CIS 4360 Secure Computer Systems Applied Cryptography

Similar documents
CIS 4360 Secure Computer Systems Symmetric Cryptography

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Key Establishment and Authentication Protocols EECE 412

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Chapter 9 Public Key Cryptography. WANG YANG

1. Diffie-Hellman Key Exchange

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Lecture 6 - Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2017

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Cryptographic Concepts

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

2.1 Basic Cryptography Concepts

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Public Key Cryptography

CS Computer Networks 1: Authentication

CSE 127: Computer Security Cryptography. Kirill Levchenko

Data Security and Privacy. Topic 14: Authentication and Key Establishment

T Cryptography and Data Security

Key Agreement Schemes

Number Theory and RSA Public-Key Encryption

CS 161 Computer Security

Spring 2010: CS419 Computer Security

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

UNIT - IV Cryptographic Hash Function 31.1

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

Authentication Part IV NOTE: Part IV includes all of Part III!

CS 161 Computer Security

Cryptographic Protocols 1

PROTECTING CONVERSATIONS

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Auth. Key Exchange. Dan Boneh

CSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018

Public Key Algorithms

Grenzen der Kryptographie

Diffie-Hellman. Part 1 Cryptography 136

Ref:

Real-time protocol. Chapter 16: Real-Time Communication Security

Overview. Public Key Algorithms I

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

CS 161 Computer Security

Lecture III : Communication Security Mechanisms

Crypto Background & Concepts SGX Software Attestation

Lecture 2 Applied Cryptography (Part 2)

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Key Agreement. Guilin Wang. School of Computer Science, University of Birmingham

Session key establishment protocols

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Session key establishment protocols

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

(2½ hours) Total Marks: 75

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Authentication Handshakes

Deploying a New Hash Algorithm. Presented By Archana Viswanath

KALASALINGAM UNIVERSITY

CSC 474/574 Information Systems Security

Uzzah and the Ark of the Covenant

Encryption. INST 346, Section 0201 April 3, 2018

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Chapter 9: Key Management

Key Exchange. Secure Software Systems

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

NETWORK SECURITY & CRYPTOGRAPHY

CSC 474/574 Information Systems Security

CSC 8560 Computer Networks: Network Security

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CS 332 Computer Networks Security

Public Key Algorithms

Lecture 6.2: Protocols - Authentication and Key Exchange II. CS 436/636/736 Spring Nitesh Saxena. Course Admin

Cryptography Introduction

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Chapter 10 : Private-Key Management and the Public-Key Revolution

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

CPSC 467b: Cryptography and Computer Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 3. Principles of Public-Key Cryptosystems

CS 494/594 Computer and Network Security

18-642: Cryptography 11/15/ Philip Koopman

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CSCE 813 Internet Security Symmetric Cryptography

Cryptography. Andreas Hülsing. 6 September 2016

Lecture 7 - Applied Cryptography

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Security: Cryptography

Security: Focus of Control. Authentication

Authenticating People and Machines over Insecure Networks

CPSC 467: Cryptography and Computer Security

Public-key Cryptography: Theory and Practice

Cryptographic Systems

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

Transcription:

CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017

Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public Key to the world and then the world can communicate with your secretly without having to meet you first Non-repudiation can only be achieved through asymmetric cryptography Digital Signature Key establishment with Asymmetric Crypto is easier (to be covered this lecture) CIS 4360 Secure Computer Systems 2

Previous class How do Digital Signatures assure non- repudia4on? A Digital Signature is generated by one s private key; nobody else can generate the signature CIS 5512 Operating Systems 3

Previous class Since Asymmetric Cryptography is so versa4le, can it replace Symmetric Cryptography completely? No, Symmetric Cryptography has its advantage on speed. Plus, all Asymmetric Ciphers are established on some computa4onally difficult number- theory problems, which are never mathema4cally proven to be difficult. Advances in number theory or Quantum Compu4ng may one day render all asymmetric ciphers ineffec4ve. But Symmetric Cryptography will keep safe (you only need to increase the key size when the compu4ng power advances) CIS 5512 Operating Systems 4

Outline Authentication Protocols Data Integrity Checking Protocols Forward Secrecy Diffie-Hellman Key Agreement CIS 4360 Secure Computer Systems 5

User Authentication User authentication: to verify the identity of the communicating participant E.g., the participant shows evidence about the knowledge of some password CIS 4360 Secure Computer Systems 6

User Authentication Password as Plaintext (Use it only over a secure channel) Bob wants to authenticate Alice s identity Assumption: Bob knows Alice s password is P A P A is Alice s credential P A Alice Bob The password is transmitted as plaintext, which can be intercepted by the adversary; this scheme is insecure for network-based communication CIS 4360 Secure Computer Systems 7

User Authentication Hash of Password (don t use it) Bob wants to authenticate Alice s identity Assumption: Bob knows Alice s password is P A Hash(P A ) Alice Bob It is insecure as the adversary can record Hash(P A ) for Replay Attacks CIS 4360 Secure Computer Systems 8

Challenge-response based User Authentication Bob wants to authenticate Alice s identity Assumption: Bob knows Alice s password is P A (1) Alice requests connec4on (Bob is Server; Alice is client) Alice (2) Bob sends a nonce c (3) Alice sends Hash(c P A ) Bob This is called the Digest Access Authentication. Replay Attacks will not work, why? As Bob (Server) makes sure c is never reused. A Nonce is a number that is only used once CIS 4360 Secure Computer Systems 9

