protocols and practices in using encryption chapter 4
TRANSCRIPT
11
CHAPTER 4CHAPTER 4
PROTOCOLS & PRACTICES PROTOCOLS & PRACTICES IN USING ENCRYPTIONIN USING ENCRYPTION
22
IntroductionIntroduction
What is a protocol?What is a protocol?
Protocol is an orderly sequence of steps two or Protocol is an orderly sequence of steps two or more parties take to accomplish some task.more parties take to accomplish some task.
Everyone using a protocol must agree to the Everyone using a protocol must agree to the protocol before using it.protocol before using it.
People use protocols to regulate behavior for People use protocols to regulate behavior for mutual benefit.mutual benefit.
33
IntroductionIntroduction
Good protocol has the following characteristics:Good protocol has the following characteristics:(1)(1) Established in advanceEstablished in advance: the protocol is : the protocol is
completely designed before it is used.completely designed before it is used.(2)(2) Mutually subscribedMutually subscribed: All parties to the protocol : All parties to the protocol
agree to follow its steps, in order.agree to follow its steps, in order.(3)(3) UnambiguousUnambiguous: No party can fail to follow a : No party can fail to follow a
step properly because the party has step properly because the party has misunderstood the step.misunderstood the step.
(4)(4) CompleteComplete: For every situation that can occur : For every situation that can occur there is a prescribe action to be taken.there is a prescribe action to be taken.
44
Types of ProtocolsTypes of Protocols
There are three types of protocols:There are three types of protocols:
Arbitrated protocolsArbitrated protocols
Adjudicated protocolsAdjudicated protocols
Self-enforcing protocolsSelf-enforcing protocols
55
Types of ProtocolsTypes of Protocols
Arbitrated ProtocolsArbitrated Protocols
Arbitrator is a disinterested 3Arbitrator is a disinterested 3rdrd party trusted to party trusted to complete a transaction between two distrusting complete a transaction between two distrusting parties.parties.
Example: Buying and selling cars – banker or Example: Buying and selling cars – banker or lawyer is the arbitrator.lawyer is the arbitrator.
In computer protocol, an arbitrator is a In computer protocol, an arbitrator is a trustworthy 3trustworthy 3rdrd party who ensures fairness. It party who ensures fairness. It might be a person, a program or a machine.might be a person, a program or a machine.
66
Arbitrated ProtocolsArbitrated Protocols
77
Types of ProtocolsTypes of Protocols
Arbitrated computer protocols have several Arbitrated computer protocols have several
disadvantages:disadvantages:
The two sides may not be able to find a neutral 3The two sides may not be able to find a neutral 3rdrd party party that both sides trust. Suspicious users are rightfully that both sides trust. Suspicious users are rightfully suspicious of an unknown arbiter in a network.suspicious of an unknown arbiter in a network.
Maintaining the availability of an arbiter represents a cost Maintaining the availability of an arbiter represents a cost to the users or the network, that cost may be high.to the users or the network, that cost may be high.
For these reasons, an arbitrated protocol is avoided if possible!
88
Types of ProtocolsTypes of Protocols
Arbitrated computer protocols have several Arbitrated computer protocols have several
disadvantages:disadvantages:
Arbitration causes a time delay in communication Arbitration causes a time delay in communication because a third party must receive, act on and then because a third party must receive, act on and then forward every transaction.forward every transaction.
If the arbitration service is heavily used, it may If the arbitration service is heavily used, it may become a bottleneck in the network as many users become a bottleneck in the network as many users try to access a single arbiter.try to access a single arbiter.
Secrecy becomes vulnerable, because the arbiter Secrecy becomes vulnerable, because the arbiter has access to much sensitive information.has access to much sensitive information.
For these reasons, an arbitrated protocol is avoided if possible!
99
Types of ProtocolsTypes of Protocols
Adjudicated ProtocolsAdjudicated Protocols
The idea of adjudicator is similar to arbiter. The idea of adjudicator is similar to arbiter.
With an adjudicated protocol enough data is With an adjudicated protocol enough data is available for a disinterested 3available for a disinterested 3rdrd party to judge party to judge fairness based on the evidence. fairness based on the evidence.
Not only can 3Not only can 3rdrd party determine whether two party determine whether two disputing parties acted fairly that is within the disputing parties acted fairly that is within the rules of the protocol but the 3rules of the protocol but the 3rdrd party can also party can also determine who cheated.determine who cheated.
