Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

Similar presentations


Presentation on theme: "Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session."— Presentation transcript:

1 Chapter 3: Basic Protocols Dulal C. Kar

2 Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session Assume Alice and Bob share a secret key with KDC (Trent) Protocol 1.Alice asks Trent for a session key to communicate with Bob 2.Trent generates a random session key and encrypts two copies of the a random session key, one with Alice’s key and the other with Bob’s key. Trent sends both copies to Alice. 3.Alice decrypts her copy of the session key and sends Bob his copy of the session key 4.Bob decrypts his copy of the session key

3 Key Exchange with Public-Key Cryptography 1.Alice gets Bob’s public key from the KDC 2.Alice generates a random session key, encrypts it using Bob’s public key and sends it to Bob 3.Bob then decrypts Alice’s message using his private key In practical implementations, signed public keys are maintained in a secure database The protocol is subject to man-in-the-middle attack. How?

4 Interlock Protocol (Rivest and Shamir) 1.Alice sends Bob her public key 2.Bob sends Alice his public key 3.Alice encrypts her message using Bob’s public key. She sends half of the encrypted message to Bob 4.Bob encrypts his message using Alice’s public key. He sends half of the encrypted message to Alice 5.Alice sends the other half of her encrypted message to Bob 6.Bob puts the two halves of Alice’s message together and decrypts it with his private key. Bob sends the other half of his encrypted message to Alice 7.Alice puts the two halves of Bob’s message together and decrypts it with her private key Has a good chance of foiling man-in-the-middle attack. How? –Mallory can substitute his own public keys for Alice’s and Bob’s in steps (1) and (2) –Cannot decrypt half of Alice’s message and reencrypt it with Bob’s public key. He must invent a totally new message and send half of it to Bob Important point –Half of the message is useless without the other half, it cannot be decrypted

5 Key Exchange with Digital Signature Circumvents man-in-the-middle attack Trent signs both Alice’s and Bob’s public keys When Alice and Bob receive the keys, each of them verifies Trent’s signature

6 Key and Message Transmission Without key-exchange protocol 1.Alice generates a random session key, K, and encrypts M using K. E K (M). 2.Alice gets Bob’s public key from the database and encrypts K with Bob’s public key. E B (K) 3.Alice sends both the encrypted message and encrypted session key to Bob. E K (M), E B (K) 4.Bob decrypts Alice’s session key, using his private key 5.Bob decrypts Alice’s message using the session key. Can be combined with digital signatures, timestamps, and any other security protocols

7 Key and Message Broadcast A protocol to send encrypted message M to Bob, Carol, and Dave 1.Alice encrypts M using random session key K. E K (M) 2.Alice encrypts K with Bob’s public key, encrypts K with Carol’s public key, and then encrypts K with Dave’s public key. E B (K), E C (K), E D (K) 3.Alice broadcasts E B (K), E C (K), E D (K), E K (M) 4.Only Bob, Carol, and Dave can decrypt K and message using K

8 Authentication Using One-way Function Protocol 1.Alice sends the host her password 2.Host performs a one-way function on the password and compares the value with the previously stored one Dictionary attack and salt –Salt is a random string concatenated with passwords –Most UNIX systems use only 12 bits of salt

9 SKEY An authentication program (For more details check: http://www.openbsd.org/cgi- bin/man.cgi?query=skey&sektion=1) http://www.openbsd.org/cgi- bin/man.cgi?query=skey&sektion=1 Makes use of one-way function, f Mechanism –To setup the system, Alice enters a random number –Computer computes x1 = f(R), x2 = f(f(R)), x3 = f(f(f(R))), and so on, about a hundred times –Alice receives the list of numbers x 1,..., x 100 and computer stores x 101 for Alice –To login Alice sends x 100 ; computer calculates f(x 100 ) and compares with x 101 –Computer replaces x 101 with x 100 and Alice crosses of x 100 –To login next time Alice will send x 99 –Alice has to reinitialize the system once she runs out of all

10 Authentication Using Public-key Cryptography Passwords using one-way functions are visible on the data path Public key cryptography solves the problem 1.Host sends Alice a random string 2.Alice encrypts the string with her private key and sends it back to host, along with her name 3.Host decrypts the message using Alice’s public key 4.If the decrypted string matches what the host sent Alice, the host allows access the system It is foolish to encrypt arbitrary strings sent by any third party. Why?

11 Mutual Authentication Using the Interlock Protocol Protocol 1.Alice and Bob trade public keys 2.Alice encrypts her password P A with Bob’s public key and sends it to him. 3.Bob encrypts his password P B with Alice’s public key and sends it to her 4.Each one verifies other Vulnerable to man-in-the-middle attack. How?

