Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rennes, 23/10/2014 Cristina Onete Graded Exercises & Authentication.

Published byEleanore Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "Rennes, 23/10/2014 Cristina Onete Graded Exercises & Authentication."— Presentation transcript:

1 Rennes, 23/10/2014 Cristina Onete maria-cristina.onete@irisa.fr Graded Exercises & Authentication

2  Challenge-Response Prover Verifier challenge response  Symmetric authentication: Verifier stores a keyring of many keys (each corresponding to one prover) Goal of challenge-response: verifier can decide whether the prover is legitimate or not Shared Property 1: a legitimate prover can always authenticate Property 2: an illegitimate prover can never authenticate Cristina Onete || 06/11/2014 || 2

3  Challenge-Response Prover Verifier challenge response  Exercise 5: Design a challenge-response protocol using a symmetric encryption function Now use a PK encryption scheme Use a pseudo-random hash function Now use a signature scheme Use a commitment scheme and a 1-way hash function Cristina Onete || 06/11/2014 || 3

4  Exercises  Exercise 6: Prover Verifier Use the protocol above, assuming the hash function produ- ces pseudo-random outputs What is a simple denial-of-service attack that an attacker can run against a verifier who stores very many keys? Cristina Onete || 06/11/2014 || 4

5  Exercises Prover Verifier  Exercise 7: A mutual authentication protocol is one in which both parties can verify the legitimacy of their partner Start from a basic 2-move challenge-response protocol. Can you think of a 3-move protocol that ensures MUTUAL authentication? Design a mutual authentication protocol using only a (keyed) hash function. What are the required properties? Cristina Onete || 06/11/2014 || 5

6  Exercise 8: the age game  One of your friends, a girl, asks you to guess her age  You know the penalty for guessing she is too old: she’ll kick you and punch you, and probably then kill you  So you say: I bet you I know your age. But you have to give me your ID card to check it. If it’s right, I will prove to you that I knew your age. If I am wrong, I’m buying you flowers, chocolates, and an expensive dinner Use a commitment scheme. The idea is that you want to be able to prove that your guess was right (if the number you guessed is at most her age – as you will see from her ID) or withold any information about your guess (if you guessed wrongly). That way, she will at least not know how old you thought she was Cristina Onete || 06/11/2014 || 6

7  Some thought:  We have an arbitrary unforgeable signature scheme: SScheme = (KGen, Sign, Vf)  And we also have any IND-CCA encryption scheme  Say we want to ensure that a (confidential) message comes from a given party. Can we send: EScheme = (KGen, Enc, Dec) Cristina Onete || 15/10/2014 || 7

8 CIDRE Thanks!

Download ppt "Rennes, 23/10/2014 Cristina Onete Graded Exercises & Authentication."

Similar presentations

Word List A.

Word List A.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.
Security Definitions in Computational Cryptography

Security Definitions in Computational Cryptography
Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL.

Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Rennes, 07/11/2014 Cristina Onete CIDRE/ INRIA Controlled malleability. Sanitizable Signatures.

Rennes, 07/11/2014 Cristina Onete CIDRE/ INRIA Controlled malleability. Sanitizable Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Rennes, 27/11/2014 Cristina Onete Subject Review, Questions, and Exam Practice.

Rennes, 27/11/2014 Cristina Onete Subject Review, Questions, and Exam Practice.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

Similar presentations

Ads by Google