Protocols chapter 2
Download
1 / 50

Protocols Chapter 2 - PowerPoint PPT Presentation


  • 38 Views
  • Uploaded on

Protocols Chapter 2. Protocol: A series of steps, involving two or more parties, designed to accomplish a task. All parties involved must know the protocol All parties must agree to follow it Must be unambiguous Must be complete. The Players dramatis personae. Alice First participant

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Protocols Chapter 2' - brent-ortega


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Protocols chapter 2
Protocols Chapter 2

Protocol:

A series of steps, involving two or more parties, designed to accomplish a task.

  • All parties involved must know the protocol

  • All parties must agree to follow it

  • Must be unambiguous

  • Must be complete


The players dramatis personae
The Playersdramatis personae

Alice First participant

Bob Second

Carol Third

Eve Eavesdropper

Mallory Malicious attacker

Trent Trusted arbitrator

Peggy Prover

Victor Verifier


Types of protocols
Types of Protocols

Arbitrated Protocols

Intermediary trusted by all parties

Lawyer is involved

Adjudicated Protocols

In case of a dispute a third party becomes involved

Judge is involved

Self-Enforcing Protocols

The protocol itself guarantees fairness

No third party is involved


Attacks against protocols
Attacks against Protocols

Passive attack

Passive eavesdropper e.g. network sniffing

Difficult to detect

Active attack

Alter protocol

Pretend to be someone else

Cheaters

Not following the protocol

Liars


Protocol building blocks
Protocol Building Blocks

Symmetric key cryptography

One-Way Hash functions

Public-key cryptography

Digital signatures

Random sequence generators


Symmetric key cryptography
Symmetric Key Cryptography

Secure communications

Secure storage

Computationally efficient

Depends on a shared secret


Symmetric key cryptography1
Symmetric Key Cryptography

Alice and Bob want to communicate securely.

  • Alice & Bob agree on a crypto algorithm

  • Alice & Bob agree on a key

  • Alice encrypts message with the key

  • Alice sends ciphertext to Bob

  • Bob decrypts with the key and reads the message


Symmetric key cryptography2
Symmetric Key Cryptography

C

Alice

Bob

Key: K

Message: M

Ciphertext: C = EK(M)

Key: K

Ciphertext: C

Message:

M = DK(C) = DK(EK(M))


Symmetric key cryptography attacks
Symmetric Key CryptographyAttacks

Passive attack:

Eve can only try a ciphertext only attack

Eve can attempt to determine the key during the key exchange

Active attack:

Intercept Alice's message and substitute his own

Break communication channel

Cheaters:

Alice can give the key to Eve, so Eve can read Bob's message


One way hash functions
One-Way Hash functions

One-way functions

No inverse (known to exist)

Hash function

No known collisions

Variable length inputs

Fixed length outputs


Message authentication code
Message Authentication Code

Uses a secret key

One-way hash of both the pre-image and the secret key

K = symmetric key

M = Message

MAC = H(EncK(M))

Only those who have the key K can calculate H(EncK(M).


Public key cryptography
Public-Key Cryptography

Public key and private key

Each player has their own key pair

Computationally intensive

Vulnerable to chosen-plaintext attacks

Very difficult to deduce the private key from the public key


Public key cryptography1
Public-Key Cryptography

Let:

Pr = Alice's private key

Pu = Alice's public key

(Pr, Pu) is the key pair, and must go together.

M = Plaintext from Bob

Ciphertext C = EPu (M) is calculated by Bob with Alice's public key.

Only Alice has access to her private key. Thus only she can calculate

the plaintext M = DPr (EPu (M)).


Public key cryptography2
Public-Key Cryptography

BPu

Alice

Bob

C

Message: M

Ciphertext: C = EBPu(M)

Key pair: BPu, BPr

Ciphertext: C

Message:

M = DBPr(C) = DBPr(EBPu(M))


Digital signatures
Digital Signatures

Authentic

Not forgeable

Not reusable

Unalterable

Cannot be repudiated


Digital signatures with symmetric crypto
Digital Signatures with Symmetric Crypto

Alice wants to sign a digital message and send it to Bob with Trent's help.

  • Alice/Trent key, KA. Bob/Trent key, KB.

  • Alice encrypts her message to Bob with KA and sends it to Trent.

  • Trent decrypts the message with KA.

  • Trent encrypts Alice's message to Bob along with a message that it is from Alice.

  • Trent sends the encrypted bundle to Bob.

  • Bob decrypts the bundle with KB. Bob can read Alice's message along with Trent's certification.


Digital signatures public key crypto
Digital SignaturesPublic-Key Crypto

Alice wants to sign a digital message and send it to Bob without Trent's help

  • Alice's public key, KA-pu, private key, KA-pr..

  • Alice encrypts her document with her private key, KA-pr.

  • Alice sends the signed document to Bob.

  • Bob decrypts the document with KA-pu, thereby verifying the signature.


Digital signatures public key crypto hash functions
Digital Signatures Public-Key Crypto & Hash Functions

Alice wants to sign a large digital message and send it to Bob without the public-key's compute hit.

