks Introduce new messages, delete messages, interrupt, alter, reply Passive cheaters Follow protocol, but try to obtain more info Active cheaters Disrupt protocol in progress in an attempt to cheat

10 Communications Using Symmetric Cryptography
Alice and Bob agree on a cryptosystem Alice and Bob agree on a key Alice encrypts her plaintext using the key and the algorithm Alice sends ciphertext to Bob Bob decrypts ciphertext with the same key and the algorithm Problems Keys must be distributed in secret In case of compromise, not only messages can be decrypted but false messages can be produced Total number of keys increases rapidly as the number of users increases. For n users, we need n(n-1)/2 keys Note: A good cryptosystem is one in which all the security is inherent in knowledge of the key and none is inherent in knowledge of the algorithm

11 One-Way Functions Central to public-key cryptography
Relatively easy to compute, but significantly harder to reverse. That is. given x it is easy to compute f(x), but given f(x) it is hard to compute x. Meaning of “hard” in cryptographic sense Would take millions of years to compute x from f(x) with world’s all computers Note One-way functions are not useful for encryption because a message encrypted with a one-way function cannot be decrypted Trapdoor one-way function Special type of one-way function It is easy compute f(x) given x, and hard to compute x given f(x) However, given f(x) and some secret information y, it is easy to compute x

12 One-Way Hash Functions
Building block of many protocols Also called compression functions, contraction functions, message digests, fingerprints, cryptographic checksums, message integrity checks (MIC), manipulation detection codes (MDC) A hash function takes a variable-length input string (called a pre-image) and converts it to a fixed-length, smaller output string (called a hash value) A good one-way hash function is also collision-free It is hard to generate two pre-images with the same hash value

13 Message Authentication Codes (MAC)
Also known as data authentication codes (DAC) One-way hash functions with addition of a secret key Hash value is a function of both the pre-image and the key Exactly same as hash functions except only someone with the key can verify the hash value

14 Communications Using Public-Key Cryptography
1976, Whitfield Diffie and Martin Hellman first described public-key cryptography Two different keys – one public and the other private Computationally hard to deduce the private key from the public key Mathematically, process is based on trap-door one-way functions previously discussed Secret or trapdoor is the private key Public-key cryptography solves the key management problem with symmetric cryptosystems

15 Sending Message Using Public-Key Cryptography
Alice sending a message to Bob Alice and Bob agree on a public-key cryptosystem Bob sends Alice his public key Alice encrypts her message using Bob’s public key and sends it to Bob Bob decrypts Alice’s message using his private key

16 Public-key Cryptosystem
A database of the public keys of all users is to be maintained for public access Protocol Alice gets Bob’s public key from the database Alice encrypts her message using Bob’s public key and sends it to Bob Bob then decrypts Alice’s message using his private key

17 Problems with Public-key Cryptography
In the real world, public-key algorithms are not used to encrypt messages but to encrypt keys. Why? Public-key algorithms are slow Public-key cryptosystems are vulnerable to chosen-plaintext attacks. If C = E(P), when P is one plaintext out of n possible plaintexts, one has to encrypt all n possible plaintexts and compare with C. Cryptanalyst doesn’t need to know the private key to determine P this way

18 Hybrid Cryptosystems Public-key cryptography is used to secure and distribute session keys Session keys are used with symmetric algorithms Example Protocol Bob sends Alice his public key Alice generates a random session key, K, encrypts it using Bob’s public key, and sends it to Bob. EB(K). Bob decrypts Alice’s message using his private key to recover the session key. DB(EB(K)) = K Both of them encrypt their communications using the same session key

19 Signatures Handwritten Signatures’ characteristics
Authentic Unforgeable Not reusable Unalterable Cannot be repudiated In reality, none of these characteristics about signatures is completely true

20 Signing Documents with Symmetric Cryptosystems and an Arbitrator
Example: Alice: signer; Bob: Receiver; Trent: Arbitrator Trent shares secret keys KA with Alice and KB with Bob Alice encrypts her message to Bob with KA and sends it to Trent Trent decrypts the message with KA Using KB ,Trent encrypts the decrypted message and a statement that he has received this message from Alice Bob decrypts the bundle with KB. He reads Alice’s message and Trent’s certification Check above protocol for five characteristics in the previous slide

21 Problems with the Protocol
Time-consuming for Trent Trent is a bottleneck in the communication systems A trust-worthy computer system like Trent is difficult to maintain on the network (Trust) Trent has to be completely secure (Security)