1010
Types of ProtocolsTypes of Protocols
Adjudicated ProtocolsAdjudicated Protocols
Adjudicated protocols involve the services of a Adjudicated protocols involve the services of a 33rdrd party only in a case of a dispute. party only in a case of a dispute.
Therefore, they are usually less costly in terms Therefore, they are usually less costly in terms of machine time or access to a trusted 3of machine time or access to a trusted 3 rdrd party party software judge than arbitrated protocols. software judge than arbitrated protocols.
However, adjudicated protocols detect a failure However, adjudicated protocols detect a failure to cooperate only after the failure has occurred. to cooperate only after the failure has occurred.
1111
Adjudicated ProtocolAdjudicated Protocol
1212
Types of ProtocolTypes of Protocol
Self-Enforcing ProtocolsSelf-Enforcing ProtocolsA self-enforcing protocol is one that guarantees A self-enforcing protocol is one that guarantees fairness. fairness. If either party tries to cheat, that fact becomes If either party tries to cheat, that fact becomes evident to the other party.evident to the other party.No outsider is needed to ensure fairness. No outsider is needed to ensure fairness. Obviously, self-enforcing protocols are Obviously, self-enforcing protocols are preferable to the other types.preferable to the other types.However, there is not a self-enforcing protocol However, there is not a self-enforcing protocol for every situation. for every situation.
1313
Self-Enforcing ProtocolSelf-Enforcing Protocol
1414
Protocol to Solve ProblemsProtocol to Solve Problems
Cryptographic algorithms rely on the property Cryptographic algorithms rely on the property that it is easy to encrypt and decrypt messages that it is easy to encrypt and decrypt messages with the appropriate keys but very hard to find with the appropriate keys but very hard to find keys.keys.
Therefore key management is really, really Therefore key management is really, really important!!!important!!!
1515
Symmetric Symmetric
P --------------------P --------------------RR
C = E(M, K)C = E(M, K)
M = D(C, K)M = D(C, K)
1616
AssymmetricAssymmetric
P----------------------------P----------------------------RR
C = E(M, RC = E(M, Rpubpub))
M = D(C, RM = D(C, Rprivpriv))
M = D[E(M, RM = D[E(M, Rpubpub) R) Rprivpriv)])]
1717
AssymmetricAssymmetric
P -------------------------P ------------------------- R R
ConfidentialityConfidentiality– D[E(M, RD[E(M, Rpubpub), R), Rprivpriv]]
AuthenticationAuthentication– D[E(M, Ppriv), PD[E(M, Ppriv), Ppubpub]]
1818
Protocol to Solve ProblemsProtocol to Solve Problems
Several protocols developed for key distribution:Several protocols developed for key distribution:
Symmetric key exchange with serverSymmetric key exchange with server
Symmetric key exchange without serverSymmetric key exchange without server
Asymmetric key exchange with serverAsymmetric key exchange with server
Asymmetric key exchange without serverAsymmetric key exchange without server
1919
Protocol to Solve ProblemsProtocol to Solve Problems
Assume that two users already each have a copy of a Assume that two users already each have a copy of a symmetric (secret) encryption key K known only to them symmetric (secret) encryption key K known only to them – small messages is ok to use K.– small messages is ok to use K.
But for greater security, they can agree to change keys But for greater security, they can agree to change keys on a frequent basis even as often as a different key for on a frequent basis even as often as a different key for each message.each message.
To do this, either one can generate a fresh key called To do this, either one can generate a fresh key called KKNEWNEW, encrypt it under K and send to the other., encrypt it under K and send to the other.
K is called the “master key”K is called the “master key”
KKNEWNEW is called the “traffic” or “session” key. is called the “traffic” or “session” key.
Symmetric key exchange without serverSymmetric key exchange without server
2020
Block replay attackAssume two bank use fixed format on electronic exchange
name of depositor account no transfer amount
Suppose outsiders (Tipah) able to tap the data channel between these banks.The first day, Tipah has his bank transfer $10 on his behalf from one bank to another. (Tipah has account with both banks). The next day she does the same thing but the amount is $20.
Why Knew?
2121
Assume that both transmissions were sent under the same encryption key.
Tipah would noticed that the first two blocks encrypted were the same. So she know that the first two blocks are her name and her account no. The only different is the third block (the amount of money).
2222
By inserting data onto the transmission line, Tipah can now replace any person and account number with his own name and account number, leaving the amount alone.