Challenge-response based User Authentication The scheme is still vulnerable to the Chosen Plaintext Attack The adversary may intercept the request from Alice and impersonate the server The fake server then sends Alice a pre-selected challenge c Alice then returns Hash(c password) If the adversary has pre-computed Hash(c password) for all possible passwords and the pre-selected c value, then a rainbow table attack can be launched Countermeasure: Alice sends a client nonce (cnonce) along with Hash(cnonce c password) CIS 4360 Secure Computer Systems 10

User Authentication vs. Data Integrity User authentication: the identity of the communicating participant can be verified E.g., the participant shows evidence about the knowledge of some password Data integrity: the receiver can check whether the message has been manipulated Data integrity implies that the data comes from the right origin CIS 4360 Secure Computer Systems 11

Data Integrity with Symmetric Crypto Alice wants to make sure Bob can verify the integrity of the message received m, Hash(m) Alice Bob We already covered that the adversary may replace both m and the hash; thus, this scheme is insecure if the message and the hash are both transmitted through an insecure channel CIS 4360 Secure Computer Systems 12

Data Integrity with Symmetric Crypto Alice wants to make sure Bob can verify the integrity of the message received K is the shared key between Alice and Bob Alice m, MAC(K, m) Bob It is critical that the message should contain timestamp or sequence number; otherwise, it is vulnerable to Replay Attacks CIS 4360 Secure Computer Systems 13

Data Integrity with Asymmetric Crypto Alice wants to make sure Bob can verify the integrity of the message received PR A is the private key of Alice Alice m, Sign(PR A, m) Bob Bob recovers the digest from the signature Then, Bob regenerates the digest independantely and compares it against the recovered digest Can this scheme achieve non-repudiation? Yes, everyone can verify that the signature was generated by Alice, and only Alice has the private key to generate it CIS 4360 Secure Computer Systems 14

Data Integrity + Confidentiality with Symmetric Crypto Alice wants to make sure Bob can verify the integrity of the message received In addition, Alice wants to achieve confidentiality Alice E(K, m), MAC(K, m) Bob CIS 4360 Secure Computer Systems 15

Data Integrity + Confidentiality with Asymmetric Crypto Alice wants to make sure Bob can verify the integrity of the message received In addition, Alice wants to achieve confidentiality Alice E(PU B, m), Sign(PR A, m) Bob What is the disadvantage of this scheme? Asymmetric Crypto is quite expensive. It is not economic to use it to encrypt a large amount of data (Recall that when you sign a message, you do not sign the message directly but its digest, e.g., 256 bits) CIS 4360 Secure Computer Systems 16

Data Integrity + Confidentiality with Asymmetric Crypto Alice wants to make sure Bob can verify the integrity of the message received In addition, Alice wants to achieve confidentiality Alice E(K, m), MAC(K, m), E(PU B, K) Bob Alice can pick a key The key is used to encrypt and generate the MAC The key is encrypted using Bob s public key and sent to Bob CIS 4360 Secure Computer Systems 17

Can We Do Better? Alice E(K, m), MAC(K, m), E(PU B, K) Bob The adversary may collect the traffic between Alice and Bob, even though the adversary does not understand the conversation It is possible that one day the adversary gets Bob s private key (e.g., the adversary is CIA) Is there countermeasure that protects the confidentiality of the past conversations even all the traffic has been collected and the long-time private key (of Bob) is leaked one day CIS 4360 Secure Computer Systems 18

Forward Secrecy Forward Secrecy (also called Perfect Forward Secrecy) protects past conversations against future compromises of long-time secret keys or passwords. It implies that even CIA has collected the traffic of all the past conversations and later obtains the key or password, you can deny the content about the conversation Forward Secrecy is usually built on Diffie- Hellman based key agreement CIS 4360 Secure Computer Systems 19

Diffie-Hellman Key Agreement While DH can also be used for encryption, the most wide use is to negotiate keys The most prominent property of DH is that even the adversary obtains all the traffic for key agreement in plaintext, the adversary cannot infer the key Seemingly impossible, but was achieved by Diffie and Hellman in 1976 CIS 4360 Secure Computer Systems 20

DH Key Agreement CIS 4360 Secure Computer Systems 21

DH Key Agreement CIS 4360 Secure Computer Systems 22

Subject to Man-in-the-middle Attack The essential problem is that the schemes lacks authentication Alice has no way to authenticate whether B is sent by Bob Bob has no way to authenticate whether A is sent by Alice CIS 4360 Secure Computer Systems 23

DH Key Agreement with Authentication Example: Station-to-Station protocol (1) Alice Bob : A, g, p (2) Alice Bob : B, Cert B, E K (S B (A, B)) //Bob signs it (3) Alice Bob : Cert A, E K (S A (A, B)) // Alice signs it CIS 4360 Secure Computer Systems 24

Summary Important Applications of Crypto for User Authentication Data Integrity Confidentiality Diffie-Hellman Key Agreement Modular Logarithm For Forward Secrecy CIS 4360 Secure Computer Systems 25

Writing Assignments How to achieve authentication and data integrity of communication over an insecure channel? What should the message sender do? Why is Diffie-Hellman Key Agreement subject to the man-in-the-middle Attack? CIS 4360 Secure Computer Systems 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback