Modern Cryptography Lecture 14 Hash Chain and Hash Tree - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Modern Cryptography Lecture 14 Hash Chain and Hash Tree

Description:

Number theory: GCD, LCM, prime, modular arithmetic. Discrete math ... Blinded & Unblinded Keys. Unblinded Key: the value that hasn't been passed though g ... – PowerPoint PPT presentation

Number of Views:202
Avg rating:3.0/5.0
Slides: 26
Provided by: Office20041466
Category:

less

Transcript and Presenter's Notes

Title: Modern Cryptography Lecture 14 Hash Chain and Hash Tree


1
Modern CryptographyLecture 14Hash Chain and
Hash Tree
  • Yongdae Kim

2
Today
  • Admin Stuff
  • Recap
  • Hash Chain and Hash Tree

3
Admin Stuff
  • E-mail
  • Subject should have 5471 in front, e.g. 5471
    Project proposal
  • CC TA (foo_at_cs.umn.edu) and Dr. Yoon
    (aaramyun_at_gmail.com)
  • Work on projects
  • Check Calendar and web pages.

4
Recap
  • Number theory GCD, LCM, prime, modular
    arithmetic
  • Discrete math
  • Security 1000 ft. veiew
  • Block cipher
  • Hash function and MAC
  • Advanced Number Theory
  • PKC
  • Digital Signatures
  • Identification
  • Key Establishment

5
Hash Chain
  • h Cryptographically strong hash function
  • H0 x
  • Hnh(Hn-1) h(h(h( h(x))))
  • Random mapping statistics

6
One time password
  • Setup
  • User generates H0, H1, Hn.
  • User ?Server Hn
  • Server stores Hn as the users public password.
  • Authentication
  • At time 0 User ?Server Hn-1
  • Server verifies h(Hn-1) Hn
  • Server stored Hn-1 as the users public password.
  • At time 1 User ?Server Hn-2

7
Stream Authentication
  • Streaming
  • Single-sender, single-receiver?
  • MAC!
  • Single-sender, multiple-receiver?
  • MAC?
  • Digital Signature?

8
Need for a separate scheme
  • Need for widespread trusted streamed media
    dissemination
  • Attacker may alter stock quotes distributed
    through IP multicast
  • Solution is trivial for 1 sender receiver case
  • Multiple receiver Need to use PKC
  • Digital Signatures Too inefficient
  • Needs to scale to millions of users
  • Streamed media distribution can have high packet
    loss

9
TESLA
  • Fv(x) Fv-1(F(x)), F0(x) x
  • K0 Fn (Kn), Ki Fn-i(Kn)
  • cannot invert F compute any Kj given Ki jgti
  • Receiver can compute all Kj from Ki j lt i
  • Kj Fi-j (Ki) Ki F(Ki)

Ki-1
Ki
Ki1
F
F
Pi
Pi-1
Pi1
Mi-1 Di-1 Ki-2
Mi Di Ki-1
Mi1 Di1 Ki
MAC(Ki-1, Di-1)
MAC(Ki, Di)
MAC(Ki1, Di1)
Authenticated
Authenticated after receiving Pi1
Not yet Authenticated
10
Key Strengthening
  • Preventing/mitigating on-line dictionary attack
  • Assuming that users will choose weak password
  • Salting
  • Stored key h(password random salt)
  • Ideally, random salt should be private, but
    public salt is still useful. Why?
  • Key strengthening
  • key hash(passwordsalt)
  • for 1 to 65000 do
  • key hash(key)
  • What does it provide?

11
Group Key Management
  • Secure group communication
  • IP Multicast
  • Pay-per-view video streaming
  • Video On Demand (VOD)
  • Secure teleconferencing
  • Online games
  • Group confidentiality service
  • How to share a common key over a group?

12
Assumption
  • There is a Group Controller (GC)
  • All nodes share a Traffic Encryption Key (TEK) to
    encrypt communication data.
  • When membership changes, TEK needs to be updated
  • Each node shares a Key Encryption Key with GC to
    encrypt TEK updates

13
Traffic Encryption Key
A Group of Users
ETEK(msg)
u
14
Simplest Approach
u2
u3
u1
u4
GC
u5
u6
u7
15
Join?
u2
u3
u1
u4
GC
u5
u8
u6
u7
16
Leave
u2
u3
u1
u4
GC
u5
u8
u6
u7
17
One-way Function Tree (OFT)
  • Proposed by D. A. McGrew and A. T. Sherman

bk g(k) blinded key k f ( g(kleft),
g(kright) ) k unblinded key
unblinded key
f
kleft
kright
g
g
18
Blinded Unblinded Keys
  • Unblinded Key the value that hasnt been passed
    though g
  • Blinded Key the value that has already been
    passed though g
  • If you know the unblinded key, you can compute
    the blinded key
  • The converse is not true

19
OFT Algorithm
ki f ( g(k2i), g(k2i1) )
k1
k2
k3
k4
k5
k6
k7
k8
k9
k10
k11
k12
k13
k14
k15
u1
u2
u3
u4
u5
u6
u7
u8
20
OFT Algorithm (u4s view)
ki f ( g(k2i), g(k2i1) ) f (bk2i, bk2i1)
k1
k2
Ek2(bk3)
Ek5(bk4)
k5
Ek11(bk10)
k11
u1
u2
u3
u4
u5
u6
u7
u8
21
OFT Algorithm (leave)
u1
u2
u3
u4
u5
u6
u7
u8
22
Proof of Possession
  • Storage Service Provider
  • How can a SSP prove that he stores all blocks?
  • Or how can a client verify that the SSP stores
    all blocks?
  • Constraints The client does not have the copy of
    the whole storage.
  • Naïve solution
  • Storing hashes of each block?

23
Hash Tree
Hi h ( H2i, H2i1)
H1
H2
H3
H4
H5
H6
H7
H8
H9
H10
H11
H12
H13
H14
H15
B1
B2
B3
B4
B5
B6
B7
B8
24
Temporal Key Management
  • For each time interval, one can use different key
    to encrypt a file.
  • Temporal read access control can be provided by
    distributing keys for associated time interval
  • Constraints One does not want to store all
    previous keys.
  • Naïve solution Hash chain
  • Key generation Kt h(Kt1)
  • Use Kt at time t.
  • Problem?

25
Hash Tree-based Solution
Kright child h2 (Kparent)
Kleft child h1 (Kparent)
K1-8
K1-4
K5-8
K1-2
K3-4
K5-6
K7-8
K1
K2
K3
K4
K5
K6
K7
K8
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Modern Cryptography Lecture 14 Hash Chain and Hash Tree" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!