Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)

Published byVictor Rudolph Webster Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)"— Presentation transcript:

1 Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)

2 csci5233 computer security & integrity (Chap. 4) 2 Outline

3 csci5233 computer security & integrity (Chap. 4) 3 Digital Signatures Digital signature: a protocol that produces the same effect as a real signature; that is, it is a mark that only the sender can make, while the other people can easily recognize as authentic. Two primary conditions must be met (Fig. 4-10, p.141) –Unforgeable –Authentic Two additional conditions for transactions using digital signatures: –Not alterable –Not reusable

4 csci5233 computer security & integrity (Chap. 4) 4 Symmetric key digital signatures The secrecy of the shared key guarantees the authenticity of the message, as well as its secrecy. But –it does not prevent forgery, because either party can create the same message; –thus it does not guarantee non-repudiation. Legal and crypto “non-repudiation”: http://www.firstmonday.dk/issues/issue5_8/mccullagh/#m2

5 csci5233 computer security & integrity (Chap. 4) 5 Traditional Legal Meaning of "Non-Repudiation" There is a definitional distinction between the legal use of the term "non-repudiation" and its crypto- technical use. In the legal sense an alleged signatory to a document is always able to repudiate a signature that has been attributed to him or her. The basis for a repudiation of a traditional signature may include: –The signature is a forgery; –The signature is not a forgery, but was obtained via: Unconscionable conduct by a party to a transaction; Fraud instigated by a third party; Undue influence exerted by a third party.

6 csci5233 computer security & integrity (Chap. 4) 6 Crypto-Technical Meaning of "Non- Repudiation" In general terms, the term "non-repudiation" crypto- technically means: –In authentication, a service that provides proof of the integrity and origin of data, both in an unforgeable relationship, which can be verified by any third party at any time; or, –In authentication, an authentication that with high assurance can be asserted to be genuine, and that can not subsequently be refuted. “Non-repudiation is a property achieved through cryptographic methods which prevents an individual or entity from denying having performed a particular action related to data (such as mechanisms for non-rejection or authority (origin); for proof of obligation, intent, or commitment; or for proof of ownership).” -- 1998, the Australian Federal Government's Electronic Commerce Expert Group

7 csci5233 computer security & integrity (Chap. 4) 7 Symmetric key digital signatures A 3 rd party (arbiter), trusted by either party, is required if a symmetric key encryption is used. Figure 4-11 (p.142): 1.S sends E(M, K S ) to the arbiter. 2.The arbiter decrypt E(M, K S ) to retrieve M. 3.The arbiter sends E( (M, S, E(M, K S ) ), K R ) to R. 4.R decrypt the message to retrieve M, S, E(M, K S ): –M is the message sent from R; –S is a message sent from the arbiter attesting that the message came from R; –How would R deal with E(M, K S ) ?

8 csci5233 computer security & integrity (Chap. 4) 8 Digital Signatures w/o Encryption Encryption could be time-consuming and may not be necessary in the case of digital signature. Use of a cryptographic sealing function as a signature, which is registered with an arbiter and can be a hash function or a one-way encryption function. Change to the document would void the signature. Steps: 1. S and R both have registered a personal sealing function with the arbiter (A), f S and f R respectively. 2. S sends M and f S (M) to A. 3. A computes its own f S (M). 4. If the two f S (M) match, A sends (M, S, f S (M), f R ((M,S))) to R.

9 csci5233 computer security & integrity (Chap. 4) 9 Digital Signatures w/o Encryption Disadvantages: 1.It requires an active arbiter on each transaction. 2.The message must be encrypted twice to ensure secrecy. 3.It does not prevent reuse or alteration of an old message.

