Agenda

1
Agenda

• Course high-lights
• Symmetric and asymmetric cryptography
• Digital signatures and MACs
• Certificates
• Protocols
• Interactive
• Non-interactive
• Smart-cards

2
Symmetric vs. asymmetric cryptography

• Symmetric ciphers sender and recipient use the
  same key
• Dkey(Ekey(m)) m
• Substitution cipher is an example of a symmetric
  cipher
• Impractical for big systems number of keys is
  quadratic in the number of users
• The solution asymmtric algorithms. Think of a
  locked mailbox! Different keys for encryption and
  decryption
• Dprivate key(Epublic key(m)) m

3
Hash functions

• A hash function computes a fixed length value
  from a variable length source
• Example Check sums in communication protocols
• Indices in databases
• More convenient to handle a hash of a document
  instead of the document itself
• We will consider cryptographically secure hash
  functions.

4
Properties of good hash functions

• Let H be a hash function
• One-way
• Given v, unfeasible to compute an x such that
  H(x) v
• Collision-free
• Infeasible to find x1 and x2 such that H(x1)
  H(x2) and x1 ? x2

5
Digital signatures

• Used to ensure authenticity.
• A digital signatures binds a document to a
  person.
• In a public key infrastructure (PKI), a person
  produces a digital signature using his private
  key
• The signature can be verified using the public
  key.

6
Use of a digital signature
Signer
Verifier
Document
Document
Signature generation
Signature
Signature verification
OK / not OK
Public key
Private key
7
Message Authentication Codes

• Digital signatures requires public/private keys
• The same functionality can be achieved with
  symmetric keys
• Called MAC Message Authentication Code
• Signer and verifier uses the same key
• Question What are the advantages compared to
  digital signatures? What are the disadvantages?

8
Two simple MACs

• Let Ekey, Dkey be a symmetric cipher, and let H
  be a hash function. Let m be the message to MAC
  and let k be the symmetric key.
• First proposition Compute a hash of the document
  and encrypt it
• Ek(H(m))
• Second proposition Concatinate the message and
  the key and compute the hash
• H(m ? k)

9
Interactive Protocol
TCP/IP
User(pu, su)
Web server
Users public key pu
Generates symmetric key k
Symmetric key k encrypted under pu
Decrypts k using su
Communication encrypted under k
10
User(pu, su)
Man in the middle(pm, sm)
Web server
Users public key pu
Replaces pu with his own pm
pm
Generates symmetric key k
Decrypts k using sm and reencrypts using pu
Symmetric key k encrypted under pm
Symmetric key k encrypted under pu
Decrypts k using su
Communication encrypted under k
11
Public key certificates

• A public key certificate consists of
• A public key
• Information on the owner
• Name, address, photograph, finger-print, credit
  card number, etc.
• A signature on the above data by a trusted party
• Trusted party could be the government, a bank,
  etc.

Users public key
Identification data
Digital signature by CA
Public information
Users Private key
Private information
12
Certificate chains

• Certificates can be chained
• Each certificate in the chain is signed with the
  private key of the certificate above.
• If the user knows the root certificate, he can
  verify that each step is valid.
• Using chains, the CA can outsource signing to
  other organizations it trusts without giving away
  its private key.

13
Certificate chains

• The end user certificates are verified by
  following the chain up to the root certificate
  authority (CA)
• If every step in the chain is valid, the end user
  certificate is considered valid.

14
SSL/TLS

• SSL (Secure Socket Layer) and TLS (Transport
  Layer Security) are standards for how to secure
  TCP/IP communications
• TLS is a layer on top of the TCP layer

15
TLS
Not secure
Secure
HTTP
HTTP
TLS
TCP
TCP
IP
IP
16
TLS Handshake
ClientHello
ServerHello
Certificate
ServerKeyExchange
ServerHelloDone
ClientKeyExchange
ChangeCipherSpec
Finished
ChangeCipherSpec
Finished
Server
Client
17
Non-interactive protocols

• For interactive protocols, the symmetric key is
  decided in the handshake. For non-interactive
  protocols, this must be solved in another way.
• The key cannot be negotiated.
• Encrypt a session key using the recipients public
  key.

18
Session key in non-interactive protocols

• For non-interactive protocols, the sender
  generates a session key.
• The session key is encrypted using the
  recipients public key.
• Recipients public key must be known in advance.
• The message is encrypted with the (symmetric)
  session key. The encrypted message consists of
  the encrypted session key and the cipher text.
• The recipient decrypts the session key with his
  private key and decrypts the message.

19
Pretty Good Privacy

• Protocol overview
• Symmetric session key encrypted with asymmetric
  key
• Key management
• Distributed, non-centralized
• Trust model
• Web of trust
• Introducers

20
Password generated keys problems and solutions

• Password generated keys suffer from the same
  general problem as passwords for authentication.
• Number of passwords is relatively small
  possible to create a list with all possible
  passwords and corresponding keys.
• Use a salt to avoid dictionary attacks.
• Make key generation slow, to make brute-force
  attacks more time consuming.

21
Generating keys

• Key generation requires a good source of random
  bits
• Bad key material makes system vulnerable to
  attacks. Has been done in practice.
• Hardware generators provide the best source.
• For end-user applications - some user interaction
  can be used (mouse movement, key strokes, etc.)
• Using system time for high security requirements
  is a bad idea!
• For high-security applications, key generation
  should take place in a closed environment.

22
Distributing symmetric keys

• Symmetric keys are very sensitive and must be
  distributed with great care.
• Depending on how valueable the key is, different
  approaches are possible.
• Send the key to recipient by physically secure
  means, e.g., by courier, by registered mail etc.
• If a common key exists, send the new key
  encrypted under the common key.
• Split the key into components and send the key
  components with different security officers.

23
What Is a Smart-Card

• A smart-card is a small computer
• Often placed on a credit-card sized plastic card
• Can have contacts or be contact-less
• Has a well-defined interface
• Can have secret information that is protected
  from direct access
• First appeared in the 1970s

24
Advantages with Smart-Cards

• Can have secret data
• Data used for internal computations and never
  revealed in clear
• Example PIN and keys can be stored on card
• Can process data and save information
• Count transactions
• Check PIN and count unsuccessful tries
• Different behavior depending on geographic
  location
• Cryptographic functions
• Uses the secret keys