Presentation is loading. Please wait.

Presentation is loading. Please wait.

Two disparate Examples of of Encryption/Digital Signatures.

Published byRodney Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "Two disparate Examples of of Encryption/Digital Signatures."— Presentation transcript:

1 Two disparate Examples of of Encryption/Digital Signatures

2 Consider this A group of 5 young scientists (like you ) working for a chemical organisation has come up with a new anti-aging cream. The president of the company is ecstatic because it will sky rocket the organisation’s net sales. However, the president also received an anonymous tip stating that that two of the five scientists are considering job offers from their competitor company (unfortunately the tip off does not say who they are) to copy the formula. Assuming that only those 5 scientists use a computer where the details of the formula and the process of making the cream are stored as data files. Assume the following: 1. The president does not know how to use the computer (or its related programs). 2. The formula/process files are always stored in encrypted form using the private key cipher method. 3. Every time these files are accessed/modified, at least three scientist have to provide their secret key before the encrypted file can be decrypted. 4. How will you modify the crypto technique that we talked in the class to suit this situation?

3 3 Use & Abuse of encryption n Proper use: çprotects privacy of individuals çprotects commercial interests of companies n Abuse: çorganised crimes (s.a. drug trafficking) çfraud and corruption çterrorism ç......

4 4 US proposal n Key escrow was proposed by US government in 1993 as “something in between”, with the aim to balance between the interests of individuals and those of organisations or governments

5 5 Basic idea behind the proposal n Individuals (and companies) are allowed to use encryption n But, keys used by an individual must be available to law enforcement when they wish to monitor the individual’s communications

6 6 “Escrow” Dictionary Meaning: 1. n. written legal engagement to do something, kept in third person’s custody until some condition has been fulfilled; (money or goods so kept); 2. v.t. place in escrow

7 7 Key escrow (say 2 persons) n A key used by an individual is “split into two halves” n One half is stored in Escrow Agency A n The other half is stored in Escrow Agency B n Both agencies are organisations independent of governments

8 8 Key escrow (2) n When police wish to monitor an individual’s communications, they first obtain a court order from judges (the court system) n Police then present the court order çto Escrow Agency A to obtain the 1st half of the individual’s key çto Escrow Agency B to obtain the 2nd half of the individual’s key

9 9 Key escrow (3) n Now police can put the 2 halves together and get the individual’s key n With the key in their hands, police can now monitor all communications of the individual

10 10 Escrowed key E Network or Storage Plain Text Cipher Text D Original Plain Text Bob Secret Key Alice Secret Key Escrow Agency A Escrow Agency B

11 11 Analogue n you are allowed to lock your door n but you have to leave a copy of your key, half of which is kept by Locksmith A and the other half by Locksmith B n When police wish to break into your home, they get a court order with which they can get the two halves of the copy and hence your key

12 12 Controversy n does it really work ? çhow about double encryption by a “bad” guy ? çwhat happens if Escrow Agencies A and B conspire çhow do governments trust each other ? n where is freedom of individuals ? çdoes a government have the right to intrude into individuals’ privacy ? çother implications ?

13 13 A positive use of key escrow n Encrypted data become useless if the key is lost or forgotten ! çHave you ever forgotten your password ? n To prevent loss of corporate information, a company can build a company-wide “key escrow” system (our original Question on slide 2) çQuestion: HOW ? (hint: no police or court system is involved in this case.)

14 14 How to “split” a user key n bad way(s): çK = K a K b, K a is kept by Escrow Agency A, K b is kept by Escrow Agency B n good ways:  K = K1 XOR K2, K1 is kept by Escrow Agency A, K2 is kept by Escrow Agency B çsecret sharing schemes

15 15 An exercise & a question n an exercise çHow to “split” a key if there are 3 or more escrow agencies ? n In the above discussions, all agencies have to be consulted in order to recover a key. An important question: çIs it possible to design a system so that some of the agencies, say 4 out of 5, can recover a key ?

16 16 Secret sharing in a bank n a real world problem: çA bank branch has a safe and 3 senior tellers. çThe safe can be opened only by senior tellers, but they do not trust each other. çCan we design a system for the branch whereby any 2 of the 3 senior tellers together can open the safe, but NO individual teller can do so.

17 17 (t,n)-threshold secret sharing n Consider a group of n participants (=people). Let t <= n. n A (t,n)-threshold secret sharing scheme is a method of sharing a key K among n participants, such that çany t or more participants from the group can recover the key K, and çany t-1 or less participants from the group can NOT do so.

