cryptographic key infrastructure
play

Cryptographic Key Infrastructure Goal: bind identity to key - PowerPoint PPT Presentation

May 05, 2023 •269 likes •690 views

Cryptographic Key Infrastructure Goal: bind identity to key Classical: not possible as all keys are shared Use protocols to agree on a shared key (see earlier) Public key: bind identity to public key Crucial as people will

  1. Cryptographic Key Infrastructure • Goal: bind identity to key • Classical: not possible as all keys are shared – Use protocols to agree on a shared key (see earlier) • Public key: bind identity to public key – Crucial as people will use key to communicate with principal whose identity is bound to key – Erroneous binding means no secrecy between principals – Assume principal identified by an acceptable name May 3, 2005 ECS 153, Introduction to Computer Slide #1 Security

  2. Certificates • Create token (message) containing – Identity of principal (here, Alice) – Corresponding public key – Timestamp (when issued) – Other information (perhaps identity of signer) signed by trusted authority (here, Cathy) C A = { e A || Alice || T } d C May 3, 2005 ECS 153, Introduction to Computer Slide #2 Security

  3. Use • Bob gets Alice’s certificate – If he knows Cathy’s public key, he can decipher the certificate • When was certificate issued? • Is the principal Alice? – Now Bob has Alice’s public key • Problem: Bob needs Cathy’s public key to validate certificate – Problem pushed “up” a level – Two approaches: Merkle’s tree, signature chains May 3, 2005 ECS 153, Introduction to Computer Slide #3 Security

  4. Certificate Signature Chains • Create certificate – Generate hash of certificate – Encipher hash with issuer’s private key • Validate – Obtain issuer’s public key – Decipher enciphered hash – Recompute hash from certificate and compare • Problem: getting issuer’s public key May 3, 2005 ECS 153, Introduction to Computer Slide #4 Security

  5. X.509 Chains • Some certificate components in X.509v3: – Version – Serial number – Signature algorithm identifier: hash algorithm – Issuer’s name; uniquely identifies issuer – Interval of validity – Subject’s name; uniquely identifies subject – Subject’s public key – Signature: enciphered hash May 3, 2005 ECS 153, Introduction to Computer Slide #5 Security

  6. X.509 Certificate Validation • Obtain issuer’s public key – The one for the particular signature algorithm • Decipher signature – Gives hash of certificate • Recompute hash from certificate and compare – If they differ, there’s a problem • Check interval of validity – This confirms that certificate is current May 3, 2005 ECS 153, Introduction to Computer Slide #6 Security

  7. Issuers • Certification Authority (CA) : entity that issues certificates – Multiple issuers pose validation problem – Alice’s CA is Cathy; Bob’s CA is Don; how can Alice validate Bob’s certificate? – Have Cathy and Don cross-certify • Each issues certificate for the other May 3, 2005 ECS 153, Introduction to Computer Slide #7 Security

  8. Validation and Cross-Certifying • Certificates: – Cathy<<Alice>> – Dan<<Bob> – Cathy<<Dan>> – Dan<<Cathy>> • Alice validates Bob’s certificate – Alice obtains Cathy<<Dan>> – Alice uses (known) public key of Cathy to validate Cathy<<Dan>> – Alice uses Cathy<<Dan>> to validate Dan<<Bob>> May 3, 2005 ECS 153, Introduction to Computer Slide #8 Security

  9. Digital Signature • Construct that authenticated origin, contents of message in a manner provable to a disinterested third party (“judge”) • Sender cannot deny having sent message (service is “nonrepudiation”) – Limited to technical proofs • Inability to deny one’s cryptographic key was used to sign – One could claim the cryptographic key was stolen or compromised • Legal proofs, etc., probably required; not dealt with here May 3, 2005 ECS 153, Introduction to Computer Slide #9 Security

  10. Common Error • Classical: Alice, Bob share key k – Alice sends m || { m } k to Bob This is a digital signature WRONG WRONG This is not a digital signature – Why? Third party cannot determine whether Alice or Bob generated message May 3, 2005 ECS 153, Introduction to Computer Slide #10 Security

  11. Classical Digital Signatures • Require trusted third party – Alice, Bob each share keys with trusted party Cathy • To resolve dispute, judge gets { m } k Alice , { m } k Bob , and has Cathy decipher them; if messages matched, contract was signed { m } k Alice Alice Bob { m } k Alice Cathy Bob { m } k Bob Cathy Bob May 3, 2005 ECS 153, Introduction to Computer Slide #11 Security

  12. Public Key Digital Signatures • Alice’s keys are d Alice , e Alice • Alice sends Bob m || { m } d Alice • In case of dispute, judge computes { { m } d Alice } e Alice • and if it is m , Alice signed message – She’s the only one who knows d Alice ! May 3, 2005 ECS 153, Introduction to Computer Slide #12 Security

  13. RSA Digital Signatures • Use private key to encipher message – Protocol for use is critical • Key points: – Never sign random documents, and when signing, always sign hash and never document • Mathematical properties can be turned against signer – Sign message first, then encipher • Changing public keys causes forgery May 3, 2005 ECS 153, Introduction to Computer Slide #13 Security

