the pennsylvania state university cse597b: special topics in network and systems security the...
TRANSCRIPT
![Page 1: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/1.jpg)
The Pennsylvania State University
CSE597B: Special Topics in Network and Systems Security
The Miscellaneous
Instructor: Sencun Zhu
![Page 2: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/2.jpg)
The Pennsylvania State University 2
Appetizer
• Ten scientists are working on a secret project. They wish to lock up the documents in a cabinet so that the cabinet can be opened if and only if five or more of the scientists are present.– What is the smallest number of locks
needed? – What is the smallest number of keys to the
locks each scientist must carry?
![Page 3: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/3.jpg)
The Pennsylvania State University 3
Outline
• A little maths– Group, ring, (finite) field– Increasing importance in cryptography– AES, Elliptic Curve, Threshold Cryptography
• Secret sharing and threshold cryptography – Based on slides by Prof. Helger Lipmaa, Helsinki
University of Technology
• Design rules
![Page 4: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/4.jpg)
The Pennsylvania State University 4
Group
• G, a set of elements or “numbers” • Obeys:
– Closure: if a and b belong to G, a . B is also in G
– associative law: (a.b).c = a.(b.c) – has identity e: e.a = a.e = a – has inverses a-1: a.a-1 = e
• if commutative a.b = b.a – then forms an abelian group
![Page 5: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/5.jpg)
The Pennsylvania State University 5
Cyclic Group
• Define exponentiation as repeated application of operator– example: a3 = a.a.a
• Let identity e be: e=a0
• A group is cyclic if every element is a power of some fixed element– i.e. b = ak for some a and every b in
group
• a is said to be a generator of the group
![Page 6: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/6.jpg)
The Pennsylvania State University 6
Ring• R, a set of “numbers” with two operations,
addition and multiplication:– an abelian group with addition operation – closure under multiplication– associative under multiplication– distributive law: a(b+c) = ab + ac
• if multiplication operation is commutative, it forms a commutative ring
• if multiplication operation has inverses and no zero divisors, it forms an integral domain
![Page 7: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/7.jpg)
The Pennsylvania State University 7
Field
• F, a set of numbers with two operations:– F is an integral domain– Multiplicative inverse
• For each a in F, except 0, there is an element a-
1 in F such that a a-1 = a-1 a =1
• In essence, a field is a set in which we can do addition, subtraction, multiplication, and division without leaving the set– Division: a/b = a b-1
![Page 8: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/8.jpg)
The Pennsylvania State University 8
Galois Fields
• Finite fields (known as Galois fields) play a key role in cryptography
• Theorem: the number of elements in a finite field must be a power of a prime pn, denoted as GF(pn)
• In particular often use the fields:– GF(p)– GF(2n)
![Page 9: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/9.jpg)
The Pennsylvania State University 9
Galois Fields GF(p)
• GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p
• these form a finite field– since have multiplicative inverses
• hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)
![Page 10: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/10.jpg)
The Pennsylvania State University 10
Keep Secrets on a Computer• Very difficult• Wiping state
– Easier in C/C++, difficult in Java
• Swap file– Virtual memory
• Caches– Keep copies of data
• Data retention by memory– SRAM/DRAM could learn and remember data
• Access by others• Data integrity
![Page 11: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/11.jpg)
The Pennsylvania State University 11
Key Storage
• Reliability and confidentiality of important data:– Information can be secured by encryption– After that, many copies of the ciphertext
can be made
• How to secure the secret key?– Encrypting of key — vicious cycle– Replicating key — insecure
• Idea: distribute the key to a group, s.t. nobody by itself knows it
![Page 12: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/12.jpg)
The Pennsylvania State University 12
Secret Sharing:More Motivations
• USSR: At least two of the three nuclear buttons must have been pressed simultaneously
• Any other process where you might not trust a single authority
• Threshold cryptography– Computation can be performed in a distributed
way by “trusted” subsets of parties
• Verifiable SS: One can verify that inputs were shared correctly
![Page 13: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/13.jpg)
The Pennsylvania State University 13
Secret Sharing Schemes: Definition
• A dealer shares a secret key among n parties
• Each party i in [1, n] receives a share
• Predefined groups of participants can cooperate to reconstruct the shares
• Smaller subgroups cannot get any information about the secret
![Page 14: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/14.jpg)
The Pennsylvania State University 14
(k, n)-threshold schemes
• A dealer shares a secret key between n parties
• Each party i in [1, n] receives a share
• A group of any k participants can cooperate to reconstruct the shares
• No group of k-1 participants can get any information about the secret
![Page 15: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/15.jpg)
The Pennsylvania State University 15
A Bad Example
• Let K be a 100-bit block cipher key. – Share it between two parties– Giving to both parties 50 bits of the key
• Why is this bad?– The requirement ‘Smaller subgroups cannot get
any information about the secret’ is violated
• Ciphertext-only attack– Both participants can recover the plaintext by
themselves, by doing a (2^50)-time exhaustive search
![Page 16: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/16.jpg)
The Pennsylvania State University 16
(2, 2)-threshold scheme
• Let s G be a secret from group (G, +). Dealer chooses a uniformly random s1 G and lets s2 = s – s1
• The two shares are s1 and s2
• Given s1 and s2 , one can successfully recover s = s1 + s2
• Given only s1, s2 is random, vice versa
– Pr[s = k | s2 ] = Pr[s1 = k - s2 | s2 ] = 2^|G | for any k
![Page 17: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/17.jpg)
The Pennsylvania State University 17
(n, n)-threshold scheme
![Page 18: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/18.jpg)
The Pennsylvania State University 18
Shamir’s (k,n) Threshold Scheme
• Mathematical basis
![Page 19: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/19.jpg)
The Pennsylvania State University 19
Shamir’s (k,n) Threshold Scheme
• Dealing phase
![Page 20: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/20.jpg)
The Pennsylvania State University 20
Shamir’s (k,n) Threshold Scheme
![Page 21: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/21.jpg)
The Pennsylvania State University 21
Shamir’s (k,n) Threshold Scheme
![Page 22: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/22.jpg)
The Pennsylvania State University 22
Illustration
![Page 23: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/23.jpg)
The Pennsylvania State University 23
Shamir’s Scheme: Efficiency
![Page 24: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/24.jpg)
The Pennsylvania State University 24
Shamir’s Scheme: Flexibility
![Page 25: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/25.jpg)
The Pennsylvania State University 25
Remarks
![Page 26: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/26.jpg)
The Pennsylvania State University 26
Design Rules• Design rules:
– Complexity is the worst energy of security• There are no secure complex systems
– Correctness must be a local property• every part of the system should behave
correctly regardless of how the rest of the system works
– For a security level of n bits, every cryptographic value should be at least 2n bits long
• Due to collision attacks
– Reliability• Do not assume message reliability
– TCP cannot prevent active attacks
![Page 27: The Pennsylvania State University CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu](https://reader036.vdocuments.net/reader036/viewer/2022062423/5697c0081a28abf838cc6f02/html5/thumbnails/27.jpg)
The Pennsylvania State University 27
Presentation
• Two presentations each class– Let us first see how it will be going
• Time– 30~35 minutes/person, including random interruption– Do not exceed
• How to give a good talk– http://www.info.ucl.ac.be/people/PVR/giving_talk.ps
• How to give a bad talk– http://www.eecs.berkeley.edu/~messer/Bad_talk.html