ITEC5611 Electronic Commerce System Implementation Supakorn Kungpisdan [email protected].
Cryptographic Protocols Asst.Prof.Supakorn Kungpisdan, Ph.D. [email protected] NETE4630 1.
-
Upload
willis-austin -
Category
Documents
-
view
220 -
download
1
Transcript of Cryptographic Protocols Asst.Prof.Supakorn Kungpisdan, Ph.D. [email protected] NETE4630 1.
Outlines
Authentication
Key Exchange
Secret Splitting
Key Escrow
NETE4630
2
SKEY
SKEY relies on one-way function
1. Alice enters a random number R to the computer
2. Computer computes f(R), f(f(R)), f(f(f(R))), and so on, about 100 times Called X1, X2, …, X100
The computer prints out the list of X1 to X100 to Alice. It also computes X101 and store in DB associated with Alice’s name, and removes X1 to X100 from the system
NETE4630
3
SKEY (cont.)
4. Alice first enter her name and x100. The computer calculates f(x100) and compares with x101
5. Then the computer replaces x101 with x100. Alice also erases x100 from her list
NETE4630
4
SKID2
SKID2 and SKID3 are symmetric identification protocol that uses MAC to provide security
In SKID2, assume that Alice and Bob share a secret key K
Alice Bob: RA
Bob Alice: RB, HK(RA, RB, IDB)
RA and RB are random numbers generated by Alice and Bob, respectively
NETE4630
5
SKID3
Provide mutual authentication between Alice and Bob
Alice Bob: RA
Bob Alice: RB, HK(RA, RB, IDB)
Alice Bob: HK(RB, IDA)
NETE4630
6
Outlines
Authentication
Key Exchange
Secret Splitting
Key Escrow
NETE4630
7
Encrypted Key Exchange Protocol
Alice and Bob share a common password P. Using this protocol, they can authenticate to each other and generate a common session key K
A B: A, EP(K’)
B A: EP(EK’ (K))
A B: EK(RA)
B A: EK(RA, RB)
A B: EK(RB)
NETE4630
8
Problems of Online Key Generation
A shared key has been used for various purposes: As authentication token As a key for cryptographic operation e.g. symmetric
encryption or keyed-hash function.
However, a number of message passes must be performed in order to generate a new session key.
The more frequent the messages are passed, the higher chance it can be attacked
Offline key distribution is preferred.
NETE4630
9
Rubin’s Approach
1. A client shares K with a bank.
2. The client generates a token T, where
T = {fifty-dollars-book-Bob’s-store}K
3. The client sends T to the bank to authenticate herself to the bank.
4. The bank decrypts T to receive the information and verify the client.
The value of T changes in every transaction depending on purchase details. However, the collision might occur.
NETE4630
10
Li et al.’s Approach
1. A client and a bank share a long-term secret S and initial token Tinit.
2. The client generates a token Tnew and sends it to authenticate herself to the bank, where
Tnew = h(Tcur, S)
3. The bank verifies Tnew from {Tinit, S}.
1. Security of the system is based on the length of T and S and security of hash function.
NETE4630
11
Outlines
Authentication
Key Exchange
Secret Splitting
Key Escrow
NETE4630
12
Secret Splitting
Sometimes we need to keep our information secret
You could tell company’s secret to the most trusted employee, but what if he/she defects to the competition?
Secret Splitting: take a message and divide it up into pieces. Each piece by itself means nothing, but put them together and the message appears
NETE4630
13
Secret Splitting – 2 people
1. Trent generates a random-bit string R, the same length as the message M.
2. Trent XORs M with R to generate S.
M R = S
3. Trent gives R to Alice and S to Bob
4. To construct the message, Alice and Bob has to XOR their pieces together:
S R = M
NETE4630
14
Secret Splitting – 4 people
1. Trent generates 3 random strings, R, S, and T, the same length as the message M
2. Trent XORs M with the three strings to generate P
M R S T = U
3. Trent gives R to Alice, S to Bob, T to Carol, and U to Dave
4. Alice, Bob, Carol, and Dave get together and compute
R S T U = M
What happens if Carol is fired, and Trent is not around?
NETE4630
15
Secret Sharing
What happens if any of the people who holds secret is not around?
Threshold scheme: take any message and divide it into n pieces, called shadows or shares, such that any m of them can be used to reconstruct the message
This is called an (m, n)-threshold scheme
NETE4630
16
(m, n)-Threshold Scheme
Choose a prime p, which is larger then the number of possible shadows and larger than the largest possible secret.
To share a secret , generate an arbitrary polynomial of degree m-1.
If you want to create a (3, n)-threshold scheme, generate a quadratic polynomial:
(ax2 + bx + M) mod p
a and b are chosen randomly. They are kept secret and are discarded after the shadows are handed out. M is the message. p must be made public
NETE4630
17
(m, n)-Threshold Scheme (cont.)
The shadows are obtained by evaluating the polynomial at n different points:
ki = F(xi)
Any three shadows can be used to create three equations
NETE4630
18
(m, n)-Threshold Scheme (cont.)
For example, M = 11. We want to construct (3, 5)-threshold scheme
Generate a quadratic equation (a =7, b = 8, chosen randomly), p = 13
F(x) = (7x2 + 8x + 11) mod 13
The five shadows are: K1 = F(1) = 7 + 8 + 11 0 (mod 13) K2 = F(2) = 28 + 16 + 11 3 (mod 13) K3 = F(3) = 63 + 24 + 11 7 (mod 13) K4 = F(4) = 112 + 32 + 11 12 (mod 13) K5 = F(5) = 175 + 40 + 11 5 (mod 13)
NETE4630
19
(m, n)-Threshold Scheme (cont.)
To reconstruct M from 3 out of the shadows, k2, k3, and k5 solve the set of linear equations:
a * 22 + b * 2 + M 3 (mod 13)
a * 32 + b * 3 + M 7 (mod 13)
a * 52 + b * 5 + M 5 (mod 13)
The solution is a = 7, b = 8, and M = 11. So, M is recovered.
NETE4630
20
Outlines
Authentication
Key Exchange
Secret Splitting
Key Escrow
NETE4630
21
Key Escrow
1. Alice creates her private/public-key pair. She splits the private key into several public and private pieces
2. She sends a public piece and corresponding private piece to each trustee in an encrypted form. She also sends the public key to KDC
3. Each trustee performs calculation on the received information to confirm that it is correct. Each trustee stores the private piece somewhere secure and sends the public piece to KDC
4. KDC performs the calculation on the public pieces and the public key. If everything is correct, it signs the public key and returns the signed public key to Alice
NETE4630
22
Fair DH (5 trustees)
In basic DH, a group of users share a prime p, and a generator g. Alice’s private key is s, and her public key is t = gs mod p
1. Alice chooses five integers (private key pieces) s1, s2, s3, s4, and s5, each less than p-1.
Alice’s private key is
s = (s1 + s2 + s3 + s4 + s5) mod p-1
Alice’s public key is: t = gs mod p
Alice also computes public-key pieces:
ti = gsi mod p, for i = 1 to 5.
Alice’s public key shares are ti and private key shares are si
NETE4630
23
Fair DH(cont.)
2. Alice sends a private key piece and corresponding public key piece to each trustee.
Send s1 and t1 to trustee 1, and send t to KDC
3. Each trustee verifies that
ti = gsi mod p
If so, the trustee signs ti and sends it to KDC. The trustee stores si in a secure place.
After receiving all five public pieces, KDC verifies that
t = (t1 * t2 * t3 * t4 * t5) mod p
If so, KDC approves the public key.
NETE4630
24
Question?
NETE4630
25