  14. Attack #1 • Example: Alice, Bob communicating – n A = 95, e A = 59, d A = 11 – n B = 77, e B = 53, d B = 17 • 26 contracts, numbered 00 to 25 – Alice has Bob sign 05 and 17: • c = m d B mod n B = 05 17 mod 77 = 3 • c = m d B mod n B = 17 17 mod 77 = 19 – Alice computes 05 × 17 mod 77 = 08; corresponding signature is 03 × 19 mod 77 = 57; claims Bob signed 08 – Judge computes c e B mod n B = 57 53 mod 77 = 08 • Signature validated; Bob is toast May 3, 2005 ECS 153, Introduction to Computer Slide #14 Security

  15. Attack #2: Bob’s Revenge • Bob, Alice agree to sign contract 06 • Alice enciphers, then signs: ( m e B mod 77) d A mod n A = (06 53 mod 77) 11 mod 95 = 63 • Bob now changes his public key – Computes r such that 13 r mod 77 = 6; say, r = 59 – Computes re B mod φ ( n B ) = 59 × 53 mod 60 = 7 – Replace public key e B with 7, private key d B = 43 • Bob claims contract was 13. Judge computes: – (63 59 mod 95) 43 mod 77 = 13 – Verified; now Alice is toast May 3, 2005 ECS 153, Introduction to Computer Slide #15 Security

  16. Basics • Authentication: binding of identity to subject – Identity is that of external entity (my identity, Matt, etc .) – Subject is computer entity (process, etc .) May 3, 2005 ECS 153, Introduction to Computer Slide #16 Security

  17. Establishing Identity • One or more of the following – What entity knows ( eg. password) – What entity has ( eg. badge, smart card) – What entity is ( eg. fingerprints, retinal characteristics) – Where entity is ( eg . In front of a particular terminal) May 3, 2005 ECS 153, Introduction to Computer Slide #17 Security

  18. Passwords • Sequence of characters – Examples: 10 digits, a string of letters, etc . – Generated randomly, by user, by computer with user input • Sequence of words – Examples: pass-phrases • Algorithms – Examples: challenge-response, one-time passwords May 3, 2005 ECS 153, Introduction to Computer Slide #18 Security

  19. Storage • Store as cleartext – If password file compromised, all passwords revealed • Encipher file – Need to have decipherment, encipherment keys in memory – Reduces to previous problem • Store one-way hash of password – If file read, attacker must still guess passwords or invert the hash May 3, 2005 ECS 153, Introduction to Computer Slide #19 Security

  20. Example • UNIX system standard hash function – Hashes password into 11 char string using one of 4096 hash functions • As authentication system: – A = { strings of 8 chars or less } – C = { 2 char hash id || 11 char hash } – F = { 4096 versions of modified DES } – L = { login , su , … } – S = { passwd , nispasswd , passwd+ , … } May 3, 2005 ECS 153, Introduction to Computer Slide #20 Security

  21. Anatomy of Attacking • Goal: find a ∈ A such that: – For some f ∈ F , f ( a ) = c ∈ C – c is associated with entity • Two ways to determine whether a meets these requirements: – Direct approach: as above – Indirect approach: as l ( a ) succeeds iff f ( a ) = c ∈ C for some c associated with an entity, compute l ( a ) May 3, 2005 ECS 153, Introduction to Computer Slide #21 Security

  22. Preventing Attacks • How to prevent this: – Hide one of a , f , or c • Prevents obvious attack from above • Example: UNIX/Linux shadow password files – Hides c ’s – Block access to all l ∈ L or result of l ( a ) • Prevents attacker from knowing if guess succeeded • Example: preventing any logins to an account from a network – Prevents knowing results of l (or accessing l ) May 3, 2005 ECS 153, Introduction to Computer Slide #22 Security

  23. Dictionary Attacks • Trial-and-error from a list of potential passwords – Off-line : know f and c ’s, and repeatedly try different guesses g ∈ A until the list is done or passwords guessed • Examples: crack , john-the-ripper – On-line : have access to functions in L and try guesses g until some l ( g ) succeeds • Examples: trying to log in by guessing a password May 3, 2005 ECS 153, Introduction to Computer Slide #23 Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth M.D.Ryan@cs.bham.ac.uk research@bensmyth.com Cryptoforma 7th April 2010 Cryptographic protocols A cryptographic protocol is a distributed procedure that employs

698 views • 46 slides
New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803

New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803

New cryptographic goals Data privacy is not the only important cryptographic goal CS 4803 It is also important that a receiver is assured Computer and Network Security that the data it receives has come from the sender and has not been

617 views • 5 slides
Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France Thursday, July 12th, 2018 Cryptographic protocols everywhere ! Cryptographic protocols small programs designed to secure

849 views • 80 slides
Cryptography This course provides an overview of basic modern cryptographic techniques and covers

Cryptography This course provides an overview of basic modern cryptographic techniques and covers