10 csci5233 computer security & integrity (Chap. 4) 10 Preventing forgery of digital signatures Forgery: reuse or alteration of a message To prevent reuse: The message must be destroyed or expired after its use. A solution – time stamping To prevent alteration: A solution – time stamp + checksum Example – The time stamp can be encrypted into the message, such that the message cannot be “extracted” without changing the time stamp value. (Fig. 4-12, p.144)

11 csci5233 computer security & integrity (Chap. 4) 11 Asymmetric key digital signatures A sender encrypts a message using his/her own private key. The recipient uses the sender’s public key to decrypt the message. (Fig. 4-13, p.144) Authenticity and unforgeability are satisfied, but secrecy is not. Double encryption is required to satisfy secrecy: Fig. 4-14 E( D(M,K S ), K R )

12 csci5233 computer security & integrity (Chap. 4) 12 Key Escrow Key escrow provides a means for data to be adequately secure, but to also allow other legitimate users access on an emergency basis. Clipper: an example of a k of n key escrow protocol, where k = n = 2 K of n: Any k of the n pieces of the key are required to decrypt a message. Review of LEAF field, Clipper family key, unit id, session id: Chapter 3 Figure 4-15 (p.147): Clipper message exchange Software key escrow –Advantages: easy to change, to be integrated or customized –Disadvantage: changeability

13 csci5233 computer security & integrity (Chap. 4) 13 Mental Poker The ‘double locking’ protocol: Fig. 4-16 (p.149) Symmetric key implementation 1.S encrypts all messages with her own key ( E(M 1, K S ), E(M 2, K S ), …) and sends them to R. 2.R picks some of the messages and encrypts them with his own key ( E(M 1, K S ), E(E(M 2, K S ), K R ), … ), and sends them all back to S. 3.S keeps those messages that R did not select and then sends those selected by R back to R. Q: How can R decrypt the message E(M 2, K S ), which was encrypted under S’s key? –Encryption and decryption must be commutative: p.149

14 csci5233 computer security & integrity (Chap. 4) 14 Mental Poker Asymmetric key implementation S and R, respectively, encrypts the messages using his/her own public key. An application of ‘mental poker’: key distribution –A protocol is needed to enable a user to obtain a new key, while nobody – not even the central repository – knows what key the user has received. –Fig. 4-18 (p.151)

15 csci5233 computer security & integrity (Chap. 4) 15 Voting protocols The problem: Transmitting an untraceable but authentic message Examples: anonymous questionnaire, electronic voting, automating private transactions. Voting protocol: Each voter has two public key functions: (E, D) and (R, Q) Each user’s vote is multiply encrypted: R J (R K (R L (E J (E K (E L (vote))) ))) A two-phase protocol: verification phase + signing phase (Fig. 4-19, p.154)

16 csci5233 computer security & integrity (Chap. 4) 16 Analysis of the Voting protocol Secrecy Each voter can only votes once. Nobody other than the authenticated voters may vote. In phase 2, each voter independently ‘certifies’ the votes. This enables post-vote verification, in case a voter decided to tamper with the votes.

17 csci5233 computer security & integrity (Chap. 4) 17 Oblivious Transfer The problem: Sending one of two messages, with the restriction that neither the sender nor the receiver will know until later which message was sent Example: remote coin flipping obliv·i·ous: lacking remembrance, memory, or mindful attention Transfer protocol: Fig. 4-20 (p.155) P, the sender, has two pairs of public keys, E i, D i, E j, D j. N, the receiver, has a secret key, K N. This protocol is the basis for the next two protocols.

18 csci5233 computer security & integrity (Chap. 4) 18 Contract Signing The problem: remote signing contracts by computer Requirements: 1.Point of commitment 2.Unforgeability 3.Indirect signing Indirect contract signing protocol Based on the uncertainty of point of commitment + the oblivious transfer protocol Piecemeal transfer of secrets The protocol: pp.157-158

19 csci5233 computer security & integrity (Chap. 4) 19 Certified Mails The problem: A sender requires the receiver to sign an encrypted message while the receiver would not sign the message unless the message is known to him/her. Also based on the oblivious transfer protocol The protocol: pp.158-159

20 csci5233 computer security & integrity (Chap. 4) 20 Summary Next: Part C

Download ppt "Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)"

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :

PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
1. INDEX 2 A signature is a handwritten depiction of someone’s name or nickname that a person writes on documents as proof of identity and intent. Signature.

1. INDEX 2 A signature is a handwritten depiction of someone’s name or nickname that a person writes on documents as proof of identity and intent. Signature.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Similar presentations

Ads by Google