Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive."— Presentation transcript:

1 May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive Non-interactive – Smart-cards Examination tasks Theme for last lecture

2 May 21, 2002Mårten Trolin2 Symmetric vs. asymmetric cryptography Symmetric ciphers – sender and recipient use the same key – D key (E key (m)) = m Substitution cipher is an example of a symmetric cipher Impractical for big systems – number of keys is quadratic in the number of users The solution – asymmtric algorithms. Think of a locked mailbox! Different keys for encryption and decryption – D private key (E public key (m)) = m

3 May 21, 2002Mårten Trolin3 Hash functions A hash function computes a fixed length value from a variable length source – Example: Check sums in communication protocols – Indices in databases More convenient to handle a hash of a document instead of the document itself We will consider cryptographically secure hash functions.

4 May 21, 2002Mårten Trolin4 Properties of good hash functions Let H be a hash function One-way – Given v, unfeasible to compute an x such that H(x) = v Collision-free – Infeasible to find x 1 and x 2 such that H(x 1 ) = H(x 2 ) and x 1  x 2

5 May 21, 2002Mårten Trolin5 Digital signatures Used to ensure authenticity. A digital signatures binds a document to a person. In a public key infrastructure (PKI), a person produces a digital signature using his private key The signature can be verified using the public key.

6 May 21, 2002Mårten Trolin6 Use of a digital signature Signature generation Private key Document Signature Signature verification Public key Document OK / not OK SignerVerifier

7 May 21, 2002Mårten Trolin7 Message Authentication Codes Digital signatures requires public/private keys The same functionality can be achieved with symmetric keys – Called MAC – Message Authentication Code – Signer and verifier uses the same key Question: What are the advantages compared to digital signatures? What are the disadvantages?

8 May 21, 2002Mårten Trolin8 Two simple MACs Let E key, D key be a symmetric cipher, and let H be a hash function. Let m be the message to MAC and let k be the symmetric key. First proposition: Compute a hash of the document and encrypt it – E k (H(m)) Second proposition: Concatinate the message and the key and compute the hash – H(m  k)

9 May 21, 2002Mårten Trolin9 Interactive Protocol TCP/IP User (p u, s u ) Web server User’s public key p u Symmetric key k encrypted under p u Communication encrypted under k Generates symmetric key k Decrypts k using s u

10 May 21, 2002Mårten Trolin10 User (p u, s u ) Web server User’s public key p u Symmetric key k encrypted under p m Communication encrypted under k Generates symmetric key k Decrypts k using s u Replaces p u with his own p m Man in the middle (p m, s m ) pmpm Decrypts k using s m and reencrypts using p u Symmetric key k encrypted under p u

11 May 21, 2002Mårten Trolin11 Public key certificates A public key certificate consists of – A public key – Information on the owner Name, address, photograph, finger-print, credit card number, etc. – A signature on the above data by a trusted party Trusted party could be the government, a bank, etc. User’s public key Identification data Digital signature by CA User’s Private key Public information Private information

12 May 21, 2002Mårten Trolin12 Certificate chains Certificates can be chained – Each certificate in the chain is signed with the private key of the certificate above. If the user knows the root certificate, he can verify that each step is valid. Using chains, the CA can outsource signing to other organizations it trusts without giving away its private key.

13 May 21, 2002Mårten Trolin13 Certificate chains The end user certificates are verified by following the chain up to the root certificate authority (CA) –If every step in the chain is valid, the end user certificate is considered valid.

14 May 21, 2002Mårten Trolin14 SSL/TLS SSL (Secure Socket Layer) and TLS (Transport Layer Security) are standards for how to secure TCP/IP communications – As of the latest revision, TLS is the official name for what used to be called SSL. However, SSL is still the word most frequently used. TLS is a layer on top of the TCP layer

15 May 21, 2002Mårten Trolin15 TLS IP TCP HTTPTLS IP TCP HTTP Not secureSecure

16 May 21, 2002Mårten Trolin16 TLS Handshake Client Server ClientHello ServerHello ServerKeyExchange ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec Finished ServerHelloDone Certificate

17 May 21, 2002Mårten Trolin17 Non-interactive protocols For interactive protocols, the symmetric key is decided in the handshake. For non- interactive protocols, this must be solved in another way. – The key cannot be negotiated. – Encrypt a session key using the recipients public key.

