Security. Courtesy of Alvert Levi with Sabanci Univ. Terminology. Computer Security automated tools and mechanisms to protect data in a computer, even if the computers are connected to a network against hackers (intrusion) against viruses against Denial of Service attacks
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Security
Courtesy of
Alvert Levi with Sabanci Univ.
Masquerade
Replay
Encryption key
Decryption key
Encryption
(Encipherment)
Decryption
(Decipherment)
Message
(plaintext
cleartext)
Ciphertext
(cryptogram)
plaintext
“The opponent is not to be underestimated. In particular, the opponent knows the encryption and decryption algorithms.
So the strength of a cipher system depends on keeping the key information secret, not the algorithm”
A. Kerckhoff, 1883
Symmetric cryptography
there must be a secure mechanism for the distribution of this key a priori
Y = EK(X)
X = DK(Y)
1001 transmitted
-> original message!
C = EK3[DK2[EK1[P]]]
keystream
keystream
Courtesy of Kris Gaj
Now asymmetric cryptography
Public-key
Y=fku(X)easy, if ku and X are known
X=fkr-1(Y)easy, if kr and Y are known, but infeasible if Y is known but kr is not known
Alice
Bob
Commutative!
Alice
Bob
KUaA’s Public KeyKUbB’s Public Key
KRaA’s Private KeyKRbB’s Private Key
e is usually a small number
p = 17, q = 11, n = p*q= 187
(n) = 16*10 =160, pick e=7, d.e=1 mod (n) d = 23
Thanks to Kris Gaj for this figure
q and are known by both A and B beforehand. q is a prime number, < q and is a primitive root of q
Variable Length
Message
H
(Hash Func.)
Hash
H(M)
Fixed Length
Sender a
M: message to be signedH: Hash function
E: RSA Private Key OperationKRa: Sender’s Private Key
D: RSA Public Key OperationKUa: Sender’s Public Key
EKRa[H(M)] Signature of A over M
Sender a
s, r
M: message to be signedH: Hash function
Sig: DSA Signing OperationKRa: Sender’s Private Key
Ver: DSA Verification OperationKUa: Sender’s Public Key
s, r: Signature of A over MKUG: Global Public Key components
k: nonce
Collision resistant hash functions and digital signatures: Birthday attack
F: FCS function
C:MAC function
MAC = CK(M)
D1, D2, … , DN : Message divided into N 64-bit blocks
KeyedHash = Hash(Key|Message)
HMACK = Hash[ (K+ XOR opad) ||
Hash[(K+ XOR ipad)||M)] ]
envelope
EC: Conventional EncryptionDC: Conventional Decryption
EP: Public-key EncryptionDP: Public-key Decryption
Ks: Session key (one-time)
Key Distribution/Management and Authentication
two closely related subjects
why?
various key distribution alternatives for parties A and B :
N1, N2: nonce
Ks: session key
KDC
2. {k,NA,B, {k,A}KB}KA
1. A,B,NA
3. {k,A}KB
Bob’s
Server
4. {NB}k
Alice
5. {NB-1}k
A,B: identities of hosts, KDC: Key Distribution Center
NA, NB : nonce
KA, KB: host keys shared by KDC and hosts
k: session key for the host A and B
{}k: Encryption with a key k
Why don’t use master key?
1. A→KDC: IDA|| IDB|| N1
2. KDC→A: EKa[Ks|| IDB|| N1 || EKb[Ks||IDA] ]
3. A→B: EKb[Ks||IDA]
4. B→A: EKs[N2]
5. A→B: EKs[f(N2)]
http://portal.acm.org/citation.cfm?id=24593&dl=ACM&coll=portal
1. A -> B : IDA
2. B -> A : EKb[IDA, Nb]
3. A -> KDC : IDA, IDb, Na, EKb[IDA, Nb]
4. KDC -> A : EKa [Na, IDb, Ks, EKb [Ks, Nb, IDA] ]
5. A -> B : EKb [Ks, Nb, IDA]
6. B -> A : Ks[Nb]
7. A -> B : Ks[f(Nb)]
1. A→AS: IDA|| IDB
2. AS→A: EKRas[IDA||KUa||T] || EKRas[IDB||KUb||T]
3. A→B: EKRas[IDA||KUa||T] || EKRas[IDB||KUb||T] || EKUb[EKRas[Ks||T]]
1. A→KDC: IDA|| IDB|| N1
2. KDC→A: EKa[Ks|| IDB|| N1 || EKb[Ks||IDA] ]
3. A→B: EKb[Ks||IDA] || EKs[M]
A→B: EKUb[Ks] || EKs[M]
A→B: M || EKRa[H(M)] || EKRas[T||IDA||KUa]