1 / 27

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell. Yongdae Kim. Recap. http://security101.kr E-mail policy Include [ee515] or [is523] in the subject of your e-mail Student Survey http://bit.ly/SiK9M3 paper presentation survey http://bit.ly/18HDzCg. Basic Cryptography.

bartletta
Download Presentation

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EE515/IS523 Think Like an AdversaryLecture 4Crypto in a Nutshell Yongdae Kim

  2. Recap • http://security101.kr • E-mail policy • Include [ee515] or [is523] in the subject of your e-mail • Student Survey • http://bit.ly/SiK9M3 • paper presentation survey • http://bit.ly/18HDzCg

  3. Basic Cryptography Yongdae Kim

  4. SKE with Secure channel Adversary d Secure channel Key source e Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob

  5. PKE with insecure channel Passive Adversary e Insecure channel Key source d Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob

  6. e e’ Ee’(m) Public key should be authentic! • Need to authenticate public keys Ee(m) e Ee(m)

  7. Digital Signatures • Primitive in authentication and non-repudiation • Signature • Process of transforming the message and some secret information into a tag • Nomenclature • M is set of messages • S is set of signatures • SA: M ! S for A, kept private • VA is verification transformation from M to S for A, publicly known

  8. Key Establishment, Management • Key establishment • Process to whereby a shared secret key becomes available to two or more parties • Subdivided into key agreement and key transport. • Key management • The set of processes and mechanisms which support key establishment • The maintenance of ongoing keying relationships between parties

  9. Symmetric vs. Public key

  10. Symmetric key Encryption • Symmetric key encryption • if for each (e,d) it is easy computationally easy to compute e knowing d and d knowing e • Usually e = d • Block cipher • breaks up the plaintext messages to be transmitted into blocks of a fixed length, and encrypts one block at a time • Stream cipher • encrypt individual characters of plaintext message one at a time, using encryption transformation which varies with time

  11. Hash function and MAC • A hash function is a function h • compression • ease of computation • Properties • one-way: for a given y, find x’ such that h(x’) = y • collision resistance: find x and x’ such that h(x) = h(x’) • Examples: SHA-1, MD-5 • MAC (message authentication codes) • both authentication and integrity • MAC is a family of functions hk • ease of computation (if k is known !!) • compression, x is of arbitrary length, hk(x) has fixed length • computation resistance • Example: HMAC

  12. How Random is the Hash function?

  13. Applications of Hash Function • File integrity • Digital signature Sign = SSK(h(m)) • Password verification stored hash = h(password) • File identifier • Hash table • Generating random numbers

  14. Hash function and MAC • A hash function is a function h • compression • ease of computation • Properties • one-way: for a given y, find x’ such that h(x’) = y • collision resistance: find x and x’ such that h(x) = h(x’) • Examples: SHA-1, MD-5 • MAC (message authentication codes) • both authentication and integrity • MAC is a family of functions hk • ease of computation (if k is known !!) • compression, x is of arbitrary length, hk(x) has fixed length • computation resistance • Example: HMAC

  15. MAC construction from Hash • Prefix • M=h(k||x) • appending y and deducing h(k||x||y) form h(k||x) without knowing k • Suffix • M=h(x||k) • possible a birthday attack, an adversary that can choose x can construct x’ for which h(x)=h(x’) in O(2n/2) • STATE OF THE ART: HMAC (RFC 2104) • HMAC(x)=h(k||p1||h(k|| p2||x)), p1 and p2 are padding • The outer hash operates on an input of two blocks • Provably secure

  16. How to use MAC? • A & B share a secret key k • A sends the message x and the MAC M←Hk(x) • B receives x and M from A • B computes Hk(x) with received M • B checks if M=Hk(x)

  17. PKE with insecure channel Passive Adversary e Insecure channel Key source d Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob

  18. Digital Signature • Integrity • Authentication • Non-repudiation I did not have intimate relations with that woman,…, Ms. Lewinsky WJ Clinton

  19. Digital Signature with Appendix • Schemes with appendix • Requires the message as input to verification algorithm • Rely on cryptographic hash functions rather than customized redundancy functions • DSA, ElGamal, Schnorr etc.

  20. Mh x S VA u 2{True, False} Digital Signature with Appendix M Mh S SA,k h m mh s* s* = SA,k(mh) u = VA(mh, s*)

  21. Authentication • How to prove your identity? • Prove that you know a secret information • When key K is shared between A and Server • A  S: HMACK(M) where M can provide freshness • Why freshness? • Digital signature? • A  S: SigSK(M) where M can provide freshness • Comparison?

  22. Encryption and Authentication • EK(M) • Redundancy-then-Encrypt: EK(M, R(M)) • Hash-then-Encrypt: EK(M, h(M)) • Hash and Encrypt: EK(M), h(M) • MAC and Encrypt: Eh1(K)(M), HMACh2(K)(M) • MAC-then-Encrypt: Eh1(K)(M, HMACh2(K)(M))

  23. Challenge-response authentication • Alice is identified by a secret she possesses • Bob needs to know that Alice does indeed possess this secret • Alice provides responseto a time-variant challenge • Response depends on both secret and challenge • Using • Symmetric encryption • One way functions

  24. Challenge Response using SKE • Alice and Bob share a key K • Taxonomy • Unidirectional authentication using timestamps • Unidirectional authentication using random numbers • Mutual authentication using random numbers • Unilateral authentication using timestamps • Alice  Bob: EK(tA, B) • Bob decrypts and verified that timestamp is OK • Parameter Bprevents replay of same message in B  A direction

  25. Challenge Response using SKE • Unilateral authentication using random numbers • Bob  Alice: rb • Alice  Bob: EK(rb, B) • Bob checks to see if rb is the one it sent out • Also checks “B” - prevents reflection attack • rb must be non-repeating • Mutual authentication using random numbers • Bob  Alice: rb • Alice  Bob: EK(ra, rb, B) • Bob  Alice: EK(ra, rb) • Alice checks that ra, rb are the ones used earlier

  26. Challenge-response using OWF • Instead of encryption, used keyed MAC hK • Check: compute MAC from known quantities, and check with message • SKID3 • Bob  Alice: rb • Alice  Bob: ra, hK(ra, rb, B) • Bob  Alice: hK(ra, rb, A)

  27. Key Establishment, Management • Key establishment • Process to whereby a shared secret key becomes available to two or more parties • Subdivided into key agreement and key transport. • Key management • The set of processes and mechanisms which support key establishment • The maintenance of ongoing keying relationships between parties

More Related