Chapter 4 Using Encryption in Cryptographic Protocols & Practices
csci5233 computer security & integrity (Chap. 4) 2 Outline Protocols Use of protocols on “real” tasks –Distribution of keys, Certificates, Digital signatures, Key escrow, Mental poker, Electronic voting, oblivious transfer, contract signing, certified mail Criteria of good encryption practices Other security-enhancing methods –Block chaining, one-way encryption, cryptographic sealing, time stamps Other modes of using DES
csci5233 computer security & integrity (Chap. 4) 3 Using Encryption Just using encryption does not guarantee secrecy, privacy, or authenticity; it is the correct use of encryption that brings about these results. Cryptographic protocols: the appropriate ways to use encryption Encryption is the foundation of cryptographic protocols. A cryptographic protocol makes use of encryptions to solve a real-world problem.
csci5233 computer security & integrity (Chap. 4) 4 Cryptographic Protocols A protocol is an orderly sequence of steps two or more parties take to accomplish some task. Keywords: order, steps, task Characteristics of a protocol: –Established in advance –Mutually subscribed –Unambiguous –Complete Q: Is there anything missing in the above definition?
csci5233 computer security & integrity (Chap. 4) 5 Advantages of Protocols A protocol defines a high-level process of accomplishing a task. Its correctness can be verified at a high level. A protocol separates design of a solution from implementation of the solution. The implementation can be done in one of many ways. The underlying implementation of a protocol can be changed without affecting the design.
csci5233 computer security & integrity (Chap. 4) 6 Types of Protocols: Arbitrated protocols Fig. 4-1 (p.130): Arbitrated, adjudicated, and self- enforcing protocols Arbitrated protocols –An arbiter is a disinterested third party trusted to complete a transaction between two distrusting parties. –Example: Sale of a car between strangers –Another example: Credit card transaction –In a computer protocol, an arbiter is a trustworthy third party who ensures fairness. An arbiter is usually a program or a machine which forwards a message from one user to another in a computer network. –An arbiter participates in each transaction. Disadvantages –Hard to find an arbiter; cost of maintaining an arbiter; communication delay; network bottleneck; secrecy
csci5233 computer security & integrity (Chap. 4) 7 Types of Protocols: Adjudicated protocols An adjudicator is a third party who can judge whether a transaction was performed fairly, in case of a dispute. Example: a notary public, who attests the authenticity of a signed document An adjudicated protocol allows an adjudicator to examine transaction data to decide whether two disputing parties acted fairly. Advantages: less costly (compared to arbitrated protocols) Disadvantage: after-the-fact analysis, no prevention
csci5233 computer security & integrity (Chap. 4) 8 Types of Protocols: Self-enforcing protocols A self-enforcing protocol guarantees fairness of a transaction, without the presence of a third party. During the transaction, either party’s attempt to cheat becomes immediately obvious to the other party. Advantages: no such cost as those associated with arbitrated or adjudicated protocols Disadvantages: There is not a self-enforcing protocol for every situation.
csci5233 computer security & integrity (Chap. 4) 9 Using protocols to solve problems: Key distribution The problem: Changing keys frequently to ensure good cryptographic practice The appropriate frequency of key exchange is not simple to decide. Sample protocols for key distribution: –Symmetric key exchange w/o server –Symmetric key exchange with server –Asymmetric key exchange w/o server –Asymmetric key exchange with server
csci5233 computer security & integrity (Chap. 4) 10 Key distribution: (1) Symmetric key exchange w/o server Two users share a master key, K. A new key, K new is sent as E(K new, K) from one user to the other. Disadvantage: Every two users must share a key that is unique to them. n (n-1) / 2 keys, for n users. Alternative solution: Use a key distribution center (next approach)
csci5233 computer security & integrity (Chap. 4) 11 Key distribution: (2) Symmetric key exchange with server Instead of having every two users share a master key, a key distribution center (KDC) shares a unique key with every user. Before user A can talk to user B, user A must get a fresh session key K AB from KDC. See Figure 4-2 (p.132) Q: How would Renee know that Pablo really got the key from the KDC?
csci5233 computer security & integrity (Chap. 4) 12 Key distribution: (2) Symmetric key exchange with server Q: How would Renee know that Pablo really got the key from the KDC? Given: K R - the key shared between Renee and the KDC K P - the key shared between Pablo and the KDC 1. Pablo sends (P, R, I P ) to the KDC 2. KDC sends K PR to Pablo, using the message E(I P, R, K PR, E((K PR,P), K R ), K P ). 3. Pablo sends to Renee E((K PR,P), K R ). Pros and Cons ?
csci5233 computer security & integrity (Chap. 4) 13 Key distribution: Asymmetric key exchange without server Rationale: (a) no need for individual keys; (b) no central repository of keys Given: Pablo’s public key, E P, and private key, D P. Renee’s public key, E R, and private key, D R. Q: Why doesn’t Pablo simply send the message M to Renee as E R (M)? Symmetric encryption incurs less overhead than public key encryption. The issue: Use public key encryption to exchange a symmetric key for encrypting further communications. Figure 4-3 (p.133): Pablo sends E R (D P (K)) to Renee.
csci5233 computer security & integrity (Chap. 4) 14 Key distribution: Asymmetric key exchange with server Allows users to request each other’s public keys from a server See Fig. 4-4 (p.134) Steps: 1.Pablo sends (P, R) to the KDC. 2.KDC sends D D (E R, R) to Pablo. 3.Pablo sends E R (P, I P ) to Renee. 4.Renee sends (R, P) to the KDC. 5.KDC sends D D (E P, P) to Renee. 6.Renee sends E P (I P, I R ) to Pablo. 7.Pablo sends E R (M, I R ) to Renee. M is a message, and is typically a symmetric key for both parties to further communicate (approach 3).
csci5233 computer security & integrity (Chap. 4) 15 Digital Certificates Question: In public key distribution discussed above, how can the KDC be sure that the registration of a public key for user U, (E U, U) is authentic? The solution: Certificates Ways for two people to establish trust without having met The “vouch for” concept: “Someone I trust trusts this person.” An example: Passing keys in an organization (bottom-up) Figure 4-5, 4-6 (p.137) The challenge: To obtain a binding of a public key, E U, with a reliable identity, U
csci5233 computer security & integrity (Chap. 4) 16 Digital Certificates A top-down approach of passing down authenticated identities a chain of authenticators A certificate = (a user’s identity, the user’s public key) Each user has a certificate. Q: How is a user’s certificate created? Fig 4-8: Diana’s certificate = D Edward (Diana’s name & public key, a hash value generated by Edward based on Diana’s information) Delwyn’s certificate = D Diana (Delwyn’s name & public key, a hash value generated by Diana based on Delwyn’s information) + Diana’s certificate
csci5233 computer security & integrity (Chap. 4) 17 Digital Certificates Chain of certificates: Fig. 4-9 Question: Can certificates be created when there is no single person at the top, such as in e-commerce? p.139: An approach proposed by the Internet Society IS signs certificates for Policy Certifying Authorities; PCAs sign certificates for other agencies and individuals.
csci5233 computer security & integrity (Chap. 4) 18 Summary Next: Part B