1 / 26

Security Definition

Security Definition. Unconditional Security The system cannot be defeated, no matter how much power is available by the adversary. Computational security

sirvat
Download Presentation

Security Definition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Definition • Unconditional Security • The system cannot be defeated, no matter how much power is available by the adversary. • Computational security • The perceived level of computation required to defeat the system using the best known attack exceeds, by a comfortable margin, the computational resources of the hypothesized adversary. • e.g., given limited computing resources, it takes the age of universe to break cipher.

  2. Security Definition • Provable security • The difficulty of defeating the system can be shown to be essentially as difficult as solving a well-known and supposedly difficult problem (e.g., integer factorization) • Ad hoc security • Claims of security generally remain questionable • Unforeseen attacks remain a threat

  3. Secret Key Cryptographic Algorithms • DES (Data Encryption Standard) • 3DES (Triple DES) • IDEA (International Data Encryption Algorithm) • AES (Advanced Encryption Standard)

  4. DES (Data Encryption Standard) • Authors: NSA & IBM, 1977 • Data block size: 64-bit (64-bit input, 64-bit output) • Key size: 56-bit key • Encryption is fast • DES chips • DES software: a 500-MIP CPU can encrypt at about 30K octets per second • Security • No longer considered secure: 56 bit keys are vulnerable to exhaustive search

  5. DES operation Symmetric key crypto: DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation

  6. Triple-DES (3DES) • C = DESk3(DESk2(DESk1(P))). • Data block size: 64-bit • Key size: 168-bit key; effective key size: 112 (due to man-in-the-middle attack) • Encryption is slower than DES • Securer than DES

  7. IDEA (International Data Encryption Algorithm) • Authors: Lai & Massey, 1991 • Data block size: 64-bit • Key size: 128-bit • Encryption is slower than DES • Security • Nobody has yet published results on how to break it • Having patent protection

  8. AES (Advanced Encryption Standard) • Authors: Daemen & Rijmen • Block size:128-bit • Key size: 128-bit, 192-bit, 256-bit • Encryption is fast • Security • As of 2005, no successful attacks are recognized. • NSA stated it secure enough for non-classified data.

  9. Other SKC Algorithms • RC2 • Block size: 64 bits; key size: variable • Vulnerable to a chosen plaintext attack • RC4 • Stream cipher • Key size: variable (typically 40-256 bits) • No longer considered secure: the key stream generated by RC4 is slightly biased in favor of certain sequences of bytes. • RC5 • Block size: variable (32, 64, 128 bits); key size: variable (0-2040bits) • Not secure when key size <= 64 bits • RC6 • Derived from RC5 • Block size: variable; key size: variable

  10. Some Hash functions • Message digest (MD) algorithms • MD2, MD4, MD5, MD6; Author: Ron Rivest • 128-bit hash value • Some collisions are found. • Secure hash algorithm (SHA) family • SHA-0, SHA-1 • 160-bit hash value • Reported “being broken”: collisions can be found with a complexity lower than the brute-force search • SHA-2 • SHA-224, SHA-256, SHA-384, SHA-512.

  11. PKC Algorithm: RSA • Its security is based on the difficulty of factoring • Choose two large prime numbers, p and q. • Compute n=p*q and z=(p-1)*(q-1). • Find d and e (both less than n), such that e has no common factors with z, and e*d-1 is divisible by z. • Encryption: c=me mod n; decryption: m=cd mod n. • The best known algorithm for solving the problem is sub-exponential (less than exponential), but super-polynomial (more than any fixed degree polynomial) • Key size should be large (e.g., 1024 bits) • Encryption/decryption involves exponentiation operations on large numbers.

  12. PKC Algorithm: ECC (Elliptic Curve Cryptography) • Its security is based on the difficulty of solving the discrete logarithm problem for the group of an elliptic curve over some finite field. • Encryption/decryption operations are slower for an ECC system than for a factorization system or modulo integer discrete log system of the same size. • Why ECC outperform RSA? • Till now, the mathematicians do not (yet?) have sub-exponential algorithms for breaking the ECC system. • Key size can be smaller (e.g., 160 bits) than RSA (1024 bits).

