Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Slides:

Advertisements

Similar presentations

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

Public Key Infrastructure and Applications

PAR for P Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Cryptography encryption authentication digital signatures

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Authentication Applications

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Addition 1’s to 20.

Off-the-Record Communication, or, Why Not To Use PGP

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Encryption Public-Key, Identity-Based, Attribute-Based.

FIT3105 Smart card based authentication and identity management Lecture 4.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

Cryptography Basic (cont)

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

1 Identity-Based Encryption form the Weil Pairing Author ： Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date ：

Cryptographic Technologies

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,

ASYMMETRIC CIPHERS.

An Efficient Identity-based Cryptosystem for

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Cryptography, Authentication and Digital Signatures

James Higdon, Sameer Sherwani

Midterm Review Cryptography & Network Security

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Cryptography and Network Security (CS435) Part Eight (Key Management)

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Sensor Network Security through Identity-Based Encryption

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim

Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.

Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.

Security Outline Encryption Algorithms Authentication Protocols

Crypto in information security

Presentation transcript:

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel Wincor Nixdorf International

Unattended systems 2 An unattended systems (USys) is an IT-based system that runs (mostly) autonomously. Examples  control systems  self service terminals  automated teller machines (ATM) A Usys consists of components that communicate via standard protocols, e.g. USB.

Communication in ATMs 3 card reader EPP encrypted pin pad cash dispenser

Unattended systems 4  Large numbers of Usys form networks, e.g. ATM networks.  Remote monitoring is possible, e.g. updating software.  Permanent technical maintenance has to be avoided.  Human interaction only in exceptional circumstances.

Security threats 5 Component substitution attacks  prepare malicious substitute component  exchange component by substitute  activate malicious mechanisms to execute unauthorized actions Message manipulation attacks  get access to communication links  manipulate and induce messages  execute unauthorized actions

Requirements 6 Component authenticity USys consists of authentic components. Data origin authenticity communication between components is authenticated Local verifiability detection and reaction to security breaches relies on internal components only No single point of failure failure of individual components can be tolerated Efficiency

Two step approach 7 1.Each component verifies the authenticity of every other component within the same Usys. 2.After successfully verifying the authenticity of another component an authenticated (and confidential) communication channel is established between components.

Outline 8 … ATM protocol key exchange/ agreement encryption scheme hash functions signatures identification protocol identity based cryptography … pairingselliptic curves block ciphers arithmetic in finite fields … Everything implemented on security token, e.g. smart card!

Public key cryptography 9 Certification Authority (CA)

Certificates and certification authorities 10  require significant organizational and technical overhead  require complex data management  their complexity can become a threat to security

Public key vs. identity-based encryption 11  PKE requires special pairs of keys, not all bit strings can be public keys  in IBE every bit string or identity can be a public key  identities can already be certified, e.g. passport numbers  may simplify necessary infrastructure  IBE introduced in 1984 by A. Shamir  first fully functional realization in 2001 by Boneh, Franklin  everything that can be realized with public key crypto can also be realized with identity based crypto

Identity-based enryption 12 Private Key Generator

Identity-based enryption 13

Identity based encryption 14 Private Key Generator

Identities and personalization 15 Identities can be  addresses  passport numbers  serial numbers In many cases these are personalized by processes outside security mechanisms!

Identities and personalization in USys 16  USys personalized with unique identity id during production  private key belonging to id is generated with PKG of identity based crypto system  remove additional personalization step for public key from classical public key crypto systems

IBC security – requirements 17  adversaries known complete specifications of encryption schemes (Kerckhoff’s principle)  adversaries should learn nothing about plaintexts from ciphertexts  adversary should not be able to forge signatures  adversary may know many plaintext/ciphertext pairs and message/signature pairs  adversary may know private keys to many identities  corrupting one Usys does not compromise the whole network Challenge Exponentially (in n) many private keys depend on master secret msk of polynomial (in n) length.

From signatures to identification 18 … ATM protocol key exchange/ agreement encryption scheme hash functions signatures identification protocol identity based cryptography … pairingselliptic curves block ciphers arithmetic in finite fields … Everything implemented on security token, e.g. smart card!

IBC based protocols 19  can use standard identification protocols based on public key crypto techniques  replace public key techniques by identity based crypto techniques AB r c challenge response

IBC on smart cards 20  everything needed to be implemented on smart cards  modern smart card offer no specific support for IBC  they support elliptic curve cryptography  implemented identity based encryption, signature and identification protocols  security level comparable to RSA with key length 1024  generating and verifying signatures takes few hundred milliseconds  IBC requires one additional primitive, i.e. bilinear pairings  Weil pairing  Tate pairing

Pairings 21 Needs to satisfy cryptographic / complexity theoretic hardness assumptions!

Lessons learned 22  complete system implemented for ATMs  initial effort high  but it pays off complexity of backend reduced, no CA security processes easier to handle, e.g. maintenance ratio between security and efficiency better