Documente Academic
Documente Profesional
Documente Cultură
0
Written by John Clark and Jeremy Jacob
Presented by Brian Sierawski
Overview
Background Cryptography Forms of Attack
Background
Term: Users, hosts, processes referred to as principals Goal: Want to be sure that a received message has been created recently by the principal who claims to have send it
Overview
Background Cryptography Forms of Attack
Cryptography
Cryptography is fundamental to authentication Cryptographic algorithm converts plaintext to unintelligible ciphertext Encryption depends on key
Notation
E(K : M) denotes M encrypted with key K Principals are capital letters A, B, S for server, Z for attacker Z(A) denotes Z acting as A Na refers to a number generated by A Eg. A B : A, E(Kab : Na)
A sends B an identifier with an encrypted nonce
Modern Cryptography
Block cipher Stream cipher
Block Cipher
Encrypts a block of 64 or 128 bits at a time DES encrypts 56 bits (at insistence of NSA) which is insufficient to modern day attacks Other block ciphers: MADRYGA, NEWDES, FEAL-N, RC2, RC4, IDEA
Stream Ciphers
Encrypt one bit of plaintext at a time Generate bit stream and XOR successive bits with successive bits of plaintext
Internal State Key Next-State Function Output Function Ki Pi Ci
Text2 identifies sender Timestamp or nonce prevent replay attacks Bs identity included as sole receiver
Overview
Background Cryptography Forms of Attack
Freshness Attack
Occurs when a message is recorded and replayed Needham Schroeder protocol weak
(3) A B : E(Kbs:Kab, A) Old key Kab may have been compromised
Type Flaws
Arises when recipient accepts a message as valid but imposes different interpretation Otway-Rees protocol
(1) A B : M,A,B,E(Kas:Na,M,A,B) (2) B S : M,A,B,E(Kas:Na,M,A,B),E(Kbs:Nb,M,A,B) (3) S B : M,E(Kas:Na,Kab),E(Kbs:Nb,Kab) (4) B A : M,E(Kas:Na,Kab)
Attack
(1) A Z(B) : M,A,B,E(Kas,Na,M,A,B) (4) Z(B) A : M,E(Kas:Na,M,A,B)
Attack
(1.1) A Z(B) : E(Kab : Na) (2.1) Z(B) A : E(Kab : Na) (2.2) A Z(B) : E(Kab : Na + 1) (1.2) Z(B) A : E(Kab : Na + 1)
C0 C1 C2 C3 C2 C3 C4 P1 P2 P3 X P3 P4
Binding Attack
A simple public key distribution
(1) C AS : C, S, Nc (2) AS C : AS, E(Kas-1: AS, C, Nc, Ks)
Conclusions
Even though protocols have few messages, construction is complex The whole system is important Need tool support for rigorous development and analysis of protocols