  13. Key Establishment and Distribution

  14. Key Establishment • DH (Diffie-Hellmen) Scheme Alice Bob Pick y Pick x n, g, gx mod n gy mod n Compute: (gxmod n)y =gxy mod n Compute: (gymod n)x =gxy mod n

  15. Key Establishment • DH (Diffie-Hellmen) Scheme: Man-in-the-middle attack gxu mod n gvy mod n Alice Bob Pick y Pick x n, g, gx mod n n, g, gv mod n gy mod n gu mod n Judy gvy mod n gxu mod n

  16. KB-KDC KX-KDC KY-KDC KZ-KDC KP-KDC KB-KDC KA-KDC KA-KDC KP-KDC Key Distribution Center (KDC) • Alice, Bob need shared symmetric key. • KDC: server shares different secret key with each registered user (many users) • Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC. KDC

  17. Key Distribution Center (KDC) Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 KA-KDC(A,B) KA-KDC(R1, KB-KDC(A,R1) ) Alice knows R1 Bob knows to use R1 to communicate with Alice KB-KDC(A,R1) Alice and Bob communicate: using R1 as session key for shared symmetric encryption

  18. + + digital signature (encrypt) K K B B K CA Certification Authorities • Certification authority (CA): binds public key to particular entity, E. • E (person, router) registers its public key with CA. • E provides “proof of identity” to CA. • CA creates certificate binding E to its public key. • certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key CA private key certificate for Bob’s public key, signed by CA - Bob’s identifying information

  19. + + digital signature (decrypt) K K B B K CA Certification Authorities • When Alice wants Bob’s public key: • gets Bob’s certificate (Bob or elsewhere). • apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key CA public key +

  20. A certificate contains • Serial number (unique to issuer) • info about certificate owner, including algorithm and key value itself (not shown) • info about certificate issuer • valid dates • digital signature by issuer

  21. Group Key management: A naïve approach • Distribution • Open a secure channel with each of the members. • Send the group key • Complexity order = N [O(N)] • Rekeying when membership changes • Send the new group key, separately to each of the remaining members. • complexity O(N)

  22. Group key Group Controller Logical entities N number of members d tree degree ln ( N ) depth + 1 ln ( d ) members Tree-Based Algorithms • 2 types of keys • SEKs (Session Encryption Key) • KEKs (Key Encryption Key) • A Group Controller constructs a tree based hierarchy of KEKs

  23. Logical Key Hierarchy (LKH) • Updates the group key and the key encryption key by means of the ciphering of key-nodes in a hierarchical tree where members are located at the leaves. • Achieve rekeying with only O(logN) messages instead of O(N) showed by trivial approach. • Different ciphering algorithms can be used (DESede, AES…)

  24. K0 GKCs N secure channels K11 K12 K21 K22 K23 K24 K31 K32 K33 K34 K35 K36 K37 K38 M1 M2 M3 M4 M5 M6 M7 M8 Logical Key Hierarchy (LKH) • Initialization

  25. K0 K’0 K34 { K0’} K34 { K11’} K34 { K22’} K21 { K0’} K21 { K11’} GKCs K12 { K0’} K11 K’11 K12 K21 K22 K’22 K23 K24 K31 K32 K34 K35 K36 K37 K38 M1 M2 M3 M4 M5 M6 M7 M8 Logical Key Hierarchy (LKH) • Leaving Member Rekeying Messages ln ( N ) ln ( d )

  26. Rekeying messages ln ( N ) ln ( d ) K0 K’0 K31 { K21’} K31 { K11’} K31 { K0’} K21 { K21’} K11 { K11’} K0{ K0’} GKCs K11 K’11 K12 K21 K’21 K22 K23 K24 K31 K32 K33 K34 K35 K36 K37 K38 M1 M2 M3 M4 M5 M6 M7 M8 Logical Key Hierarchy (LKH) • Joining Member

More Related