18 May 21, 2002Mårten Trolin18 Session key in non-interactive protocols For non-interactive protocols, the sender generates a session key. The session key is encrypted using the recipient’s public key. – Recipient’s public key must be known in advance. The message is encrypted with the (symmetric) session key. The encrypted message consists of the encrypted session key and the cipher text. The recipient decrypts the session key with his private key and decrypts the message.

19 May 21, 2002Mårten Trolin19 Pretty Good Privacy Protocol overview – Symmetric session key encrypted with asymmetric key Key management – Distributed, non-centralized Trust model – Web of trust – Introducers

20 May 21, 2002Mårten Trolin20 Password generated keys – problems and solutions Password generated keys suffer from the same general problem as passwords for authentication. – Number of passwords is relatively small – possible to create a list with all possible passwords and corresponding keys. Use a salt to avoid dictionary attacks. Make key generation “slow”, to make brute-force attacks more time consuming.

21 May 21, 2002Mårten Trolin21 Generating keys Key generation requires a good source of random bits – Bad key material makes system vulnerable to attacks. Has been done in practice. – Hardware generators provide the best source. – For end-user applications - some user interaction can be used (mouse movement, key strokes, etc.) – Using system time for high security requirements is a bad idea! For high-security applications, key generation should take place in a closed environment.

22 May 21, 2002Mårten Trolin22 Distributing symmetric keys Symmetric keys are very sensitive and must be distributed with great care. Depending on how valueable the key is, different approaches are possible. – Send the key to recipient by physically secure means, e.g., by courier, by registered mail etc. – If a common key exists, send the new key encrypted under the common key. – Split the key into components and send the key components with different security officers.

23 May 21, 2002Mårten Trolin23 What Is a Smart-Card A smart-card is a small computer Often placed on a credit-card sized plastic card Can have contacts or be contact-less Has a well-defined interface – Can have secret information that is protected from direct access First appeared in the 1970s

24 May 21, 2002Mårten Trolin24 Advantages with Smart-Cards Can have secret data – Data used for internal computations and never revealed in clear – Example: PIN and keys can be stored on card Can process data and save information – Count transactions – Check PIN and count unsuccessful tries – Different behavior depending on geographic location – Cryptographic functions Uses the secret keys

25 May 21, 2002Mårten Trolin25 Examination The assignments gave a maximum of 15 points. – An extra task can be solved to make up for missing points. However, 15 is still the maximum for this part. Choose one of the two examination tasks to solve – Gives up to 15 points. – Write solution in English or Latvian and explain it orally.

26 May 21, 2002Mårten Trolin26 Examination task No programming, just analysis. Email me your solution. – No later than June 17th. Describe your solution and explain the choices you made orally (15-20 minutes).

27 May 21, 2002Mårten Trolin27 Examination Task 1 Design a system for an internet bank. – Signing up a new customer. – Logging in. – Handling a lost key.

28 May 21, 2002Mårten Trolin28 Examination Task 2 Designing a token-based access system for an office. – Enter a new employee. – Changing access rights. – Handle a compromised data-base.

29 May 21, 2002Mårten Trolin29 Examination Tasks Give an as complete as possible description. Compare different possible approaches.

Download ppt "May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Feb 12, 2002Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.

Feb 12, 2002Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Feb 18, 2003Mårten Trolin1 Previous lecture Block ciphers Modes of operations First assignment Hash functions.

Feb 18, 2003Mårten Trolin1 Previous lecture Block ciphers Modes of operations First assignment Hash functions.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Similar presentations

Ads by Google