Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Lecture 27.

Published byAlisha Daniels Modified over 5 years ago

Similar presentations

Presentation on theme: "Cryptography Lecture 27."— Presentation transcript:

1 Cryptography Lecture 27

2 Public-key infrastructure (PKI)

3 Use signatures for secure key distribution!
Alice asks the CA to sign the binding (Alice, pk) certCAAlice = SignskCA(Alice, pk) (CA must verify Alice’s identity out of band)

4 PKI models We saw two models last time: Roots of trust Web of trust

5 Public repository Store certificates in a central repository
E.g., MIT PGP keyserver To find Alice’s public key Get all public keys for “Alice,” along with certificates on those keys Look for a certificate signed by someone you trust whose public key you already have

6 PKI in practice… Does not work quite as well as in theory…
Proliferation of root CAs Compromises of CAs Revocation Users/browsers may not verify certificates

7 SSL/TLS How can you securely send your credit card number to Amazon?
Secure Socket Layer (Netscape, mid-’90s) Transport Layer Security TLS 1.0 (1999) TLS 1.2 (2008) TLS 1.3 (2018) Used by every web browser for https connections

8 SSL/TLS Goals Not goals
Understand (at a high level) a real-world crypto protocol Pull together everything learned in this course Not goals Understanding low-level details/implementation Defining or proving security

9 SSL/TLS Two phases Handshake protocol Record-layer protocol
Establish a shared key between two entities Record-layer protocol Use the shared key for secure communication

10 Handshake protocol https://bank.com, NC pk, cert, NB Verify!
c =Encpk(pmk) pkCA sk, pk, certCABank mk = H(pmk, NC, NB) kC, k’C, kS, k’S = G(mk) Macmk(transcript) pmk = Decsk(c) mk = H(pmk, NC, NB) kC, k’C, kS, k’S = G(mk) Verify! Macmk(transcript’) Verify!

11 Record-layer protocol
Parties now share kC, k’C, kS, k’S Client uses kC, k’C to encrypt/authenticate all messages it sends Server uses kS, k’S to encrypt/authenticate all messages it sends Prevents reflection attacks Sequence numbers prevent replay attacks

12 Final review

13 Exam details Open book/notes Covers material from the entire semester
No electronic devices Covers material from the entire semester Focus will be on material since the midterm Practice exam posted

14 Topics we covered Defining security
E.g., for private-key encryption: perfect secrecy, EAV-security, CPA-security, CCA-security Security definitions will be tested Must be able to write pseudocode and give analysis showing that some scheme is insecure because it does not satisfy a given definition Assumptions Primitives (PRGs, stream ciphers, PRFs, block ciphers, hash functions) and instantiations (AES, SHA-256, …) Number-theoretic assumptions Proofs

15 Topics we covered Private-key encryption Message authentication codes
Hash functions and applications Constructions of: Stream ciphers (LFSRs) Block ciphers (SPNs, Feistel networks) Hash functions (Davies-Meyer, Merkle-Damgard) Generic attacks on hash functions, block ciphers, etc.

16 Topics we covered Number theory/group theory
RSA assumption, dlog assumption, DH assumptions Diffie-Hellman key exchange Public-key encryption Digital signatures

17 Goals Understand real-world crypto
Almost everything we have covered in class is used in practice, or is the basis for something used in practice Know when to use different schemes Understand the formal guarantees that different schemes provide To make sure you understand a scheme, ask yourself if you could implement it

Download ppt "Cryptography Lecture 27."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CMSC 456 Introduction to Cryptography

CMSC 456 Introduction to Cryptography
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Security fundamentals Topic 5 Using a Public Key Infrastructure.

Security fundamentals Topic 5 Using a Public Key Infrastructure.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
01101111 01101101 00100000 01101101 01100001 01101110 01101001 00100000 01110000 01100001 01100100 01101101 01100101 00100000 01101000 01110101 01101101.

Computer and Network Security

Computer and Network Security
Key management issues in PGP

Key management issues in PGP
TOPIC: HTTPS (Security protocol)

TOPIC: HTTPS (Security protocol)
Web Security CS-431.

Web Security CS-431.

Similar presentations

Ads by Google