1 / 24

SENG 5199-3 Data and Network Security Lecture 3 Crypto

SENG 5199-3 Data and Network Security Lecture 3 Crypto. Yongdae Kim. News Today. Linux Local Root Escalation Teleconferencing Equipment. SKE with Secure channel. Adversary. d Secure channel. Key source. e. Encryption E e (m) = c. Decryption D d (c) = m.

kele
Download Presentation

SENG 5199-3 Data and Network Security Lecture 3 Crypto

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SENG 5199-3 Data and Network SecurityLecture 3Crypto Yongdae Kim

  2. News Today • Linux Local Root Escalation • Teleconferencing Equipment

  3. SKE with Secure channel Adversary d Secure channel Key source e Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob

  4. PKE with insecure channel Passive Adversary e Insecure channel Key source d Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob

  5. e e’ Ee’(m) Public key should be authentic! • Need to authenticate public keys Ee(m) e Ee(m)

  6. Symmetric vs. Public key

  7. Hash function and MAC • A hash function is a function h • compression • ease of computation • Properties • one-way: for a given y, find x’ such that h(x’) = y • collision resistance: find x and x’ such that h(x) = h(x’) • Examples: SHA-1, MD-5 • MAC (message authentication codes) • both authentication and integrity • MAC is a family of functions hk • ease of computation (if k is known !!) • compression, x is of arbitrary length, hk(x) has fixed length • computation resistance • Example: HMAC

  8. How Random is the Hash function?

  9. Applications of Hash Function • File integrity • Digital signature Sign = SSK(h(m)) • Password verification stored hash = h(password) • File identifier • Hash table • Generating random numbers

  10. Hash function and MAC • A hash function is a function h • compression • ease of computation • Properties • one-way: for a given y, find x’ such that h(x’) = y • collision resistance: find x and x’ such that h(x) = h(x’) • Examples: SHA-1, MD-5 • MAC (message authentication codes) • both authentication and integrity • MAC is a family of functions hk • ease of computation (if k is known !!) • compression, x is of arbitrary length, hk(x) has fixed length • computation resistance • Example: HMAC

  11. MAC construction from Hash • Prefix • M=h(k||x) • appending y and deducing h(k||x||y) form h(k||x) without knowing k • Suffix • M=h(x||k) • possible a birthday attack, an adversary that can choose x can construct x’ for which h(x)=h(x’) in O(2n/2) • STATE OF THE ART: HMAC (RFC 2104) • HMAC(x)=h(k||p1||h(k|| p2||x)), p1 and p2 are padding • The outer hash operates on an input of two blocks • Provably secure

  12. How to use MAC? • A & B share a secret key k • A sends the message x and the MAC M←Hk(x) • B receives x and M from A • B computes Hk(x) with received M • B checks if M=Hk(x)

  13. PKE with insecure channel Passive Adversary e Insecure channel Key source d Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob

  14. Digital Signature • Integrity • Authentication • Non-repudiation I did not have intimate relations with that woman,…, Ms. Lewinsky WJ Clinton

  15. Digital Signature with Appendix • Schemes with appendix • Requires the message as input to verification algorithm • Rely on cryptographic hash functions rather than customized redundancy functions • DSA, ElGamal, Schnorr etc.

  16. Mh x S VA u 2{True, False} Digital Signature with Appendix M Mh S SA,k h m mh s* s* = SA,k(mh) u = VA(mh, s*)

  17. Authentication • How to prove your identity? • Prove that you know a secret information • When key K is shared between A and Server • A  S: HMACK(M) where M can provide freshness • Why freshness? • Digital signature? • A  S: SigSK(M) where M can provide freshness • Comparison?

  18. Encryption and Authentication • EK(M) • Redundancy-then-Encrypt: EK(M, R(M)) • Hash-then-Encrypt: EK(M, h(M)) • Hash and Encrypt: EK(M), h(M) • MAC and Encrypt: Eh1(K)(M), HMACh2(K)(M) • MAC-then-Encrypt: Eh1(K)(M, HMACh2(K)(M))

  19. Challenge-response authentication • Alice is identified by a secret she possesses • Bob needs to know that Alice does indeed possess this secret • Alice provides responseto a time-variant challenge • Response depends on both secret and challenge • Using • Symmetric encryption • One way functions

  20. Challenge Response using SKE • Alice and Bob share a key K • Taxonomy • Unidirectional authentication using timestamps • Unidirectional authentication using random numbers • Mutual authentication using random numbers • Unilateral authentication using timestamps • Alice  Bob: EK(tA, B) • Bob decrypts and verified that timestamp is OK • Parameter Bprevents replay of same message in B  A direction

  21. Challenge Response using SKE • Unilateral authentication using random numbers • Bob  Alice: rb • Alice  Bob: EK(rb, B) • Bob checks to see if rb is the one it sent out • Also checks “B” - prevents reflection attack • rb must be non-repeating • Mutual authentication using random numbers • Bob  Alice: rb • Alice  Bob: EK(ra, rb, B) • Bob  Alice: EK(ra, rb) • Alice checks that ra, rb are the ones used earlier

  22. Challenge-response using OWF • Instead of encryption, used keyed MAC hK • Check: compute MAC from known quantities, and check with message • SKID3 • Bob  Alice: rb • Alice  Bob: ra, hK(ra, rb, B) • Bob  Alice: hK(ra, rb, A)

  23. Key Establishment, Management • Key establishment • Process to whereby a shared secret key becomes available to two or more parties • Subdivided into key agreement and key transport. • Key management • The set of processes and mechanisms which support key establishment • The maintenance of ongoing keying relationships between parties

  24. Example • File System Key Management • RSA SecureID

More Related