1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
RSA.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Public Key Cryptosystem
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Digital Signatures and applications Math 7290CryptographySu07.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Diffie-Hellman Key Exchange
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Computer Science Public Key Management Lecture 5.
Public Key Model 8. Cryptography part 2.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Rachana Y. Patil 1 1.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
COEN 351 E-Commerce Security Essentials of Cryptography.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
COEN 351 E-Commerce Security
Computer and Network Security - Message Digests, Kerberos, PKI –
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Key Management Network Systems Security Mort Anvari.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Computer Communication & Networks
CS480 Cryptography and Information Security
Message Security, User Authentication, and Key Management
Public Key Infrastructure
Key Management Network Systems Security
Key Establishment Protocols ~
Secure Diffie-Hellman Algorithm
Presentation transcript:

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification

2 Diffie-Hellman Key Exchange The Diffie-Hellman protocol allows 2 people to use random values and yet each generate the same symmetric key without transmitting the value of the key. The security of the protocol lies in the discrete log problem: given y, g and p find x such that y = g x mod p

3 Alice and Bob need to agree on a key to use in a symmetric key cryptosystem. They choose a large prime number p and generator g. Alice 1.Generates random number a, 2.Computes x=g a mod p 3.Sends x to Bob 4.Receives y from Bob 5.Computes k=y a mod p Bob 1.Generates random number b, 2.Computes y=g b mod p 3.Sends y to Bob 4.Receives x from Alice 5.Computes k=x b mod p

4 Why Diffie-Hellman works Alice has computed k = y a mod p = (g b ) a mod p = g ba mod p = g ab mod p Bob has computed k = x b mod p = (g a ) b mod p = g ab mod p So Alice and Bob both have the same value of k.

5 How secure is it? We assume that cryptanalyst Charles knows the values of p and g and that he eavesdrops on the exchange between Alice and Bob so that he also knows x and y. However, unless Charles can solve a DLP, he is unable to find a or b. It is believed that it is just as hard to find k from x and y without finding a or b.

6 The Needham-Schroeder Protocol This is another protocol for exchanging keys between Alice and Bob. This time they use only symmetric key cryptography But They need a trusted third party (TTP) or Server (S).

7 Alice and the server have a key K AS Bob and the server have a key K BS Alice and Bob want to establish a shared key K AB so that Alice can send Bob a message. They communicate with each other and the server as follows:

8 1.Alice sends the server S the names of Alice and Bob to request that a session key be generated. 2.The server sends to Alice: a)The name of Bob b)A session key for Alice and Bob to share c)The name of Alice and the session key both encrypted using K BS All 3 items above are encrypted using key K AS

9 3.Alice uses key K AS to decrypt the items sent to her in step 2. Alice now knows the session key K AB. 4.Alice sends Bob the value of 2c) which is the name of Alice and the session key K AB encrypted with K BS 5.Bob decrypts the name of Alice and the session key using his key K BS. Now Bob knows the session key K AB which he uses to communicate with Alice.

10 Needham-Schroeder 1.A S: A,B 2.S A: e KAS (B, K AB, e KBS (A, K AB )) Alice decrypts to get B, K AB, e KBS (A, K AB ) 3.A B: e KBS (A, K AB ) Bob decrypts to get A, K AB

11 Needham-Schroeder 2 1.A S: A,B,N A 2.S A: e KAS (B,N A, K AB, e KBS (A, K AB )) 3.A B: e KBS (A, K AB ) 4.B A: e KAB (N B ) 5.A B:e KAB (N B -1 )

12 Certificates A certificate consists of a public key together with an identification of the key user. The certificate is issued by a trusted third party(TTP) called a certification agency (CA) The certification agency might be a government agency or financial institution.

13 The CA guarantees the link between the user and the public key by digitally signing a document which contains the user name, the public key, the name of the CA, the expiry date of the certificate and perhaps other information such as access rights.

14 X.509 Standard Bob generates a document containing his relevant information and presents himself with this document to the CA. The CA confirm Bobs identity. The CA hash the document using SHA-1 and encrypt it using their own private key. This is the certificate.

15 If Alice wants to communicate with Bob she looks up his public key document and certificate. She will use the public key of the CA to decrypt the certificate. She will hash the document using SHA-1 If these two items are the same then she knows that she can safely communicate with Bob using the public key since the CA has verified his identity.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.