protocols and practices in using encryption chapter 4

11

CHAPTER 4CHAPTER 4

PROTOCOLS & PRACTICES PROTOCOLS & PRACTICES IN USING ENCRYPTIONIN USING ENCRYPTION

22

IntroductionIntroduction

What is a protocol?What is a protocol?

Protocol is an orderly sequence of steps two or Protocol is an orderly sequence of steps two or more parties take to accomplish some task.more parties take to accomplish some task.

Everyone using a protocol must agree to the Everyone using a protocol must agree to the protocol before using it.protocol before using it.

People use protocols to regulate behavior for People use protocols to regulate behavior for mutual benefit.mutual benefit.

33

IntroductionIntroduction

Good protocol has the following characteristics:Good protocol has the following characteristics:(1)(1) Established in advanceEstablished in advance: the protocol is : the protocol is

completely designed before it is used.completely designed before it is used.(2)(2) Mutually subscribedMutually subscribed: All parties to the protocol : All parties to the protocol

agree to follow its steps, in order.agree to follow its steps, in order.(3)(3) UnambiguousUnambiguous: No party can fail to follow a : No party can fail to follow a

step properly because the party has step properly because the party has misunderstood the step.misunderstood the step.

(4)(4) CompleteComplete: For every situation that can occur : For every situation that can occur there is a prescribe action to be taken.there is a prescribe action to be taken.

44

Types of ProtocolsTypes of Protocols

There are three types of protocols:There are three types of protocols:

Arbitrated protocolsArbitrated protocols

Adjudicated protocolsAdjudicated protocols

Self-enforcing protocolsSelf-enforcing protocols

55


Arbitrated ProtocolsArbitrated Protocols

Arbitrator is a disinterested 3Arbitrator is a disinterested 3rdrd party trusted to party trusted to complete a transaction between two distrusting complete a transaction between two distrusting parties.parties.

Example: Buying and selling cars – banker or Example: Buying and selling cars – banker or lawyer is the arbitrator.lawyer is the arbitrator.

In computer protocol, an arbitrator is a In computer protocol, an arbitrator is a trustworthy 3trustworthy 3rdrd party who ensures fairness. It party who ensures fairness. It might be a person, a program or a machine.might be a person, a program or a machine.

66

Arbitrated ProtocolsArbitrated Protocols

77


Arbitrated computer protocols have several Arbitrated computer protocols have several

disadvantages:disadvantages:

The two sides may not be able to find a neutral 3The two sides may not be able to find a neutral 3rdrd party party that both sides trust. Suspicious users are rightfully that both sides trust. Suspicious users are rightfully suspicious of an unknown arbiter in a network.suspicious of an unknown arbiter in a network.

Maintaining the availability of an arbiter represents a cost Maintaining the availability of an arbiter represents a cost to the users or the network, that cost may be high.to the users or the network, that cost may be high.

For these reasons, an arbitrated protocol is avoided if possible!

88


Arbitrated computer protocols have several Arbitrated computer protocols have several

disadvantages:disadvantages:

Arbitration causes a time delay in communication Arbitration causes a time delay in communication because a third party must receive, act on and then because a third party must receive, act on and then forward every transaction.forward every transaction.

If the arbitration service is heavily used, it may If the arbitration service is heavily used, it may become a bottleneck in the network as many users become a bottleneck in the network as many users try to access a single arbiter.try to access a single arbiter.

Secrecy becomes vulnerable, because the arbiter Secrecy becomes vulnerable, because the arbiter has access to much sensitive information.has access to much sensitive information.

For these reasons, an arbitrated protocol is avoided if possible!

99


Adjudicated ProtocolsAdjudicated Protocols

The idea of adjudicator is similar to arbiter. The idea of adjudicator is similar to arbiter.

With an adjudicated protocol enough data is With an adjudicated protocol enough data is available for a disinterested 3available for a disinterested 3rdrd party to judge party to judge fairness based on the evidence. fairness based on the evidence.

Not only can 3Not only can 3rdrd party determine whether two party determine whether two disputing parties acted fairly that is within the disputing parties acted fairly that is within the rules of the protocol but the 3rules of the protocol but the 3rdrd party can also party can also determine who cheated.determine who cheated.

