lecture 8 applied cryptography
play

Lecture 8 - Applied Cryptography CSE497b - Spring 2007 Introduction - PowerPoint PPT Presentation

Jun 12, 2023 •407 likes •596 views

Lecture 8 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  1. Lecture 8 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  2. Cryptographic Protocols • Secure distributed applications have some cryptographic protocols that define the constructions and procedures for communicating between two parties – E.g., SSL/TLS, IPsec, SSH, Kerberos – Each has a set of goals (e.g., confidentiality, integity, authenticity, non-repudiation) – Defined for some set of assumed principals, trust, ... – Much of network security is focused on the design and application of these protocols • Again, lets start with Alice and Bob 2 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  3. Basic (User) Authentication • Bob wants to authenticate Alice ’ s identity – (is who she says she is) [pw A ] 1 Alice Bob 2 [Y/N] 3 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  4. Hash User Authentication • Bob wants to authenticate Alice ’ s identity – (is who she says she is) [h(pw A )] 1 Alice Bob 2 [Y/N] 4 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  5. Challenge/Response User Authentication • Bob wants to authenticate Alice ’ s identity – AKA, digest authentication [c] 1 [h(c+pw A )] 2 Alice Bob 3 [Y/N] 5 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  6. User authentication vs. data security • User authentication proves a property about the communicating parties – E.g., I know a password • Data authentication ensures properties about the transmitted data – E.g., guarantees confidentiality of the data • Now, lets talk about the latter, data security 6 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  7. Simple data Integrity? • Alice wants to ensure any modification of the data in flight is detectable by Bob (integrity) [d,h(d)] 1 Alice Bob 7 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  8. HMAC Integrity • Alice wants to ensure any modification of the data in flight is detectable by Bob (integrity) [d,h(d+pw A )] 1 Alice Bob 8 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  9. Signature Integrity • Alice wants to ensure any modification of the data in flight is detectable by Bob (integrity) [d, Sig(A - ,d) ] 1 Alice Bob 9 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  10. Confidentiality • Alice wants to ensure that the data is not exposed to anyone except the intended recipient (confidentiality) [E(k AB ,d ) ] 1 Alice Bob 10 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  11. Confidentiality • Alice wants to ensure that the data is not exposed to anyone except the intended recipient (confidentiality) • But, Alice and Bob have never met !!!! [E(k x ,d ),E(B + ,k x ) ] 1 Alice Bob • Alice randomly selects key k x to encrypt with 11 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  12. Real Systems Security • The reality of the security is that 90% of the frequently used protocols use some variant of these constructs. – So, get to know them … they are your friends – We will see them (and a few more) over the semester • They also apply to systems construction – Protocols need not necessarily be online – Think about how you would use these constructs to secure files on a disk drive (integrity, authenticity, confidentiality) – We will add some other tools, but these are the basics 12 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  13. Key Exchange • A simple key exchange between Alice and Bob • Assisted by Trent (trusted third party), who shares pair keys with both Alice and Bob 1) : { Bob } k alice Alice → Trent 2) : { k session } k alice · { k session } k bob Trent → Alice 3) : { k session } k bob Alice → Bob • This is an OK protocol, but it has a couple of flaws • Q: What are they? a) Bob does not know who he is talking to. b) Bob can fall victim to a replay attack . 13 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel

  14. Needham-Schroeder Protocol 1) Alice → Trent : { Alice + Bob + rand 1 } 2) Trent → Alice : { Alice + Bob + rand 1 + K AB + { Alice + K AB } K BT } K AT 3) Alice → Bob : { Alice + K AB } K BT 4) Bob → Alice : { rand 2 } K AB ticket 5) Alice → Bob : { rand 2 − 1 } K AB • NS protocol is the basis for many authentication and key agreement systems, e.g., Kerberos • Addresses the problems in the preceeding protocol – Use of rand 1 ensures that Alice is not receiving replay – Use of rand 2 ensures that Bob is not receiving replay – Alice is authenticated by ticket – Specification of identities of Alice and Bob in request and ticket ensure that no ambiguity in identity (mutual auth.) 14 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel

