Download presentation
Presentation is loading. Please wait.
1
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive Non-interactive – Smart-cards Examination tasks Theme for last lecture
2
May 21, 2002Mårten Trolin2 Symmetric vs. asymmetric cryptography Symmetric ciphers – sender and recipient use the same key – D key (E key (m)) = m Substitution cipher is an example of a symmetric cipher Impractical for big systems – number of keys is quadratic in the number of users The solution – asymmtric algorithms. Think of a locked mailbox! Different keys for encryption and decryption – D private key (E public key (m)) = m
3
May 21, 2002Mårten Trolin3 Hash functions A hash function computes a fixed length value from a variable length source – Example: Check sums in communication protocols – Indices in databases More convenient to handle a hash of a document instead of the document itself We will consider cryptographically secure hash functions.
4
May 21, 2002Mårten Trolin4 Properties of good hash functions Let H be a hash function One-way – Given v, unfeasible to compute an x such that H(x) = v Collision-free – Infeasible to find x 1 and x 2 such that H(x 1 ) = H(x 2 ) and x 1 x 2
5
May 21, 2002Mårten Trolin5 Digital signatures Used to ensure authenticity. A digital signatures binds a document to a person. In a public key infrastructure (PKI), a person produces a digital signature using his private key The signature can be verified using the public key.
6
May 21, 2002Mårten Trolin6 Use of a digital signature Signature generation Private key Document Signature Signature verification Public key Document OK / not OK SignerVerifier
7
May 21, 2002Mårten Trolin7 Message Authentication Codes Digital signatures requires public/private keys The same functionality can be achieved with symmetric keys – Called MAC – Message Authentication Code – Signer and verifier uses the same key Question: What are the advantages compared to digital signatures? What are the disadvantages?
8
May 21, 2002Mårten Trolin8 Two simple MACs Let E key, D key be a symmetric cipher, and let H be a hash function. Let m be the message to MAC and let k be the symmetric key. First proposition: Compute a hash of the document and encrypt it – E k (H(m)) Second proposition: Concatinate the message and the key and compute the hash – H(m k)
9
May 21, 2002Mårten Trolin9 Interactive Protocol TCP/IP User (p u, s u ) Web server User’s public key p u Symmetric key k encrypted under p u Communication encrypted under k Generates symmetric key k Decrypts k using s u
10
May 21, 2002Mårten Trolin10 User (p u, s u ) Web server User’s public key p u Symmetric key k encrypted under p m Communication encrypted under k Generates symmetric key k Decrypts k using s u Replaces p u with his own p m Man in the middle (p m, s m ) pmpm Decrypts k using s m and reencrypts using p u Symmetric key k encrypted under p u
11
May 21, 2002Mårten Trolin11 Public key certificates A public key certificate consists of – A public key – Information on the owner Name, address, photograph, finger-print, credit card number, etc. – A signature on the above data by a trusted party Trusted party could be the government, a bank, etc. User’s public key Identification data Digital signature by CA User’s Private key Public information Private information
12
May 21, 2002Mårten Trolin12 Certificate chains Certificates can be chained – Each certificate in the chain is signed with the private key of the certificate above. If the user knows the root certificate, he can verify that each step is valid. Using chains, the CA can outsource signing to other organizations it trusts without giving away its private key.
13
May 21, 2002Mårten Trolin13 Certificate chains The end user certificates are verified by following the chain up to the root certificate authority (CA) –If every step in the chain is valid, the end user certificate is considered valid.
14
May 21, 2002Mårten Trolin14 SSL/TLS SSL (Secure Socket Layer) and TLS (Transport Layer Security) are standards for how to secure TCP/IP communications – As of the latest revision, TLS is the official name for what used to be called SSL. However, SSL is still the word most frequently used. TLS is a layer on top of the TCP layer
15
May 21, 2002Mårten Trolin15 TLS IP TCP HTTPTLS IP TCP HTTP Not secureSecure
16
May 21, 2002Mårten Trolin16 TLS Handshake Client Server ClientHello ServerHello ServerKeyExchange ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec Finished ServerHelloDone Certificate
17
May 21, 2002Mårten Trolin17 Non-interactive protocols For interactive protocols, the symmetric key is decided in the handshake. For non- interactive protocols, this must be solved in another way. – The key cannot be negotiated. – Encrypt a session key using the recipients public key.
18
May 21, 2002Mårten Trolin18 Session key in non-interactive protocols For non-interactive protocols, the sender generates a session key. The session key is encrypted using the recipient’s public key. – Recipient’s public key must be known in advance. The message is encrypted with the (symmetric) session key. The encrypted message consists of the encrypted session key and the cipher text. The recipient decrypts the session key with his private key and decrypts the message.
19
May 21, 2002Mårten Trolin19 Pretty Good Privacy Protocol overview – Symmetric session key encrypted with asymmetric key Key management – Distributed, non-centralized Trust model – Web of trust – Introducers
20
May 21, 2002Mårten Trolin20 Password generated keys – problems and solutions Password generated keys suffer from the same general problem as passwords for authentication. – Number of passwords is relatively small – possible to create a list with all possible passwords and corresponding keys. Use a salt to avoid dictionary attacks. Make key generation “slow”, to make brute-force attacks more time consuming.
21
May 21, 2002Mårten Trolin21 Generating keys Key generation requires a good source of random bits – Bad key material makes system vulnerable to attacks. Has been done in practice. – Hardware generators provide the best source. – For end-user applications - some user interaction can be used (mouse movement, key strokes, etc.) – Using system time for high security requirements is a bad idea! For high-security applications, key generation should take place in a closed environment.
22
May 21, 2002Mårten Trolin22 Distributing symmetric keys Symmetric keys are very sensitive and must be distributed with great care. Depending on how valueable the key is, different approaches are possible. – Send the key to recipient by physically secure means, e.g., by courier, by registered mail etc. – If a common key exists, send the new key encrypted under the common key. – Split the key into components and send the key components with different security officers.
23
May 21, 2002Mårten Trolin23 What Is a Smart-Card A smart-card is a small computer Often placed on a credit-card sized plastic card Can have contacts or be contact-less Has a well-defined interface – Can have secret information that is protected from direct access First appeared in the 1970s
24
May 21, 2002Mårten Trolin24 Advantages with Smart-Cards Can have secret data – Data used for internal computations and never revealed in clear – Example: PIN and keys can be stored on card Can process data and save information – Count transactions – Check PIN and count unsuccessful tries – Different behavior depending on geographic location – Cryptographic functions Uses the secret keys
25
May 21, 2002Mårten Trolin25 Examination The assignments gave a maximum of 15 points. – An extra task can be solved to make up for missing points. However, 15 is still the maximum for this part. Choose one of the two examination tasks to solve – Gives up to 15 points. – Write solution in English or Latvian and explain it orally.
26
May 21, 2002Mårten Trolin26 Examination task No programming, just analysis. Email me your solution. – No later than June 17th. Describe your solution and explain the choices you made orally (15-20 minutes).
27
May 21, 2002Mårten Trolin27 Examination Task 1 Design a system for an internet bank. – Signing up a new customer. – Logging in. – Handling a lost key.
28
May 21, 2002Mårten Trolin28 Examination Task 2 Designing a token-based access system for an office. – Enter a new employee. – Changing access rights. – Handle a compromised data-base.
29
May 21, 2002Mårten Trolin29 Examination Tasks Give an as complete as possible description. Compare different possible approaches.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.