Protocols Chapter 2 Protocol: A series of steps, involving two or more parties, designed to accomplish a task. All parties involved must know the protocol.

Slides:



Advertisements
Similar presentations
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Advertisements

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Protocol Building Blocks 1.Protocols are multi-agent algorithms 2.Agents know protocol 3.Protocol unambiguous, well-defined 4.Protocol complete, action.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Public Key Algorithms 4/17/2017 M. Chatterjee.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Chapter 4: Intermediate Protocols
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
Chapter 2: Protocol Building Blocks
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Based on Schneier Chapter 5: Advanced Protocols Dulal C. Kar.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
Week 4 - Wednesday.  What did we talk about last time?  RSA algorithm.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Introduction to Cryptography Summarized from “ Applied Cryptography, Protocols, Algorithms, and Source Code in C ”, 2nd. Edition, Bruce Schneier, John.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Protocol Building Block. INTRODUCTION TO PROTOCOL Protocol? ● Def : Series of steps to accomplish a task with two or more parties Cryptographic protocol?
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Fall 2006CS 395: Computer Security1 Key Management.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Software Security Seminar - 1 Chapter 2. Protocol Building Blocks 발표자 : 최두호 Applied Cryptography.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Key Exchange References: Applied Cryptography, Bruce Schneier
Computer Communication & Networks
NET 311 Information Security
Chapter 3 - Public-Key Cryptography & Authentication
Presentation transcript:

Protocols Chapter 2 Protocol: A series of steps, involving two or more parties, designed to accomplish a task. All parties involved must know the protocol All parties must agree to follow it Must be unambiguous Must be complete

The Players dramatis personae Alice First participant Bob Second Carol Third Eve Eavesdropper Mallory Malicious attacker Trent Trusted arbitrator Peggy Prover Victor Verifier

Types of Protocols Arbitrated Protocols Intermediary trusted by all parties Lawyer is involved Adjudicated Protocols In case of a dispute a third party becomes involved Judge is involved Self-Enforcing Protocols The protocol itself guarantees fairness No third party is involved

Attacks against Protocols Passive attack Passive eavesdropper e.g. network sniffing Difficult to detect Active attack Alter protocol Pretend to be someone else Cheaters Not following the protocol Liars

Protocol Building Blocks Symmetric key cryptography One-Way Hash functions Public-key cryptography Digital signatures Random sequence generators

Symmetric Key Cryptography Secure communications Secure storage Computationally efficient Depends on a shared secret

Symmetric Key Cryptography Alice and Bob want to communicate securely. 1.Alice & Bob agree on a crypto algorithm 2.Alice & Bob agree on a key 3.Alice encrypts message with the key 4.Alice sends ciphertext to Bob 5.Bob decrypts with the key and reads the message

Symmetric Key Cryptography AliceBob Key: K Message: M Ciphertext: C = E K (M) Key: K Ciphertext: C Message: M = D K (C) = D K (E K (M)) C

Symmetric Key Cryptography Attacks Passive attack: Eve can only try a ciphertext only attack Eve can attempt to determine the key during the key exchange Active attack: Intercept Alice's message and substitute his own Break communication channel Cheaters: Alice can give the key to Eve, so Eve can read Bob's message

One-Way Hash functions One-way functions No inverse (known to exist) Hash function No known collisions Variable length inputs Fixed length outputs

Message Authentication Code Uses a secret key One-way hash of both the pre-image and the secret key K = symmetric key M = Message MAC = H(Enc K (M)) Only those who have the key K can calculate H(Enc K (M).

Public-Key Cryptography Public key and private key Each player has their own key pair Computationally intensive Vulnerable to chosen-plaintext attacks Very difficult to deduce the private key from the public key

Public-Key Cryptography Let: Pr = Alice's private key Pu = Alice's public key (Pr, Pu) is the key pair, and must go together. M = Plaintext from Bob Ciphertext C = E Pu (M) is calculated by Bob with Alice's public key. Only Alice has access to her private key. Thus only she can calculate the plaintext M = D Pr (E Pu (M)).

Public-Key Cryptography AliceBob Message: M Ciphertext: C = E BPu (M) Key pair: BPu, BPr Ciphertext: C Message: M = D BPr (C) = D BPr (E BPu (M)) C BPu

Digital Signatures Authentic Not forgeable Not reusable Unalterable Cannot be repudiated

Digital Signatures with Symmetric Crypto Alice wants to sign a digital message and send it to Bob with Trent's help. 1.Alice/Trent key, K A. Bob/Trent key, K B. 2.Alice encrypts her message to Bob with K A and sends it to Trent. 3.Trent decrypts the message with K A. 4.Trent encrypts Alice's message to Bob along with a message that it is from Alice. 5.Trent sends the encrypted bundle to Bob. 6.Bob decrypts the bundle with K B. Bob can read Alice's message along with Trent's certification.