  • Alice's public key, KA-pu, private key, KA-pr..

  • Alice produces a one-way hash of her document.

  • Alice encrypts the hash with her private key, KA-pr.

  • Alice sends the document and the encrypted hash to Bob.

  • Bob decrypts the hash with KA-pu, calculates the hash of the document himself and compares them, thereby verifying the signature.


Digital signatures vulnerabilities
Digital SignaturesVulnerabilities

Alice can cheat.

She can sign a document.

She can claim that her private key was compromised.

Time stamps help.

Escrow agents are expensive.

Tamper resistant modules.


Random sequence generators
Random Sequence Generators

Pseudo-random generator

Looks random:

Passes all of the statistical tests.

Cryptographically Secure


Cryptographically secure random sequence generators
Cryptographically SecureRandom Sequence Generators

It is unpredictable.

Computationally infeasible to predict what the next random bit will be given complete knowledge of the algorithm and all previous bits.

It cannot be reliably reproduced.


Basic protocols chapter 3
Basic Protocols Chapter 3

Protocols

  • Key Exchange

  • Authentication and key exchange

  • Secret splitting

  • Secret sharing


Key exchange with symmetric crypto
Key Exchange with Symmetric Crypto

  • Alice/Trent key, KA. Bob/Trent key, KB.

  • Alice calls Trent and requests a session key to communicate with Bob.

  • Trent generates a random session key.

  • Trent encrypts the session key with KA and encrypts another copy with KB.

  • Trent sends both copies to Alice.

  • Alice decrypts her copy with KA and sends Bob his copy.

  • Bob decrypts his copy with KB.

  • Alice and Bob can communicate securely with the shared session key.


Key exchange with public key crypto
Key Exchangewith Public-Key Crypto

  • Bob sends Alice his public key, Pu.

  • Alice generates a random session key, K.

  • Alice encrypts K using Bob's public key, EPu(K).

  • Alice sends EPu(K) to Bob.

  • Bob decrypts Alice's message using his private key,

    DPr(EPu(K)) = K.

  • Alice and Bob encrypt their communications using the same session key, K.


Authentication
Authentication

  • Passwords and pass phrases

    • Dictionary attacks

    • Hashed passwords subject to dictionary attacks

    • Salted passwords

  • Public key encryption

    • Requires key pairs

    • Key management


  • Authentication public key encryption
    AuthenticationPublic Key Encryption

    1. Host sends Alice a random string.

    2. Alice encrypts with her private key and sends it back to the host along with her name.

    3. Host looks up Alice's public key and decrypts the messsage.

    4. If the message matches the string the host sent Alice then the host permits access to Alice.


    Key exchange with authentication
    Key Exchange with Authentication

    • All involve a trust intermediary –Trent

    • All subject to man in the middle attack

    • Want to be sure you know who you are talking to.


    Kerberos
    Kerberos

    Guarding the Gates of Hell.

    No one leaves.


    Authentication key exchange kerberos
    Authentication & Key ExchangeKerberos

    • Maintained by MIT

    • Up to version 5-1.10.3 - Release 1.9.4

    • Strong authentication

    • Uses symmetric key encryption

    • Uses a trusted intermediary


    Authentication key exchange kerberos1
    Authentication & Key ExchangeKerberos

    A = Alice's ID

    B = Bob's ID

    KAT = Alice/Trent symmetric key

    KBT = Bob/Trent symmetric key

    Trent

    KAT

    KBT

    Alice

    Bob


    Alice sends message to trent
    Alice sends message to Trent

    A = Alice's ID

    B = Bob's ID

    Trent

    A, B

    Alice

    Bob


    Trent responds to alice with info for alice and bob
    Trent responds to Alicewith info for Alice and Bob

    Trent generates:

    TS = Time stamp

    L = Lifetime for the key

    KAB = Session key

    M1 = (TS, L, KAB, A)

    M2 = (TS, L, KAB, B)

    A = Alice's ID

    B = Bob's ID

    Trent

    EKAT (M2)

    EKBT (M1)

    Alice

    Bob


    Alice gets message from trent
    Alice gets message from Trent

    Trent generates:

    TS = Time stamp

    L = Lifetime for the key

    KAB = Session key

    M1 = (TS, L, KAB, A)

    M2 = (TS, L, KAB, B)

    A = Alice's ID

    B = Bob's ID

    Trent

    EKAT (M2)

    EKBT (M1)

    Alice

    Bob

    Alice calc's DKAT (EKAT (M2)). She now knows

    TS, L, KAB , B and EKBT (M1) which she cannot decrypt.

    Alice also calc's EKAB(A, TS).


    Alice sends message to bob
    Alice sends message to Bob

    Trent generates:

    TS = Time stamp

    L = Lifetime for the key

    KAB = Session key

    M1 = (TS, L, KAB, A)

    M2 = (TS, L, KAB, B)

    A = Alice's ID

    B = Bob's ID

    Trent

    EKAT (M2)

    EKBT (M1)

    EKAB(A, TS), EKBT (M1)

    Alice

    Bob

    Alice calc's DKAT (EKAT (M2)). She now knows

    TS, L, KAB , B and EKBT (M1) which she cannot decrypt.

