Loading in 2 Seconds...
Loading in 2 Seconds...
CS 854 – Hot Topics in Computer and Communications Security. Fall 2006 Introduction to Cryptography and Security II. Announcements. First paper review is due on Monday Review one of the two mandatory papers FYI, I am the coauthor of one of them.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Fall 2006
Introduction toCryptography and Security II
sender (Bob) digitally signs document, establishing he is document owner/creator.
verifiable, nonforgeable, nonrepudiable: recipient (Alice) can prove to third party that Bob, and no one else (including Alice), must have signed document
message integrity does not always require nonrepudiation
See later
Digital SignaturesGoal: fixedlength, easy tocompute digital “fingerprint” H(m)
message digest, cryptographic hash function
can compute KB(H(m)) instead of KB(m)
(Cryptographic) Hash Functionslarge
message
m
H: Hash
Function
H(m)


1 Handbook of Applied Cryptography
2Some observations on the theory of cryptographic hash functions
a,b: specified constants
H: preferably SHA256
How do two entities establish shared secret key over network?
requires secure channel (confidentiality, authentication, and message integrity)
Solution:
trusted key distribution center (KDC) acting as intermediary between entities
E.g., Needham Schroeder
Public key problem:
When Alice obtains Bob’s public key (from web site, email, diskette), how does she know it is Bob’s public key, not Trudy’s?
requires authenticated channel and message integrity
Solution:
trusted certification authority (CA)
Trusted Intermediaries+
Signingalgorithm
K
K
B
B
K
CA
Certification AuthoritiesBob’s
public
key
CA
private
key
certificate for Bob’s public key, signed by CA

Bob’s
identifying information
+
Verify signature
K
K
B
B
K
CA
Certification AuthoritiesBob’s
public
key
CA
public
key
+
RSAbased server authentication:
Phase 2: no server_key_exchange and certificate_request
Phase 3: no certificate, client_key_exchange contains premaster secret encrypted with public key from server certificate, no certificate_verify
Phase 4: client & server compute master secret based on premaster secret and initial random numbers, finished messages are authenticated/encrypted based on master secret
For client authentication: client sends signed transcript in certificate_verify
From Stallings
KS( )
+
+

KB(KS )
KA
KB
+
+
KS
m
.

KA( )
.

KA(H(m))
H( )
m
Internet
KS
.
+
KB( )
Secure emailsender wants confidentiality, sender authentication, message integrity, and nonrepudiation
Sender uses three keys: her private key, receiver’s public key and newly created symmetric key
From Stallings