Documente Academic
Documente Profesional
Documente Cultură
Outline
Introduction
Cryptographic Protocols
Introduction
Terminology
Scenario
z
Encryption
Ciphertext
Decryption
Plaintext
Mathematical Notations
Symbols
z
z
z
z
Formulations
z
ciphertext
plaintext
identity
Goals of Cryptography
Confidentiality
Authentication
z
Integrity
z
Non-repudiation
z
Restricted Algorithms
Basics of Restricted Algorithms
The security of an algorithm is based on keeping the
way that algorithm works a secret
z Of historical interests only, inadequate in todays
applications
z
Cryptosystem
A cryptosystem is composed of
An algorithm
z All possible plaintexts
z All possible ciphertexts
z All keys
z
DK(C)=M
Key
Plaintext
DK(EK(M))=M
Key
Ciphertext
Encryption
Decryption
Plaintext
DK2 (C)=M
Encryption Key
Plaintext
Encryption
Ciphertext
DK2(EK1(M))=M
Decryption Key
Decryption
Plaintext
Symmetric Algorithms
Symmetric Algorithms (Conventional Algorithms)
z
Categories
Stream algorithms
z Block algorithms
z
Asymmetric Algorithms
Asymmetric Algorithms (Public-key Algorithms)
The key used for encryption is different from the key
used for decryption
z The decryption key cannot be calculated from the
encryption key
z The encryption key can be made public (public key)
z The decryption key (private key)
z
Cryptanalysis
Overview of cryptanalysis
The science of recovering the plaintext of a message
without access to the key
z Successful cryptanalysis may recover
z
The plaintext
z The key
z Weakness in a cryptosystem that eventually lead to the
results above
z
Cryptanalytic Attacks
Basic Assumptions
z
z
Ciphertext-only attack
Known-plaintext attack
Chosen-plaintext attack
Adaptive-chosen-plaintext attack
Chosen-ciphertext attack
Rubber-hose cryptanalysis
Several Advises
The strength of your new cryptosystem relies on
the fact that the attacker does not know the
algorithms inner workings
The best algorithms are the ones that have been
made public, have been attacked by the worlds
best cryptographers for years, and are still
unbreakable
Cryptographic
Protocols
Protocols
What is a protocol?
z
Definition
z
A series of steps
z
Characteristics of Protocols
What is a protocol?
z
Characteristics
Everyone involved must know the protocol in advance
z Everyone involved must agree to follow it
z The protocol must be unambiguous
z The protocol must be complete
z
Steps in a protocol
Computations by one or more of the parties
z Messages sent among the parties
z
Cryptographic Protocols
What is a cryptographic protocol?
z
Purposes of Protocols
Why do we need cryptographic protocols?
z
Notations of Players
Alice, Bob, Carol, Dave
z
Walter
Participants in protocols
Eve
z
Peggy
Eavesdropper
Mallory
z
Warden
Prover
Victor
Verifier
Trent
z
Trusted arbitrator
Alice
Bob
Eve
Mallory
Trent
Arbitrated Protocol
Trent
Alice
Bob
z
z
z
Difficult to find and trust a neutral third party since you do not
know who the party is
Who will bear the cost of maintaining an arbitrator?
The inherent delay caused by arbitrators
The arbitrators will be a bottleneck in large scale
implementations of any protocol
Arbitrators will be a vulnerable point for attackers
Adjudicated Protocol
Alice
Bob
Evidence
Trent
Evidence
Self-Enforcing Protocols
Alice
Bob
Passive attacks
z
z
z
Eavesdropping
Observe the protocol and attempt to gain information
The attacker does not affect the protocol
E.g.
z
z
z
Cheaters
z
Communication Using
Symmetric Cryptography
Secret leaking
Alice
Break communication
Mallory
Bob
public
secret
Eve
Ciphertext-only Attack
Problems of
Symmetric Cryptosystems
One-Way Functions
The concept of a one-way functions is central to
public-key cryptography
One-way functions are relatively easy to compute,
but significantly harder to reverse (maybe
1,000,000,000,000 years of computations)
Given x, we can easily compute f(x)
z Given f(x), its hard to compute x
z
Strictly speaking, there is no evidence that true one-way function really exists
True one way function cannot be adopted in cryptography since messages
encrypted with one way function is impossible to be decrypted
Pre-image
Hash Value
Communications Using
Public-Key Cryptography
Database
Alice
Bob
Real-World Considerations
In the real world, public key algorithms are not substitute
for symmetric algorithms because
z
Computing power
Bandwidth
New needs emerge
Hybrid Cryptosystems
Alice
Bob
Man-in-the-Middle Attack
Alice
Mallory
Alice sends Bob her public key
Bob
Alice
Alice sends Bob her public key
Alice sends half of the message encrypted with Bobs public key
Bob sends half of the message encrypted with Alices public key
Alice sends the other half of the message
Bob sends the other half of the message
Digital Signature
Characteristics of a Signature
z
z
z
z
z
KA
Alice
Trent
Bob
Bob
SA(M)
EB(SA(M))
DB(EB(SA(M)))=SA(M)
VA(SA(M))=M
Bob
EB(SA(M))
VADB(EB (SA(M))))=M
VB(DA(EA (SB(M))))=M
EA(SB(M))
If VX=EX, SX=DX
Mallory
Bob
EB(DA(M))
EA(DM(EB(DM(EM(DB(EM(DA(M))))))))=M
EMDB(EB (DA(M))))=EM(DA(M))
EM(DB(EM(DA(M))))