Documente Academic
Documente Profesional
Documente Cultură
Symmetric cryptosystems
Asymmetric cryptosystems Symmetric and asymmetric solutions
Security management
Focus on key distribution using the Needham Schroeder protocol From Needham Schroeder to Kerberos
Introducing Security
A historical perspective
CSC253 / 2005-06 G. Blair/ F. Taiani 3
CSC253 / 2005-06
G. Blair/ F. Taiani
CSC253 / 2005-06
G. Blair/ F. Taiani
CSC253 / 2005-06
G. Blair/ F. Taiani
CSC253 / 2005-06
G. Blair/ F. Taiani
Security Mechanisms
Encryption
Digital signatures
To prevent tampering
Authentication
Cryptography
Authorisation
Auditing
CSC253 / 2005-06
G. Blair/ F. Taiani
E.g. Using Secure Sockets Layer (SSL) to securely send messages over a TCP connection
In middleware
Offering a range of services from secure RPC through to authentication and authorisation
Introduction to Cryptography
To encrypt a message M with key k
FK Key
Insecure Channel
CSC253 / 2005-06
G. Blair/ F. Taiani
10
Styles of Cryptosystems
Symmetric cryptosystems The same key is used to both encrypt and decrypt messages Also referred to as secret-key (or shared-key) systems Sender & receiver must share knowledge of key P=Dk(Ek(P))
Asymmetric cryptosystems The keys for encryption and decryption are different but together form a unique pair Also referred to as public-key systems One key is kept private and the other key is made public P=Dkd(Eke(P))
CSC253 / 2005-06
G. Blair/ F. Taiani
11
K A K A
CSC253 / 2005-06
G. Blair/ F. Taiani
12
CSC253 / 2005-06
G. Blair/ F. Taiani
13
Alternative Cryptosystems
Triple-DES - more complex (slower) than DES 4 Fenced DES - nearly as fast as DES
AES - new standard replacing DES [2001]
CSC253 / 2005-06
G. Blair/ F. Taiani
15
CSC253 / 2005-06
G. Blair/ F. Taiani
16
CSC253 / 2005-06
G. Blair/ F. Taiani
17
CSC253 / 2005-06
G. Blair/ F. Taiani
18
CSC253 / 2005-06
G. Blair/ F. Taiani
19
CSC253 / 2005-06
G. Blair/ F. Taiani
20
CSC253 / 2005-06
G. Blair/ F. Taiani
21
CSC253 / 2005-06
G. Blair/ F. Taiani
22
Comparison between ACLs and capabilities for protecting objects. a) Using an ACL b) Using capabilities.
CSC253 / 2005-06
G. Blair/ F. Taiani
23
Security Management
Need for security management
So far, we have seen a series of mechanisms for achieving encryption, authentication, etc Still many things missing
Key management
Authorisation management
<pic needed>
CSC253 / 2005-06
G. Blair/ F. Taiani
25
Relies on a key distribution centre (KDC) KDC is part of the trusted computing base
Has knowledge of secret keys of all participants in the system Must manage N keys (instead on N(N-1)/2 in a decentralised solution)
CSC253 / 2005-06
G. Blair/ F. Taiani
26
2
3. A decrypts reply & sends ticket to B: ticket
3
5
4. The ticket contains [K(A,B), A]K[B) (i.e. encrypted in Bs secret code). B decrypts it and sends A a unique ID encrypted in K(A, B): [ID2]K(A,B)
Additional Reading
The Code Book: The Secret History of
CSC253 / 2005-06
G. Blair/ F. Taiani
29
mechanisms used to implement security policies in distributed systems, i.e. encryption, digital signatures, authentication, authorisation and auditing
You should have a general appreciation of symmetric and asymmetric
cryptosystems and also how such cryptosystems can be used to realise encryption, digital signatures and authentication
You should also have a general understanding for the key design
management and also a more detailed understanding of the goal of key distribution and how it is achieved using the Needham Schroeder protocol
CSC253 / 2005-06 G. Blair/ F. Taiani 30