  15. Needham-Schroeder Protocol (Public Key) 1) Alice → Trent : { Alice + Bob } { Bob + + Bob } Trent − 2) Trent → Alice : 3) Alice → Bob : { rand 1 + Alice } Bob + 4) Bob → Trent : { Bob + Alice } { Alice + + Alice } Trent − 5) Trent → Bob : 6) Bob → Alice : { rand 1 + rand 2 } Alice + 7) Alice → Bob : { rand 2 } Bob + • The public key version consists of messages to retrieve the public keys from the trusted third party • Addresses the problems in the preceding protocol – Use of rand 1 ensures that Alice is not receiving replay – Use of rand 2 ensures that Bob is not receiving replay – No ticket is necessary • Trent ’ s lookup of public keys provides basis for secrets – Specification of Alice, but not Bob in the messages • But only Bob knows his private key -- is that enough? 15 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel

  16. Key Storage • Q: Where do you put the keys/passwords that you use for your system? – File on disk (do you trust WinX to protect your files?) – Sticky note on your monitor? – Encrypted on disk (it will be in memory some time) • Many system use secure secondary storage for keys – Smartcards – Cryptographic co-processors – Trusted Platform Module (TPM) – Passive authentication device • Reality: most systems are broken by loss of keys – Cryptography almost never the source of compromise • Key escrow - third party recovery of keys 16 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  17. Key Revocation • Keys are generally useful for some period of time – Sometimes called key decay – Cause: cryptanalysis, increased exposure to (unknown) compromise, discovered time • Q: how do you tell all the other principals/services and the keys are no longer valid? – In centralized system, it is often easy (ask central service) – In a decentralized system, it is much harder, particularly in the case of certificates (more of this later in PKI ...) • Solutions – push - advertise (authenticated) list of revoked keys – pull - query continued validity of key 17 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  18. Take Away • You have the tools for writing crypto protocols – Algorithms are well-understood – Must be careful to compose into protocols correctly – Issues of key storage and removal must be addressed • Next week: Look at implementations of authentication 18 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Recommend

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website:

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website: http://pages.cs.wisc.edu/ rist/cs838/ 1 / 55 Cryptography usage Did you use any cryptography today? 2 / 55 Cryptography usage Did you use any

851 views • 83 slides
Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and

Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and

Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and Source Code in C , 2nd. Edition, Bruce Schneier, John Wiley & Sons, Inc. Outline Cryptographic Protocols Introduction Introduction

759 views • 45 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and

478 views • 23 slides
Classical Cryptography CS461/ECE422 Fall 2009 1 Reading CS Chapter 9 section 1 through 2.2

Classical Cryptography CS461/ECE422 Fall 2009 1 Reading CS Chapter 9 section 1 through 2.2

Classical Cryptography CS461/ECE422 Fall 2009 1 Reading CS Chapter 9 section 1 through 2.2 Applied Cryptography , Bruce Schneier Handbook of Applied Cryptography, Menezes, van Oorschot, Vanstone Available online

739 views • 43 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption: with

445 views • 17 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore Orange Labs December 3, 2020 Paris, France Orange Labs A New Kind of Network Telecommunication companies like France Tlcom / Orange are

601 views • 36 slides
Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 Outline Recall:

Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 Outline Recall:

Symmetric Key Encryp.on 9/9/2009 598MAN Applied Cryptography 1 Outline Recall: defini.ons of encryp.on Perfect secrecy CPA security CCA security Today Prac.cal construc.ons 9/9/2009 598MAN Applied Cryptography

490 views • 28 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key Cryptography Lecture 8 Public-Key Encryption Diffie-Hellman Key-Exchange PKE scheme PKE scheme SKE: Syntax KeyGen outputs K K Enc: M K R

1.18k views • 104 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic

Quantum Cryptography Lecture 26 Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information (and generate

455 views • 19 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com>

Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com>

Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com> Cryptography adoption criteria Conservative security assumptions Or graceful security degradation Reasonably compact serialisation

1.18k views • 22 slides
Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about?

Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about?

15-251 Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about? Adversary Eavesdropper I will cut his throat I will cut his throat What is cryptography about? loru23n8uladjkfb!#@

1.41k views • 65 slides
Lecture 11 Authentication 1 Where are we now? We know a bit of the following:

Lecture 11 Authentication 1 Where are we now? We know a bit of the following:

Lecture 11 Authentication 1 Where are we now? We know a bit of the following: Conventional cryptography Hash functions and MACs Public key cryptography Encryption Signatures Identification (Fiat-Shamir) + Zero

213 views • 9 slides
Lecture 7 - Applied Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network

Lecture 7 - Applied Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network

Lecture 7 - Applied Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger

817 views • 18 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Cryptography Lecture 8 Public-Key Encryption from Trapdoor OWP Public-Key Cryptography Lecture 8 Public-Key Encryption from Trapdoor OWP CCA Security El Gamal Encryption

1.78k views • 162 slides

More recommend