CSCE 313 Lecture 26

From Notes
Jump to navigation Jump to search

« previous | Thursday, April 26, 2012 | next »


Private Key Exchange: Diffie Hellman

  1. Alice and Bob agree on a large prime Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle m} and "primitive root" Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle g \pmod{m}} (these need not be secret)
  2. Alice and Bob privately pik random integer Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle x} and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle y} , respectively
  3. Alice and Bob exchange Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle X=g^x \pmod{m}} and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle Y=g^y \pmod{m}} , respectively
  4. Alice and Bob privately compute Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k = Y^x \pmod{m}} and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k' = X^y \pmod{m}} , respectively

Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k = k' \pmod{m}} since Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k' = x^y = (g^x)^y = g^{xy} = g^{yx} = (g^y)^x = Y^x = k \pmod {m}}

Scheme can be broken if Eve succeeds to solve the equation Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle g^x = X \pmod{m}} for Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle x} ("the discrete logarithm base Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle g} of Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle X} modulo Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle m} "). The only way to do this is to brute fore it, and even then, there are an infinite number of solutions.

Authentication

Primitives: sign() and verify()

  1. Who is making the request? (authentication)
  2. Is the received message the same as the sent message? (integrity)
  3. How do I build an audit trail (accountability)

all of these are different problems to solve

Integrity Attacks

Alice wants to "Transfer $100 from account Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle X} to account Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle Y} "

Man in middle can modify, replay, reorder, or append.

Model

Sign uses Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k_1} and Verify uses Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k_2} Message Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle m} and authentication Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle A(m)} are sent together.

  • Symmetric Encryption (Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k_1 = k_2} ): Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle A(m)} is "message authenticator"
  • Asymmetric Encryption (Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k_1 \ne k_2} ): Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle A(m)} is "signature"
    • Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle A(m) = \mathrm{Hash}(m)^{k_{A,priv}}}


Public Key Distribution

How does Bob learn Alice's key? (public, shared)

Certificates

  1. Alice sends a message and a signature to Bob: { m, sign(m, k[A][priv]) }
  2. Bob wonders What is Alice's public key (to verify signature) and asks Charles (certificate authority such as VeriSign, Comodo, GoDaddy, etc.)
  3. Charles looks up Alice's public key and sends it in its own message: { m="k[A][pub] = X", sign(m, k[C][priv])
  4. Bob already has Charles' public key and is able to verify that the key is actually Alice's key.

Closer Look

  1. Alice tells Charles that she is going to talk to Bob.
  2. Charles sends certificates for Alice and Bob: { A, k[A][pub], TS }^k[C][priv] and { B, k[B][pub], TS }^k[c][priv]
  3. Alice sends certificate and the proposed key to Bob: {A, k[A][pub], TS }^k[C][priv] (certificate), { {kAB, TS}^k[A][priv] }^k[B][pub] (proposed key)

Problem:

  1. We assume Bob has Charles' key { C, k[C][pub], TS }^k[C][priv]
  2. Bob masquerades as Alice for Charles: { A, k[A][pub], TS }^k[C][priv]

Message 3 from above does not specify the recipient.


SSL

Secure Socket Layer

One of the most widely used encryption protocols; used in HTTP, IMAP, FTP, etc. (add "S" for "secure" or "over SSL": HTTPS, IMAPS, SFTP)

Client and server negotiate a symmetric key that they will use for the length of the data session.

  1. connection establishment phase (← SSL happens here)
  2. data transfer

Connection Establishment Procedure

  1. Client sends request to server containing
    • SSL version
    • connection preferences
    • nonce (i.e. a random number)
  2. Server chooses among preferences and sends reply containing
    • chosen preferences
    • nonce
    • public-key certificate (signed by trusted authority)
  3. Client uses certification authority's public key to check authenticity of server's public key
  4. Server requests public key of client and similarly verifies it (optional)
  5. Client chooses randeom number (premaster secret), encrypts it with server's public key, and sends it to server.
  6. Both parties compute session key (used during data transfer) based on premaster secret and the two nonces.
    • This session key is never transferred between the client and the server.
Retrieved from "https://notes.komputerwiz.net/w/index.php?title=CSCE_313_Lecture_26&oldid=1776"