??S36

About This Presentation

Title:

??S36

Description:

Elliptic Curve. V. V. ??f?a?? ?p???af?. V. ???pt????f?s? ... ?e? t??? p??t??? pa?a???t?p???t?? t?? (prime factorization), ? ????e t? n ?? n=p1e1p2e2...pkek ... – PowerPoint PPT presentation

Number of Views:34

Avg rating:3.0/5.0

Slides: 49

Provided by: yiannis5

Category:

more less

Transcript and Presenter's Notes

Title: ??S36

1
??S36 ?sf??e?a ?????f???a??? S?st?µ?t??
??. ?a?. ?. Ge?????d?? ??. ?a???? ??????? ?p. ??.
?apapa?a???t?? ???sta?t????
30/05/07
2
S??a?t?se?? S??????
?a?a?t???st???

??af????ta? ?a? ?? S??a?t?se?? ?ata?e?µat?sµ??
?pe????????? ??a µ???µa a??a??et?? µ?????
(pre-image) se ??a sta?e?? a???µ? bits
To ap?t??esµa t?? d?ad??as?a? ???µ??eta?
ap?t?p?µa, ? hash value, message digest ?
fingerprint
???????µ??
MD5 (Message Digest 5, Rivest 1991)
SHA-1 (Secure Hash Algorithm 1, NIST 1994)
RIPEMD (RACE Integrity Primitives Evaluation
Message Digest, Europe RACE Framework, 1996)

3
S??a?t?se?? S??????
?a?a?t???st???

??a s????t?s? s?????? H(x) pa???e? ap?t?p?µa h
(digital fingerprints) a??e??? x ? µ???µat?? (M)
? ????? µ??f?? ded?µ???? µe t?? e??? p???p???se??
?p??e? ?a efa?µ?ste? se tµ?µa ded?µ????
?p????d?p?te µe??????
?a???e? ???d? (s????? h) sta?e??? µ????? µ?????
?????a ?p?????s?µ? ??a d???? x ? M
G?a d???? s????? h p??pe? ?a e??a? ?p?????st???
a??f??t? ?a ί?e?e? x t?t??? ?ste H(x)h
???pe? ?a e??a? ?p?????st??? a??f??t? ?a ί?e?e?
?e???? (x,y) t?t??? ?ste H(x)H(y)
? s????? H(x) µp??e? ap?st???eta? µa?? µe t?
µ???µa ?

4
S??a?t?se?? S??????
?a?a?t???st???
? s????t?s? s?????? H(x) a?t?st???e? strings
a??a??eta µe????? (a??? sta?e???) µ????? se
???sµ???? ?a? sta?e??? µ????? strings t?? n bits.
G?a ped?a ???sµ?? D ?a? t?µ?? R H D ? R, D
gt R ? H(x) e??a? many-to-one. ?pa???
collisions (inputs µe ta?t?s?µa digests)
?e????????ta? t?? H(x) se ped?? ???sµ?? t??
t-bit (tgtn), a? ? H(x) e??a? random (??a ta
digests e??a? p??a??t??? ?s?d??aµa), t?te µ????
2t-n inputs a?t?st???????ta? se ??a digest, d??
t??a?a ep??e?µ??a inputs pa?????? t? ?d?? digest
µe p??a??t?ta 2-n (independent of t ).
5
S??a?t?se?? S??????
S?µa?t???te?e? ?d??t?te?

????d??µe? (One Way)
G???????ta? t? ap?t?p?µa (hash value) de?
µp????µe ?a ?p?????s??µe t? a????? µ???µa ?
?e?µe?? (pre-image)
?p?????st??? ??e??e?e? S??????se??
(Collision-free)
?e? µp????? ?a ί?e???? d?? d?af??et??? a?????
µ???µata (pre-images) p?? ?a d?µ???????? t? ?d??
ap?t?p?µa (hash value)

00101011001 11000100110 11001001000
Hash Function
0010011000110
hash value
pre-image
6
S??a?t?se?? S??????
???????µ?? ?ata?e?µat?sµ??

MD5 (Rivest, 1991)
??s?d? ??a µ???µa a??a???t?? µ????? ?a? pa???e?
ap?t?p?µa t?? 128-bit
??? a???? ap? t?? SHA-1
?e asf??e?a p?? aµf?sί?te?ta? ??t??a
SHA-1, NIST (1994)
??s?d? ??a µ???µa µe?????? ??? 264 bit ?a?
pa???e? ap?t?p?µa t?? 160-bit
?fa?µ???? TLS, SSL, PGP, SSH, S/MIME, ?a?
IPSec.
??sse??? e?d?se?? µe µe?a??te?? ap?t?p?µa
SHA-224, SHA-256, SHA-384, ?a? SHA-512
(a?af????ta? ?a? ?? SHA-2)
RIPEMD-160
?a???e? message digest 160-bit se de?a-e?ad???
µ??f?
?sfa??ste??? ap? t?? MD5
?p?????? e?d?se?? µe µe?a??te?? ap?t?p?µa (128,
256 and 320-bit versions)