22 Signing Documents with Public-Key Cryptography
First invented by Diffie and Hellman Examples: RSA and DSA Basic protocol Alice encrypts the document with her private key, thereby signing the document Alice sends the signed document to Bob Bob decrypts the document with Alice’s public key, thereby verifying the signature Check the protocol for five characteristics in the previous slide

23 Signing Documents and Timestamps
Previous protocol has at least one problem: Bob can cheat Alice in some circumstances. How? Problem with signed digital check: Copies of the digital check maybe used repeatedly Solution: Include timestamps in digital signatures Date and time of the signature are attached to message and signed along the rest of the message

24 Signing Documents with Public-Key Cryptography and One-Way Hash Functions
In practical implementations, public-key algorithms are inefficient to sign long documents Protocol example Alice produces a one-way hash of a document Alice encrypts the hash with her private key, thereby signing the document Alice sends the document and the signed hash to Bob Bob produces one-way hash of the document. He decrypts the signed hash with Alice’s public key for matching and signature verification

25 Benefits of the Protocol
Speed increases. Signature of the hash is the signature of the document Signature can be kept separate from the document Recipient’s storage requirements for document and signature are much smaller An archival system can use this type of protocol to verify the existence of documents without storing their contents

26 Algorithms and Terminology
All digital signature algorithms are public-key algorithms with secret information (private key) to sign documents and public information (public key) to verify signatures. Notation for signing a message with private key K is: Sk(M) Notation for verifying a signature with the corresponding public key is: Vk(M) Digital signature Bit string attached to the document when signed Authentication The protocol by which the receiver is convinced of the identity of the sender and the integrity of the message

27 Multiple Signatures With one-way hash functions:
Alice signs the hash of the document Bob signs the hash of the document Bob sends his signature to Alice Alice sends the document, her signature, and Bob’s signature to Carol Carol verifies both Alice’s signature and Bob’s signature Carol can verify both signatures independently

28 Non-Repudiation and Digital Signatures
Problem with digital signature protocol Alice can sign a document and later claim she did not. She can lie telling that someone has stolen her private key Nothing can be done in this case

29 Non-Repudiation and Digital Signatures (cont’d)
Preserving validity of old signatures using timestamps Alice signs a message Alice includes a signed identified header with the signed message and sends it to Trent Trent verifies Alice’s identity, adds a timestamp, signs it all, and sends it to both Alice and Bob. Bob verifies Trent’s signature, the identifying information, Alice’s signature Alice verifies the message Trent sent to Bob. If she did not originate the message, she speaks up quickly.

30 Digital Signatures With Encryption
Combining digital signatures with public-key cryptography (Authentication + privacy) Alice signs the message with her private key. SA(M) Alice encrypts the signed message with Bob’s public key and sends it to Bob. EB(SA(M)) Bob decrypts the message with his private key. DB(EB(SA(M))) = SA(M) Bob verifies with Alice’s public key and recovers the message. VA(SA(M)) = M Timestamps should be used in this protocol to prevent reuse of messages

31 Resending the Message as a Receipt
Whenever Bob receives a message, he returns it as a confirmation of receipt Alice signs a message with her private key, encrypts it with Bob’s public key and sends it to Bob. EB(SA(M)) Bob decrypts the message with his private key and verifies the signature with Alice’s public key. VA(DB(EB(SA(M)))) = M Bob signs the message with his private key, encrypts it with Alice’s public key, and sends it back to Alice. EA(SB(M)) Alice decrypts the message with private key and verifies signature with Bob’s public key Digital signature verification is subject to possible attack! How? Refer to text.

32 Attacks Against Public-Key Cryptography
A secured but publicly accessible database maintains all public keys Attacker can substitute a public key during transmission To prevent this, a key certification authority or key distribution center (KDC) can sign the public key with its private key

33 Random and Pseudo-Random-Sequence Generation
Problem A random-number generator does not really produce a random sequence The best a computer can produce is a pseudo-random-sequence generator Cryptographically Secure Pseudo-Random Sequences Must be computationally infeasible to predict

Download ppt "Chapter 2: Protocol Building Blocks"

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Cryptography Basic (cont)

Cryptography Basic (cont)
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Protocol Building Blocks 1.Protocols are multi-agent algorithms 2.Agents know protocol 3.Protocol unambiguous, well-defined 4.Protocol complete, action.

Protocol Building Blocks 1.Protocols are multi-agent algorithms 2.Agents know protocol 3.Protocol unambiguous, well-defined 4.Protocol complete, action.
1 Chap 1: Introduction Some background –The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext).

1 Chap 1: Introduction Some background –The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext).
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

Similar presentations

Ads by Google