Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Boneh Basic key exchange Trusted 3 rd parties Online Cryptography Course Dan Boneh.

Published byAmos Jennings Modified over 9 years ago

Similar presentations

Presentation on theme: "Dan Boneh Basic key exchange Trusted 3 rd parties Online Cryptography Course Dan Boneh."— Presentation transcript:

1 Dan Boneh Basic key exchange Trusted 3 rd parties Online Cryptography Course Dan Boneh

2 Dan Boneh Key management Problem: n users. Storing mutual secret keys is difficult Total: O(n) keys per user

3 Dan Boneh A better solution Online Trusted 3 rd Party (TTP) TTP

4 Dan Boneh Generating keys: a toy protocol Alice wants a shared key with Bob. Eavesdropping security only. Bob (k B )Alice (k A )TTP ticket k AB “Alice wants key with Bob” (E,D) a CPA-secure cipher choose random k AB

5 Dan Boneh Generating keys: a toy protocol Alice wants a shared key with Bob. Eavesdropping security only. Eavesdropper sees: E(k A, “A, B” ll k AB ) ; E(k B, “A, B” ll k AB ) (E,D) is CPA-secure ⇒ eavesdropper learns nothing about k AB Note: TTP needed for every key exchange, knows all session keys. (basis of Kerberos system)

6 Dan Boneh Toy protocol: insecure against active attacks Example: insecure against replay attacks Attacker records session between Alice and merchant Bob – For example a book order Attacker replays session to Bob – Bob thinks Alice is ordering another copy of book

7 Dan Boneh Key question Can we generate shared keys without an online trusted 3 rd party? Answer: yes! Starting point of public-key cryptography: Merkle (1974), Diffie-Hellman (1976), RSA (1977) More recently: ID-based enc. (BF 2001), Functional enc. (BSW 2011)

8 Dan Boneh End of Segment

Download ppt "Dan Boneh Basic key exchange Trusted 3 rd parties Online Cryptography Course Dan Boneh."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Trusted 3rd parties Basic key exchange

Trusted 3rd parties Basic key exchange
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dan Boneh Authenticated Encryption Active attacks on CPA-secure encryption Online Cryptography Course Dan Boneh.

Dan Boneh Authenticated Encryption Active attacks on CPA-secure encryption Online Cryptography Course Dan Boneh.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Slide 1 Vitaly Shmatikov CS 378 Key Establishment Pitfalls.

Slide 1 Vitaly Shmatikov CS 378 Key Establishment Pitfalls.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Key Distribution CS 470 Introduction to Applied Cryptography

Key Distribution CS 470 Introduction to Applied Cryptography
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Similar presentations

Ads by Google