Download presentation
Presentation is loading. Please wait.
1
Giuseppe Bianchi Warm-up example 1 found on a real paper! Warm-up example 1 found on a real paper!
2
Giuseppe Bianchi One time pad (Vernam cipher) = 10111101… ----- = 00110010… 10001111… 00110010… = 10111101… Key: random bit sequence as long as the plaintext Encrypt by bitwise XOR of plaintext and key: ciphertext = plaintext key Decrypt by bitwise XOR of ciphertext and key: ciphertext key = (plaintext key) key = plaintext (key key) = plaintext Source: V. Shmatikov
3
Giuseppe Bianchi One time pad Unconditionally secure (perfect secrecy – see Shannon) If as many keys as messages keys must be as long as plaintext If keys are random But… No integrity Eve can change message Insecure if keys are reused XOR key cancels, plaintext XOR Random means… random...!!
4
Giuseppe Bianchi A recent paper (RFID mutual authentication - simplified) readertag Last key K i Secret S query M1 = S K i K i+1 =PRNG(K i ) verify S K i, K i K i+1 =PRNG(K i ) M2 = S K i+1 Verify K i+2 =PRNG(K i+1 ) K i+2 =PRNG(K i+1 ) store Security proof: formal analyzer (AVISPA) OK!
5
Giuseppe Bianchi OK? M1 M2 = = (S K i )(S K i+1 ) = = K i K i+1 = random, no information, no disclosure of PNRG state (if yes game over) Apparently, still OK… one time pad with pseudo-random stream cipher Seems ok, as the state of the PRNG is unknown Last key stored What if:
6
Giuseppe Bianchi OK???????? Constant ciphertext PSEUDO random generator KNOWN PRNG Worst: 16 bits!! But worse than this.. Run: for(x i =0; x i <2 16 ; x i ++) Z i = x i PRNG(x i ) Until: Z i == M1 M2 = K i K i+1 Hence set: K i = PRNG(x i ) Attacker’s PRNG sync-ed!!!
7
Giuseppe Bianchi Example 3 bit toy generator prng[0]= 6; prng[6]= 7; prng[7]= 5; prng[5]= 1; prng[1]= 3; prng[3]= 4; prng[4]= 2; prng[2]= 0; tag query M1 = 5 = S K i M2 = 2 = S K i+1 reader Attacker computes 5 2 = = 0101 0010 = 0111 = 7
![Giuseppe Bianchi Example 3 bit toy generator prng[0]= 6; prng[6]= 7; prng[7]= 5; prng[5]= 1; prng[1]= 3; prng[3]= 4; prng[4]= 2; prng[2]= 0; tag query M1 = 5 = S K i M2 = 2 = S K i+1 reader Attacker computes 5 2 = = 0101 0010 = 0111 = 7](http://images.slideplayer.com./33/8218378/slides/slide_7.jpg "Giuseppe Bianchi Example 3 bit toy generator prng[0]= 6; prng[6]= 7; prng[7]= 5; prng[5]= 1; prng[1]= 3; prng[3]= 4; prng[4]= 2; prng[2]= 0; tag query M1 = 5 = S K i M2 = 2 = S K i+1 reader Attacker computes 5 2 = = 0101 0010 = 0111 = 7")
8
Giuseppe Bianchi And computes table: 0 prng[0]= 6; 1 prng[1]= 2; 2 prng[2]= 2; 3 prng[3]= 7; 4 prng[4]= 6; 5 prng[5]= 4; 6 prng[6]= 1; 7 prng[7]= 2; Example tag query M1 = 5 = S K i M2 = 2 = S K i+1 reader K i = 3 K i+1 = 4 S = 5 3 = 6 or, otherwise, S = 2 4 = 6 GAME OVER!
![Giuseppe Bianchi And computes table: 0 prng[0]= 6; 1 prng[1]= 2; 2 prng[2]= 2; 3 prng[3]= 7; 4 prng[4]= 6; 5 prng[5]= 4; 6 prng[6]= 1; 7 prng[7]= 2; Example tag query M1 = 5 = S K i M2 = 2 = S K i+1 reader K i = 3 K i+1 = 4 S = 5 3 = 6 or, otherwise, S = 2 4 = 6 GAME OVER!](http://images.slideplayer.com./33/8218378/slides/slide_8.jpg "Giuseppe Bianchi And computes table: 0 prng[0]= 6; 1 prng[1]= 2; 2 prng[2]= 2; 3 prng[3]= 7; 4 prng[4]= 6; 5 prng[5]= 4; 6 prng[6]= 1; 7 prng[7]= 2; Example tag query M1 = 5 = S K i M2 = 2 = S K i+1 reader K i = 3 K i+1 = 4 S = 5 3 = 6 or, otherwise, S = 2 4 = 6 GAME OVER!")
9
Giuseppe Bianchi What if… computed table: 0 prng[0]= 6; 1 prng[1]= 2; 2 prng[2]= 2; 3 prng[3]= 7; 4 prng[4]= 6; 5 prng[5]= 4; 6 prng[6]= 1; 7 prng[7]= 2; tag query M1 = 4 = S K i M2 = 6 = S K i+1 reader K i = 1, 2 or 7 (hence K i+1 = 3, 0, or 5) S = 5, 6, 3 instead of random[0,7]!!! (and will be discovered at next attempt) M1 M2 = 4 6 = 2
![Giuseppe Bianchi What if… computed table: 0 prng[0]= 6; 1 prng[1]= 2; 2 prng[2]= 2; 3 prng[3]= 7; 4 prng[4]= 6; 5 prng[5]= 4; 6 prng[6]= 1; 7 prng[7]= 2; tag query M1 = 4 = S K i M2 = 6 = S K i+1 reader K i = 1, 2 or 7 (hence K i+1 = 3, 0, or 5) S = 5, 6, 3 instead of random[0,7]!!.](http://images.slideplayer.com./33/8218378/slides/slide_9.jpg "(and will be discovered at next attempt) M1 M2 = 4 6 = 2.")
Similar presentations