1010


Adjudicated ProtocolsAdjudicated Protocols

Adjudicated protocols involve the services of a Adjudicated protocols involve the services of a 33rdrd party only in a case of a dispute. party only in a case of a dispute.

Therefore, they are usually less costly in terms Therefore, they are usually less costly in terms of machine time or access to a trusted 3of machine time or access to a trusted 3 rdrd party party software judge than arbitrated protocols. software judge than arbitrated protocols.

However, adjudicated protocols detect a failure However, adjudicated protocols detect a failure to cooperate only after the failure has occurred. to cooperate only after the failure has occurred.

1111

Adjudicated ProtocolAdjudicated Protocol

1212

Types of ProtocolTypes of Protocol

Self-Enforcing ProtocolsSelf-Enforcing ProtocolsA self-enforcing protocol is one that guarantees A self-enforcing protocol is one that guarantees fairness. fairness. If either party tries to cheat, that fact becomes If either party tries to cheat, that fact becomes evident to the other party.evident to the other party.No outsider is needed to ensure fairness. No outsider is needed to ensure fairness. Obviously, self-enforcing protocols are Obviously, self-enforcing protocols are preferable to the other types.preferable to the other types.However, there is not a self-enforcing protocol However, there is not a self-enforcing protocol for every situation. for every situation.

1313

Self-Enforcing ProtocolSelf-Enforcing Protocol

1414

Protocol to Solve ProblemsProtocol to Solve Problems

Cryptographic algorithms rely on the property Cryptographic algorithms rely on the property that it is easy to encrypt and decrypt messages that it is easy to encrypt and decrypt messages with the appropriate keys but very hard to find with the appropriate keys but very hard to find keys.keys.

Therefore key management is really, really Therefore key management is really, really important!!!important!!!

1515

Symmetric Symmetric

P --------------------P --------------------RR

C = E(M, K)C = E(M, K)

M = D(C, K)M = D(C, K)

1616

AssymmetricAssymmetric

P----------------------------P----------------------------RR

C = E(M, RC = E(M, Rpubpub))

M = D(C, RM = D(C, Rprivpriv))

M = D[E(M, RM = D[E(M, Rpubpub) R) Rprivpriv)])]

1717

AssymmetricAssymmetric

P -------------------------P ------------------------- R R

ConfidentialityConfidentiality– D[E(M, RD[E(M, Rpubpub), R), Rprivpriv]]

AuthenticationAuthentication– D[E(M, Ppriv), PD[E(M, Ppriv), Ppubpub]]

1818


Several protocols developed for key distribution:Several protocols developed for key distribution:

Symmetric key exchange with serverSymmetric key exchange with server

Symmetric key exchange without serverSymmetric key exchange without server

Asymmetric key exchange with serverAsymmetric key exchange with server

Asymmetric key exchange without serverAsymmetric key exchange without server

1919


Assume that two users already each have a copy of a Assume that two users already each have a copy of a symmetric (secret) encryption key K known only to them symmetric (secret) encryption key K known only to them – small messages is ok to use K.– small messages is ok to use K.

But for greater security, they can agree to change keys But for greater security, they can agree to change keys on a frequent basis even as often as a different key for on a frequent basis even as often as a different key for each message.each message.

To do this, either one can generate a fresh key called To do this, either one can generate a fresh key called KKNEWNEW, encrypt it under K and send to the other., encrypt it under K and send to the other.

K is called the “master key”K is called the “master key”

KKNEWNEW is called the “traffic” or “session” key. is called the “traffic” or “session” key.


2020

Block replay attackAssume two bank use fixed format on electronic exchange

name of depositor account no transfer amount

Suppose outsiders (Tipah) able to tap the data channel between these banks.The first day, Tipah has his bank transfer $10 on his behalf from one bank to another. (Tipah has account with both banks). The next day she does the same thing but the amount is $20.

Why Knew?

2121

Assume that both transmissions were sent under the same encryption key.

Tipah would noticed that the first two blocks encrypted were the same. So she know that the first two blocks are her name and her account no. The only different is the third block (the amount of money).

2222

By inserting data onto the transmission line, Tipah can now replace any person and account number with his own name and account number, leaving the amount alone.