7
S??a?t?se?? S??????
???????µ?? ?ata?e?µat?sµ?? SHA-1
??t?st???e? bitstrings µe bitlength lt264 se
16-bit digests ??p?p???se?? FIPS PUB 180-2,
Secure Hash Standard (including SHA-1, SHA-256,
) RFC 3174, US Secure Hash Algorithm 1 (SHA1)
?a?ade??µata SHA-1 hash se 43-byte ASCII
e?s?d? SHA1("The quick brown fox jumps over the
lazy dog") 2fd4e1c67a2d28fced849ee1bb76e7391b9
3eb12 ????? a??a?? (d to c) SHA1("The quick
brown fox jumps over the lazy cog")
de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3 ??
zero-length string S??1("") da39a3ee5e6b4b0d32
55bfef95601890afd80709
8
S??a?t?se?? S??????
S??a?t?se?? S?????? ?a? ???e?t???p???s?
S??
S??
??????
??????
??????
MD?M
H
S?????s?
H
MDM
MDM
A, B ???a ep????????a? S?? µ?st??? t?µ?
(p.?., password, ?µe??µ???a ?????s??) ? ????µa
p?? ???e? ?a ste??e? ? ? se ? ?p?st???a? ?
?a?a??pt?? B ?a???e? MDM H (SAB
M) ?p?st???e? ? ?a? MDM st?? B
?aµί??e? M ?a? MDM ?p??????e? MD?M H
(SAB M) S??????e? MD?M ?a?
MDM ?? ?sa t?te a?e?a??t?ta ? ?a?
a??e?t???p???s? ap?st???? ap? ?
9
???pt???af?a ??µ?s??? ??e?d???
??sa?????? St???e?a Se ??a s??µa
???pt???af?a? public-key encryption ??a ???e
?e???? encryption/ decryption (e, d), t? ??e?d? e
(public key) ???eta? d?µ?s?a d?a??s?µ?, e?? t?
??e?d? d (private key) d?at??e?ta? µ?st???. G?a
??a t?t??? s??µa p??pe? ?a e??a? ?p?????st???
a??f??t? ?a p??sd????ste? t? d ????????ta? µ???
t? e !!! ?p???????e ap? t??? Diffie ?a? Hellman
t? 1976 ???t? s??µa ??µ?s??? ??e?d??? RSA ap?
Rivest, Shamir, Adleman (1978, MIT)
10
???pt???af?a ??µ?s??? ??e?d???
??sa?????? St???e?a S?µa?t???? d?af???? se
s??s? µe t? s?µµet???? ???pt???af?a, ?st?s? a)
de? t?? a?t??at?st?se ί) de? e??a? pe??ss?te??
??te ????te?? asfa??? se ???pta????s? ap? ?) ?
d?a??µ? t?? ??e?d??? e??a? pe??ss?te??
tet??µµ???, a??? ??? ap???ste?? d) ? d?a?e???s?
??e?d??? ???eta? d?s????te??
11
???pt???af?a ??µ?s??? ??e?d???
S?stat??? ???pt???af?a? ??µ?s??? ??e?d???
?????? ?e?µe?? ? p??t??e??? µ???µa (plaintext)
???????µ?? ???pt????f?s?? (encryption algorithm)
??µ?s?? ?a? ?d??t??? ??e?d? (public/private key)
???pt????f?µa ? ???pt???af?µ??? ?e?µe??
(ciphertext) ???????µ?? ap????pt????f?s??
(decryption algorithm)
12
???pt???af?a ??µ?s??? ??e?d???

???pt???af?a
??µ?s?? ??e?d? pa?a??pt?
?d??t??? ??e?d? pa?a??pt?

13
???pt???af?a ??µ?s??? ??e?d???

???e?t???p???s? ? ??f?a?? ?p???af?
?d??t??? ??e?d? ap?st???a
??µ?s?? ??e?d? ap?st???a

