Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君."— Presentation transcript:

1 Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君

2 Outline Introduction Methods for Message Authentication A key transport scheme for message authentication

3 1.Introduction Four important objective of information security Authentication Confidentiality ( 可靠度 ) Data integrity ( 資料完整 ) Non-repudiation

4 Message Protocol AB Message M Communication channel Figure1. Two-party communication Party A is sender of message M,and party B is receiver. B would require one or more of the message : 1. Authentication of the message 2. Integrity of the data include in the message 3. Authentication of sender A

5 Authentication method can be in two group Message authentication – Provides assurance of the identity of A – Includes an evidence of data integrity Entity authentication – To avoid replay attacks, time-variant data (ex : time stamps) can be added to the message.

6 2.Method for Message Authentication arbitrary length  fixed length (use hash function) In cryptographic applications, the hash value is consider to be a shorter representation of the actual message. Hash function are classified into two groups : Unkeyed hash function(only input=>message) Keyed hash function(two input=>message&secret key)

7 The keyed hash functions that are used for message authentication are grouped under Message Authentication Codes (MACs) ( 訊息認證碼 ) Unkeyed hash function => Manipulation Detection Codes (MDCs) ( 轉換探測碼 ) MACs can be customize, constructed using block ciphers.

8 h(M) : hashing of message M with an MDC h k (M) : hashing of message M with an MAC with key K M 1 ||M 2 : Concatenation of message M 1 with message M 2 E k (M) : Encryption of massage M with key K S k private : Signing of message M with private key K private

9 Method 1. Using a MAC M||h k (M)

10 Method 2. Encrypting the message

11 Method 3. Signing the message

12 disadvantage Potential cryptographic weakness Lack of capability to authenticate message with different keys

13 Potential cryptographic weakness(1) MACs : Attack on the key space For a key size of t bits and a fixed input,the probability of finding correct n-bit MAC is about 2^t Attack on MAC value If hacker can determine the MACs key, he can create a MAC value for any message.

14 Potential cryptographic weakness(2) Encryption : If encryption is used along for message authentication, it is vulnerable to brute- force attacks. In the recent years,several powerful attacks have been developed against modern ciphers. (More attack like linear or differential cryptanalysis allow key recovery with less processor time. )

15 Potential cryptographic weakness(3) Digital signatures Form a theoretical viewpoint, no popular public-key signature algorithm is proven to be secure. Their security is base on the difficulty of computing discrete logarithm or factoring large number. With a fixed public/private key pair,attacks are possible using the public key of signatures on message.

16 Lack of capability to authenticate message with different key In some applications, there may be a need to send a message to a specific group of receiver. We would like to have a scheme that makes it possible to used a new key for each new message and to generate different keys for different group of receiver.

17 3. A key transport scheme for message authentication Threshold schemes A Preposition Secret Sharing Scheme for key transport Security analysis

18 Threshold schemes A (t,n) threshold scheme (t<=n) is the method by which n secret sharing S i (1<= i <= n),are computed from S in such a way that least t shares are required to reconstruct S. Ex: Bank manager divide combination of the bank safe among his five teller in such a way that any two tellers can open the safe.

19 In Shamir ’ s (t,n) threshold scheme 1.Choose a prime p large than n and the secret S 2.Define S to be the constant a 0 3.Construct f(x) by selecting (t-1) random coefficients a 1,…,a t-1 4.Compute the shares by evaluate f(x) at n distinct point, and distribute them to n user

20 Useful Group signatures Key recovery Discussing the application of threshold scheme to key distribution in broadcast network. If (t-1) shares are broadcast, the secret can be constructed by any receiver using the (t-1) shares and its distinct shares. Form a security viewpoint, the hacker needs to know only a signal share to brake the system.  Use Shamir ’ s threshold in new way …

21 A Preposition Secret Sharing Scheme for key transport Simple example Three levels Activating share Level1 : one common share Level2 : an additional common share Level3 : a unique additional share

22 Let p = 31

23 3.3 security analysis In the scheme, the shared is used to generate a message authenticator which is broadcast with the message and the activating share. For small value of t (low polynomials), the system may be exposed to brute- force attacks.

24 t = 2 The system is most vulnerable if first degree polynomials are used. t > 2 The security is based on the difficulty of estimating the prepositioned information in the receiver.

25 Several modifications are possible to increase the robustness Define the authentication key as a function of shared secret. Make t a time-dependent secret system parameter “ Mask ” the activating share before distribution Add redundant activating shares.

Download ppt "Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.

Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Similar presentations

Ads by Google