1 / 14

Security Protocols

Security Protocols. What We Know. A bit about the history of cryptography The key distribution problem Distinction between symmetric and public key cryptography Some basic and not-so-basic symmetric schemes Lots of number theory A little about pseudo-random number generation

nevin
Download Presentation

Security Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Protocols

  2. What We Know • A bit about the history of cryptography • The key distribution problem • Distinction between symmetric and public key cryptography • Some basic and not-so-basic symmetric schemes • Lots of number theory • A little about pseudo-random number generation • Several public key schemes

  3. What Public Key Cryptography Implies • The key distribution problem is solved • Not so fast • Bob publishes his public key • Eve downloads it and substitutes her key • Alice encrypts a message with Bob’s key (which is actually Eve’s) • Even intercepts downloads and decrypts the message using her private key

  4. Problem: Intruder in the middle attack (iitma) • Eve, a novice chess player, says • that she can play against two grandmasters concurrently (over the web) • That she can either win one game or draw both • Strategy • GM 1 moves • Eve makes the same move against GM 2 • GM2 moves • Even makes the same move against GM 1 • Etc.

  5. IITMA Against Diffie-HellmanThe Protocol • Bob chooses a large prime, p, and a primitive root, a mod p. p and a are public. • Alice chooses a secret x with 1 <= x <= p – 2 • Bob chooses a secret y with 1 <= y <= p – 2 • Alice sends ax mod p to Bob • Bob sends ay mod p to Alice • Alice calculates K congruent (ay)x mod p • Bob calculates K congruent (ax)y mod p

  6. IITMA Against Diffie-HellmanThe Attack • Eve chooses z • Eve intercepts ax, ay • Eve sends az to both Bob and Alice • Eve and Alice compute KAE congruent (ax)z mod p • Eve and Bob compute KEB congruent (ay)z mod p • Even can now read any message between Bob and Alice

  7. Deus et Machina • Needed: Authenticated key agreement protocol by which Alice and Bob’s identities are known • Implemented in Station-to-Station protocol using digital signatures • Each User, U, has • a digital signature function, sigU • Verification function, veru • sigU produces an RSA or El Gamal signature • Veru verifies that the signature is valid for U • Trusted authority, Trent (aka God) • Publishes both functions and certifies that they belong to U and not to Eve

  8. In Practice • Bob and Alice choose • Encryption function, Ek • Large prime, p, and a primitive root, a mod p. • Alice and Bob choose x and y as before. • Alice computes ax mod p and Bob computes ay mod p • Alice sends ax to Bob • Bob • computes K congruent (ax)y mod p • signs the two functions: S-B = sigB(ay, ax) • Bob encrypts his signature: Ek (S-B) • Sends ay and Ek(S-B) to Alice • Alice • computes K congruent (ay)x mod p • decrypts Ek(S-B) sigB(ay, ax) • asks Trent to verify that verB is bob’s verification algorithm • uses verb to verify Bob’s signature • Signs the two functions: S-A = sigA(ax, ay)) • Alice encrypts her signature: sends Ek(S-A) • Sends to Bob ax and Ek(S-A) to Bob • Bob • decrypts Ek(S-A)  sigB(ax, ay) • asks Trent to verify that verA is alice’s verification algorithm • uses verA to verify Alice’s signature • Alice • uses verb to verify Bob’s signature What is left out: How do we know Trent is Trent?

  9. Kerberos • Problem: how can students securely access their files that are distributed across a network of workstations • Concepts • Client: user or software that wants to accomplish a task • Server: larger entity that provides services to clients • The players • Cliff: a client who wants to use serge’s service • Serge: a server who verifies cliff’s identity and provides the service • Trent: a trusted authority (authentication server) • Grant: a ticket-granting server

  10. 2 Trent 3 Grant cliff 4 1 5 Serge The Protocol Follows

  11. 1. Cliff sends Trent his id and the name of the ticket-granting server (Grant) 2. Trent looks up cliff in his DB. If he finds it • He generates a session key for cliff and Grant KCG. . • Uses Cliff’s secret key, KC, to encrypt KCG: T = eKc(Kcg). • Creates a Ticket Granting Ticket (TGT) that allows Cliff to authenticate himself to Grant. This ticket is encrypted using Grant’s secret key (which Trent has) • TGT = grant’s name || eKg (Cliff’s info, Timestamp1, KCG) • Sends Trent T||TGT 3. Cliff • extracts KCG because he has Kc. He can now communicate securely with Grant. • Creates an encrypted authenticator: AuthCG = ekcg (Cliff’s info, Timestamp2) • Sends AUTHcg and TGT to grant 4. Grant • Extracts Cliff’s info, Timstamp1, Cliff’s info,Timestamp1, KCG which was encrypted using Grant’s key • Uses Kcg to extract Cliff’s info and Timestamp2 • If both versions of Cliff’s info match and Timestamp1 is close to Timestamp 2, Grant generates a session key KCS, for Cliff to communicate with serge • uses Serge’s secret key (Ks) to generate • ServTicket = eKs(Cliff’s info, Timestamp3, ExpireTime, Kcs) • Encrypts the session key using the session key between cliff and grant • ekcg(kcs) • Sends ServTicket and the encrypted session key to Cliff 5. Cliff • Decrypts the encrypted session key Kcs • Creates an authenticator AuthCS = eKcs (Cliff’s info, Timestamp4) • Cliff sends Serge Authcs and ServTicket 6. Serge • Extracts session key and use it to extract cliff’s info, Timestamp3, timestamp4 and the expiration time. This verifies that Cliff is who he says he is and that the timestamps are not stale

  12. X.509 Certificates • Used to verify that someone is who he/she says she is • Specifically: verifies that a merchant has a relationship with a bank that allows it to accept credit card purchase • The merchant says she is using secure public key encryption to transmit your credit card. • How do you know that Eve hasn’t substituted her public key for the key of the merchant?

  13. Certification Authority • VeriSign (etc.) is assumed to be trustworthy • CA • produces and signs its own certificate • Packages these into browsers • Produces certificates for merchants • Contains the merchant’s public key • Signed by the CA using the CA’s private key • Stored on the local computer

  14. In Practice • Alice wants to verify that a merchant’s public key is correct (gotten from the firm’s website) • Gets certificate from the firm (signed by a CA and containing its public key) • Gets CA’s public key from the CA’s certificate on her computer • Verifies the signature on the firm’s certificate. • She now has the firm’s public key with which to encrypt her credit card information • See: IEToolsInternet OptionsContentCertificatesIntermediate Certification Authorities

More Related