protocols chapter 2
DESCRIPTION
Protocols Chapter 2. Protocol: A series of steps, involving two or more parties, designed to accomplish a task. All parties involved must know the protocol All parties must agree to follow it Must be unambiguous Must be complete. The Players dramatis personae. Alice First participant - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/1.jpg)
Protocols Chapter 2
Protocol:A series of steps, involving two or more parties,
designed to accomplish a task.• All parties involved must know the protocol
• All parties must agree to follow it
• Must be unambiguous
• Must be complete
![Page 2: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/2.jpg)
The Playersdramatis personae
Alice First participant
Bob Second
Carol Third
Eve Eavesdropper
Mallory Malicious attacker
Trent Trusted arbitrator
Peggy Prover
Victor Verifier
![Page 3: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/3.jpg)
Types of Protocols
Arbitrated ProtocolsIntermediary trusted by all parties
Lawyer is involved
Adjudicated ProtocolsIn case of a dispute a third party becomes
involved
Judge is involved
Self-Enforcing ProtocolsThe protocol itself guarantees fairness
No third party is involved
![Page 4: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/4.jpg)
Attacks against Protocols
Passive attackPassive eavesdropper e.g. network sniffing
Difficult to detect
Active attackAlter protocol
Pretend to be someone else
CheatersNot following the protocol
Liars
![Page 5: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/5.jpg)
Protocol Building Blocks
Symmetric key cryptography
One-Way Hash functions
Public-key cryptography
Digital signatures
Random sequence generators
![Page 6: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/6.jpg)
Symmetric Key Cryptography
Secure communications
Secure storage
Computationally efficient
Depends on a shared secret
![Page 7: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/7.jpg)
Symmetric Key Cryptography
Alice and Bob want to communicate securely.1. Alice & Bob agree on a crypto algorithm
2. Alice & Bob agree on a key
3. Alice encrypts message with the key
4. Alice sends ciphertext to Bob
5. Bob decrypts with the key and reads the message
![Page 8: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/8.jpg)
Symmetric Key Cryptography
Alice Bob
Key: KMessage: MCiphertext: C = E
K(M)
Key: KCiphertext: CMessage: M = D
K(C) = D
K(E
K(M))
C
![Page 9: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/9.jpg)
Symmetric Key CryptographyAttacks
Passive attack:
Eve can only try a ciphertext only attack
Eve can attempt to determine the key during the key exchange
Active attack:
Intercept Alice's message and substitute his own
Break communication channel
Cheaters:
Alice can give the key to Eve, so Eve can read Bob's message
![Page 10: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/10.jpg)
One-Way Hash functions
One-way functionsNo inverse (known to exist)
Hash functionNo known collisions
Variable length inputs
Fixed length outputs
![Page 11: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/11.jpg)
Message Authentication Code
Uses a secret key
One-way hash of both the pre-image and the secret keyK = symmetric key
M = Message
MAC = H(EncK(M))
Only those who have the key K can calculate H(EncK(M).
![Page 12: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/12.jpg)
Public-Key Cryptography
Public key and private key
Each player has their own key pair
Computationally intensive
Vulnerable to chosen-plaintext attacks
Very difficult to deduce the private key from the public key
![Page 13: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/13.jpg)
Public-Key Cryptography
Let:
Pr = Alice's private key
Pu = Alice's public key
(Pr, Pu) is the key pair, and must go together.
M = Plaintext from Bob
Ciphertext C = EPu
(M) is calculated by Bob with Alice's public
key.
Only Alice has access to her private key. Thus only she can calculate
the plaintext M = DPr
(EPu
(M)).
![Page 14: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/14.jpg)
Public-Key Cryptography
Alice Bob
Message: MCiphertext: C = E
BPu(M)
Key pair: BPu, BPrCiphertext: CMessage: M = D
BPr(C) = D
BPr(E
BPu(M))
C
BPu
![Page 15: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/15.jpg)
Digital Signatures
Authentic
Not forgeable
Not reusable
Unalterable
Cannot be repudiated
![Page 16: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/16.jpg)
Digital Signatures with Symmetric Crypto
Alice wants to sign a digital message and send it to Bob with Trent's help.
1. Alice/Trent key, KA. Bob/Trent key, K
B.
2. Alice encrypts her message to Bob with KA and sends it to Trent.
3. Trent decrypts the message with KA.
4. Trent encrypts Alice's message to Bob along with a message that it is from Alice.
5. Trent sends the encrypted bundle to Bob.
6. Bob decrypts the bundle with KB. Bob can read Alice's message along with
Trent's certification.
![Page 17: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/17.jpg)
Digital SignaturesPublic-Key Crypto
Alice wants to sign a digital message and send it to Bob without Trent's help
1. Alice's public key, KA-pu
, private key, KA-pr
..
2. Alice encrypts her document with her private key, KA-pr
.
3. Alice sends the signed document to Bob.
4. Bob decrypts the document with KA-pu
, thereby verifying the signature.
![Page 18: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/18.jpg)
Digital Signatures Public-Key Crypto & Hash Functions
Alice wants to sign a large digital message and send it to Bob without the public-key's compute hit.
