Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fast A-key distribution with OTASP Copyright, 1996 © Dale Carnegie & Associates, Inc. Yiannis Tsiounis GTE Labs.

Published byAlfred Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "Fast A-key distribution with OTASP Copyright, 1996 © Dale Carnegie & Associates, Inc. Yiannis Tsiounis GTE Labs."— Presentation transcript:

1 Fast A-key distribution with OTASP Copyright, 1996 © Dale Carnegie & Associates, Inc. Yiannis Tsiounis GTE Labs

2 Service Provisioning zManual entry yBy customer xSlow, not customer-friendly yAt POS xCostly for the seller, need to trust seller xStandard interfaces needed at POS zDistribution via backbone network xCostly, insecure, need to know phone destination zOTASP xPreferred for efficiency, convenience & security

3 OTASP zCurrent (Diffie-Hellman) method ySlow: 6 minutes per key exchange yNo authentication (security concerns) zRequirements: yAuthentication of S.P.s xPrevents man-in-the-middle attacks, false service provisioning ySecure key generation and exchange

4 Organization zIntroduction to OTASP zMethodology & Tools zCertification zSecure signatures (for authentication) zSecure encryption (for key exchange) zPutting it all together

5 Methodology zMobile Unit (M.U.) yAuthenticate Service Provider (S.P.) yGenerate & encrypt session key zService Provider yDecrypt & verify session key yGenerate A-key, encrypt using session key zM.U.: Decrypt & verify A-key

6 Tools zCertification for S.P.s zSignature scheme yFor certification zPublic key (asymmetric) encryption yFor sending the session key from MU to SP zPrivate key (symmetric) encryption yFor encrypting A-key using the session key

7 Certification zEstablish a Certification Authority (C.A.) yCA’s public key given to MU at manufacturing zCreate a certificate for each S.P. yThe C.A. signs the data (name) and public encryption key of each S.P. ySignature: Rabin-based yPublic encryption key: Rabin-based

8 Signature scheme zExistentially unforgeable under chosen plaintext attacks zInstantiation based on the squaring trapdoor (Rabin’s scheme) zPublic CA key: N = p·q zR(y) =  y (mod N) zsig(M) = R [ w = H(M,r), F(w)  r, G(w)  M] __

9 Efficiency zVerification requires one modular squaring plus hash computations yCompared to 2|N|/3 modular multiplications used for a Diffie-Hellman key exchange zProcess is 320 times faster than D-H for 512 bit modulus y1.125” or 2.5” for 768 bit modulus* *Motorolla 68HC11 8-bit, 8MHz, 256 Bytes RAM

10 Encryption scheme zSemantically secure yA-priori knowledge provides no help yNo partial information is leaked zChosen ciphertext secure (plaintext aware) yThe sender “knows” what s/he is encrypting yNecessary for Rabin-based encryption xThe Rabin function is vulnerable to chosen ciphertext attacks

11 Rabin-based encryption zN = p·q zE(M) = [ w = (M, F(M))  G(r), r  H(w) ]² (mod N) zr “randomizes” the encryption z[M, F(M)] authenticates the message zEfficiency: same as the Rabin signature

12 Symmetric encryption zGiven any symmetric encryption E zE(M) = [ w = (M, F(M))  G(r), r  H(w) ] zCost equivalent to one symmetric key operation

13 Complete scheme zSP ySend certificate zMU yVerify Rabin signature on certificate ySend Rabin-encrypted session key zSP yDecrypt session key ySend A-key (encrypted with the session key)

14 Conclusion zEfficiency yAuthenticated key exchange is 160 times faster than current Diffie-Hellman yMinimal software/implementation requirements zSecurity yAuthentication of SPs yUnforgeable signatures ySemantically secure encryption schemes

Download ppt "Fast A-key distribution with OTASP Copyright, 1996 © Dale Carnegie & Associates, Inc. Yiannis Tsiounis GTE Labs."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Security in Open Environments

Security in Open Environments
Security proofs for practical encryption schemes Yiannis Tsiounis, GTE Labs Moti Yung, CertCo LLC.

Security proofs for practical encryption schemes Yiannis Tsiounis, GTE Labs Moti Yung, CertCo LLC.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Copyright Justin Klein Keane InfoSec Training Encryption.

Copyright Justin Klein Keane InfoSec Training Encryption.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google