14
???pt???af?a ??µ?s??? ??e?d???
?p??es?e? ???pt???af?a? ??µ?s??? ??e?d???
???pt????f?s?/ap????pt????f?s? ? ap?st???a?
???pt???afe? t? plaintext µe t? d?µ?s?? ??e?d?
t?? pa?a??pt?. ? pa?a??pt?? ap????pt???afe? t?
ciphertext µe t? ?d??t??? t?? ??e?d?, p?? µ???
a?t?? ?at??e?. ?µp?ste?t???t?ta,
a?e?a??t?ta ??f?a?? ?p???af? ? ap?st???a?
???pt???afe? (? ?p????fe?) t? plaintext µe t?
?d??t??? t?? ??e?d?, p?? µ??? a?t?? ?at??e?. ?
pa?a??pt?? ap????pt???afe? t? ciphertext µe t?
d?µ?s?? ??e?d? t?? ap?st???a. ???e?t???p???s? ??ta
??a?? ??e?d??? ?? d?? p?e???? s??e??????ta? ??a
?a a?ta??????? ??a ??e?d? s???d??. ?f?sta?ta?
a??et?? p??t?se??, p?? eµp?????? t? ? ta ?d??t???
??e?d??.
15
???pt???af?a ??µ?s??? ??e?d???
?p??es?e? ???pt???af?a? ??µ?s??? ??e?d???
???pt????f?s?/ ap????pt????f?s? ??f?a?? ?p???af? ??ta??a?? ??e?d???
Diffie-Hellman - - V
RSA V V V
DSS (DSA) - V -
Elliptic Curve V V V
16
???pt???af?a ??µ?s??? ??e?d???
???e?t???p???s? ? ??f?a?? ?p???af? µe
S????? ???pt????f?s? ?d??t??? ??e?d?
ap?st???a ?p????pt????f?s? ??µ?s?? ??e?d?
ap?st???a
?p?st???a?, ?
?a?a??pt??, ?
1
5
6
2
7
5
7a
7a
S?????
3
4
8a
8a
1 7 7 8 9 0 9
???
???
S?????
9a
9a
S?????s?
1 7 7 8 9 0 9
1 7 7 8 9 0 9
17
???pt???af?a ??µ?s??? ??e?d???
?pa?t?se?? ???pt???af?a? ??µ?s??? ??e?d???

???a? ?p?????st??? ef??t? ??a ??a µ???? ? ?a
pa???e? ??a ?e???? ??e?d??? (public key eb,
private key db)
???a? ?p?????st??? ef??t? ??a ??a? ap?st???a ?,
p?? ??????e? t? d?µ?s?? ??e?d? t?? ? ?a? t?
plaintext ? ?a d?µ??????se? t? a?t?st????
ciphertext C eb(M)
???a? ?p?????st??? ef??t? ??a ??a? pa?a??pt? B,
p?? ??????e? t? ?d??t??? t?? ??e?d? ?a? ?aµί??e?
t? ciphertext C ?a a?a?t?se? t? a????? ?e?µe?? M
?db(C)db(eb(M))
???a? ?p?????st??? a??f??t? ????????ta? µ??? t?
d?µ?s?? ??e?d? ed ?a p??sd????ste? t? ?d??t???
??e?d? db
???a? ?p?????st??? a??f??t? ????????ta? t?
d?µ?s?? ??e?d? ed ?a? t? ciphertext C ?a
p??sd????ste? t? a????? µ???µa M
?p???d?p?te ap? ta d?? ??e?d?? µp??e? ?a
???s?µ?p????e? ??a t?? ???pt????f?s? ?a? t? ????
??a t?? ap????pt????f?s?, ?t?? ?db(eb(M))eb(db(M
))

18
???pt???af?a ??µ?s??? ??e?d???

???a? block cipher
To plaintext ? ?a? t? ciphertext C e??a? a???a???
a???µ??, µe t?µ?? µeta?? 0 ?a? n-1, ??a µe???? n
S?µί???sµ??
???pt????f?s? CMe mod n
?p????pt????f?s? ?Cd mod n
??s? ? ap?st???a? ?s? ?a? ? pa?a??pt?? p??pe? ?a
????????? t?? t?µ?? t?? e ?a? n.
??t???t??, t?? t?µ? d p??pe? ?a t? ??????e? µ???
? pa?a??pt??.
????e?ta? ??a s??µa µe d?µ?s?? ??e?d? e,n ?a?
?d??t??? ??e?d? d

???????µ?? RSA
19
???pt???af?a ??µ?s??? ??e?d???
???????µ?? RSA
?a?a???? ??e?d??? ?p??e?e p??t???, µe??????, p,
q d?af??et?????, a???µ??? ?p?????se n n p x
q ?p?????se f(n) f(n)(p-1) x (q-1) ?p??e?e
a???a?? e (1lteltf(n)) gcd(f(n), e) 1 ?p?????se
d de-1mod(f(n)) ??µ?s?? ??e?d? e,n ?d??t
??? ??e?d? d
S????t?s? Euler
e, f(n) relatively prime
???s? ??t. ???. ????e?d? ?unique d
???pt????f?s? ?????? ?e?µe?? ?ltn ???pt????f?µa C
Me mod n
?p????pt????f?s? ???pt????f?µa C ?????? ?e?µe??
MCd mod n
20
???pt???af?a ??µ?s??? ??e?d???
???????µ?? RSA
?a?a???? ??e?d??? ?p??e?e p??t???, µe??????, p,
q d?af??et?????, t??a????, a???µ??? ?p?????se n lt
? n p x q ?p?????se f(n) f(n)(p-1) x
(q-1) ?p??e?e a???a?? e (1lteltf(n)) gcd(f(n), e)
1 ?p?????se d de-1mod(f(n))
p 7, q 17
S????t?s? Euler
n 119
f(n) 96
e 5
d 77
???s? ??t. ???????µ?? ????e?d? ?unique d
?st? M 19 ?p?st???a?, encryption C M e mod n
195 mod 119 66 ?a?a??pt??, decryption M C d
mod n 66 77 mod 119 19
??ad???-p???ap?as?ast??? e??et?p???s?
21
???pt???af?a ??µ?s??? ??e?d???
???????µ?? RSA