Digital Signatures Public-Key Crypto Alice wants to sign a digital message and send it to Bob without Trent's help 1.Alice's public key, K A-pu, private key, K A-pr.. 2.Alice encrypts her document with her private key, K A-pr. 3.Alice sends the signed document to Bob. 4.Bob decrypts the document with K A-pu, thereby verifying the signature.

Digital Signatures Public-Key Crypto & Hash Functions Alice wants to sign a large digital message and send it to Bob without the public-key's compute hit. 1.Alice's public key, K A-pu, private key, K A-pr.. 2.Alice produces a one-way hash of her document. 3.Alice encrypts the hash with her private key, K A-pr. 4.Alice sends the document and the encrypted hash to Bob. 5.Bob decrypts the hash with K A-pu, calculates the hash of the document himself and compares them, thereby verifying the signature.

Digital Signatures Vulnerabilities Alice can cheat. She can sign a document. She can claim that her private key was compromised. Time stamps help. Escrow agents are expensive. Tamper resistant modules.

Random Sequence Generators Pseudo-random generator Looks random: Passes all of the statistical tests. Cryptographically Secure

Cryptographically Secure Random Sequence Generators It is unpredictable. Computationally infeasible to predict what the next random bit will be given complete knowledge of the algorithm and all previous bits. It cannot be reliably reproduced.

Basic Protocols Chapter 3 Protocols Key Exchange Authentication and key exchange Secret splitting Secret sharing

Key Exchange with Symmetric Crypto 1.Alice/Trent key, K A. Bob/Trent key, K B. 2.Alice calls Trent and requests a session key to communicate with Bob. 3.Trent generates a random session key. 4.Trent encrypts the session key with K A and encrypts another copy with K B. 5.Trent sends both copies to Alice. 6.Alice decrypts her copy with K A and sends Bob his copy. 7.Bob decrypts his copy with K B. 8.Alice and Bob can communicate securely with the shared session key.

Key Exchange with Public-Key Crypto 1.Bob sends Alice his public key, Pu. 2.Alice generates a random session key, K. 3.Alice encrypts K using Bob's public key, E Pu (K). 4.Alice sends E Pu (K) to Bob. 5.Bob decrypts Alice's message using his private key, D Pr (E Pu (K)) = K. 6.Alice and Bob encrypt their communications using the same session key, K.

Authentication Passwords and pass phrases Dictionary attacks Hashed passwords subject to dictionary attacks Salted passwords Public key encryption Requires key pairs Key management

Authentication Public Key Encryption 1. Host sends Alice a random string. 2. Alice encrypts with her private key and sends it back to the host along with her name. 3. Host looks up Alice's public key and decrypts the messsage. 4. If the message matches the string the host sent Alice then the host permits access to Alice.

Key Exchange with Authentication All involve a trust intermediary –Trent All subject to man in the middle attack Want to be sure you know who you are talking to.

Kerberos Guarding the Gates of Hell. No one leaves.

Authentication & Key Exchange Kerberos Maintained by MIT Up to version Release Strong authentication Uses symmetric key encryption Uses a trusted intermediary

Authentication & Key Exchange Kerberos AliceBob Trent A = Alice's ID B = Bob's ID K AT = Alice/Trent symmetric key K BT = Bob/Trent symmetric key K AT K BT

Alice sends message to Trent AliceBob Trent A = Alice's ID B = Bob's ID A, B

Trent responds to Alice with info for Alice and Bob AliceBob Trent A = Alice's ID B = Bob's ID Trent generates: TS = Time stamp L = Lifetime for the key K AB = Session key M 1 = (TS, L, K AB, A) M 2 = (TS, L, K AB, B) E KAT (M 2 ) E KBT (M 1 )

Alice gets message from Trent AliceBob Trent A = Alice's ID B = Bob's ID Trent generates: TS = Time stamp L = Lifetime for the key K AB = Session key M 1 = (TS, L, K AB, A) M 2 = (TS, L, K AB, B) E KAT (M 2 ) E KBT (M 1 ) Alice calc's D KAT (E KAT (M 2 )). She now knows TS, L, K AB, B and E KBT (M 1 ) which she cannot decrypt. Alice also calc's E KAB (A, TS).

