CSCE 313 Lecture 26

From Notes
Jump to navigation Jump to search

« previous | Thursday, April 26, 2012 | next »


Private Key Exchange: Diffie Hellman

  1. Alice and Bob agree on a large prime and "primitive root" (these need not be secret)
  2. Alice and Bob privately pik random integer and , respectively
  3. Alice and Bob exchange and , respectively
  4. Alice and Bob privately compute and , respectively

since

Scheme can be broken if Eve succeeds to solve the equation for ("the discrete logarithm base of modulo "). The only way to do this is to brute fore it, and even then, there are an infinite number of solutions.

Authentication

Primitives: sign() and verify()

  1. Who is making the request? (authentication)
  2. Is the received message the same as the sent message? (integrity)
  3. How do I build an audit trail (accountability)

all of these are different problems to solve

Integrity Attacks

Alice wants to "Transfer $100 from account to account "

Man in middle can modify, replay, reorder, or append.

Model

Sign uses and Verify uses Message and authentication are sent together.

  • Symmetric Encryption (): is "message authenticator"
  • Asymmetric Encryption (): is "signature"


Public Key Distribution

How does Bob learn Alice's key? (public, shared)

Certificates

  1. Alice sends a message and a signature to Bob: { m, sign(m, k[A][priv]) }
  2. Bob wonders What is Alice's public key (to verify signature) and asks Charles (certificate authority such as VeriSign, Comodo, GoDaddy, etc.)
  3. Charles looks up Alice's public key and sends it in its own message: { m="k[A][pub] = X", sign(m, k[C][priv])
  4. Bob already has Charles' public key and is able to verify that the key is actually Alice's key.

Closer Look

  1. Alice tells Charles that she is going to talk to Bob.
  2. Charles sends certificates for Alice and Bob: { A, k[A][pub], TS }^k[C][priv] and { B, k[B][pub], TS }^k[c][priv]
  3. Alice sends certificate and the proposed key to Bob: {A, k[A][pub], TS }^k[C][priv] (certificate), { {kAB, TS}^k[A][priv] }^k[B][pub] (proposed key)

Problem:

  1. We assume Bob has Charles' key { C, k[C][pub], TS }^k[C][priv]
  2. Bob masquerades as Alice for Charles: { A, k[A][pub], TS }^k[C][priv]

Message 3 from above does not specify the recipient.


SSL

Secure Socket Layer

One of the most widely used encryption protocols; used in HTTP, IMAP, FTP, etc. (add "S" for "secure" or "over SSL": HTTPS, IMAPS, SFTP)

Client and server negotiate a symmetric key that they will use for the length of the data session.

  1. connection establishment phase (← SSL happens here)
  2. data transfer

Connection Establishment Procedure

  1. Client sends request to server containing
    • SSL version
    • connection preferences
    • nonce (i.e. a random number)
  2. Server chooses among preferences and sends reply containing
    • chosen preferences
    • nonce
    • public-key certificate (signed by trusted authority)
  3. Client uses certification authority's public key to check authenticity of server's public key
  4. Server requests public key of client and similarly verifies it (optional)
  5. Client chooses randeom number (premaster secret), encrypts it with server's public key, and sends it to server.
  6. Both parties compute session key (used during data transfer) based on premaster secret and the two nonces.
    • This session key is never transferred between the client and the server.