    Alice also calc's EKAB(A, TS).

    Bob calc's DKBT (EKBT (M1)). He now

    knows TS, L, KAB , A. He can also

    calc DKAB (EKAB(A, TS)).


    Bob gets message from alice and replies to alice
    Bob gets message from Alice and replies to Alice

    Trent generates:

    TS = Time stamp

    L = Lifetime for the key

    KAB = Session key

    M1 = (TS, L, KAB, A)

    M2 = (TS, L, KAB, B)

    A = Alice's ID

    B = Bob's ID

    Trent

    EKAT (M2)

    EKBT (M1)

    EKAB(A, TS), EKBT (M1)

    Alice

    Bob

    EKAB(A, TS + 1)

    Alice calc's DKAT (EKAT (M2)). She now knows

    TS, L, KAB , B and EKBT (M1) which she cannot decrypt.

    Alice also calc's EKAB(A, TS).

    Bob calc's DKBT (EKBT (M1)). He now

    knows TS, L, KAB , A. He can also

    calc DKAB (EKAB(A, TS)).


    Secret splitting protocol
    Secret Splitting Protocol

    Secret splitting

    • Split a message up into n-pieces

    • Give each to a person

    • The message can be read only if all n-people put their pieces together


    Secret splitting protocol1
    Secret Splitting Protocol

    • Trent wants send a message to Alice and Bob that they can only read together.

    • Trent generates a random bit string R, the same length as the message, M.

    • Trent XOR's M with R to generate S.

      M Å R = S

    • Trent gives R to Alice and S toBob.

    • Alice and BobXORtheir pieces together to reconstruct the message:

      R Å S = R Å M Å R = M


    Secret splitting protocol n parties
    Secret Splitting Protocol n – parties

    1. Trent generates random bit strings R1, ... Rn-1the same length as the message, M.

    2. Trent XOR's M with R1, ... Rn-1 to generate Rn.

    M + R1+ ... + Rn-1 = Rn

    3. Trent gives Ri to Alicei.

    4. The Alicei's XOR their pieces together to reconstruct the message:

    R1+ ... + Rn = M


    Secret sharing protocol n parties
    Secret Sharing Protocol n – parties

    Goal: To share a message among 5 people so that any 3 can reconstruct the message.

    Threshold Scheme: (m, n) – threshold scheme.

    A message is divided into n pieces called shadows or shares so that any m of them can be used to reconstruct the original message.


    Intermedate protocols chapter 4
    Intermedate Protocols Chapter 4

    • Time Stamping

    • Subliminal Channels

    • Bit Commitment


    Time stamping
    Time Stamping

    Goals:

    • The document itself must be time stamped.

    • Impossible to change any part of the document without it being apparent.

    • Impossible to timestamp the document with a date/time different from the present one.


    Time stamping1
    Time Stamping

    Arbitrated Solution:

    • Alice transmits a copy of the document to Trent

    • Trent records the date/time he received the document and retains a copy of the document for safekeeping.

      Storage problems

      Privacy problems


    Time stamping2
    Time Stamping

    Improved Arbitrated Solution:

    • Alice produces a one-way hash of the document.

    • Alice transmits the hash to Trent

    • Trent appends the date/time he received the hash onto the hash. H(M) | dtg

    • Trent signs the rersult. ETpri (H(M) | dtg)

    • Trent sends the result back to Alice.


    Subliminal channels
    Subliminal Channels

    • Secret messages sent within other messages

    • Often within the digital signature of an innocuous message

    • Useful enough for a lot of work to be done in this area


    Computing with encrypted data
    Computing with Encrypted Data

    • Alice wants to calculate f(x) on Bob's machine.

    • Alice does not want Bob to know x.

    • You want to know the value of your portfolio without the news service knowing what your portfolio is.


    Bit commitment
    Bit Commitment

    • Alice picks a winner for tomorrow's race.

    • Alice doesn't want Bob to know.

    • Bob doesn't want Alice to be able to change her choice tomorrow.


    Bit commitment1
    Bit Commitment

    • Bob generates a random-bit string, R, and sends it to Alice.

    • Alice creates a message of her commitment, b and R.

    • Alice generates a random key, K, and encrypts Rb with it and sends the result to Bob. Result is EK(R,b)

    • Later Alice sends Bob the key, K.

    • Bob decrypts the message and checks his random string.


    Zero based knowledge problem
    Zero-Based KnowledgeProblem

    Zero-Knowledge Protocol

    • Alice knows a secret

    • Alice wants to prove to Bob she knows the secret

    • Alice does not want to reveal the secret to Bob.


    Zero knowledge protocol
    Zero-Knowledge Protocol

    Alice claims she knows the secret combination to the door in the back of the cave. She wants to prove so to Bob.

    • Bob stands at point A.

    • Alice goes to point C or D.

    • Bob goes to B and asks Alice come out of the cave either on the left or the right.

    • Alice complies using her secret combination if she has to.

    • Repeat n times until Bob is convinced.



    ad