Issues in Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Secure Communication Architectures.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

FIT3105 Smart card based authentication and identity management Lecture 4.

Ronald L. Rivest MIT Laboratory for Computer Science

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.

Applied Cryptography for Network Security

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

Introduction to Public Key Cryptography

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009.

Chapter 10: Authentication Guide to Computer Network Security.

ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Electronic Voting Ronald L. Rivest MIT Laboratory for Computer Science.

Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.

Cryptography, Authentication and Digital Signatures

Cyber Security Anchorage School District – 7 th grade Internet Safety.

ECE Lecture 1 Security Services.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

1 Today’s topics Security –Demo from RSA Security ( –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further.

Types of Electronic Infection

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Week 4 - Wednesday.  What did we talk about last time?  RSA algorithm.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Lecture 2: Introduction to Cryptography

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

DIGITAL SIGNATURE.

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.

1 Lecture 1: Introduction Outline course’s focus intruder’s capabilities motivation for security worms, viruses, etc. legal and patent issues.

Digital Citizenship. What is a Digital Citizen? Digital Citizens are people who use technology often and appropriately. Digital Citizens are people who.

Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University

Lecture 5 Page 1 Advanced Network Security Review of Cryptography: Cryptographic Keys Advanced Network Security Peter Reiher August, 2014.

THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.

Digital Security Jesline James! 9cc. Contents  The CREATORS!!!! =] The CREATORS!!!! =]  What is Digital Security? What is Digital Security?  How does.

 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.

Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.

Securely Managing VMS from a Windows Environment 1.

Issues in Cryptography

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.

Outline What does the OS protect? Authentication for operating systems

Ronald L. Rivest MIT Laboratory for Computer Science

Outline What does the OS protect? Authentication for operating systems

CS691 M2009 Semester Project PHILIP HUYNH

Malware, Phishing and Network Policies

CS691 M2009 Semester Project PHILIP HUYNH

Prepared By : Binay Tiwari

e-Security Solutions Penki Kontinentai Vladas Lapinskas

Presentation transcript:

Issues in Cryptography Ronald L. Rivest MIT Laboratory for Computer Science

Outline u “Where’s Alice?” ---The Secure Platform Problem u Digital Signatures u Repudiation

u Assumes Alice can generate and use her secret key SK A, while keeping it secret. u Alice’s secret key SK A is her “cyber- soul”, her “electronic identity” (or pseudonym), her way of identifying herself. SK A is Alice! The “Alice abstraction”

Cryptography in Theory Alice SK A Internet

But Alice is not a computer! u Alice needs a computer (or at least a processor) to store her secret key SK A and perform cryptographic computations on her behalf. u In particular, her processor should produce Alice’s digital signature when appropriately authorized…

Cryptography in Practice SK A Alice! Internet Alice?

But her OS is not secure! u Modern OS’s (Windows, Unix) are too complex to be adequately secure for many applications (viruses, Trojan horses). u Would you base the security of an Internet presidential election on the security of Linux? u Alice’s key SK A may be vulnerable to abuse or theft…

Can SK A go on a smart card? SK A Alice? Internet Alice?

But her OS is still not secure! u Smart card has no direct I/O to Alice. u When Alice authorizes a digital signature, she must trust OS to present correct message to smart card for signing.

Can SK A go on a phone or PDA? Alice? Internet Alice? SK A

But this looks very familiar! u Same story as for PC, but smaller! u PC smart card  Phone SIM card. u Phones now have complicated OS’s, downloadable apps, the whole can of worms. u Little has changed.

Why can’t we solve problem? u There is a fundamental conflict! u Downloadable apps and complexity are: –Necessary for reasonable UI –Incompatible with security

u The following are incompatible: –A reasonable UI –Security Security Reasonable UI The Sad Truth?

But Digital Sigs Need Both! u Security to protect secret key and securely show user what is being signed. u Reasonable UI to support complex and variable transactions.

Are Digital Signatures Dead? u As usually conceived, perhaps… u We should change our mind-set: –A digital signature is not nonrepudiable proof of user’s intent, but merely plausible evidence. –We should build in repudiation mechanisms to handle the damage that can be caused by malicious apps. –Repudiate signatures, not keys.

Use a Co-Signing Registry u Signature not OK until saved and co- signed by user’s co-signing registry (e.g. at home or bank). u User can easily review all messages signed with his key. u Registry can follow user-defined policy on co-signing. u Registry can notify user whenever his key is used to sign something.

Use One-Time Signing Keys u Registry can give user a set of one- time signing keys, so damage from key compromise is limited. Registry won’t co-sign if key was used before. In this case, registry really holds user’s secret signing key, and signs for him when authorized by one-time key.

Repudiation u May not be so hard to live with, once we accept that it is necessary. u Consistent with legal status of handwritten signatures (can be repudiated, need witnesses for higher security).

Conclusions u Cryptography works great, but insecure OS’s make digital signatures problematic, because of conflict between security and reasonable UI’s. u Design systems that are robust in face of some key abuse (Alice may not always know what is being signed by her key!)

(THE END)