Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Infrastructure for Electronic Commerce All About Cryptography Professor Fred B. Schneider Dept. of Computer Science Cornell University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Infrastructure for Electronic Commerce All About Cryptography Professor Fred B. Schneider Dept. of Computer Science Cornell University."— Presentation transcript:

1 Software Infrastructure for Electronic Commerce All About Cryptography Professor Fred B. Schneider Dept. of Computer Science Cornell University

2 1 Goals l Learn what problems can (and cannot) be addressed using cryptography. l Become convinced that: –Designing a decent cryptosystem is extremely difficult. –Using cryptography requires building a substantial (but easily overlooked) infrastructure.

3 2 Encryption and Decryption This is…aSxxyw Encrypt aSxxywThis is… Decrypt Encryption key Decryption key plaintext ciphertext

4 3 Encryption and Decryption: Terminology plaintext: input to encryption algorithm. ciphertext: output of encryption algorithm. shared key (symmetric key) cryptography: –encryption key and decryption keys the same. –Encrypt & Decrypt functions often the same. public key (asymmetric key) cryptography: –Encryption key and decryption keys different. –Encrypt & Decrypt functions are different.

5 4 Uses for Cryptography Secrecy: Obscure the contents of messages or stored data from eavesdroppers. Integrity: Detect any alteration performed after message or stored data is generated. Authentication: Verify the identity of the source of a message or stored data. (Authentication of messages is useful in making authorization decisions.) Non-repudiation: Establish for a third party the source and contents of a message or stored data.

6 5 What Encryption Does Confusion: Unable to predict how changing the plaintext alters the ciphertext. Diffusion: Local change to plaintext alters much of the ciphertext. a  x xy  yx Mechanisms: substitution and transposition. Final Result: computational secrecy: Depends on resource limits. Bigger keys better. perfect secrecy: Will never be broken.

7 6 Secret Key Encryption Algorithms DES (Data Encryption Standard) y64 bits in/out, 56 bits key. yComputationally (in)secure. $1M tries all DES keys in 7 hrs using 1993 hardware cracking machine. Triple-DES AES (Advanced Encryption Standard) “Rijndael” yVariable block length & variable key length (128, 192, 256) IDEA (International Data Encryption Algorithm) y64 bits in/out, 128 bit key. yComputationally secure: at 1 billion key-tries/sec/processor, system of a billion processors requires 10 13 years to try every possible key (1000x longer than age of the universe).

8 7 Secret Key Encryption: Implementing Secrecy Notation: –E(m,K)Encrypt m using key K –D(x,K)Decrypt x using key K –A  B: msgA sends msg to B Protocol: 1. A  B: E(m, K AB ) A encrypts m using a key shared with B 2. B: D( E(m, K AB ), K AB ) B decrypts message it received.

9 8 Secret Key Encryption: Implementing Authentication A  B: I’m A B: Generate random r B B  A: r B A  B: E(r B, K AB ) B: D(E(r B, K AB ),K AB )=r B ? A: Generate random r A A  B: r A B  A: E(r A, K AB ) A: D(E(r A, K AB ), K AB ) = r A ?

10 9 Secret Key Encryption: Implementing Authentication A  B: I’m A A starts protocol B: Generate random r B B generates challenge B  A: r B A  B: E(r B, K AB ) A responds to B’s challenge B: D(E(r B, K AB ),K AB ) = r B ? B checks A’s response. Only A would know K AB A: Generate random r A A generates challenge A  B: r A B  A: E(r A, K AB ) B responds to A’s challenge A: D(E(r A, K AB ), K AB ) = r A ? A checks B’s response. Only B would know K AB

11 10 Secret Key Encryption: Key Management Problem Problem: N principals: N 2 keys (2 N keys for groups) Solution: Key Distribution Center (KDC) yEvery principal shares a key with KDC. (N keys needed for this) yKDC is trusted host: Generates keys only as needed. Communicates those keys to parties. Kerberos is an example. Mostly used for authentication / authorization in distributed systems (and not for secrecy).