18 18 Real world problems n bank branch çto design a (2,3)-threshold secret sharing n key escrow agency ç(2,2)-threshold secret sharing çmore generally, (t,n)-threshold secret sharing. E.g. (4,5)-threshold secret sharing n millionaire’s will ça millionaire with 8 children

19 19 Shamir’s (t,n)-threshold scheme n Key disposing --- by the dealer çinitialisation çdistributing a share to each of the n participants in the group n Key recovery --- by participants çgathering shares from t participants çreconstructing the key from the t shares

20 20 Shamir (3,5)-threshold scheme n Assume that K=13 is a key. n Initially the only person who knows K=13 is the dealer ! n The aim is to construct a threshold scheme so that 3 our of the 5 participants can recover the key K. n Parameters: çK=13, t=3, n=5

21 21 Key Disposal -- by dealer n Initialisation çchooses a prime p > K & p > n+1. Say p = 17. çchooses 2 (=t-1) random non-zero integers [1,...,p-1], i.e., [1,...,16]. Assume that the following are chosen: la 1 = 10 la 2 = 2  Form a polynomial of degree t-1: a(x) =K + a 1 *x + a 2 *x 2 =13 + 10*x + 2*x 2

22 22 Key disposal -- by dealer n Share distribution çfor Participant 1 la(1) =13 + 10*1 + 2*1 2 = 8 (mod 17 ) lgives 8 to Participant 1 as his share çfor Participant 2 la(2) =13 + 10*2 + 2*2 2 = 7 (mod 17 ) lgives 7 to Participant 2 as his share çfor Participant 3 la(3) =13 + 10*3 + 2*3 2 = 10 (mod 17 ) lgives 10 to Participant 3 as his share

23 23 Key disposal-- by dealer çfor Participant 4 la(4) =13 + 10*4 + 2*4 2 = 0 (mod 17 ) lgives 0 to Participant 4 as his share çfor Participant 5 la(5) =13 + 10*5 + 2*5 2 = 11 (mod 17 ) lgives 11 to Participant 5 as his share

24 24 Key recovery -- by 3 participants n Assume that 3 participants, say Participants 1, 3 and 5 decide to recover the key K. n Share gathering çthe 3 participants put together their shares, namely 3 numbers 8, 10, 11

25 25 Key recovery -- by 3 participants n Key reconstruction  solve the following equations K + a 1 * 1 + a 2 * 1 2 = 8 (mod 17) K + a 1 * 3 + a 2 * 3 2 = 10 (mod 17) K + a 1 * 5 + a 2 * 5 2 = 11 (mod 17)  the result a 1 = 10 a 2 = 2 K = 13 n K = 13 is indeed the key !

26 26 Questions n With the the (3,5)-threshold scheme çCan 2 or less participants recover the key K ? çWhat if more than 3 participants wish to recover the key ?

27 27 The Dealer n The dealer has to be honest ! çcan be a person trusted by all participants. çcan also be a dedicated program which erases all relevant information on the key K after the shares are distributed successfully.

28 28 Combination Lock n Assume that a key K is a 4-digit number, i.e., K is in [0000,..,9999]. n Initially the only person who knows the key K is the dealer ! n Constructs a Shamir (2,6)-threshold scheme so that 2 out of the 6 participants can recover the key K. n Hint: choose a 5-digit prime (say 10007) !

29 29 Escrowing DES keys n Assume that a key K is a 56-bit DES key (about 17 digits). n Initially the only person who knows the key K is the dealer ! n Constructs a Shamir (5,10)-threshold scheme so that 5 our of the 10 escrow agencies can recover the key K. n Hint: choose a prime > 2 56 ! (how do you get that?)

30 30 Another example? n Consider the problem: çAs a database administrator of finance company, before starting the database, how you will be able to verify (quickly) that the database state is same as the one when you shutdown the previous day (the database integrity may be satisfied). çHow do you know which files have been modified by a virus (how to check the integrity of system files)?

31 31 Simple!! n Note down the size of the database file before shutdown and check the size when you start the database. If they are not same, then someone has modified the database file!!

32 32 Little bit more complex n Log files – look for things out of ordinary such as çUsers logged in at strange hours; unexplained reboots; unexplained changes to the system clock; unusual error messages from the mailer, ftp daemon or other network servers; failed login attempts with bad password; unauthorised su command; users logging from unfamiliar sites on the network, etc. lProcess known as audit trails.