??s????a RSA ?a?a???t?p???s? ?e????? ??e?a???
(FACTORING problem)
?ed?µ???? a?e?a??? ?et???? n , ί?e? t??? p??t???
pa?a???t?p???t?? t?? (prime factorization), ?
????e t? n ?? np1e1p2e2pkek
?p?? pi, pj p??t?? µeta?? t???
?? µ???? ??e?d??? µp??e? ?a d?af??e? (s??????
t?? 1024 bits)
Variable plaintext block size
G?a ?e???? ??e?d??? public lte, ngt ?a? private
ltdgt
encryption C Me mod n, M lt n
decryption M Cd mod n
signature S Md mod n, M lt n
verification M Se mod n

22
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?

? p??t? p?a?t??? ??s? st? p??ί??µa d?a??µ??
??e?d???
???????µ?? a?ta??a??? ??e?d??? ??a d?? µ??? p??
p?t? de? ???a? st? pa?e???? se s?µf???a ?
µ???????ta? ????? µ?st??? ??e?d? ? t?µ?
???at?t?ta a?ta??a??? µ???µ?t?? ??a s?µf???a
??e?d??? (key agreement) µ?sa ap? a?asfa???
?a????
?p?te?esµat???? se pa??t???? ep???se??
(eavesdropping), a??? ??? se e?e???t????
?a???a µ???? de? ??e? e?asf???s? ??a t??
ta?t?t?ta t?? ????? (entity authentication)
??s????a ?p?????sµ?? ??a???t?? ???a???µ??

???????µ?? Diffie Hellman
23
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
???????µ?? Diffie Hellman

????? ???a???µ??? a???µ?t??? ...
?st? a???a???, p??t?? a???µ?? p
O? p??t??e???? ???a a t?? p ????eta? ? a???µ??
t?? ?p???? ?? d???µe?? t?? modulo(p) pa??????
????? t??? a???a???? ap? 1 ??? p-1
?? a e??a? p??t??e???? ???a t?? p t?te ?? a???µ??
amodp, a2modp, , ap-1modp
e??a? d?a???t?? ?a? ap?te???? t??? a???a???? ap?
1 ??? p-1
G?a ?p???d?p?te a???a?? b ?a? ??a µ?a p??t??e???
???a a e??? p??t?? p µp??e? ?a ί?e?e? µ??ad????
a???µ?? i t?t???? ?ste baimodp (0ip-1).
O i ?a?e?ta? d?a???t?? ???????µ?? ? de??t?? t??
b ??a ί?s? a ?a? modp ?a? s?µί????eta? ??
iinda,p(b)

24
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
???????µ?? Diffie Hellman

? A ?a? ? B st?????? ? ?a???a? ap? ??a µ???µa se
a????t? ?a????
?p?t??esµa ????? µ?st??? ??e?d? K ???st? sta
d?? µ??? A ?a? B
??µa 1. ?p????eta? ?a? d?µ?s??p??e?ta? p??t??
a???µ?? p ?a? µ?a p??t??e???? ???a a t?? p
??µa 2. ??µ??????a t??a??? a???µ??
? ? ep????e? ??a? t??a?? a???a?? ??, ??ltp ?a?
?p??????e? t? ??a??modp
? B ep????e? ??a? t??a?? a???a?? ?B, ?Bltp ?a?
?p??????e? t? ?Ba?Bmodp
???e p?e??? ??at? µ?st??? t?? t?µ?? ?? ?a? ?B
??µa 3. ???e p?e??? ap?st???e? st?? ???? t??
t?µ?? ?? ?a? ?B
??µa 4. ?a?a???? ??e?d???
G?a ? ?(??)??modp
G?a ? ?(??)??modp