12 11 Public Key Cryptography Must you already share a secret to share another? key needed A: Secret in chest; Secure with Lock A A A  B: Chest with Lock A A B  A: Chest with Lock A and Lock B A, B A: Remove Lock A B A  B: Chest with Lock B B B: Remove Lock B. Remove secret __ Key is a secret in chest. Lock is 1-way trap-door function.

13 12 Public Key Cryptography: Encryption and Decryption Notation: K A : public key for A (upper case K) k A : private key for A (lower case k) For key pair K,k: E(m,K): encrypt m with public key K D(x, k): decrypt x with private key k Properties: D( E(m,K), k) = m E( D(m,k), K) = m (Optional) E and D are expensive on long messages.

14 13 Public Key Cryptography: Encryption Algorithms l RSA (Rivest-Shamir-Adelman): Based on factoring large numbers and computing logarithms in finite fields. Patent rights expire in 2000. l Elliptic Curve Cryptography: The “new, new thing”; not everyone believes this is secure.

15 14 Public Key Cryptography: Digital signatures h( msg ) = E(, K FBS ) … to check signature validity Buy 100 QCOM for $132. -FBS D( h( msg ), k FBS ) msg D( h( msg ), k FBS ) {msg} FBS denotes message msg signed by k FBS ?

16 15 Public Key Cryptography: Properties of Cryptographic Hash hash function: Encryption without keys! Variable length input  Fixed length output (100-1000 bits). Infeasible to ydetermine input from output. yfind an input that has a particular (desired) output. yfind 2 inputs that have the same output. Changing one bit (or more) in input leads to completely different output. Examples of hash functions: MD5, SHA

17 16 Public Key Cryptography: Certificates Problem: How do principals learn others’ public keys? Solution: Employ a certification authority (CA): –Trusted server that generates certificates { Fred, K Fred } Verasign when presented with evidence of principal’s identity. –All hosts pre-configured with K Verasign. –CA need not be on-line. –Certificates can be stored anyplace and forwarded anywhere as needed.

18 17 Public Key Cryptography: Revocation of Certificates Problem: Compromise of a private key. Solutions: –Associate expiration dates with certificates. Risk: Period from compromise to expiration. –Periodically issue certificate revocation list (CRL). Risk: Denial of service to delay CRL arrival. –Support re-validation of certificates use.

19 18 Problem: Having a single CA is unrealistic! yNothing is trusted by everyone! yPerformance must scale. Solution: Multiple CA’s. To find K A, find: l If have K CA then find a certificate {A, K A } CA l Else find K CA1 for first link in chain: {CA2, K CA2 } CA1 {CA3, K CA3 } CA2 … {CA7, K CA7 } CA6 {A, K A } CA7 Each certificate may be managed by a different CA. What’s in a name? That’s the real problem… Public Key Cryptography: Multiple Certification Authorities

20 19 Public Key Cryptography: Web of Trust Problem: Having a single CA is unrealistic! yNothing is trusted by everyone! yPerformance must scale. Solution: Have principals endorse certificates. l If receive enough endorsements from principals that you trust, then you decide binding is correct. l Revocation is difficult to manage. l Introduced in PGP mail system.

21 20 Public Key Cryptography: Public Key Infrastructure l Creation of certificates. l Dissemination of certificates. l Revocation of certificates. l Key escrow. –Allow recovery of data encrypted by an old key. l Data archives with old keys.

22 21 Misuse of Cryptography Software-implemented content protection is a flawed idea. Example: DVD encryption: yDVD encrypted using CCS (content scrambling system) 40 bit key. Weak key! yEvery DVD player comes with several “unlock” keys. yEvery DVD stores 400 copies of content decryption key; each copy is encrypted with a different “unlock” key. yContent decryption key must appear in the clear. yWith secure hardware, scheme would work… 11/1/99: DVD’s effectively no longer have their content protected. But copyright law still applies.

23 22 Misplaced Trust l Trust a certificate? Better trust the issuing CA! –Anyone can assign a name. –Anyone can assume a name. l Is your signing key secure? –Virus and malicious code attacks –(Guessable) password protected?

Download ppt "Software Infrastructure for Electronic Commerce All About Cryptography Professor Fred B. Schneider Dept. of Computer Science Cornell University."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Cryptography Basic (cont)

Cryptography Basic (cont)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google