1 / 22

Chapter 3: Basic Protocols

Chapter 3: Basic Protocols. Dulal C. Kar. Key Exchange with Symmetric Cryptography. Session key A separate key for one particular communication session Assume Alice and Bob share a secret key with KDC (Trent) Protocol Alice asks Trent for a session key to communicate with Bob

praterm
Télécharger la présentation

Chapter 3: Basic Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3: Basic Protocols Dulal C. Kar

  2. Key Exchange with Symmetric Cryptography • Session key • A separate key for one particular communication session • Assume Alice and Bob share a secret key with KDC (Trent) • Protocol • Alice asks Trent for a session key to communicate with Bob • Trent generates a random session key and encrypts two copies of the a random session key, one with Alice’s key and the other with Bob’s key. Trent sends both copies to Alice. • Alice decrypts her copy of the session key and sends Bob his copy of the session key • Bob decrypts his copy of the session key

  3. Key Exchange with Public-Key Cryptography • Alice gets Bob’s public key from the KDC • Alice generates a random session key, encrypts it using Bob’s public key and sends it to Bob • Bob then decrypts Alice’s message using his private key • In practical implementations, signed public keys are maintained in a secure database • The protocol is subject to man-in-the-middle attack. How?

  4. Interlock Protocol (Rivest and Shamir) • Alice sends Bob her public key • Bob sends Alice his public key • Alice encrypts her message using Bob’s public key. She sends half of the encrypted message to Bob • Bob encrypts his message using Alice’s public key. He sends half of the encrypted message to Alice • Alice sends the other half of her encrypted message to Bob • Bob puts the two halves of Alice’s message together and decrypts it with his private key. Bob sends the other half of his encrypted message to Alice • Alice puts the two halves of Bob’s message together and decrypts it with her private key • Has a good chance of foiling man-in-the-middle attack. How? • Mallory can substitute his own public keys for Alice’s and Bob’s in steps (1) and (2) • Cannot decrypt half of Alice’s message and reencrypt it with Bob’s public key. He must invent a totally new message and send half of it to Bob • Important point • Half of the message is useless without the other half, it cannot be decrypted

  5. Key Exchange with Digital Signature • Circumvents man-in-the-middle attack • Trent signs both Alice’s and Bob’s public keys • When Alice and Bob receive the keys, each of them verifies Trent’s signature

  6. Key and Message Transmission • Without key-exchange protocol • Alice generates a random session key, K, and encrypts M using K. EK(M). • Alice gets Bob’s public key from the database and encrypts K with Bob’s public key. EB(K) • Alice sends both the encrypted message and encrypted session key to Bob. EK(M), EB(K) • Bob decrypts Alice’s session key, using his private key • Bob decrypts Alice’s message using the session key. • Can be combined with digital signatures,timestamps, and any other security protocols

  7. Key and Message Broadcast • A protocol to send encrypted message M to Bob, Carol, and Dave • Alice encrypts M using random session key K. EK(M) • Alice encrypts K with Bob’s public key, encrypts K with Carol’s public key, and then encrypts K with Dave’s public key. EB(K), EC(K), ED(K) • Alice broadcasts EB(K), EC(K), ED(K), EK(M) • Only Bob, Carol, and Dave can decrypt K and message using K

  8. Authentication Using One-way Function • Protocol • Alice sends the host her password • Host performs a one-way function on the password and compares the value with the previously stored one • Dictionary attack and salt • Salt is a random string concatenated with passwords • Most UNIX systems use only 12 bits of salt

  9. SKEY • An authentication program (For more details check: http://www.openbsd.org/cgi-bin/man.cgi?query=skey&sektion=1) • Makes use of one-way function, f • Mechanism • To setup the system, Alice enters a random number • Computer computes x1 = f(R), x2 = f(f(R)), x3 = f(f(f(R))), and so on, about a hundred times • Alice receives the list of numbers x1, . . ., x100 and computer stores x101 for Alice • To login Alice sends x100; computer calculates f(x100) and compares with x101 • Computer replaces x101 with x100 and Alice crosses of x100 • To login next time Alice will send x99 • Alice has to reinitialize the system once she runs out of all

  10. Authentication Using Public-key Cryptography • Passwords using one-way functions are visible on the data path • Public key cryptography solves the problem • Host sends Alice a random string • Alice encrypts the string with her private key and sends it back to host, along with her name • Host decrypts the message using Alice’s public key • If the decrypted string matches what the host sent Alice, the host allows access the system • It is foolish to encrypt arbitrary strings sent by any third party. Why?

  11. Mutual Authentication Using the Interlock Protocol • Protocol • Alice and Bob trade public keys • Alice encrypts her password PA with Bob’s public key and sends it to him. • Bob encrypts his password PB with Alice’s public key and sends it to her • Each one verifies other • Vulnerable to man-in-the-middle attack. How?