25
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
???????µ?? Diffie Hellman
????µata A ? B ??a??modp A ? B ??a??modp
?? d?? s??se?? pa?????? t? ?d?? ap?t??esµa K
(?B)??modp (a?Bmodp)??modp (a?B)??modp
a?B??modp (a??modp)??modp (?A)?Bmodp
??a? ep?t???µe??? ??e? µ??? ta st???e?a a, p, ??
?a? ?? ??a ???pta????s?. ???a? a?a??asµ???? ?a
ί?e? ??a d?a???t? ???????µ? ??a ?a ?p?????se? t?
?. G?a pa??de??µa a? ep?te?e? st?? ? ?a p??pe?
?a ?p?????se? ?Binda,p(??) G?a µe?????? p??t???
a???µ??? (p) t? p??ί??µa ?e??e?ta? ?p?????st???
a??f??t? ?a ???e?
?a?a???? ??e?d??? A K (?B)??modp B K
(?A)?Bmodp
26
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
???????µ?? Diffie Hellman - pa??de??µa
?p???t??µe ?t? ? p??t?? a???µ?? e??a? t? p71 ?
p??t??e??? ???a e??a? a7 ?? ? ?a? B ep???????
?d??t??? ??e?d?? ??5 ?a? ?B12 ?a a?t?st???a
d?µ?s?a ??e?d?? e??a? ??a t?? A ?A 75 mod
71 51 mod 71 ??a t?? ? ?? 712 mod 71 4
mod 71 St? s????e?a a?ta???ss??? ta d?µ?s?a
??e?d?? ?A ?a? ?? ??a ?a ?p?????s??? t? ?????
??e?d? K ? K (?B)??modp (4 mod 71)5 mod 71
45 mod 71 30 mod 71 ? K (??)??modp (51
mod 71)12 mod 71 5112 mod 71 30 mod 71
27
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
???????µ?? Diffie Hellman - pa??de??µa

???et???? d?ad??as?e? a???ί?? se ???p???s?
?????ί??e?
?e? µp??e? ?a ???s?µ?p????e? ??a a??e?t???p???s?
(unauthenticated key agreement.)
??ap?te?esµat???? se e?e???t???? ep???se?? (man
in the middle attacks)
? ????? pa??e? t?? ?a?sa?a st?? St?at??? ?a? t??
St?at??? st?? ?a?sa?a

?a?sa?a? ????? ????? St?at????
???? S a, p selected ?p? K a, p selected ?p? K a, p selected ?p? K a, p selected
?p????e? ???f? ?? ?p????e? ???f? ?? ?p????e? ???f? ?? ?p????e? ???f? ?S
??a??modp ??a??modp ??a??modp ?Sa?Smodp
?? ? ? ?? ? ? ?? ? ? ?S
(??)??modp(??)??modp (??)??modp(??)??modp (??)?Smodp(?S)??modp (??)?Smodp(?S)??modp
28
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??t?µata d?a??µ?? d?µ?s??? ??e?d???

??a??µ? ??e?d??? (key distribution)
a????? ??a µ???d? p??stas?a? s??a??a??? ?a?
ep?????????? ????? ?a ??e???eta? ?a eµp?ste?esa?
??p??a ?µp?st? ???t? ??t?t?ta ??a pa?a???? t??
??e?d??? s??
???pt???af?a d?µ?s??? ??e?d??? ί????
???ί??µa 1
??? a??e?t???p??e?ta? ? s??s? µeta?? d?µ?s??? ?a?
?d??t???? ??e?d???
d??ad? ?t? ??a? ??t???? ?at??e? ?a? ta d??
???ί??µa 2
????? e??a? a?t?? ? ??t????
??s? ??f?a?? p?st?p???t???

29
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?

???p??e?ta? µe t?sse??? d?af??et????
µe??d???-a???te?t??????
??a?????s? (announcement)
?at?????? ??µ?s?a ??a??s?µ??
???? ??a?e???s?? ?a? ??a??µ?? ??µ?s??? ??e?d???
(Public-key authority)
??f?a?? ??st?p???t??? ??µ?s??? ??e?d???
(Public-key certificates)

30
???e?t???p???s? µ???d?? am1
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
Alice
Bob
Alice
Bob
Im Alice
Im Alice
Enemy
Enemy

?d??aµ?e?
?e? ?p???e? t??p?? ?a ??????e? o Bob ?t? t?
p??s?p? p?? ?ste??e t? µ???µa Im Alice e??a?
??t?? ? Alice
? Enemy µp??e? ?a a?t?????e? t?? Alice

31
???e?t???p???s? µ???d?? am2
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
Im Alice
Alice
Bob
Alice
Bob
gime passwd
passwd
Im Alice
gime passwd
passwd
Enemy
Enemy

???s???? ??d???? ep????????a?
O Bob ??t?e? µ??a ?????s??, ??d???? p??sίas??
(?t?)
?d??aµ?e?
?e? ?p???e? t??p?? ?a ??????e? o Bob ?t? t?
p??s?p? p?? ?ste??e t? µ???µa Im Alice e??a?
??t?? ? Alice
? Enemy µp??e? ?a a?t?????e? t?? Alice ?a? t?
password t??

32
???e?t???p???s? µ???d?? am2.encr
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
Im Alice
Alice
Bob
Alice
Bob
gime passwd
1qu9
Im Alice
gime passwd
1qu9
???(passwd) 1qu9
Enemy
Enemy

???s???? ??d???? ep????????a? ???pt???af?µ????
??? s?µµet???? ??e?d?
???pt????f?s? password
?d??aµ?e?
? Enemy µp??e? ?a a?t?????e? t? encrypted
password t?? Alice
???p??e? ?at?p?? replay attacks
O Bob de? µp??e? ?a ?e????se? t? a????? µ???µa
a??e?t???p???s?? t?? Alice ap? t? ?ste??
a?t???af? t?? (playback)

33
??a??µ? ??e?d??? Replay Attacks problems
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?

