Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography for Backup Navigation

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography for Backup Navigation"— Presentation transcript:

1 Cryptography for Backup Navigation
Dan Boneh Stanford University

2 Introduction Focus of this talk: Data integrity (not confidentiality)
An overview of identity-based cryptography Applications to ADS-B and DME

3 Data integrity 1: MAC k k Verify tag: Generate tag: F(k, m) = `tag’
Message m tag Verify tag: F(k, m) = `tag’ ? Generate tag: tag  F(k, m) Difficulty with MACs: key management both sides must have the same secret key

4 Example MAC: (E) CBC-MAC
E(k,) E(k,) E(k,) E(k,) E(k1,) key := (k, k1) message := (m[0], …, m[L]) tag

5 Problem: broadcast Integrity
k k Sta1 msg tag k Sta2 k Sta3 The problem: Sta3 can forge messages to all others (note: TESLA)

6 Data integrity 2: Dig. Signatures
PK SK Bob1 msg sig PK Bob2 sig S( SK, m) SK: secret key PK: public key PK Bob3 Ensures broadcast integrity Difficulty: (1) message needs to include PK and certificate [ msg, sig, PK, cert ] (2) revocation V( PK, m, sig) = `yes’ ? (100s of bytes)

7 Modern Signatures [BLS’01]
Pairings <X,Y>: ,: <X, Y> = <X, Y> Signatures: fix an element g Secret Key:  Public Key: g Sign( SK, M): sig = H(M) (20 bytes) Verify( PK=g, M, sig=H(M) ): test if <g , sig> = <PK, H(M)> <g, H(M)> <g , H(M)>

8 Performance MACs: built from fast block ciphers
Time for short messages (<1KB): 1s Length: 32 to 128 bits Signatures: built from algebraic functions sign/verify time for short messages: 10ms Length: bytes [BLS’01]

9 identity-based crypto

10 Identity-based Crypto
The basic idea [Shamir 1984] A cryptosystem where anything is a public key Examples: bit plane ID , pilot name , current date Practical systems: [BF 2001, …] Based on new tools: pairings on elliptic curves Commercially deployed (e.g. Voltage Security) master-key my ID is “652A4B” here is your secret key: SK PKG

11 ex 1: identity-based key exchange
my ID is ID1 SKID1 SKID2 my ID is ID2 shared key = F(ID2, SKID1) shared key = F(ID1, SKID2) SKID1 and SKID2 generated at manufacturing time Updated periodically during maintenance Automatic revocation: ID = (plane-ID , month, year)

12 Application to DME or ADS-B (MLAT)
Ping-pong protocol K1 K2 K3 ID1, data, MAC ID2, data, MAC ID3, data, MAC ID1 SK1 ID ID2 SK2 ID SKID K1, K2, K3 verify MACs ID3 SK3  Symmetric MACs with minimal overhead

13 Repeated authentication
Initial setup requires computing a MAC key time  20ms Subsequent messages can be authenticated using established key:  1s / msg

14 identity-based signatures: ADS-B
[ID, data, sig] SKID ID master-key verify sig using ID no need for plane to transmit PK or certificate PKG

15 Performance ID-based crypto: built from pairings on elliptic curves
Time: dominated by pairing computation software: 20ms (1GhZ x86) hardware: 90s (FPGA) ID-based signature length: bytes open problem: byte ID-based sigs

16 THE END

Download ppt "Cryptography for Backup Navigation"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
A Crash Course in Modern Crypto Tools Dan Boneh Stanford University.

A Crash Course in Modern Crypto Tools Dan Boneh Stanford University.
Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.

Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.

Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Key Establishment Techniques: Key Distribution and Key Agreement

Key Establishment Techniques: Key Distribution and Key Agreement
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Similar presentations

Ads by Google