  12. Symmetric Key Identification (SKID) • SKID2 • Assume both Alice and Bob share a secret key, K • Allows Bob to prove his identity. How? • Protocol • Alice sends a random number, RA to Bob • Bob chooses a random number, RB and sends Alice: RB, HK(RA,RB,B), Where HK is the MAC and B is Bob’s name • Alice computes HK(RA,RB,B) and compares it with what she received from Bob to verify his identity

  13. Authentication and Key Exchange • Symbols A Alice’s name B Bob’s name EA Encryption with a key Trent shares with Alice EB Encryption with a key Trent shares with Bob I Index number K A random session key L Lifetime TA, TB A timestamp RA, RB A random number, called a nonce, chosen by Alice and Bob respectively

  14. Authentication and Key Exchange:Wide-Mouth Frog • Simplest symmetric-key management protocol • Uses a trusted server (Trent) • Protocol • Alice sends to Trent: A, EA(TA,B,K) • Trent decrypts it and sends Bob: EB(TB, A, K) • The protocol has several problems • A global clock is required • Trent has access to all keys • Shared key between Alice and Bob is completely determined by Alice (Can you trust Alice’s judgment?)

  15. Authentication and Key Exchange: Yahalom • Assumption: • Both Alice and Bob share a secret key with Trent • Protocol • Alice sends Bob: A,RA • Bob sends to Trent: B, EB(A,RA,RB) • Trent sends two messages to Alice: EA(B, K, RA, RB), EB(A, K) • Alice extracts K from first message and confirms the value of RA. Alice sends Bob two messages: EB(A,K), EK(RB) • Bob extracts K and confirms the value of RB • Novelty of the protocol • Bob is the first one to contact Trent, who only sends one message to Alice

  16. Authentication and Key Exchange: Kerberos • Basic Kerberos 5 protocol • Alice sends to Trent: A,B • Trent sends two messages to Alice: EA(T,L,K,B), EB(T,L,K,A) • Alice sends two messages to Bob: EK(A,T), EB(T,L,K,A) 4. Bob sends Alice an encrypted message with the timestamp plus one: EK(T+1) • Assumption: all clocks are synchronized with Trent’s clock

  17. Authentication and Key Exchange: DASS • Distributed Authentication Security Service (DASS) protocols • Developed by digital equipment corporation • DASS uses both public key and symmetric key cryptography • Alice and Bob each have a private key • Trent has signed copies of their public keys

  18. Authentication and Key Exchange: DASS (cont’d) • Alice sends Trent a message with Bob’s name: B • Trent sends Alice: ST(B,KB) • Alice verifies Trent’s signature, generates session key, K and a random public-key/private-key pair, KP and sends three messages to Bob: EK(TA), SKA(L,A,KP), SKP(EKB(K)) • Bob sends Trent: A • Trent sends Bob: ST(A,KA) • Bob verifies Trent’s signature and confirm KA , verifies Alice’s signature and recovers KP and then verifies and recovers K. Then Bob decrypts TA to make sure this is a current message • If mutual authentication required, Bob sends Alice: EK(TB) • Alice decrypts TB to make sure that the message is current

  19. Authentication and Key Exchange: Woo-Lam • Uses public-key cryptography • Alice sends Trent: A, B • Trent sends Alice: ST(KB) • Alice verifies Trent’s signature and sends Bob: EKB(A,RA) • Bob sends Trent: A,B,EKT(RA) • Where KT is Trent’s public key • Trent sends Bob: ST(KA), EKB(ST(RA,K,A,B)) • Bob verifies Trent’s signature and sends Alice: EKA(ST(RA,K,A,B),RB) • Alice verifies Trent’s signature and her random number and sends Bob: EK(RB) • Bob decrypts and verifies his random number

  20. Secret Splitting • Take a message and divide it up into pieces • Each piece (called share) by itself has no information • Simplest secret sharing scheme • Trent generates a random-bit string, R, the same length as the message, M. • Trent XOR’s M with R to generate S. • Trent gives R to Alice and S to Bob • To reconstruct • Alice and Bob XOR their pieces • Can be generalized to any number of shares • This is an adjudicated protocol • Problem with this protocol • Loss of a share will cause loss of the message entirely • One shareholder can subvert

  21. Secret Sharing • (m,n)-threshold scheme • Take any message and divide it into n pieces (called shares or shadows) such that any m of them can be used to reconstruct the message • General threshold schemes are more versatile • Variations of Secret Sharing Schemes • Secret sharing with cheaters • Secret sharing without Trent • Sharing a secret without revealing the shares • Verifiable secret sharing • Allows each of the shareholders verify the validity of the share without revealing the secret • Secret-sharing schemes with prevention • Secret sharing with disenrollment • Allows a new sharing scheme to be activated once one of the participants becomes untrustworthy

  22. Cryptographic Protection of Databases • Examples • Data security, privacy • Protecting mailing lists

More Related