1 / 27

CSE597B: Special Topics in Network and Systems Security

CSE597B: Special Topics in Network and Systems Security. The Miscellaneous Instructor: Sencun Zhu. Appetizer.

kpark
Download Presentation

CSE597B: Special Topics in Network and Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE597B:Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu The Pennsylvania State University

  2. Appetizer • Ten scientists are working on a secret project. They wish to lock up the documents in a cabinet so that the cabinet can be opened if and only if five or more of the scientists are present. • What is the smallest number of locks needed? • What is the smallest number of keys to the locks each scientist must carry? The Pennsylvania State University

  3. Outline • A little maths • Group, ring, (finite) field • Increasing importance in cryptography • AES, Elliptic Curve, Threshold Cryptography • Secret sharing and threshold cryptography • Based on slides by Prof. Helger Lipmaa, Helsinki University of Technology • Design rules The Pennsylvania State University

  4. Group • G, a set of elements or “numbers” • Obeys: • Closure: if a and b belong to G, a . B is also in G • associative law: (a.b).c = a.(b.c) • has identity e: e.a = a.e = a • has inverses a-1: a.a-1 = e • if commutative a.b = b.a • then forms an abelian group The Pennsylvania State University

  5. Cyclic Group • Define exponentiation as repeated application of operator • example: a3 = a.a.a • Let identity e be: e=a0 • A group is cyclic if every element is a power of some fixed element • i.e. b =ak for some a and every b in group • a is said to be a generator of the group The Pennsylvania State University

  6. Ring • R, a set of “numbers” with two operations, addition and multiplication: • an abelian group with addition operation • closure under multiplication • associative under multiplication • distributive law: a(b+c) = ab + ac • if multiplication operation is commutative, it forms a commutative ring • if multiplication operation has inverses and no zero divisors, it forms an integral domain The Pennsylvania State University

  7. Field • F, a set of numbers with two operations: • F is an integral domain • Multiplicative inverse • For each a in F, except 0, there is an element a-1 in F such that a a-1 = a-1 a =1 • In essence, a field is a set in which we can do addition, subtraction, multiplication, and division without leaving the set • Division: a/b = a b-1 The Pennsylvania State University

  8. Galois Fields • Finite fields (known as Galois fields) play a key role in cryptography • Theorem: the number of elements in a finite field must be a power of a prime pn, denoted as GF(pn) • In particular often use the fields: • GF(p) • GF(2n) The Pennsylvania State University

  9. Galois Fields GF(p) • GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p • these form a finite field • since have multiplicative inverses • hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p) The Pennsylvania State University

  10. Keep Secrets on a Computer • Very difficult • Wiping state • Easier in C/C++, difficult in Java • Swap file • Virtual memory • Caches • Keep copies of data • Data retention by memory • SRAM/DRAM could learn and remember data • Access by others • Data integrity The Pennsylvania State University

  11. Key Storage • Reliability and confidentiality of important data: • Information can be secured by encryption • After that, many copies of the ciphertext can be made • How to secure the secret key? • Encrypting of key — vicious cycle • Replicating key — insecure • Idea: distribute the key to a group, s.t. nobody by itself knows it The Pennsylvania State University

  12. Secret Sharing:More Motivations • USSR: At least two of the three nuclear buttons must have been pressed simultaneously • Any other process where you might not trust a single authority • Threshold cryptography • Computation can be performed in a distributed way by “trusted” subsets of parties • Verifiable SS: One can verify that inputs were shared correctly The Pennsylvania State University

  13. Secret Sharing Schemes: Definition • A dealer shares a secret key among nparties • Each party i in[1, n] receives a share • Predefined groups of participants can cooperate to reconstruct the shares • Smaller subgroupscannot get anyinformation about the secret The Pennsylvania State University

  14. (k, n)-threshold schemes • A dealer shares a secret key between nparties • Each party i in [1, n] receives a share • A group of any kparticipants can cooperate to reconstruct the shares • No group of k-1participants can get any information about the secret The Pennsylvania State University

  15. A Bad Example • Let K be a 100-bit block cipher key. • Share it between two parties • Giving to both parties 50 bits of the key • Why is this bad? • The requirement ‘Smaller subgroups cannot get any information about the secret’ is violated • Ciphertext-only attack • Both participants can recover the plaintext by themselves, by doing a (2^50)-time exhaustive search The Pennsylvania State University

  16. (2, 2)-threshold scheme • Let s G be a secret from group (G, +). Dealer chooses a uniformly random s1 G and lets s2 =s –s1 • The two shares are s1 and s2 • Given s1 and s2 , one can successfully recover s = s1+ s2 • Given only s1, s2 is random, vice versa • Pr[s = k | s2 ] = Pr[s1 = k - s2| s2 ] = 2^|G | for any k The Pennsylvania State University

  17. (n, n)-threshold scheme The Pennsylvania State University

  18. Shamir’s (k,n) Threshold Scheme • Mathematical basis The Pennsylvania State University

  19. Shamir’s (k,n) Threshold Scheme • Dealing phase The Pennsylvania State University

  20. Shamir’s (k,n) Threshold Scheme The Pennsylvania State University

  21. Shamir’s (k,n) Threshold Scheme The Pennsylvania State University

  22. Illustration The Pennsylvania State University

  23. Shamir’s Scheme: Efficiency The Pennsylvania State University

  24. Shamir’s Scheme: Flexibility The Pennsylvania State University

  25. Remarks The Pennsylvania State University

  26. Design Rules • Design rules: • Complexity is the worst energy of security • There are no secure complex systems • Correctness must be a local property • every part of the system should behave correctly regardless of how the rest of the system works • For a security level of n bits, every cryptographic value should be at least 2n bits long • Due to collision attacks • Reliability • Do not assume message reliability • TCP cannot prevent active attacks The Pennsylvania State University

  27. Presentation • Two presentations each class • Let us first see how it will be going • Time • 30~35 minutes/person, including random interruption • Do not exceed • How to give a good talk • http://www.info.ucl.ac.be/people/PVR/giving_talk.ps • How to give a bad talk • http://www.eecs.berkeley.edu/~messer/Bad_talk.html The Pennsylvania State University

More Related