Cryptography and security

1
Cryptography and security

• Privacy/confidentiality
• Encryption, chapter 1,3,5,6

• Integrity
• Message digest/MAC, chapter 4

• Authentication
• Digital signature, chapter 7

• Non-repudiation
• Undeniable signature, chapter 7 (not covered)

2
Contents of textbook not covered

• Chapter 2
• information and entropy theory
• Chapter 3
• Generic substitution permutation networks
• Linear and differential analysis (of DES)
• Chapter 4
• Random Oracle model and algorithm
• Unconditional secure MACs

3
Contents of textbook not covered

• Chapter 5
• Primality testing
• Factoring algorithms

4
Secure Group Communications (SGC)

• Introduction
• ?Secure group communication (SGC)
• ?Problem setting
• Group key management for SGC
• ? (Centralized) Key tree approach
• ? N-party Diffie-Hellman key agreement

5
IntroductionSecure group communication

• A large group of users
• with common interests communicate with one
  another
• Examples
• Teleconferencing
• Pay-TV
• VPN (Virtual Private Network)
• Electronic newspaper distribution

MSU
WSU
Internet
Internet
UNL
UCD
6
Enabling technology

• Network connectivity (Internet, Internet 2)

• IP multicast
• Cryptosystems
• ?public key systems such as RSA, ElGmal
• ?Secret key systems such as DES, IDEA
• Key management protocols

Multicast packet
Multicast capable router
7
Application requirements

• Scalability large group sizes
• Dynamics Join, Leave, Multiple join and leave
  operation.
• Distributed (no central control)
• Efficiency and limited overhead
• Authentication

8
Group key management

• A Group key
• Communication encrypted by group key
• Join key changes to allow the joining user to
  decrypt the future messages (but not previous
  messages!)
• Leave key changes to prevent the leaving user
  from decrypting the future messages

9
Classification of key manage-ment protocols for
SGC

• Broadcast (one-to-many) versus Conference
  (many-to-many)
• Centralized versus distributed (CA selected group
  key versus uniformly contributory group key)
• Unconditionally secure versus computationally
  secure
• Public-key based versus secret-key based
• Protocols Naïve protocol, Secure lock, RPS,
  STB, CBT, a suite of dynamic conference
  protocols, Iolus, DEP, OFT, Key-tree DISEC, a
  suite of n-party Diffie-Hellman protocols.

10
Key management protocol? Naïve solution

• Join
• ?Select a new group key
• ?Encrypt it with the old key and send to
  group
• ?Send it to the joining user
• ?Rekeying messages O(1)
• Leave
• ? Select a new group key
• ? Send it to remaining users one by one
• ?Rekeying messages O(n)
• Problem Scalability (when users leave)

11
Key management protocol? key tree solution

• A central group controller
• Key tree Wong 98, Caronni 98, Noubir 98
• Users located on leaf nodes
• A user has the keys from its leaf to the root
• Root key is shared by all users and is the group
  key
• DEK data encryption key
• KEK key encryption key

K0-7(DEK)
K0-3(KEK)
K4-7(KEK)
K0-1
K2-3
K4-5
K6-7
K0
K1
K2
K3
K4
K5
K6
m0
m1
m2
m3
m4
m5
m6
Users
12
Effect of user join operation

• The keys along the path need to be changed
• Every changed key is encrypted with each of its
  two childrens keys separately and sent to the
  group
• Starting from the immediate parent to the root
• ?change the key
• ?encrypt with each childs key and send
  to the group
• ?consider parent node
• Rekeying messagesO(1)?log(n)

K0-7(DEK)
K0-3(KEK)
K4-7(KEK)
K0-1
K2-3
K4-5
K6-7
K0
K1
K2
K3
K4
K5
K6
K7
m0
m1
m2
m3
m4
m5
m6
m7
A user joins
13
Effect of user leave operation

• The keys along the path need to be changed
• Every changed key is encrypted with each of its
  two childrens keys (except the leaving users
  key) separately and sent to the group
• Starting from the immediate parent to the root
• ?change the key
• ?encrypt with each childs key and
  send to the group
• ?consider parent node
• Rekeying messagesO(n)?log(n)

K0-7(DEK)
K0-3(KEK)
K4-7(KEK)
K0-1
K2-3
K4-5
K6-7
K0
K1
K2
K3
K4
K5
K6
m0
m1
m2
m3
m4
m5
m6
m3 leaves
14
Effect of multiple join operation

• Place the joining users at the positions of
  unoccupied leaf nodes, expanding key tree, if
  needed.
• Shared keys only change once
• Original users m1,m2,m3
• Three users join, placed in positions 2,4,5 and
  expanding the key tree (right sub-tree)

K0-7(DEK)
K0-3(KEK)
K4-7(KEK)
K0-1
K2-3
K4-5
K0
K1
K2
K3
K4
K5
m0
m1
m2
m3
m4
m5
Three users join, expand the key tree
15
Effect of multiple join and leave operation

• Place the joining user at the positions of the
  leaving users
• Shared keys only change once
• Users m2,m4,m5 leave and two users join
• Call both a join and a leave a update

K0-7(DEK)
K0-3(KEK)
K4-7(KEK)
K0-1
K2-3
K4-5
K6-7
K0
K1
K2
K3
K4
K5
K6
m0
m1
m2
m3
m4
m5
m6
M2
M4
16
N-party Diffie-Hellman key agreement

• (Centralized) key distribution
• A central authority distributes group key(s) to
  group members
• Distributed key agreement
• The group key is agreed upon all members uniform
  contribution.
• N-party Diffie-Hellman key exchange
• Distributed n-party Diffie-Kellman key tree

17
Secret sharing

• Question a map to an island full of treasure,
  who will keep the map?

Split the map into 2 pieces, each one keeps one
piece.
Secret sharing Given a secret s, n parties to
share the secret such that 1. All n parties can
get together and recover s. 2. Less than n
parties can not recover s.
Principle split s into n pieces, given one piece
to each party
18
Secret sharing

• Partial Information Disclosure
• if split in an inappropriate way, information
  about the secret will disclosure.
• Example about splitting a password.
• A secure split for binary string secret.

(n,t) Secret Sharing Problem with (n,n) secret
sharing, example for 3 generals to launch a
missile. therefore let t lt n
19
(n,t) Secret Sharing

• Given a secret s, split among n parties
• Availability greater than or equal to t parties
  can recover s.
• Confidentiality less than t parties have no
  information about s.
• Examples
• (n,2) secret sharing, a random line passing s

• (n,3) secret sharing, a random curve passing
  s

• (n,t) secret sharing, a random polynomial in
• variable x with degree t-1 and having s as
• constant item.

20
Symmetric polynomial and dynamic conference

• F(x1,,xt)?i10,,w ?it0,,w ai1itx1i1xtit
• where t variables, w security parameter,
  and
• ai1ita?(i1) ?( it) for all permutation ?
  of (i1,,it)
• Dynamic conference protocol such that any subset
  of size t in n users can communicate securely
• By introducing dummy users, any subset of any
  size in n users can communicate securely.