This action might not be possible to undo. Are you sure you want to continue?

Welcome to Scribd! Start your free trial and access books, documents and more.Find out more

0

Written by John Clark and Jeremy Jacob

Presented by Brian Sierawski

Overview

• Background • Cryptography • Forms of Attack

hosts. processes referred to as principals • Goal: Want to be sure that a received message has been created recently by the principal who claims to have send it .Background • Term: Users.

Overview • Background • Cryptography • Forms of Attack .

Cryptography • Cryptography is fundamental to authentication • Cryptographic algorithm converts plaintext to unintelligible ciphertext • Encryption depends on key .

E(Kab : Na) – A sends B an identifier with an encrypted nonce . A B : A. S for server. B. Z for attacker • Z(A) denotes Z acting as A • Na refers to a number generated by A • Eg.Notation • E(K : M) denotes M encrypted with key K • Principals are capital letters A.

Symmetric Key Cryptography • The encryption key K and decryption key K-1 are easily obtainable from each other • Anyone in possession of they key may read or create ciphertexts => key must be shared secret between principals • Kab denotes key for communication between principals A and B .

Symmetric Key Cryptography • Classical Cryptography – Substitution cipher: substitutes a ciphertext character for a plaintext character – Transposition cipher: shuffles plaintext characters • Modern Cryptography – Block cipher – Stream cipher .

RC4. FEAL-N. RC2.Block Cipher • Encrypts a block of 64 or 128 bits at a time • DES encrypts 56 bits (at insistence of NSA) which is insufficient to modern day attacks • Other block ciphers: MADRYGA. NEWDES. IDEA .

Modes of Block Ciphers • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Cipher Feedback Mode (CFB) .

Electronic Code Book (EBC) • Simplest mode • Consecutive blocks of plaintext are encrypted => identical blocks of plaintext are always encrypted in the same way • Problem 1: Analyst may be able to build up a codebook of plaintext-ciphertext pairs • Problem 2: Possible to replace an encrypted block with another .

Cipher Block Chaining (CBC) • Block i of plain text is XORed with block i .1 of ciphertext then encrypted • Choosing different initial block I will create different ciphertexts • Problem: Should initial block be sent in clear or encrypted? .

Cipher Feedback mode (CFB) • Useful to transmit data less than block size • Process: – – – – Shift register initialized Contents encrypted as a block Leftmost byte XORed with plaintext data Ciphertext pushed on right end of register .

Stream Ciphers • Encrypt one bit of plaintext at a time • Generate bit stream and XOR successive bits with successive bits of plaintext Internal State Key Next-State Function Output Function Ki Pi Ci .

Symmetric Key Without Trusted Third Party • ISO One-pass Symmetric Key Unilateral Authentication Protocol –A B : Text2. B. Text1) • Text2 identifies sender • Timestamp or nonce prevent replay attacks • B’s identity included as sole receiver . E(Kab : [Ta | Na].

B. E(Kbs:Kab.1) • Problem: Freshness Attacks . A)) (3) A B : E(Kbs:Kab. Na (2) S A : E(Kas:Na. B. Kab. A) (4) B A : E(Kab:Nb) (5) A B : E(Kab:Nb .Symmetric Key With Trusted Third Party • Eg. Needham Schroeder Symmetric Key Authentication: – – – – – (1) A S : A.

Public Key Cryptography • No shared secret. each principal A is associated with key pair (Ka. • 1024 bit key recommended . Ka-1) • Only public key revealed • Encryption with Ka-1 and decryption with Ka guarantees authenticity.

Public Key Cryptography • Problem: RSA is 100x slower than DES • => Exchanging symmetric keys through public key cryptography good idea! • Typically a trusted server S called certification authority stores public keys and distributes them under Ks-1 .

Overview • Background • Cryptography • Forms of Attack .

Freshness Attack • Occurs when a message is recorded and replayed • Needham Schroeder protocol weak – (3) A B : E(Kbs:Kab. A) – Old key K’ab may have been compromised .