What is this course about? Aims Cryptography This course provides an overview of basic modern cryptographic techniques and covers essential concepts that users of cryptographic standards need to understand to achieve their intended security

855 views • 58 slides
Key-Robustness for Cryptographic Primitives ie 1 R azvan Ros 1 ENS, CNRS, INRIA &amp; PSL

Key-Robustness for Cryptographic Primitives ie 1 R azvan Ros 1 ENS, CNRS, INRIA &amp; PSL

Key-Robustness for Cryptographic Primitives ie 1 R azvan Ros 1 ENS, CNRS, INRIA &amp; PSL Research University, Paris, France ECRYPT-NET Summer School, Crete, Greece 12 th October 2017 R azvan Ros ie Key-Robustness for Cryptographic

949 views • 48 slides
Towards cryptographic function distinguishers with evolutionary circuits Statistical testing of

Towards cryptographic function distinguishers with evolutionary circuits Statistical testing of

Towards cryptographic function distinguishers with evolutionary circuits Statistical testing of cryptographic function output based on genetic programming Petr venda, Martin Ukrop, Vashek Maty {svenda,xukrop,matyas}@fi.muni.cz Overview

367 views • 19 slides
outline development of cryptographic algorithms for a real life application introduction

outline development of cryptographic algorithms for a real life application introduction

Design and Analysis of Cryptographic Algorithms for Mobile Communication Systems Henri Gilbert Orange Labs {firstname.lastname@orange-ftgroup.com} research &amp; development outline development of cryptographic algorithms for a real life

486 views • 12 slides
COSIC A Framework for Cryptographic Problems from Linear Algebra NutMiC, Paris, June 25, 2019 1 /

COSIC A Framework for Cryptographic Problems from Linear Algebra NutMiC, Paris, June 25, 2019 1 /

A Framework for Cryptographic Problems from Linear Algebra Carl Bootland , Wouter Castryck, Alan Szepieniec and Frederik Vercauteren Dept. of Electrical Engineering, COSIC KU Leuven COSIC A Framework for Cryptographic Problems from Linear

731 views • 48 slides
Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why it was created? Cryptographic protocol Paper in 2004 by Ian Goldberg , Nikita Borisov and Eric Brewer Conversations in the

299 views • 18 slides
Everything you need to know about Cryptography (unless youre a mathematician) Dont try

Everything you need to know about Cryptography (unless youre a mathematician) Dont try

Everything you need to know about Cryptography (unless youre a mathematician) Dont try this at home. Get an expert. Basic Cryptographic Tools Seriously though. Bad crypto ruins lives. Basic Cryptographic Tools Cryptographic Hash

177 views • 17 slides
Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash Functions Bart Preneel KU Leuven - COS IC firstname.lastname@ esat.kuleuven.be Design and S ecurity of Cryptographic Functions, Algorithms and Devices

982 views • 67 slides
Dragonblood : Weaknesses in WPA3s Dragonfly Handshake Mathy Vanhoef and Eyal Ronen BruCON.

Dragonblood : Weaknesses in WPA3s Dragonfly Handshake Mathy Vanhoef and Eyal Ronen BruCON.

Dragonblood : Weaknesses in WPA3s Dragonfly Handshake Mathy Vanhoef and Eyal Ronen BruCON. Belgium, 11 October 2019. 2 Background: Dragonfly in WPA3 and EAP-pwd = Password Authenticated Key Exchange (PAKE) Negotiate Provide mutual

1.97k views • 56 slides
Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key,

Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key,

Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key, given the user's public key. Unfortunately, there is a gap between ECDLP difficulty and ECC security.There are many attacks that break

527 views • 18 slides
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Bobs secret key is sk [ B ] and its associated public key is pk [ B ]. The public key setting assumes Alice is in possession of pk [ B ]. Alice pk [ B

619 views • 48 slides
Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker

Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker

Passpet Convenient Password Management and Phishing Protection Ka-Ping Yee Kragen Sitaker ping@zesty.ca kragen@pobox.com problems: design: solutions: practical matters: evaluation: problems: the big 5 problems: the big 5 1 many

961 views • 51 slides
User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
BITCRACKER Elena Agostini, Massimo Bernaschi 2 BITCRACKER: BITLOCKER MEETS GPUS BITLOCKER

BITCRACKER Elena Agostini, Massimo Bernaschi 2 BITCRACKER: BITLOCKER MEETS GPUS BITLOCKER

BITLOCKER MEETS GPUS BITCRACKER Elena Agostini, Massimo Bernaschi 2 BITCRACKER: BITLOCKER MEETS GPUS BITLOCKER Windows Vista, 7, 8.1 and 10 encryption feature (Ultimate, Pro, Enterprise, etc..) It encrypts several types of memory units

904 views • 30 slides
Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton

Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton

Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton Institute, NUI Maynooth. 19 April 2012 How to Guess a Password? Passwords are everywhere. If you dont know the password, can you guess it? 1. Make a

420 views • 18 slides
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale sup erieure/PSL &amp; INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA David

319 views • 14 slides

More recommend