1. Alice's public key, KA-pu
, private key, KA-pr
..
2. Alice produces a one-way hash of her document.
3. Alice encrypts the hash with her private key, KA-pr
.
4. Alice sends the document and the encrypted hash to Bob.
5. Bob decrypts the hash with KA-pu
, calculates the hash of the
document himself and compares them, thereby verifying the signature.
![Page 19: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/19.jpg)
Digital SignaturesVulnerabilities
Alice can cheat.She can sign a document.
She can claim that her private key was compromised.
Time stamps help.
Escrow agents are expensive.
Tamper resistant modules.
![Page 20: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/20.jpg)
Random Sequence Generators
Pseudo-random generatorLooks random:
Passes all of the statistical tests.
Cryptographically Secure
![Page 21: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/21.jpg)
Cryptographically SecureRandom Sequence Generators
It is unpredictable.Computationally infeasible to predict what the
next random bit will be given complete knowledge of the algorithm and all previous bits.
It cannot be reliably reproduced.
![Page 22: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/22.jpg)
Basic Protocols Chapter 3
Protocols• Key Exchange
• Authentication and key exchange
• Secret splitting
• Secret sharing
![Page 23: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/23.jpg)
Key Exchange with Symmetric Crypto
1. Alice/Trent key, KA. Bob/Trent key, K
B.
2. Alice calls Trent and requests a session key to communicate with Bob.
3. Trent generates a random session key.
4. Trent encrypts the session key with KA and encrypts another copy with K
B.
5. Trent sends both copies to Alice.
6. Alice decrypts her copy with KA and sends Bob his copy.
7. Bob decrypts his copy with KB.
8. Alice and Bob can communicate securely with the shared session key.
![Page 24: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/24.jpg)
Key Exchangewith Public-Key Crypto
1. Bob sends Alice his public key, Pu.
2. Alice generates a random session key, K.
3. Alice encrypts K using Bob's public key, EPu
(K).
4. Alice sends EPu
(K) to Bob.
5. Bob decrypts Alice's message using his private key,
DPr
(EPu
(K)) = K.
6. Alice and Bob encrypt their communications using the same session key, K.
![Page 25: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/25.jpg)
Authentication
• Passwords and pass phrases• Dictionary attacks
• Hashed passwords subject to dictionary attacks
• Salted passwords
• Public key encryption• Requires key pairs
• Key management
![Page 26: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/26.jpg)
AuthenticationPublic Key Encryption
1. Host sends Alice a random string.
2. Alice encrypts with her private key and sends it back to the host along with her name.
3. Host looks up Alice's public key and decrypts the messsage.
4. If the message matches the string the host sent Alice then the host permits access to Alice.
![Page 27: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/27.jpg)
Key Exchange with Authentication
• All involve a trust intermediary –Trent
• All subject to man in the middle attack
• Want to be sure you know who you are talking to.
![Page 28: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/28.jpg)
Kerberos
Guarding the Gates of Hell.No one leaves.
![Page 29: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/29.jpg)
Authentication & Key ExchangeKerberos
• Maintained by MIT
• Up to version 5-1.10.3 - Release 1.9.4
• Strong authentication
• Uses symmetric key encryption
• Uses a trusted intermediary
![Page 30: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/30.jpg)
Authentication & Key ExchangeKerberos
Alice Bob
TrentA = Alice's IDB = Bob's IDK
AT = Alice/Trent symmetric key
KBT
= Bob/Trent symmetric key
KAT
KBT
![Page 31: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/31.jpg)
Alice sends message to Trent
Alice Bob
TrentA = Alice's IDB = Bob's ID
A, B
![Page 32: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/32.jpg)
Trent responds to Alicewith info for Alice and Bob
Alice Bob
TrentA = Alice's IDB = Bob's ID
Trent generates:TS = Time stampL = Lifetime for the keyK
AB = Session key
M1 = (TS, L, K
AB, A)
M2 = (TS, L, K
AB, B)
EKAT
(M2)
EKBT
(M1)
![Page 33: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/33.jpg)
Alice gets message from Trent
Alice Bob
TrentA = Alice's IDB = Bob's ID
Trent generates:TS = Time stampL = Lifetime for the keyK
AB = Session key
M1 = (TS, L, K
AB, A)
M2 = (TS, L, K
AB, B)
EKAT
(M2)
EKBT
(M1)
Alice calc's DKAT
(EKAT
(M2)). She now knows
TS, L, KAB
, B and EKBT
(M1) which she cannot decrypt.
Alice also calc's EKAB
(A, TS).
![Page 34: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/34.jpg)
Alice sends message to Bob
Alice Bob
TrentA = Alice's IDB = Bob's ID
Trent generates:TS = Time stampL = Lifetime for the keyK
AB = Session key
M1 = (TS, L, K
AB, A)
M2 = (TS, L, K
AB, B)
EKAT
(M2)
EKBT
(M1)
Alice calc's DKAT
(EKAT
(M2)). She now knows
TS, L, KAB
, B and EKBT
(M1) which she cannot decrypt.
Alice also calc's EKAB
(A, TS).
