130 likes | 232 Vues
Environmental Key Generation towards Clueless Agents. James Riordan School of Mathematics University of Minnesota. Bruce Schneier Counterpane Systems. Published: Mobile Agents and Security, G. Vigna, ed., Springer-Verlag, 1998, pp. 15-24
E N D
Environmental Key Generation towards Clueless Agents James Riordan School of Mathematics University of Minnesota. Bruce Schneier Counterpane Systems. Published: Mobile Agents and Security, G. Vigna, ed., Springer-Verlag, 1998, pp. 15-24 Presented by Chinchi,Lo
Outline • Introduction • Basic constructions • Time constructions • Further constructions • Conclusions
Introduction • Environmental Key Generation: Keying material that is constructed from certain classes of environmental data. • Clueless agent: Without the environmentally supplied input, the agent cannot decrypt its own message. • The difficulty is that attacker has complete control over the environment.
Basic Constructions • Usenet news groups • Web pages • Mail messages • File systems • Local network resources
Time Constructions (1/) • The time-based constructions allow key generation based on the time. • These constructions rely upon the presence of a minimally trusted third party to prevent a date based dictionary attack. • The third party does not need to know either of the two parties nor the nature of the material to generate keys.
Time Constructions (2/) These protocols have three distinct stages: • The programmer-server interaction • The programmer-agent interaction • The agent-server interaction
Notations • N: an integer corresponding to an environmental observation. • H: a one way hash function. • M: the hash H of the observation N needed for activation. It is carried by agent. • R: a nonce. • K: a key. • S: a secret belonging to the server. • T*: the target time. • Ti: the current time.
Time Constructions (3/) • Forward-Time Hash Function • The programmer sends to the server. • The server sets T to the current time and returns to the programmer T and • The programmer set and . The programmer uses K to encrypt the message to the agent, and gives the agent a copy of P. • The agent continuously requests the current time’s secret from the server. • The server returns . • The agent tries to use to decrypt its instructions when where
Time Constructions (4/) • Forward-Time Public Key For each time , the server has a method of generating a public/secret key pair . The server can either store these key pairs, or regenerate them as required. • The programmer sends a to the server. • The server returns the public key, ,for that time. • The programmer uses to encrypt the message to the agent. • The agent continuously requests the current time’s private key from the server. • The server returns . • The agent tries to use to decrypt its instructions, when where
Time Constructions (5/) • Backward-Time Hash Function • The programmer sends the to the server. • The server returns if and only if is in the future. • The programmer sets K to the returned value and gives the agent a copy of and . • At time T, the agent sends the to the server. It will receive the valid key K in return if and only if is later than T.
The programmer sends the server a program P and the hash of a particular possible output of the program P. The server returns and . The programmer sets and uses it to encrypt the message to the agent. The programmer then gives to the agent. The agent gives to the server. The server decrypts the program , executes it, and setsM = H(P’s output). It then return H(S,P,M) to the agent. The agent tries to use the returned value as it key. It will succeed precisely when the output of the run program matches the programmer’s expectations. General Server Constructions
Further Constructions • Thresholding • Nesting • Forward-time + Backward-time = time interval. • Forward-time + Basic = Forward time, but only if a specific event has occurred.
Conclusions • Cryptographic key constructions built from environmental data that are resistant to adversarial analysis and deceit. • The primary envisioned use of these constructions is in the creation of mobile agents whose analysis does not reveal their exact purpose.