Alice sends message to Bob AliceBob Trent A = Alice's ID B = Bob's ID Trent generates: TS = Time stamp L = Lifetime for the key K AB = Session key M 1 = (TS, L, K AB, A) M 2 = (TS, L, K AB, B) E KAT (M 2 ) E KBT (M 1 ) Alice calc's D KAT (E KAT (M 2 )). She now knows TS, L, K AB, B and E KBT (M 1 ) which she cannot decrypt. Alice also calc's E KAB (A, TS). E KAB (A, TS), E KBT (M 1 ) Bob calc's D KBT (E KBT (M 1 )). He now knows TS, L, K AB, A. He can also calc D KAB (E KAB (A, TS)).

Bob gets message from Alice and replies to Alice AliceBob Trent A = Alice's ID B = Bob's ID Trent generates: TS = Time stamp L = Lifetime for the key K AB = Session key M 1 = (TS, L, K AB, A) M 2 = (TS, L, K AB, B) E KAT (M 2 ) E KBT (M 1 ) Alice calc's D KAT (E KAT (M 2 )). She now knows TS, L, K AB, B and E KBT (M 1 ) which she cannot decrypt. Alice also calc's E KAB (A, TS). E KAB (A, TS), E KBT (M 1 ) Bob calc's D KBT (E KBT (M 1 )). He now knows TS, L, K AB, A. He can also calc D KAB (E KAB (A, TS)). E KAB (A, TS + 1)

Secret Splitting Protocol Secret splitting Split a message up into n-pieces Give each to a person The message can be read only if all n-people put their pieces together

Secret Splitting Protocol 1.Trent wants send a message to Alice and Bob that they can only read together. 2.Trent generates a random bit string R, the same length as the message, M. 3.Trent XOR's M with R to generate S. M  R = S 4.Trent gives R to Alice and S to Bob. 5.Alice and Bob XOR their pieces together to reconstruct the message: R  S = R  M  R = M

Secret Splitting Protocol n – parties 1. Trent generates random bit strings R 1,... R n-1 the same length as the message, M. 2. Trent XOR's M with R 1,... R n-1 to generate R n. M + R R n-1 = R n 3. Trent gives R i to Alice i. 4. The Alice i 's XOR their pieces together to reconstruct the message: R R n = M

Secret Sharing Protocol n – parties Goal: To share a message among 5 people so that any 3 can reconstruct the message. Threshold Scheme: (m, n) – threshold scheme. A message is divided into n pieces called shadows or shares so that any m of them can be used to reconstruct the original message.

Intermedate Protocols Chapter 4 Time Stamping Subliminal Channels Bit Commitment

Time Stamping Goals: The document itself must be time stamped. Impossible to change any part of the document without it being apparent. Impossible to timestamp the document with a date/time different from the present one.

Time Stamping Arbitrated Solution: 1.Alice transmits a copy of the document to Trent 2.Trent records the date/time he received the document and retains a copy of the document for safekeeping. Storage problems Privacy problems

Time Stamping Improved Arbitrated Solution: 1.Alice produces a one-way hash of the document. 2.Alice transmits the hash to Trent 3.Trent appends the date/time he received the hash onto the hash. H(M) | dtg 4.Trent signs the rersult. E Tpri (H(M) | dtg) 5.Trent sends the result back to Alice.

Subliminal Channels Secret messages sent within other messages Often within the digital signature of an innocuous message Useful enough for a lot of work to be done in this area

Computing with Encrypted Data Alice wants to calculate f(x) on Bob's machine. Alice does not want Bob to know x. You want to know the value of your portfolio without the news service knowing what your portfolio is.

Bit Commitment Alice picks a winner for tomorrow's race. Alice doesn't want Bob to know. Bob doesn't want Alice to be able to change her choice tomorrow.

Bit Commitment 1.Bob generates a random-bit string, R, and sends it to Alice. 2.Alice creates a message of her commitment, b and R. 3.Alice generates a random key, K, and encrypts Rb with it and sends the result to Bob. Result is E K (R,b) 4.Later Alice sends Bob the key, K. 5.Bob decrypts the message and checks his random string.

Zero-Based Knowledge Problem Zero-Knowledge Protocol Alice knows a secret Alice wants to prove to Bob she knows the secret Alice does not want to reveal the secret to Bob.

Zero-Knowledge Protocol Alice claims she knows the secret combination to the door in the back of the cave. She wants to prove so to Bob. 1.Bob stands at point A. 2.Alice goes to point C or D. 3.Bob goes to B and asks Alice come out of the cave either on the left or the right. 4.Alice complies using her secret combination if she has to. 5.Repeat n times until Bob is convinced.

Zero-Knowledge Protocol A B C D

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.