apr 22, 2003mårten trolin1 agenda course high-lights – symmetric and asymmetric cryptography –...
Post on 20-Dec-2015
218 views
TRANSCRIPT
Apr 22, 2003 Mårten Trolin 1
AgendaAgenda
Course high-lights– Symmetric and asymmetric cryptography– Digital signatures and MACs– Certificates– Protocols
Interactive Non-interactive
– Smart-cards
Apr 22, 2003 Mårten Trolin 2
Symmetric vs. asymmetric Symmetric vs. asymmetric cryptographycryptography
Symmetric ciphers – sender and recipient use the same key– Dkey(Ekey(m)) = m
Substitution cipher is an example of a symmetric cipher Impractical for big systems – number of keys is quadratic
in the number of users The solution – asymmtric algorithms. Think of a locked
mailbox! Different keys for encryption and decryption– Dprivate key(Epublic key(m)) = m
Apr 22, 2003 Mårten Trolin 3
Hash functionsHash functions
A hash function computes a fixed length value from a variable length source– Example: Check sums in communication protocols– Indices in databases
More convenient to handle a hash of a document instead of the document itself
We will consider cryptographically secure hash functions.
Apr 22, 2003 Mårten Trolin 4
Properties of good hash Properties of good hash functionsfunctions
Let H be a hash functionOne-way
– Given v, unfeasible to compute an x such that H(x) = v
Collision-free– Infeasible to find x1 and x2 such that H(x1) =
H(x2) and x1 x2
Apr 22, 2003 Mårten Trolin 5
Digital signaturesDigital signatures
Used to ensure authenticity.A digital signatures binds a document to a
person.In a public key infrastructure (PKI), a
person produces a digital signature using his private key
The signature can be verified using the public key.
Apr 22, 2003 Mårten Trolin 6
Use of a digital signatureUse of a digital signature
Signature generation
Private key
Document
Signature Signature verification
Public key
Document
OK / not OK
Signer Verifier
Apr 22, 2003 Mårten Trolin 7
Message Authentication Message Authentication CodesCodes
Digital signatures requires public/private keys The same functionality can be achieved with
symmetric keys– Called MAC – Message Authentication Code– Signer and verifier uses the same key
Question: What are the advantages compared to digital signatures? What are the disadvantages?
Apr 22, 2003 Mårten Trolin 8
Two simple MACsTwo simple MACs
Let Ekey, Dkey be a symmetric cipher, and let H be a hash function. Let m be the message to MAC and let k be the symmetric key.
First proposition: Compute a hash of the document and encrypt it– Ek(H(m))
Second proposition: Concatinate the message and the key and compute the hash– H(m k)
Apr 22, 2003 Mårten Trolin 9
Interactive ProtocolInteractive Protocol
TCP/IP
User(pu, su)
Web serverUser’s public key pu
Symmetric key k encrypted under pu
Communication encrypted under k
Generates symmetric key k
Decrypts k using su
Apr 22, 2003 Mårten Trolin 10
User(pu, su)
Web server
User’s public key pu
Symmetric key k encrypted under pm
Communication encrypted under k
Generates symmetric key k
Decrypts k using su
Replaces pu with his own pm
Man in the middle(pm, sm)
pm
Decrypts k using sm and reencrypts using pu
Symmetric key k encrypted under pu
Apr 22, 2003 Mårten Trolin 11
Public key certificatesPublic key certificates
A public key certificate consists of– A public key– Information on the owner
Name, address, photograph, finger-print, credit card number, etc.
– A signature on the above data by a trusted party Trusted party could be the government, a bank, etc.
User’s public key
Identification data
Digital signature by CA
User’s Private key
Public information
Private information
Apr 22, 2003 Mårten Trolin 12
Certificate chainsCertificate chains
Certificates can be chained– Each certificate in the chain
is signed with the private key of the certificate above.
If the user knows the root certificate, he can verify that each step is valid.
Using chains, the CA can outsource signing to other organizations it trusts without giving away its private key.
