Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption and Integrity

Similar presentations


Presentation on theme: "Encryption and Integrity"— Presentation transcript:

1 Encryption and Integrity

2 Example-IPSec(ESP) Packet
Encrypted IP ESP TCP / UDP Payload HMAC Authenticated

3 Example - continued HMAC computed over ciphertext (advantages…)
HMAC doesn’t cover IP header (unlike AH). Can’t cover mutable fields. ESP header and IP header can’t be encrypted Encrypting TCP/UDP/ICMP… headers has advantages and disadvantages. HMAC is not encrypted

4 Example 2 - CBC MAC IV P1 Pn Ek Ek Ek C1 Cn MAC

5 CTR Mode Encryption Stream cipher mode (like OFB)
IV is a pair <nonce, counter> The nonce should be random Counter is incremented for each block encrypted Encryption of block number j, Pj by: Ek(nonce, counter+i)  , Pj

6 CCM Mode Encryption and authentication together with block cipher
Authentication by CBC MAC Encryption of message and of MAC by CTR mode Used in WiMAX communication

7 Public-Key Cryptography

8 Quadratic Residues Definition: An element x is a quadratic residue modulo n if there exists y such that y2x mod n If x is a quadratic residue and y is one of its roots, then so is –y mod n Claim: if p is a prime there are exactly (p-1)/2 quadratic residues in Zp Claim: if p is a prime, and g is a generator of the multiplicative group, the quadratic residues are even powers of g.

9 Quadratic Residues Claim: an element x in Zp is a quadratic residue if and only if x(p-1)/21 mod p

10 Generic Discrete Log Let G be a group and g a set element.
g is called the base. Let y=gx x is called the discrete log of y Example: y=gx mod p in Zp Example: y=gx mod p in the multiplicative group of Zp

11 Giant Step-Baby Step Goal: recover the discrete log in O(|G|1/2) steps
Input: y, g Output: x such that gx=y Let k |G|1/2 Compute and store gik for i=0,…,k-1 For every j=0,…,k-1 test if yg-j is one of the stored elements

12 Standard Discrete Log y=gx mod p in the multiplicative group of Zp
Computation takes O(log3p) steps Standard discrete log is believed to be a one-way function Can it be used as a hash function?

13 Key Exchange Idea was first presented by Diffie and Hellman
Goal: two parties who do not share a secret perform a protocol and derive the same key Eve who is listening in cannot obtain the new shared key if she has limited computational resources.

14 Classic Scheme Each party generates a key pair: a private key and a public key. The public keys are exchanged. Both parties derive the same shared key from two public keys and a single private key.

15 Properties of Key Exchange
Necessary security condition: the public key is a one way function of the private key. Necessary “algebraic” condition: an appropriate combination of public and private keys to form a shared key is required Key exchange by itself is effective only against a passive adversary. Man-in-the-middle attack is lethal

16 Security Requirements
Is the one-way relationship between public key and private key sufficient? A one-way function may leak some bits of its arguments. Example: gx mod p Shared key may be compromised Example: gx+y mod p

17 Security Requirements (cont.)
The full requirement is: given all the communication recorded throughout the protocol, computing any bit of the shared key is hard Note that the “any bit” requirement is especially important

18 Diffie-Hellman Algorithm
Public parameters: a prime p, and an element g (possibly a generator of the multiplicative group of Zp) Alice chooses x at random from the multiplicative group and sends gx mod p Bob chooses y at random from the multiplicative group and sends gy mod p Alice and Bob compute the shared key gxy mod p

19 Computing DH Computation time O(log3p)
1-10 key exchanges a second in real-world SW Up to 10 times that in HW. Beyond that- a heavy penalty in gate count Useful as key exchange, but not as block encryption

20 Other DH Systems The DH idea can be used with any group structure
Limitation: groups in which the discrete log can be easily computed are not useful Example: additive group of Zp Currently useful DH systems: the multiplicative group of Zp and elliptic curve systems

21 Quantum Key Exchange

22 Some Properties of Photons
Photons may be polarized, e.g: Rectilinear basis: Diagonal basis: Assume a single photon is transmitted with a certain polarization The act of measuring its polarization may change it A filter with the same polarization will receive the photon

23 Properties (cont.) A filter with the orthogonal polarization will receive nothing A filter in a different basis will receive the photon with 0.5 probability

24 Qubits Each photon represents one bit. The value of the bit is determined by polarization In each basis, one filter direction represents 1 and the other represents 0 If both sides choose the same basis a qubit (bit passed by photon) is passed correctly If both sides choose different bases there is a 50% chance that it is passed correctly and 50% that it is passed incorrectly

25 Eavesdropping If Eve chooses correctly the basis by which a qubit is sent she obtains the bit If she chooses incorrectly, she obtains the correct bit with 0.5 probability Eve must retransmit the qubit to Bob By obtaining the qubit, she may have changed it. If the qubit is changed, Bob gets the wrong bit

26 Brassard-Bennett Key Exchange
Alice chooses random n-bit key k Alice chooses n random bases Alice sends k as n qubits. The i-th qubit is transmitted using the i-th base Bob chooses n random bases and measures the qubits Bob tells Alice what bases he chose Alice tells Bob which of these bases is correct Shared key – bits for which Bob chose correctly Bob’s message to Alice has to be authenticated. Does not have to be encrypted.


Download ppt "Encryption and Integrity"

Similar presentations


Ads by Google