12 Symmetric Key Identification (SKID) SKID2 –Assume both Alice and Bob share a secret key, K –Allows Bob to prove his identity. How? –Protocol 1.Alice sends a random number, R A to Bob 2.Bob chooses a random number, R B and sends Alice: R B, H K (R A,R B,B), Where H K is the MAC and B is Bob’s name 3.Alice computes H K (R A,R B,B) and compares it with what she received from Bob to verify his identity

13 Authentication and Key Exchange Symbols AAlice’s name BBob’s name E A Encryption with a key Trent shares with Alice E B Encryption with a key Trent shares with Bob IIndex number KA random session key LLifetime T A, T B A timestamp R A, R B A random number, called a nonce, chosen by Alice and Bob respectively

14 Authentication and Key Exchange : Wide-Mouth Frog Simplest symmetric-key management protocol Uses a trusted server (Trent) Protocol 1.Alice sends to Trent: A, E A (T A,B,K) 2.Trent decrypts it and sends Bob: E B (T B, A, K) The protocol has several problems 1.A global clock is required 2.Trent has access to all keys 3.Shared key between Alice and Bob is completely determined by Alice (Can you trust Alice’s judgment?)

15 Authentication and Key Exchange: Yahalom Assumption: –Both Alice and Bob share a secret key with Trent Protocol –Alice sends Bob: A,R A –Bob sends to Trent: B, E B (A,R A,R B ) –Trent sends two messages to Alice: E A (B, K, R A, R B ), E B (A, K) –Alice extracts K from first message and confirms the value of R A. Alice sends Bob two messages: E B (A,K), E K (R B ) –Bob extracts K and confirms the value of R B Novelty of the protocol –Bob is the first one to contact Trent, who only sends one message to Alice

16 Authentication and Key Exchange: Kerberos Basic Kerberos 5 protocol 1.Alice sends to Trent: A,B 2.Trent sends two messages to Alice: E A (T,L,K,B), E B (T,L,K,A) 3.Alice sends two messages to Bob: E K (A,T), E B (T,L,K,A) 4. Bob sends Alice an encrypted message with the timestamp plus one: E K (T+1) Assumption: all clocks are synchronized with Trent’s clock

17 Authentication and Key Exchange: DASS Distributed Authentication Security Service (DASS) protocols Developed by digital equipment corporation DASS uses both public key and symmetric key cryptography Alice and Bob each have a private key Trent has signed copies of their public keys

18 Authentication and Key Exchange: DASS (cont’d) Alice sends Trent a message with Bob’s name: B Trent sends Alice: S T (B,K B ) Alice verifies Trent’s signature, generates session key, K and a random public-key/private-key pair, K P and sends three messages to Bob: E K (T A ), S KA (L,A,K P ), S KP (E KB (K)) Bob sends Trent: A Trent sends Bob: S T (A,K A ) Bob verifies Trent’s signature and confirm K A, verifies Alice’s signature and recovers K P and then verifies and recovers K. Then Bob decrypts T A to make sure this is a current message If mutual authentication required, Bob sends Alice: E K (T B ) Alice decrypts T B to make sure that the message is current

19 Authentication and Key Exchange: Woo-Lam Uses public-key cryptography 1.Alice sends Trent: A, B 2.Trent sends Alice: S T (K B ) 3.Alice verifies Trent’s signature and sends Bob: E KB (A,R A ) 4.Bob sends Trent: A,B,E KT (R A ) 1.Where K T is Trent’s public key 5.Trent sends Bob: S T (K A ), E KB (S T (R A,K,A,B)) 6.Bob verifies Trent’s signature and sends Alice: E KA (S T (R A,K,A,B),R B ) 7.Alice verifies Trent’s signature and her random number and sends Bob: E K (R B ) 8.Bob decrypts and verifies his random number

20 Secret Splitting Take a message and divide it up into pieces Each piece (called share) by itself has no information Simplest secret sharing scheme 1.Trent generates a random-bit string, R, the same length as the message, M. 2.Trent XOR’s M with R to generate S. 3.Trent gives R to Alice and S to Bob To reconstruct –Alice and Bob XOR their pieces Can be generalized to any number of shares This is an adjudicated protocol Problem with this protocol –Loss of a share will cause loss of the message entirely –One shareholder can subvert

21 Secret Sharing (m,n)-threshold scheme –Take any message and divide it into n pieces (called shares or shadows) such that any m of them can be used to reconstruct the message General threshold schemes are more versatile Variations of Secret Sharing Schemes –Secret sharing with cheaters –Secret sharing without Trent –Sharing a secret without revealing the shares –Verifiable secret sharing Allows each of the shareholders verify the validity of the share without revealing the secret –Secret-sharing schemes with prevention –Secret sharing with disenrollment Allows a new sharing scheme to be activated once one of the participants becomes untrustworthy

22 Cryptographic Protection of Databases Examples –Data security, privacy –Protecting mailing lists


Download ppt "Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session."

Similar presentations


Ads by Google