1 / 12

Understanding Message Integrity and Secrecy in Computer Security

This lecture discusses the concepts of message integrity and secrecy in computer security, emphasizing the distinction between the two. It explores different scenarios where active attacks are possible and explores cryptographic integrity techniques. The lecture also covers private-key and public-key approaches to achieve encryption and integrity, with a focus on digital signature schemes and RSA signatures.

garciajoyce
Download Presentation

Understanding Message Integrity and Secrecy in Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CMSC 414Computer (and Network) SecurityLecture 8 Jonathan Katz

  2. Administrative stuff • HW2 (will be) out • Due in 2 weeks • Two papers (will be) linked from syllabus • Discuss one of these next time

  3. Integrity of messages

  4. Integrity vs. secrecy • Integrity and secrecy are distinct concerns • Secrecy: passive eavesdropper cannot get any information about the message • Integrity: active attacker cannot change the message (without being detected) • Important: • Authentication does not provide secrecy • Encryption does not provide integrity

  5. Scenarios… • Possibility of active attacks? • Malicious routers • Radio broadcast • Even the best message integrity scheme does not protect against replay attacks • Protect against this at the application level

  6. Cryptographic integrity • Non-cryptographic checksums • Meant to defend against (random) errors • Not meant to defend against active attacks • Must use cryptographic techniques

  7. Private-key case • Message authentication codes (MACs) • Attack model and definition of security • Example: CBC MAC • CBC MAC is secure if the underlying block cipher is secure • CBC encryption does not authenticate data

  8. Some final notes… • Non-repudiation? • How to achieve encryption and integrity? • “Secure channels” • Trivial approaches do not work • Encrypt-then-mac • Must use distinct keys • Special-purpose modes

  9. Public-key case • Digital signature schemes (signatures) • Attack model and definition of security • Should be obvious that public-key encryption provides no authentication at all

  10. Important point • Signing and decrypting are not the same • In general, “signing” a message by “decrypting” it is a BAD idea • Having said that…

  11. RSA signatures I • “Textbook RSA” • Why textbook RSA is completely insecure! (Two attacks)

  12. RSA signatures for real • Hash functions… • Collision-resistance • Birthday attacks • “Scrambling” • How to fix RSA signatures • Why does this work? • Is it actually secure?

More Related