Tipah does not need to know who should be getting the money or how much is being obtained; Tipah simply changes name and account no to his own and watches the balance in his account grow.
In ease, the interceptor does not necessarily have to break the encryption.
2323
Protocol to Solve ProblemsProtocol to Solve Problems
Symmetric key exchange with serverSymmetric key exchange with server
i. Please give me a key to communicate with Renee
ii. Here’s a key for you and a copy for Renee
iii. Renee, the distribution center gave me this key for our private communication.
Renee
Pablo
Distribution Centre
2424
Protocol to Solve ProblemsProtocol to Solve Problems
Disadvantage of this approach:Disadvantage of this approach:Two users must both share one key that is Two users must both share one key that is unique to them.unique to them.Other pairs of users need unique keys and Other pairs of users need unique keys and in general n users need n(n-1)/2.in general n users need n(n-1)/2.Eg. 5 users –> 5(5-1)/2 = 10 keys.Eg. 5 users –> 5(5-1)/2 = 10 keys.
Symmetric key exchange without serverSymmetric key exchange without server
2525
IssuesIssues
1.1. E(M, Rpub) – slow.E(M, Rpub) – slow.
2.2. E(Knew, Rpub) – no authentication.E(Knew, Rpub) – no authentication.
Protocols to Solve ProblemsProtocols to Solve Problems
Asymmetric key exchange without serverAsymmetric key exchange without server
2626
Protocols to Solve ProblemsProtocols to Solve Problems
Suppose Pablo and Reene want to exchange a message, each has a Suppose Pablo and Reene want to exchange a message, each has a public/private key pair and each has access to the others public key. public/private key pair and each has access to the others public key. Denote Ppub –> Pablo public key and Ppriv –> Pablo private key.Denote Ppub –> Pablo public key and Ppriv –> Pablo private key.Rpub -> Renee public key and Rpriv -> Renee private key.Rpub -> Renee public key and Rpriv -> Renee private key.Pablo can send E(Knew, Rpub) directly to Reene.Pablo can send E(Knew, Rpub) directly to Reene.But how sure that E(Knew, Rpub) is from Pablo? Reene couldn’t tell that.But how sure that E(Knew, Rpub) is from Pablo? Reene couldn’t tell that.So to improve better – Pablo sends to Reene E(E(Knew, Ppriv), Rpub)So to improve better – Pablo sends to Reene E(E(Knew, Ppriv), Rpub)
Asymmetric key exchange without serverAsymmetric key exchange without server
2727
Protocol to Solve ProblemsProtocol to Solve ProblemsAsymmetric key exchange with serverAsymmetric key exchange with server
1. Please give me Renee’s Public Key
2. Here is Renee Public Key
3. I’m Pablo, Lets talk
4. Please give me Pablo’s Public Key
5. Here is Pablo’s Public Key
6. Renee here what’s up?
7. How are you
Distribution Centre
Renee
Pablo
2828
Protocol to Solve ProblemsProtocol to Solve Problems
Distribution Center (DC)How do DC deals with keys? – publish its own public key widely – anybody wish to register, deliver the key and personal identity under the DC keyCan have more than one center:– as backup, overload, if it doesn’t have the key, request from
other DC– performance, size, reliability– must be available any time
So, what gives us confidence that the keys registered are authentic?? That is, they belong to the people whose identification are associated.
2929
Protocol to Solve ProblemsProtocol to Solve Problems
CertificateDevelop ways for two people to establish trust without having both parties to be present.Trust coordinated => Certificate Authority
Advantages and Disadvantages of Key DistributionOperational Restriction – availability of DCTrust – who must be trustedProtection from failure – anybody impersonate any entitiesEfficient Protocol – use several time-consuming steps for one-time use (establish an encryption key)Protocol – easy to implement or not (computer implementation vs manual use)
3030
Digital SignatureDigital Signature
A Digital Signature is a protocol that produces the same effect as a real signature.It has the following characteristics:– Authentic : the recipient believes the signer
deliberately signed the document– Unforgeable : the signature proves that the signer
and nobody else signed the document– Single purpose : the signature is attached to the
document and cannot be moved to a different one– Unalterable : after it has been signed, the document
can no longer be changed.– Unrepudiable : after the fact, the signer cannot
successfully deny having signed the document.
3131
How does Digital Signature Works?How does Digital Signature Works?
Refer to extra notes…