Tipah does not need to know who should be getting the money or how much is being obtained; Tipah simply changes name and account no to his own and watches the balance in his account grow.

In ease, the interceptor does not necessarily have to break the encryption.

2323


Symmetric key exchange with serverSymmetric key exchange with server

i. Please give me a key to communicate with Renee

ii. Here’s a key for you and a copy for Renee

iii. Renee, the distribution center gave me this key for our private communication.

Renee

Pablo

Distribution Centre

2424


Disadvantage of this approach:Disadvantage of this approach:Two users must both share one key that is Two users must both share one key that is unique to them.unique to them.Other pairs of users need unique keys and Other pairs of users need unique keys and in general n users need n(n-1)/2.in general n users need n(n-1)/2.Eg. 5 users –> 5(5-1)/2 = 10 keys.Eg. 5 users –> 5(5-1)/2 = 10 keys.


2525

IssuesIssues

1.1. E(M, Rpub) – slow.E(M, Rpub) – slow.

2.2. E(Knew, Rpub) – no authentication.E(Knew, Rpub) – no authentication.

Protocols to Solve ProblemsProtocols to Solve Problems


2626

Protocols to Solve ProblemsProtocols to Solve Problems

Suppose Pablo and Reene want to exchange a message, each has a Suppose Pablo and Reene want to exchange a message, each has a public/private key pair and each has access to the others public key. public/private key pair and each has access to the others public key. Denote Ppub –> Pablo public key and Ppriv –> Pablo private key.Denote Ppub –> Pablo public key and Ppriv –> Pablo private key.Rpub -> Renee public key and Rpriv -> Renee private key.Rpub -> Renee public key and Rpriv -> Renee private key.Pablo can send E(Knew, Rpub) directly to Reene.Pablo can send E(Knew, Rpub) directly to Reene.But how sure that E(Knew, Rpub) is from Pablo? Reene couldn’t tell that.But how sure that E(Knew, Rpub) is from Pablo? Reene couldn’t tell that.So to improve better – Pablo sends to Reene E(E(Knew, Ppriv), Rpub)So to improve better – Pablo sends to Reene E(E(Knew, Ppriv), Rpub)


2727

Protocol to Solve ProblemsProtocol to Solve ProblemsAsymmetric key exchange with serverAsymmetric key exchange with server

1. Please give me Renee’s Public Key

2. Here is Renee Public Key

3. I’m Pablo, Lets talk

4. Please give me Pablo’s Public Key

5. Here is Pablo’s Public Key

6. Renee here what’s up?

7. How are you

Distribution Centre

Renee

Pablo

2828


Distribution Center (DC)How do DC deals with keys? – publish its own public key widely – anybody wish to register, deliver the key and personal identity under the DC keyCan have more than one center:– as backup, overload, if it doesn’t have the key, request from

other DC– performance, size, reliability– must be available any time

So, what gives us confidence that the keys registered are authentic?? That is, they belong to the people whose identification are associated.

2929


CertificateDevelop ways for two people to establish trust without having both parties to be present.Trust coordinated => Certificate Authority

Advantages and Disadvantages of Key DistributionOperational Restriction – availability of DCTrust – who must be trustedProtection from failure – anybody impersonate any entitiesEfficient Protocol – use several time-consuming steps for one-time use (establish an encryption key)Protocol – easy to implement or not (computer implementation vs manual use)

3030

Digital SignatureDigital Signature

A Digital Signature is a protocol that produces the same effect as a real signature.It has the following characteristics:– Authentic : the recipient believes the signer

deliberately signed the document– Unforgeable : the signature proves that the signer

and nobody else signed the document– Single purpose : the signature is attached to the

document and cannot be moved to a different one– Unalterable : after it has been signed, the document

can no longer be changed.– Unrepudiable : after the fact, the signer cannot

successfully deny having signed the document.

3131

How does Digital Signature Works?How does Digital Signature Works?

Refer to extra notes…

protocols and practices in using encryption chapter 4

Technology

protocolsadjudicated

ain computer protocol

party hasstep

types of protocolstypes

rdrd party trusted toparty

unknown arbiter

single arbiter

distrusting parties