A.Kab).A.Kab) (4) B A : M.M.B.Kab) • Attack – (1) A Z(B) : M.E(Kas:Na.E(Kas:Na.A.A.E(Kas:Na.Type Flaws • Arises when recipient accepts a message as valid but imposes different interpretation • Otway-Rees protocol – – – – (1) A B : M.A.M.B) – (4) Z(B) A : M.E(Kbs:Nb.B) (3) S B : M.A.Na.E(Kbs:Nb.B.B) (2) B S : M.B.E(Kas:Na.M.B).E(Kas.E(Kas:Na.B) .M.M.A.A.

2) A Z(B) : E(Kab : Na + 1) (1.Parallel Session Attacks • Occurs when two or more protocol runs are executed concurrently and messages from one are used to form messages in another – (1) A B : E(Kab : Na) – (2) B A : E(Kab : Na + 1) • Attack – – – – (1.1) Z(B) A : E(Kab : Na) (2.1) A Z(B) : E(Kab : Na) (2.2) Z(B) A : E(Kab : Na + 1) .

1) – If Nb is odd.Implementation Dependent Attacks • Stream Ciphers (Needham Schroeder) – (4) B A : E(Kab : Nb) – (5) A B : E(Kab : Nb . A) • A can masquerade as C . Nb .1 has good chance of being formed by flipping last cipher bit – Changing Identity • Same attack on A B : E(Kbs : Kab.

Implementation Dependent Attacks • Cipher Block Chaining – Cut and Paste P1 P2 P3 P4 P5 C0 C1 C2 C3 C4 C5 P’1 P’2 P’3 P’4 C’0 C’1 C’2 C’3 C’4 C0 C1 C2 C3 C’2 C’3 C’4 P1 P2 P3 X P’3 P’4 – Random jibberish X may be expected .

P1 has now been easily replaced with W • In Needham Schroeder the first block is the nonce! .Implementation Dependent Attacks – Initialization Attacks • • • • • • Given ciphertext C0C1 and known P1 Decryption alg: P1 = C0 dk(C1) Desired block value W = W P1 P1 W = W P1 (C0 dk(C1) W = C’0 dk(C1) where C’0 = W P1 C0 Without knowing they key.

S. Nc (2. E(Kas-1 : AS. S. Kz) .2) Z(AS) C : AS. Kz) (1. Nc – (2) AS C : AS. Ks) • Leads to the following problem – – – – (1.1) Z(C) AS : C.Binding Attack • A simple public key distribution – (1) C AS : C. E(Kas-1 : AS.1) C Z(AS) : C. C. Z. Nc. C. Nc. Nc (2. Nc. C.2) AS Z(C) : AS. E(Kas-1: AS.

Conclusions • Even though protocols have few messages. construction is complex • The whole system is important • Need tool support for rigorous development and analysis of protocols .

- Survey on Mobile Phones
- Survey Form
- QS Survey
- The Results of Survey (1)
- Ruskie Zycie Cost
- Teologia Del Reino
- 04. Surveying
- Cooper&Schindler_Chap11 Survey Methods
- Survey _ Qualtrics Survey Software
- Corporate Readiness of Freshers_MBAs on Written Communication Skills - Google Forms
- 04-1. Surveying 2010
- Clickstream Q3 2014
- Survey Cards
- Like Rt Scale Examples
- Melaka Waterwheel (Responses)
- Survey 1
- Survey of Molecular Techniques
- Survey
- Survey
- Bm Survey Result
- survey
- PDF Excel Peer Pressure
- 04. Surveying 2010
- Survey on Quality Mean Colleges
- Ivy Tech to Indiana University Northwest Equivalency Guide
- transfer lin
- Book1
- City of Arvada 2010 Budget
- Transfer of Sentenced Persons Agreement

Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

We've moved you to where you read on your other device.

Get the full title to continue

Get the full title to continue listening from where you left off, or restart the preview.

scribd