Ge???? p??ί??µa Replay Attacks
??a? e????? a?a?t? ta µ???µata p?? a?ta???ss??ta?
?a? ta a?aµetad?de? st? µ?????
? ???pt????f?s? de a?t?µet?p??e? t? p??ί??µa.
?pa?te?ta? e?s?µ?t?s? µ??a??sµ?? p??sd????sµ??
p??sfat?t?ta? µ???µ?t?? ap? t?? ap?st???a
freshness identifiers
??e?? t?p?? freshness identifier
nonces
timestamps
sequence numbers

34
??a??µ? ??e?d??? Replay Attacks problems
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
freshness identifiers

Nonce
???a??? a???µ??, ap??ί?ept?? ?a? µ?
epa?a???s?µ?p????µe???
Timestamps
? ap?st???a? ep?s???pte? encrypted real-time
timestamp se ???e µ???µa
? pa?a??pt?? ap????pt???afe? timestamp ?a? t?
s??????e? µe t? t?????ta ?????
?? ? d?af??? a??et? µ????, t?te ap?d??eta?
µ???µa, d?af??et??? t? ap????pte?
???ί??µa ? s???????sµ?? µeta?? sender ?a?
receiver
Sequence numbers
? ap?st???a? ep?s???pte? µ?a µ???t????? a????sa
t?µ? (counter) se ???e µ???µa, a????e? ?at? 1
µet? ap? ???e ap?st??? µ???µat?? p??? pa?a??pt?
? pa?a??pt?? apa?te?ta? ?a ??µ?ta? t?? te?e?ta?a
µ???st? t?µ? t?? counter p?? ??aίe ap? ap?st???a

35
???e?t???p???s? µ???d?? am3.singlekey (?d?a ap?
Lamport 81)
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
Im Alice
Alice
Bob
Alice
Bob
R1
???(R1)
Im Alice
R
?
Enemy
Enemy

???s???? apa?t?s?? ??a Nonce R, ?a? time-stamp
??? s?µµet???? ??e?d?
???pt????f?s? R
?d??aµ?e? ? forgery
? Enemy µp??e? ?a a?t?????e? t? encrypted R t??
Alice
Replay attacks de? µp??e? ?a a?apt??????
???? ?d?a !!!
???s? one-time-keys (µe????? a???µ?? ??e?d???
p??-s?µf??e?ta? µeta?? ? ?a? ?)

36
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?

???t?µa
?p????µe ?a ???s?µ?p???s??µe ???pt???af?a
d?µ?s??? ??e?d??? ??a a??e?t???p???s?
?? ?a?, µe p???? t??p? e?asfa?????µe
a??e?t???p???s? t?? Alice ap??a?t? st?? Bob?
?d? µ???saµe ??a t?sse??? t??p???
??a?????s?
?at?????? ??µ?s?a ??a??s?µ??
???? ??a?e???s?? ?a? ??a??µ?? ??µ?s??? ??e?d???
??f?a?? ??st?p???t??? ??µ?s??? ??e?d???
????? e??a? ap?d?t???te???
???a ta ???t???a

37
(1) ??a?????s?
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?

?? ???ste? st?????? d?µ?s?a ??e?d?? se pa?a??pte?
? ta e?p?µp??? se µ?a ?????t?ta (??e?st?) ???st??
?.?., a???t?s? ??e?d??? se news groups/email list
?????te?? ?d??aµ?a ??ast???af?a (forgery)
?p???sd?p?te µp??e? ?a d?µ??????se? ??a d?µ?s??
??e?d? ?s??????µe??? ?t? e??a? ??p???? ????? ?a?
?a t? µetad?se? ? e?p?µ?e?
????? ?a a?a?a??f?e? ? p?ast???af?a ? ???st??
e?a??????e? ?a e??a? µetaµf?esµ????
???? ad??aµ?a p???? ??e?d??? p?? ap?st?????ta?
(overhead)
???µ???s?

38
(1) ??a?????s?
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
????? ??e?d??? ?a? s?µf????? !!! ?a??de??µa ??a
Secret Keys
K8
39
(1) ??a?????s? - ???e?t???p???s? µ???d??
am3.publicKey
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
Im Alice
R
?RA(R)
Send me KUA
Alice
Bob
Alice
Bob
?UA
Im Alice R KRE(R) Send public key KUE
Enemy
Enemy

?pa?t?s? ??a ???s? ??µ?s??? ??e?d??? ?a? Nonce R
?UA ?RA d?µ?s?? ?d??t??? ??e?d? ??t?t?ta? ?
?d??aµ?e? ? Forgery
? Enemy µp??e? ???s?µ?p??e? ta d??? t?? ??e?d??
O Bob e?te?e? ?U?(?RE(R)), a?a?t? R ?a? µpe?de?e?
t?? Alice µe t?? Enemy

40
(2) ?at?????? ??µ?s?a ??a??s?µ??
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?

