Cryptography And Network Security

Front 1

Key distribution

Back 1

How to have secure communications in general without having to
trust a KDC (Key Distribution Centre) with your key

Front 2

digital signatures

Back 2

– how to verify a message
comes intact from the claimed sender

Front 3

3 categories of Public Key Applications

Back 3

– encryption/decryption (provide secrecy)
– digital signatures (provide authentication)
– key exchange (of session keys)

Front 4

Study RNA Encryption/Decryption be able to do an example

Back 4

Do it, right now.

Front 5

4 options for symmetric key distribution

Back 5

1. A can select key and physically deliver to B
2. third party can select & physically deliver
key to A & B
3. if A & B have communicated previously can
use previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B

Front 6

Session key

Back 6

temporary key
used for encryption of data between users
for one logical session then discarded

Front 7

Master key

Back 7

used to encrypt session keys
shared by user & key distribution center

Front 8

What are the possible approaches to attacking RSA?

Back 8

brute force key search (infeasible given size
of numbers)
– mathematical attacks (based on difficulty of
computing ø(n), by factoring modulus n)
– timing attacks (on running of decryption)
– chosen ciphertext attacks (given properties of
RSA)

Front 9

Hybrid Key Distribution

Back 9

retain use of private-key KDC
shares secret master key with each user
distributes session key using master key
public-key used to distribute master keys

Front 10

Public Key Annoucement

Back 10

users distribute public keys to recipients or
broadcast to community at large
– eg. append PGP keys to email messages or
post to news groups or email list
• major weakness is forgery
– anyone can create a key claiming to be
someone else and broadcast it
– until forgery is discovered can masquerade as claimed user

Front 11

Publicly Available Directory

Back 11

can obtain greater security by registering
keys with a public directory
• directory must be trusted with properties:
– contains {name,public-key} entries
– participants register securely with directory
– participants can replace key at any time
– directory is periodically published
– directory can be accessed electronically
• still vulnerable to tampering or forgery

Front 12

Public-Key Authority

Back 12

improve security by tightening control over
distribution of keys from directory
• has properties of directory
• and requires users to know public key for
the directory
• then users interact with directory to obtain
any desired public key securely
– does require real-time access to directory
when keys are needed
– may be vulnerable to tampering

Front 13

Public key certificates

Back 13

certificates allow key exchange without
real-time access to public-key authority
a certificate binds identity to public key
usually with other info such as period of
validity, rights of use etc
with all contents signed by a trusted
Public-Key or Certificate Authority (CA)
can be verified by anyone who knows the
public-key authorities public-key

Front 14

X.509 Authentication Services

Back 14

• defines framework for authentication services
– directory may store public-key certificates
– with public key of user signed by certification authority
• also defines authentication protocols
• uses public-key crypto & digital signatures
– algorithms not standardised, but RSA recommended

Front 15

CA Heirarchy

Back 15

if both users share a common CA then they are
assumed to know its public key
 otherwise CA's must form a hierarchy
 use certificates linking members of hierarchy to
validate other CA's
 each CA has certificates for clients (forward) and
parent (backward)
 each client trusts parents certificates
 enable verification of any certificate from one CA
by users of all other CAs in hierarchy

Front 16

Message Authentication

Back 16

- protecting the integrity of a message
– validating identity of originator
– non-repudiation of origin (dispute resolution). Can use: message encryption, message authentication codes, hash functions

Front 17

Security Requirements for Message Authentication

Back 17

• disclosure
• traffic analysis
• masquerade
• content modification
• sequence modification
• timing modification
• source repudiation
• destination repudiation

Front 18

Message Encryption for Authentication

Back 18

• message encryption by itself also provides
a measure of authentication
• if symmetric encryption is used then:
– receiver know sender must have created it
– since only sender and receiver know key used
– know content cannot of been altered
– if message has suitable structure, redundancy
or a checksum to detect any changes

Front 19

MAC

Back 19

generated by an algorithm that creates a
small fixed-sized block
– depending on both message and some key
– like encryption though need not be reversible
• appended to message as a signature
• receiver performs same computation on
message and checks it matches the MAC
• provides assurance that message is
unaltered and comes from sender

Front 20

What is a MAC?

Back 20

An MAC is not a digital signature, it is a cryptographic checksum that

-- condenses a variable-length message M
– using a secret key K
– to a fixed-sized authenticator
• is a many-to-one function
– potentially many messages have same MAC
– but finding these needs to be very difficult

Front 21

Requirements for MAC

Back 21

need the MAC to satisfy the following:
1. knowing a message and MAC, is infeasible
to find another message with same MAC
2. MACs should be uniformly distributed
3. MAC should depend equally on all or
majority bits of the message

Front 22

Hash Fucntion

Back 22

condenses an arbitrary message to a fixed size.

usually assume that the hash function is
public and not keyed
– cf. MAC which is keyed
• hash used to detect changes to message
• can use in various ways with message
• most often to create a digital signature

Front 23

Requirements for Hash Functions

Back 23

1. can be applied to any sized message M
2. produces fixed-length output h
3. is easy to compute h=H(M) for any message M
4. one-way property
5. weak collision resistance
6. strong collision resistance

Front 24

One-way property

Back 24

given h is infeasible to find x s.t. H(x)=h

Front 25

Weak collision resistance

Back 25

given x is infeasible to find y s.t. H(y)=H(x)

Front 26

Strong collision resistance

Back 26

is infeasible to find any x,y s.t. H(y)=H(x)

Front 27

Keyed Hash functions as MAC

Back 27

want a MAC based on a hash function
– because hash functions are generally faster
– code for crypto hash functions widely
available
• hash includes a key along with message
• original proposal:
KeyedHash = Hash(Key|Message)

Front 28

HMAC

Back 28

uses hash function on the message:
HMACK = Hash[(K+ XOR opad) ||
Hash[(K+ XOR ipad)||M)]]
• where K+
is the key padded out to size
• and opad, ipad are specified padding constants

Front 29

CMAC

Back 29

Cipher-based Message Authentication Code

Front 30

Digital Signatures

Back 30

have looked at message authentication
– but does not address issues of lack of trust
• digital signatures provide the ability to:
– verify author, date & time of signature
– authenticate message contents
– be verified by third parties to resolve disputes
• hence include authentication function with
additional capabilities

Front 31

Digital Signature Attacks and Forgeries

Back 31

• attacks
– key-only attack
– known message attack
– generic chosen message attack
– directed chosen message attack
– adaptive chosen message attack
• break success levels
– total break
– selective forgery
– existential forgery

Front 32

Digital Signature Requirements

Back 32

• must depend on the message signed
• must use information unique to sender
– to prevent both forgery and denial
• must be relatively easy to produce
• must be relatively easy to recognize & verify
• be computationally infeasible to forge
– with new message for existing digital signature
– with fraudulent digital signature for given message
• be practical save digital signature in storage

Front 33

Direct Digital Signatures

Back 33

involve only sender & receiver
• assumed receiver has sender’s public-key
• digital signature made by sender signing
entire message or hash with private-key
• can encrypt using receivers public-key
• important that sign first then encrypt
message & signature

Front 34

What are the 5 principle services provided by PGP?

Back 34

Authentication, Confidentiality, Compression, E-mail compatibility, and Segmentation