EKAB
(A, TS), EKBT
(M1)
Bob calc's DKBT
(EKBT
(M1)). He now
knows TS, L, KAB
, A. He can also
calc DKAB
(EKAB
(A, TS)).
![Page 35: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/35.jpg)
Bob gets message from Alice and replies to Alice
Alice Bob
TrentA = Alice's IDB = Bob's ID
Trent generates:TS = Time stampL = Lifetime for the keyK
AB = Session key
M1 = (TS, L, K
AB, A)
M2 = (TS, L, K
AB, B)
EKAT
(M2)
EKBT
(M1)
Alice calc's DKAT
(EKAT
(M2)). She now knows
TS, L, KAB
, B and EKBT
(M1) which she cannot decrypt.
Alice also calc's EKAB
(A, TS).
EKAB
(A, TS), EKBT
(M1)
Bob calc's DKBT
(EKBT
(M1)). He now
knows TS, L, KAB
, A. He can also
calc DKAB
(EKAB
(A, TS)).
EKAB
(A, TS + 1)
![Page 36: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/36.jpg)
Secret Splitting Protocol
Secret splitting• Split a message up into n-pieces
• Give each to a person
• The message can be read only if all n-people put their pieces together
![Page 37: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/37.jpg)
Secret Splitting Protocol
1. Trent wants send a message to Alice and Bob that they can only read together.
2. Trent generates a random bit string R, the same length as the message, M.
3. Trent XOR's M with R to generate S.
M R = S
4. Trent gives R to Alice and S to Bob.
5. Alice and Bob XOR their pieces together to reconstruct the message:
R S = R M R = M
![Page 38: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/38.jpg)
Secret Splitting Protocol n – parties
1. Trent generates random bit strings R1, ... R
n-1 the same length
as the message, M.
2. Trent XOR's M with R1, ... R
n-1 to generate R
n.
M + R1+ ... + R
n-1 = R
n
3. Trent gives Ri to Alice
i.
4. The Alicei's XOR their pieces together to reconstruct the
message:
R1+ ... + R
n = M
![Page 39: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/39.jpg)
Secret Sharing Protocol n – parties
Goal: To share a message among 5 people so that any 3 can reconstruct the message.
Threshold Scheme: (m, n) – threshold scheme.A message is divided into n pieces called shadows or shares so that any m of them can be used to reconstruct the original message.
![Page 40: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/40.jpg)
Intermedate Protocols Chapter 4
• Time Stamping
• Subliminal Channels
• Bit Commitment
![Page 41: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/41.jpg)
Time Stamping
Goals:• The document itself must be time stamped.
• Impossible to change any part of the document without it being apparent.
• Impossible to timestamp the document with a date/time different from the present one.
![Page 42: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/42.jpg)
Time Stamping
Arbitrated Solution:1.Alice transmits a copy of the document to Trent
2.Trent records the date/time he received the document and retains a copy of the document for safekeeping.
Storage problems
Privacy problems
![Page 43: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/43.jpg)
Time Stamping
Improved Arbitrated Solution:1.Alice produces a one-way hash of the document.
2.Alice transmits the hash to Trent
3.Trent appends the date/time he received the hash onto the hash.
H(M) | dtg
4.Trent signs the rersult.E
Tpri (H(M) | dtg)
5.Trent sends the result back to Alice.
![Page 44: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/44.jpg)
Subliminal Channels
• Secret messages sent within other messages
• Often within the digital signature of an innocuous message
• Useful enough for a lot of work to be done in this area
![Page 45: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/45.jpg)
Computing with Encrypted Data
• Alice wants to calculate f(x) on Bob's machine.• Alice does not want Bob to know x.
• You want to know the value of your portfolio without the news service knowing what your portfolio is.
![Page 46: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/46.jpg)
Bit Commitment
• Alice picks a winner for tomorrow's race.
• Alice doesn't want Bob to know.
• Bob doesn't want Alice to be able to change her choice tomorrow.
![Page 47: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/47.jpg)
Bit Commitment
1. Bob generates a random-bit string, R, and sends it to Alice.
2. Alice creates a message of her commitment, b and R.
3. Alice generates a random key, K, and encrypts Rb with it and sends the result to Bob. Result is E
K(R,b)
4. Later Alice sends Bob the key, K.
5. Bob decrypts the message and checks his random string.
![Page 48: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/48.jpg)
Zero-Based KnowledgeProblem
Zero-Knowledge Protocol• Alice knows a secret
• Alice wants to prove to Bob she knows the secret
• Alice does not want to reveal the secret to Bob.
![Page 49: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/49.jpg)
Zero-Knowledge Protocol
Alice claims she knows the secret combination to the door in the back of the cave. She wants to prove so to Bob.
1. Bob stands at point A.
2. Alice goes to point C or D.
3. Bob goes to B and asks Alice come out of the cave either on the left or the right.
4. Alice complies using her secret combination if she has to.
5. Repeat n times until Bob is convinced.
![Page 50: Protocols Chapter 2](https://reader035.vdocuments.mx/reader035/viewer/2022062517/56812dd3550346895d931b1c/html5/thumbnails/50.jpg)
Zero-Knowledge Protocol
A
B
C D