?ata???e? ta ??e?d?? se ??a d?µ?s?a d?a??s?µ?
?at?????
URL
??s? p??ί??µat?? ???µ???s??
? ?at?????? p??pe? ?a e??a? ?µp?st?? (d?at??e?ta?
ap? ???)
? ??? ?a desµe?eta? ?t? de? t??p?p??e? ta
pe??e??µe?a
????? µpa??e?, t? a????e? ?
e???s??d?t?s?/a??e?t???p???s? (p.?., µ?s?
s?µµet????? ??e?d??? KA,ETO )
?d??t?te? ?ata?????
pe????e? name, public-key entries
?? s?µµet????te? (names) µp????? ?p??ad?p?te
st??µ? ?a a??????? t? key
p??sί?s?µ?? ??e?t??????
?e?t?????a 24x7
??a??????e? ?a e??a? t??t?? se p?ast???af?a

41
(3) Public-Key Authority
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?

?e?t???e? t?? asf??e?a µe ??e??? t?? d?a??µ??
(?p???af? ?at? t? d?a??µ?) t?? ??e?d??? t??
?at?????? ap? µ?a ???? ???
?pa?te? ap? t??? ???ste? ?a ????????? e?
p????µ??? t? d?µ?s?? ??e?d? t?? ???
???? ? ??? d?a??te? t? ?d??t??? t?? ??e?d?
?? ???ste? a????ep?d???? µe t?? ??? ??a ?a
a?a?t?s??? µe asf??e?a t? d?µ?s?? ??e?d? t??
??t?t?ta? µe t?? ?p??a ep???µ??? ?a
ep????????s???
?pa?t?se??
?t? ?a? ? ??µ?s??? ?at??????, ?a?
real-time access st? d?µ?s?? ??e?d? t?? ??? ?ta?
??e?????ta? ta ??e?d??

42
(3) Public-Key Authority
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
?at??????
Public Key Authority
(4) Request Time2
(1) Request Time1
(2) EKRauthKUB Request Time1
(5) EKRauth KUA Request Time2
(3) EKUB IDA N1
Initiator A
Responder B
(6) EKUA N1 N2
KUI Public Key Entity I KRI Private Key
Entity I Ni Nonce i IDI Identity of Entity
I EKRauth Private Key PKA
(7) EKUB N2
43
(3) Public-Key Authority
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
A?Auth St???e? time-stamped µ???µa µe µ?a a?t?s?
(s?? Request ID) ??a t? KU t?? B Auth?A ?pa?t? µe
encrypted µ???µa (µe ???s? t?? KR t?? Auth).
?e????e? t? KU t?? ?, t? a????? Request ID
(e????ta? s?s??t?s? µe t?? a????? a?t?s?), ?a? t?
timestamp (e????ta? ?t? de? ??e? p?a?µat?p????e?
e?a??a??) ? ? decrypts t? µ???µa µe t? KU t??
Auth, (e?asfa??se? ?t? p?????e ap? a?t??) ?a?
ap????e?e? t? KU t?? B A?? St???e? encypted
µ???µa (µe ???s? t?? KU t?? B) p?? pe????e? t? ID
t?? ? ?a? ?a? ??a t??a?a ep??e??µe?? a???µ? N1
p?? ta?t?p??e? µ??ad??? a?t?? t? s??a??a?? ? ?
decrypts t? µ???µa µe t? KRB p?? µ??? a?t??
d?a??te?, ?a? ί??pe? a?t?s? ap? ?. B?Auth?B O B
µe t? se??? t?? ?aµί??e? ap? t?? Auth t? KU t?? ?
(?p?? ί?µata 1 ?a? 2) ?a p?st?p???µ??a
ap? t?? Auth d?µ?s?a ??e?d?? t?? A ?a? B e??a?
e?at????e? ???st? ??? St???e? encypted µ???µa (µe
???s? t?? KU t?? ?) p?? pe????e? t?? p??sd????st?
N1 ?a? ??a t??a?a ep??e??µe?? a???µ? N2 p??
ta?t?p??e? µ??ad??? t? ??a s??a??a?? ? ?
?aµί??e? t? µ???µa, decrypts µe t? KR? p?? µ???
a?t?? d?a??te?. ??t??aµί??eta? pa???s?a t??
p??sd????st? N1, ?a? s?µpe?a??e? ?t? t? µ???µa
???e ap? ?. ??? St???e? encypted µ???µa (µe
???s? t?? KU t?? B) p?? pe????e? t?? p??sd????st?
N2 ? ? ?aµί??e? t? µ???µa, decrypts µe t? KR?
p?? µ??? a?t?? d?a??te?. ??t??aµί??eta? pa???s?a
t?? p??sd????st? N2, ?a? s?µpe?a??e? ?t? t?
µ???µa ???e ap? ?.
(1)
(2)
(3)
(4-5)
(6)
(7)
44
(3) Public-key Authority
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?

