Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.

Similar presentations


Presentation on theme: "1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The."— Presentation transcript:

1 1 Intro To Encryption Exercise 11

2 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The requirements for the games are  Privacy of the choice (i.e. when someone chooses, the other party does not know his choice)  Non repudiation of the choice (i.e. when someone chooses, he can’t change his decision later) Assume: known public keys for parties: e A, s A, e B,s B (for encryption, signature by Alice, Bob)

3 3 Solution – choice phase Use Encrypt-Then-Sign scheme, i.e. sign the encrypted value. Alice’s playout  Alice picks ephemeral PKCS keys e temp,d temp  Alice’s choice is denoted as C a (“ P”, “R” or “S”)  Alice choice: Sign sA (Enc etemp (C a ),e temp ). Same goes for Bob.

4 4 Solution – Verification Phase Alice provides  C A, randomness used for encryption  Why do we need to use randomized encryption? Bob’s verification  Ver vA (Enc etemp (C A ),e temp ) If C A >C B (when > represents better) then Alice wins, otherwise Bob wins.

5 5 Problem Why does Alice (and Bob) sign their public keys as well? Isn’t it sufficient to sign the encryption?

6 6 Solution No!!! From the lecture:  Anderson and Needham [AN95] Key-spoofing attacks against EtS Recipient chooses (special?) public encryption key e Such that for some m, m’, e’ holds: E e’ (m’)=E e (m) E.g. RSA: m’=m e/e’ m’ e’ =m e With CRT, can compute e’ for any m, m’, e `Collision` of encryption (inputs: public key and data) Signing the public key ensures that this key was used and no other key.

7 7 Problem Suggest a way for independent parties to share keys for sessions. The parties may hold a long term key with only one party, for each other parties they can’t hold/generate a long term/short term key. The parties may trust some other parties. You may NOT use DH/RSA.

8 8 Solution Use a key distribution center for generating the keys. Each entity trusts the KDC and holds a symmetrical key with him. The KDC shall generate the keys. Example:  Party A wishes to communicate with party B.  A’s key is K A, B’s key is K B. The keys are shared with the KDC only.

9 9 Solution KDC generates a key K AB KDC transmits the keys using  ENC KA (K AB ) to A  ENC KB (K AB ) to B

10 10 Problem What about authentication? Should we use the same keys for encryption and authentication? How may we derive keys for authentication?

11 11 Solution The use of MAC is required for authentication. We MUST NOT use same keys for MAC and ENC (possible key/message exposure) We MAY Derive keys as follows  PRF KA (“Encryption”) for encryption  PRF KA (“Authentication”) for authentication

12 12 Problem How may you refresh the keys of the KDC (and clients) to provide proactive security such that all clients are synchronized and their keys are refreshed?

13 13 Solution We may use forward secrecy  At period t+1 client A shall replace his key K A likewise PRF KA (“Refresh”||t+1)  The same shall be with the KDC (same protocol) For each K i in { A, B, …} do  PRF Ki (“Refresh”||t+1) done

14 14 Problem Does this solution provide forward secrecy? How would you change the protocol to accommodate the requirements for forward secrecy?

15 15 Solution Using DH methods Generate p a large prime and g a generator. User A shall generate a number a and g a which shall be his private and public numbers. The KDC shall generate a number ka and g ka for each of the clients. The protocol  Use DH between the client and server to generate the new keys Show the protocol including authentication to provide secure key refresh without eve performing a man in the middle attack or discover the new key.

16 16 Problem What may be the problem with a central KDC?

17 17 Solution Performace may decrease when clients increase. Especially when multicast clients are present Security may be a very big issue (single point of failure, master keys recovery).

18 18 Problem How should you improve performance? Is replication a good performance improvement? How does it affects security?

19 19 Solution A naïve approach may be to replicate the KDC This may solve some performance issues when done properly This may decrease security because of multiple exact copies of the same information.


Download ppt "1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The."

Similar presentations


Ads by Google