CSE597B: Special Topics in Network and Systems Security

1
CSE597B Special Topics in Network and Systems
Security

• The Miscellaneous
• Instructor Sencun Zhu

2
Appetizer

• Ten scientists are working on a secret project.
  They wish to lock up the documents in a cabinet
  so that the cabinet can be opened if and only if
  five or more of the scientists are present.
• What is the smallest number of locks needed?
• What is the smallest number of keys to the locks
  each scientist must carry?

3
Outline

• A little maths
• Group, ring, (finite) field
• Increasing importance in cryptography
• AES, Elliptic Curve, Threshold Cryptography
• Secret sharing and threshold cryptography
• Based on slides by Prof. Helger Lipmaa, Helsinki
  University of Technology
• Design rules

4
Group

• G, a set of elements or numbers
• Obeys
• Closure if a and b belong to G, a . B is also in
  G
• associative law (a.b).c a.(b.c)
• has identity e e.a a.e a
• has inverses a-1 a.a-1 e
• if commutative a.b b.a
• then forms an abelian group

5
Cyclic Group

• Define exponentiation as repeated application of
  operator
• example a3 a.a.a
• Let identity e be ea0
• A group is cyclic if every element is a power of
  some fixed element
• i.e. b ak for some a and every b in group
• a is said to be a generator of the group

6
Ring

• R, a set of numbers with two operations,
  addition and multiplication
• an abelian group with addition operation
• closure under multiplication
• associative under multiplication
• distributive law a(bc) ab ac
• if multiplication operation is commutative, it
  forms a commutative ring
• if multiplication operation has inverses and no
  zero divisors, it forms an integral domain

7
Field

• F, a set of numbers with two operations
• F is an integral domain
• Multiplicative inverse
• For each a in F, except 0, there is an element
  a-1 in F such that a a-1 a-1 a 1
• In essence, a field is a set in which we can do
  addition, subtraction, multiplication, and
  division without leaving the set
• Division a/b a b-1

8
Galois Fields

• Finite fields (known as Galois fields) play a key
  role in cryptography
• Theorem the number of elements in a finite field
  must be a power of a prime pn, denoted as GF(pn)
• In particular often use the fields
• GF(p)
• GF(2n)

9
Galois Fields GF(p)

• GF(p) is the set of integers 0,1, , p-1 with
  arithmetic operations modulo prime p
• these form a finite field
• since have multiplicative inverses
• hence arithmetic is well-behaved and can do
  addition, subtraction, multiplication, and
  division without leaving the field GF(p)

10
Keep Secrets on a Computer

• Very difficult
• Wiping state
• Easier in C/C, difficult in Java
• Swap file
• Virtual memory
• Caches
• Keep copies of data
• Data retention by memory
• SRAM/DRAM could learn and remember data
• Access by others
• Data integrity

11
Key Storage

• Reliability and confidentiality of important
  data
• Information can be secured by encryption
• After that, many copies of the ciphertext can be
  made
• How to secure the secret key?
• Encrypting of key vicious cycle
• Replicating key insecure
• Idea distribute the key to a group, s.t. nobody
  by itself knows it

12
Secret SharingMore Motivations

• USSR At least two of the three nuclear buttons
  must have been pressed simultaneously
• Any other process where you might not trust a
  single authority
• Threshold cryptography
• Computation can be performed in a distributed way
  by trusted subsets of parties
• Verifiable SS One can verify that inputs were
  shared correctly

13
Secret Sharing Schemes Definition

• A dealer shares a secret key among n parties
• Each party i in 1, n receives a share
• Predefined groups of participants can cooperate
  to reconstruct the shares
• Smaller subgroups cannot get any information
  about the secret

14
(k, n)-threshold schemes

• A dealer shares a secret key between n parties
• Each party i in 1, n receives a share
• A group of any k participants can cooperate to
  reconstruct the shares
• No group of k-1 participants can get any
  information about the secret

15
A Bad Example

• Let K be a 100-bit block cipher key.
• Share it between two parties
• Giving to both parties 50 bits of the key
• Why is this bad?
• The requirement Smaller subgroups cannot get any
  information about the secret is violated
• Ciphertext-only attack
• Both participants can recover the plaintext by
  themselves, by doing a (250)-time exhaustive
  search

16
(2, 2)-threshold scheme

• Let s G be a secret from group (G, ). Dealer
  chooses a uniformly random s1 G and lets s2 s
  s1
• The two shares are s1 and s2
• Given s1 and s2 , one can successfully recover s
  s1 s2
• Given only s1, s2 is random, vice versa
• Prs k s2 Prs1 k - s2 s2 2G
  for any k

17
(n, n)-threshold scheme
18
Shamirs (k,n) Threshold Scheme

• Mathematical basis

19
Shamirs (k,n) Threshold Scheme

• Dealing phase

20
Shamirs (k,n) Threshold Scheme
21
Shamirs (k,n) Threshold Scheme
22
Illustration
23
Shamirs Scheme Efficiency
24
Shamirs Scheme Flexibility
25
Remarks
26
Design Rules

• Design rules
• Complexity is the worst energy of security
• There are no secure complex systems
• Correctness must be a local property
• every part of the system should behave correctly
  regardless of how the rest of the system works
• For a security level of n bits, every
  cryptographic value should be at least 2n bits
  long
• Due to collision attacks
• Reliability
• Do not assume message reliability
• TCP cannot prevent active attacks

27
Presentation

• Two presentations each class
• Let us first see how it will be going
• Time
• 3035 minutes/person, including random
  interruption
• Do not exceed
• How to give a good talk
• http//www.info.ucl.ac.be/people/PVR/giving_talk.p
  s
• How to give a bad talk
• http//www.eecs.berkeley.edu/messer/Bad_talk.html