S??????? apa?t???ta? 7 µ???µata
Ost?s? 4 ap? a?t? (A?Auth?A ?a? B?Auth?B)
a?ta???ss??ta? sp???a (?? A ?a? B cash ta KUs)
?pa?te?ta? s??e??? ?a? real-time p??sίas? ?
?e?????t?µa
? ???? µp??e? ?a e?e????e? se bottleneck t??
a???te?t??????
DoS attacks
?µ?? a??e?t???p??e? p???µat? ta s??a??ass?µe?a
µ???
??? e????f??ta? ta name, Public Keys?

45
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
(4) Public-Key Certificates

???t????e ap? Kohnfelder (1978)
?a p?st?p???t??? ep?t??p??? a?ta??a?? ??e?d???
µe a??e?t???p???s? ????? ?a apa?t??? real-time
p??sίas? se ?at?????
?a p?st?p???t??? pa?????ta? ap? ?µp?st? ??? ?
Certificate Authority (CA)
??a p?st?p???t??? s?s?et??e? t?? ta?t?t?ta e???
???st? (identity) µe public key
S???? pe???aµί??e? p??s?ete? p????f???e?, ?p??
?????? e?????t?ta?, d??a??µata ???s?? ???
?a pe??e??µe?a t?? p?st?p???t???? ?p????f??ta?
(signed) ap? t?? ?µp?st? ??? (CA)

46
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
(4) Public-Key Certificates

?? p?st?p???t??? d?µ?s??? ??e?d??? µp??e? ?a
epa???e?te? ap? ?p????d?p?te ??????e? t?
public-key t?? CA
?? pa?ad?deta? st? ???st? ?a? s?et??eta? µe t?
a?t?st???? ?d??t??? t?? ??e?d? (t? ?p??? pa???e?
? ?d??? ? ???st??)
??a? ???st?? µetaί?ί??e? t? d?µ?s?? ??e?d? t?? se
??a ???? ???st? µe t? ?a t?? µetad?se? t?
p?st?p???t??? t??
?a?a?t???st???
???? ? CA µp??e? ?a d?µ?????e? ?a? ?a a?a?e??e?
certficate
???e ???st?? µp??e? ?a ??ίe? ??a certficate, ?a
t? d?aί?se? ?a? ?a p??sd????se? t?? ta?t?t?ta ?a?
t? d?µ?s?? ??e?d? t?? ?at???? t??
???e ???st?? µp??e? ?a p?st?p???se? ?t? t?
certficate d?µ?????????e ap? t?? CA ?a? de? e??a?
p?ast?
???e ???st?? µp??e? ?a epa???e?se? t?? ?s??
(p.?., ???????) t?? certficate

47
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
(4) Public-Key Certificates
KUI Public Key Entity I KRI Private Key
Entity I ?imei Expiration i
? ???st?? pa???e? ?e???? ?d??t???? (KR) ?a?
d?µ?s??? (KU) ??e?d??? ? ???st?? ape????eta?
st?? CA ?a? ?p?ί??e? t? d?µ?s?? ??e?d? t??
a?t??µe??? ??a certficate - ?? a?t? ???eta?
phase-to-phase ? µ?s? ??e?t??????? a?t?s?? µe
authentication t?te µ??? authentication
48
???pt???af?a ??µ?s??? ??e?d??? ?a? ??a??µ?
??a??µ? ??µ?s??? ??e?d??? ?a? ???e?t???p???s?
(4) Public-Key Certificates

G?a t?? ???st? ? ? CA pa???e? ??a certficate t??
µ??f??
CA EKRauthKUA , IDA, T1
? ???st?? ? µp??e? ?a µetaί?ί?se? t? CA se
?p????d?p?te ???? ???st?, p.?., ?
? pa?a??pt?? ? ?aµί??e? t? CA ?a? epa???e?e? t??
ta?t?t?ta ?a? t? d?µ?s?? ??e?d? t?? ? ?? e???
DKUauthCA DKUauthEKRauthKUA , IDA, T1
(KUA , IDA, T1)
?f?s?? t? certficate e??a? a?a???s?µ? µ??? µe
???s? t?? ?d??t???? ??e?d??? t?? CA, epa???e?eta?
?t? t? certficate ??e? d?µ???????e? ap? t?? CA
?a st???e?a KUA ?a? IDA pa?????? st?? pa?a??pt?
t?? ta?t?t?ta ?a? t? d?µ?s?? ??e?d? t?? ?at????
t?? p?st?p???t????
?? timestamp T1 ep??????e? t?? ?s?? t??
certficate, e?e????ta? ?? ?µe??µ???a ?????.
???µ??a certficate p??pe? ?a ??????ta? a?asfa??