Purpose Notation Protocol is a sequence of message between - - PowerPoint PPT Presentation

purpose notation
SMART_READER_LITE
LIVE PREVIEW

Purpose Notation Protocol is a sequence of message between - - PowerPoint PPT Presentation

Aug 27, 2023 143 likes •190 views

Purpose Notation Protocol is a sequence of message between participants Write A B : M if Alice sends Bob the message M Key exchange protocols ensure that both parties have same In the literature encryption of M with key K often written as

slide-1
SLIDE 1

Purpose

Key exchange protocols ensure that both parties have same symmetric key Usually requires trusted third party, often called Trent.

Eike Ritter Cryptography 2013/14 123

Notation

Protocol is a sequence of message between participants Write A − → B : M if Alice sends Bob the message M In the literature encryption of M with key K often written as {M}K Will write NA, NB for nonce (number used once, mostly a random number) chosen by Alice and Bob respectively Will write SA, SB, ST for timestmaps chosen by Alice, Bob and Trent respectively

Eike Ritter Cryptography 2013/14 124

Wide-Mouth Frog

Simple key exchange protocol using timestamps to synchronise clocks Write EA, EB for encryption with a key Trent shares with Alice and Bob respectively Protocol works as follows: A − → T : AEA(SAKB) T − → B : EB(STKA) On receiving packet, Trent checks whether timestamp is recent Bob trusts Alice to produce a meaningful key (very strong assumption)

Eike Ritter Cryptography 2013/14 125

Needham-Schroeder

In this protocol key generation done by Trent Timestamps used to protect against replay attacks Write EK for encryption with session key Protocol works as follows: A − → T : ABNA T − → A : EA(NAKBEB(KA)) A − → B : EB(KA) B − → A : EK(NB) A − → B : EK(NB − 1)

Eike Ritter Cryptography 2013/14 126

slide-2
SLIDE 2

Replay Attack

Have replay attack Assume Mallory captures one run of the protocol between Alice, Trent and Bob, and learns key K Can now replay the message EB(K||A) to Bob, who will accept it ⇒ Mallory can fool Bob into hinking he is communicating with Alice

Eike Ritter Cryptography 2013/14 127

Kerberos

Uses timestamps instead of nonces to prevent replay attacks Write L for the lifetime of the session key K Protocol works as follows: A − → T : AB T − → A : EA(STLKBEB(STLKA)) A − → B : EB(STLKA)EK(ASA) B − → A : EK(SA + 1) Provides secure key exchange but relies heavily on timestamps and lifetime L as indicators of freshness

Eike Ritter Cryptography 2013/14 128

WPA2

WEP and WPA had security problems, mainly due to the usage of the RC4 cipher WPA2 was introduced to overcome these issues. Have

1 AES in Counter Mode (CTR) for encryption, 2 CBC-MAC based on AES to guarantee message integrity, 3 a unique 48 bit packet number (PN), 4 Extensible Authentication Protocol (EAP) for client

authentication.

Eike Ritter Cryptography 2013/14 129

EAP

Used for connecting clients to a network via access point

0: Establish Link 1: Request Identity 2: Send Identity 5: Challenge 6: challenge Reply 8: Unblock 7: Challenge Reply 4: Challenge 3: Send Identity Eike Ritter Cryptography 2013/14 130

slide-3
SLIDE 3

Packet format

MAC PN0 Res Res Ext Key

  • PN2. . . PN5

Data Payload MIC Header PN1 IV ID 16bit 8bit 5bit 1bit 2bit 32bit 64bit

MAC Header here stands for Medium Access Control address, which is unique to every ethernet device. MIC is the actual message integrity code computed from Data plus MAC Header using CBC-MAC. PN0–PN5 are the 6 bytes of the package number PN. Res are reserved areas (for possible future extensions,e.g., to other variants of AES). Ext IV indicates whether PN2–PN5 are present. Key ID stores the index of the key, within the default key table, which holds different keys for pairwise or group communication.

Eike Ritter Cryptography 2013/14 131