1 / 24

CIS 725

CIS 725. Key Exchange Protocols. Confidentiality, Integrity and Authenication. Alice. ( PB Bob (M, PR Alice (hash(M))). M, hash(M). M, PR Alice (hash(M)). PB Alice. PR Bob. Problems: Alice’s private key is stolen or she can claim it was stolen Alice can change her private keys.

manon
Télécharger la présentation

CIS 725

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 725 Key Exchange Protocols

  2. Confidentiality, Integrityand Authenication Alice (PBBob(M, PRAlice(hash(M))) M, hash(M) M, PRAlice(hash(M)) PBAlice PRBob

  3. Problems: • Alice’s private key is stolen or she can claim it was stolen • Alice can change her private keys

  4. Use a trusted third party Alice Third Party (TP) PBBob:(M, Alice, t, PRTP(M, Alice, t)) PRAlice:(M, Bob, t) Bob M • Alice wants to send M to Bob • Alice sends message (M, Bob, t) encrypted with • her private key to TP, where t is a timestamp. • TP sends (M, Alice, t, Sn) encrypted using Bob’s • public key to Bob, where Sn is (M,Alice,t) • encrypted using TP’s private key.

  5. Session, Interchange Keys • Alice wants to send a message m to Bob • Assume public key encryption • Alice generates a random cryptographic key ks and uses it to encipher m • To be used for this message only • Called a session key • She enciphers ks with Bob’s public key • PbBob enciphers all session keys Alice uses to communicate with Bob • Called an interchange key • Alice sends ks(m); PbB(ks)

  6. Benefits • Limits amount of traffic enciphered with single key • Standard practice, to decrease the amount of traffic an attacker can obtain • Prevents some attacks • Example: Alice will send Bob message that is either “BUY” or “SELL”. Eve computes possible ciphertexts kB{ “BUY” } and kB{ “SELL” }. Eve intercepts enciphered message, compares, and gets plaintext at once

  7. Key Exchange Algorithms • Goal: Alice, Bob get shared key • Key cannot be sent in clear • Attacker can listen in • Key can be sent enciphered, or derived from exchanged data plus data not known to an eavesdropper • Alice, Bob may trust third party • All cryptosystems, protocols publicly known • Only secret data is the keys • Anything transmitted is assumed known to attacker

  8. RA RB A KAB(RA) KAB(RB) Authentication Based on a Shared Secret Key Alice Bob • Two-way authentication using a challenge-response protocol. • Assumes that the shared key KAB is only known to Alice and Bob A = id of Alice, B = id of Bob RA = random number (nonce)

  9. A, RA RB,KAB(RA) KAB(RB) Authentication Based on a Shared Secret Key • A shortened two-way authentication protocol.

  10. A, RT RB,, KAB(RT) RB2,KAB(RB) A,RB KAB(RB) Authentication Based on a Shared Secret Key Bob Trudy • The reflection attack.

  11. B RA KAB(RA) RA2 A KAB(RA2) RA RA2 KAB(RA2) KAB(RA) Authentication Based on a Shared Secret Key • Use different keys for each direction • Different sets of random number for each direction

  12. Establishing a Shared Key:The Diffie-Hellman Key Exchange - Alice and Bob agree on two large numbers, n and g (these are public) Shared key

  13. Establishing a Shared Key:The Diffie-Hellman Key Exchange • The bucket brigade or man-in-the-middle attack.

  14. A, KA(B, KS) KB(A, KS) Using a Key Distribution Center (KDC) to establish a shared key Bob KDC Alice KA = Shared key between Alice and KDC KB = Shared key between Bob and KDC KS = session key picked by Alice

  15. A, KA(B, KS) KB(A, KS) KB(A, KS) Using a Key Distribution Center (KDC) to establish a shared key Bob KDC Alice • Problem: Trudy can replay the second message to Bob KA = Shared key between Alice and KDC KB = Shared key between Bob and KDC KS = session key picked by Alice

  16. Use timestamps • Include timestamps in messages • Requires synchronized clocks • Otherwise replay attacks are possible • Use nonces: not repeated • Requires entities to remember them • Use a combination of timestamps and nonces to bound how • long they need to be remembered

  17. RA, A, B KA(RA, B, KS, KB(A, KS) ) KB(A, KS), KS(RA2) KS(RA2-1), RB KS(RB-1) Authentication Using a Key Distribution Center Alice KDC Bob The Needham-Schroeder authentication protocol.

  18. RA, A, B KA(RA, B, KS, KB(A, KS) ) KB(A, KS), KS(RA2) KB(A, KS), KS(RA2) KS(RA2-1), RB KS(RA2-1), RB’ KS(RB-1) KS(RB’-1) Alice KDC Bob The Needham-Schroeder authentication protocol. Attacker acquires an old key

  19. Ticket; proves that the sender is Alice A KA(KS, KTGS(A, KS) ) KTGS(A, Ks), B, KS(t) Prevents replay attacks KS(B, KAB), KB(A, KAB) KB(A, KAB), KAB(t) KAB(t+1) Authentication Using Kerberos Authentication Server Alice Ticket-Granting Server Bob

  20. Here is PbBob Here is PbAlice Give me PbBob Give me PbAlice PbBob(A, RA) PbAlice(RA, RB, KS) KS(RB) Authentication Using Public-Key Cryptography Directory • Mutual authentication using public-key cryptography. Alice

  21. Cryptographic Key Infrastructure Public key: bind identity to public key • Crucial as people will use key to communicate with principal whose identity is bound to key

  22. Certificates • Create token (message) containing • Identity of principal (here, Alice) • Corresponding public key • Timestamp (when issued) • Other information (perhaps identity of signer) • signed by trusted authority • CA = PrCA( PBA || Alice || T ) Or only sign the hash of the certificate

  23. Use • Bob gets Alice’s certificate • If he knows CA’s public key, he can decipher the certificate • When was certificate issued? • Is the principal Alice? • Now Bob has Alice’s public key • Problem: Bob needs CA’s public key to validate certificate • Problem pushed “up” a level

  24. Certificate Signature Chains - Chain of certificates: “chain of trust” or “certification path”

More Related