33 33 Auditing and Logging n Log files are an important building block of a secure system: they form a recorded history, or audit trail, of the computer’s past, making it easier to track an attack. n Log files also have a fundamental vulnerability (as they can be modified similar to modifying the database files) as they are stored on the system which can be modified by the intruder.

34 34 Integrity Management n The goal of integrity management is to prevent alterations to (or deletions of) data, to detect modification or deletions if they occur, and to recover from alterations or deletions if they happen.

35 35 File protection n basic çall-none protection çgroup protection n single permission çpassword or token çtemporary acquired permission n per-object & per user protection n Example çUNIX

36 36 Integrity management n Is achieved by ç prevention ç detecting change

37 37 Prevention n By placing controls – such as software, hardware, file system and operating system controls. n By having immutable and append-only files ç immutable files are those that cannot be modified once the system is running (suitable for system programs such as login, passwd programs) and append-only files to which data can be appended, but in which the existing data cannot be changed(suitable for log files)

38 38 Integrity Management Techniques n Setting appropriate file permissions and restricting access to the root account on Unix. n Immutable files – that cannot be modified once the system is running. n Append only files – files to which data can be appended, but in which the existing data cannot be changed. This type is ideally suitable for log files. n Read-only file systems – a hardware read only protection will be even better.

39 39 Detecting a change in a file(s) n Meta data - such as file sizes, last modification time, etc n Comparison copies – comparing byte-by- byte – unwieldy and time consuming. n Checksum – file content can be modified in such a way that it generates the same checksum – not effective. n Digital Signatures!!!

40 40 Detecting a change n Comparison of files with a (good) backup copy. ç the backup copy has to be in a protected mode. ç comparison has to be performed byte-by-byte and hence time consuming process (especially for large files – such as database files) ç once an authorised change is detected, replace the altered version with the comparison copy, thereby restoring the system to normal.

41 41 Detecting a change (2) n Checklists and metadata ç Store only a summary of important characteristics of each file and directory and use this information for comparison. l e.g. of summary information – time stamps (last read/modified, file protection modes,link count using ncheck etc) lRunning this kind of detection change as a cron (as a background) job may not be a good idea!

42 42 Detecting a change(3) n Checksum and Signatures ç changes can be made in such a way that the checksum and metadata may not change and hence the previous method may fail. l e.g. setting the clock backwards, perform the changes and set the clock forward ç CRC (Cyclic Redundancy Code) checksums – useful only when there are few bits of change and they are generated by well known polynomials. ç Generate digital signatures for the file contents and use the signature to detect the change.

43 43 Detection of changes using Signatures n Remember that signatures are one way function and it is possible to generate signature for small and large files. n Since signature is generated by one-way function and good signature function will generate different signatures for different files, it is difficult for the intruder to modify the content of a file and still able to generate the signature as that of the un-modified file.

44 44 Detection of changes using Signatures (2) n Let the set of files which you want to detect for change is stored in the file /usr/adm/filelist n and the corresponding digital signatures (say using the MD5 algorithm) of those files are stored in the file /usr/adm/savelist. n Then the following shell script can verify whether any of the files in the filelist has been modified in its contents or not. #!/bin/sh find `cat /usr/adm/filelist` -ls –type f –exec md5 {}\; >/tmp/now diff –b /usr/adm/savelist /tmp/now

45 45 Detection of changes using Signatures (3) n It is important that the original signature file is not modified by the intruder. çIt may be a good idea to store this file on a different system. n For some files detecting change with signature may not be meaningful. For example, /etc/passwd (or /etc/shadow) file contents will change quite often, hence hybrid of metadata (for such files) and signatures are used for detecting changes.

46 46 Tripwire n In practice one need not generate digital signature on the content of each of the file. ç e.g. We need to know if the owner or protection of /etc/passwd file is changed, but we do not care about the size or checksum because we do expect the contents to change while we should be concerned if the contents of /bin/login is altered. n tripwire is a package that allows to configure the files, directories that need to be monitored using MD algorithms. ftp://coast.cs.purdue/edu/pub/COAST/Tripwire

Download ppt "Two disparate Examples of of Encryption/Digital Signatures."

Similar presentations

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.

Security Strategy. You will need to be able to explain:  Data Security  Data Integrity and  Data Privacy  Risks  Hacking  Denial of Service DOS.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
FlareCo Ltd ALTER DATABASE AdventureWorks SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS Slide 1.

FlareCo Ltd ALTER DATABASE AdventureWorks SET PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS Slide 1.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google