E n d ce rtif ica te
In te rm e d ia te ce rt if ica te
R o o t ce rtf ica te
Apr 22, 2003 Mårten Trolin 13
Certificate chainsCertificate chains
E n d u se r 1 E n d u se r 2
In te rm e d ia te C A 1
E n d u se r 3 E n d u se r 4
In te rm e d ia te C A 2
E n d u se r 5
In te rm e d ia te C A 3
R o o t C A
The end user certificates are verified by following the chain up to the root certificate authority (CA)– If every step in the chain is valid, the end user certificate is
considered valid.
Apr 22, 2003 Mårten Trolin 14
SSL/TLSSSL/TLS
SSL (Secure Socket Layer) and TLS (Transport Layer Security) are standards for how to secure TCP/IP communications
TLS is a layer on top of the TCP layer
Apr 22, 2003 Mårten Trolin 16
TLS HandshakeTLS Handshake
Client Server
ClientHello
ServerHello
ServerKeyExchange
ClientKeyExchange
ChangeCipherSpec
Finished
ChangeCipherSpec
Finished
ServerHelloDone
Certificate
Apr 22, 2003 Mårten Trolin 17
Non-interactive protocolsNon-interactive protocols
For interactive protocols, the symmetric key is decided in the handshake. For non-interactive protocols, this must be solved in another way.– The key cannot be negotiated.– Encrypt a session key using the recipients
public key.
Apr 22, 2003 Mårten Trolin 18
Session key in non-interactive Session key in non-interactive protocolsprotocols
For non-interactive protocols, the sender generates a session key.
The session key is encrypted using the recipient’s public key.– Recipient’s public key must be known in advance.
The message is encrypted with the (symmetric) session key. The encrypted message consists of the encrypted session key and the cipher text.
The recipient decrypts the session key with his private key and decrypts the message.
Apr 22, 2003 Mårten Trolin 19
Pretty Good PrivacyPretty Good Privacy
Protocol overview– Symmetric session key encrypted with
asymmetric keyKey management
– Distributed, non-centralizedTrust model
– Web of trust– Introducers
Apr 22, 2003 Mårten Trolin 20
Password generated keys – Password generated keys – problems and solutionsproblems and solutions
Password generated keys suffer from the same general problem as passwords for authentication.– Number of passwords is relatively small – possible to
create a list with all possible passwords and corresponding keys.
Use a salt to avoid dictionary attacks. Make key generation “slow”, to make brute-force
attacks more time consuming.
Apr 22, 2003 Mårten Trolin 21
Generating keysGenerating keys
Key generation requires a good source of random bits– Bad key material makes system vulnerable to attacks.
Has been done in practice.– Hardware generators provide the best source.– For end-user applications - some user interaction can be
used (mouse movement, key strokes, etc.)– Using system time for high security requirements is a
bad idea! For high-security applications, key generation
should take place in a closed environment.
Apr 22, 2003 Mårten Trolin 22
Distributing symmetric keysDistributing symmetric keys
Symmetric keys are very sensitive and must be distributed with great care.
Depending on how valueable the key is, different approaches are possible.– Send the key to recipient by physically secure means,
e.g., by courier, by registered mail etc.– If a common key exists, send the new key encrypted
under the common key.– Split the key into components and send the key
components with different security officers.
Apr 22, 2003 Mårten Trolin 23
What Is a Smart-CardWhat Is a Smart-Card
A smart-card is a small computerOften placed on a credit-card sized plastic
cardCan have contacts or be contact-lessHas a well-defined interface
– Can have secret information that is protected from direct access
First appeared in the 1970s
Apr 22, 2003 Mårten Trolin 24
Advantages with Smart-CardsAdvantages with Smart-Cards
Can have secret data– Data used for internal computations and never revealed
in clear– Example: PIN and keys can be stored on card
Can process data and save information– Count transactions– Check PIN and count unsuccessful tries– Different behavior depending on geographic location– Cryptographic functions
Uses the secret keys