Title: Using Encryption Protocols
1Using Encryption - Protocols
- Lecture 6
- Key distribution schemes
- Digital Signatures
2Reading assignment
- Reading assignments for September 15
- Required
- Pfleeger Ch 4
- Recommended
- AES News AES may have been broken. Serpent,
too. Or maybe not. In either case, there's no
need to panic. Yet. But there might be soon.
Maybe. (http//www.counterpane.com ) - Reading assignments for September 17
- Required
- Smith Ch 1, Ch 2
3Protocols
- Good protocol characteristics
- Established in advance
- Mutually subscribed
- Unambiguous
- Complete
4Protocols to solve problems
- Key distribution
- Digital Signatures
- Electronic Voting
- Oblivious Transfer (read only)
- Contract Signing (read only)
5Symmetric-Key Distribution Symmetric-Key
Techniques
- Symmetric-Key without Server
- Change encryption key E(Knew,K), where Knew is
the session key, K is the master key - Diffie-Hellman Key Exchange
- Symmetric-Key with Server
- P,R communication
- P to Center (P,R,IP)
- Center to P E((IP,R,KPR,E((KPR,P), KR), KP)
- P to R E((KPR,P), KR)
6Symmetric-Key Distribution Public-Key Techniques
- Simple secret key distribution
- Secret key distribution with confidentiality and
authentication - Diffie-Hellman Key Exchange
7Simple secret key distribution
- KE-S ID-S
- 2. E KE-S(Ksession)
Sender
Recipient
Vulnerable to active attack!
8With confidentiality and authentication
- E KE-RN1ID-A
- 2. E KE-SN1N2
- 3. E KE-RN2
- 4. E KE-R E KD-S(Ksession)
Sender
Recipient
9Diffie-Hellman Key Exchange
- Proposed in 1976
- First public key algorithm
- Allows group of users to agree on secret key over
insecure channel - Cannot be used to encrypt and decrypt messages
10Diffie-Hellman Key Exchange
- Protocol for A and B want to agree on shared
secret key - A and B agree on two large numbers n and g, such
that 1ltgltn - A chooses random x and computes Xgx mod n and
sends X to B - B chooses random y and computes Ygy mod n and
sends Y - A computes k Yx mod n
- B computer k Xy mod n
- Note k k gyx mod n
11Diffie-Hellman Key Exchange
- Requires no prior communication between A and B
- Security depends on difficulty of computing x
given Xgx mod n - Choices for g and n are critical both n and
(n-1)/2 should be prime, n should be large - Susceptible to intruder in the middle attack
(active intruder)
12Intruder in the Middle Attack
Intruder
John
Rose
Hi Rose, Im John.
Hi Rose, Im John.
Hi John, Im Rose.
Hi John, Im Rose.
Intruder and John Uses Diffie-Hellman To agree
on key K.
Intruder and Rose Uses Diffie-Hellman To agree on
key K.
K and K may be the same
13Asymmetric-Key Exchange
- Without server
- Broadcasting
- Publicly available directory
- With server
- Public key distribution center
- Certificates
14Public announcement
KE-J.S.
KE-J.S.
KE-J.S.
KE-J.S.
John Smith
KE-J.S.
KE-J.S.
Bad Uncontrolled distribution ? easy to
forge
15Publicly available directory
Better but not Good enough ? Directory could Be
compromised
Public Key Directory
KE-J.S.
KE-M.R..
John Smith
Mary Rose
16Public-key authority
Public-Key Authority
1. Request Time1
4. Request Time2
2. EKD-AuthKE-RRequestTime1
5. EKD-AuthKE-SRequestTime2
3. EKE-R(ID-AN1)
Sender
Recipient
6. EKE-S(N1N2)
7. EKE-R(N2)
17Public-key certificates
Certificate Authority
KE-R
KE-S
C-SEKD-CAuthTime1,ID-S,KE-S
CREKD-CAuthTime2,ID-R,KE-R
1. C-S
Sender
Recipient
2. C-R
18Certificates
- Guarantees the validity of the information
- Establishing trust
- Public key and user identity are bound together,
then signed by someone trusted - Need digital signature
19Digital Signature
- Need the same effect as a real signature
- Un-forgeable
- Authentic
- Non-alterable
- Not reusable
20Digital signature
- Direct digital signature public-key cryptography
based - Arbitrated digital signature
- Conventional encryption
- Arbiter sees message
- Arbiter does not see message
- Public-key based
- Arbiter does not see message
21Digital Signatures in RSA
Insecure channel
Sign
Verify
Plaintext
Signed plaintext
Plaintext
Encryption Alg.
Decryption Alg.
Recipient
Sender
Ss public key
Ss private key
(need reliable channel)
22Non-repudiation
- Requires notarized signature, involving a third
party - Large system hierarchies of notarization
23Electronic Voting
- Transmit an untraceable yet authentic message,
e.g., presidential election votes - Demillo and Merritt (1982,83) see textbook
- Current works
- Rebecca Mercuri Questions for Voting System
Vendors (http//www.notablesoftware.com/checklists
.html) - Rebecca Mercuri Statement on Electronic Voting
(http//www.notablesoftware.com/RMstatement.html) - Bruce Schneier Voting and Technology
(http//www.counterpane.com/crypto-gram-0012.html
1)
24Voting System
- Goal to establish the intent of the voter, and
transfer that intent to the vote counter - Assumptions
- Vote is open and everyone can monitor it
- Requirements
- Anonymous
- Scalable (speed, efficiency)
- Auditable
- Accurate
- Need to focus on accuracy and availability