CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page CSE 543 - Computer SecurityLecture 6 - Applied CryptographySeptember 13, 2007URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerProject Assignments•Pretty narrow selection–23 people picked IM security–Some projects untouched•7 project groups defined (26 students)•9 students not assigned–Pick again among (by 5pm tonite -- 9/13)–Secure Network Computing–Password Cracking/Keylogging–User-compatible Security•Students–Murthy, Bala, Borcic, Chen, Gopalrathnam, Srikar, Shawaran, Tannous, McLaughlin2CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerApplied Cryptography•How do we use these (and other) constructs to achieve security goals?–What are the goals?3CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerMeet Alice and Bob ….•Alice and Bob are the canonical players in the cryptographic world. –They represent the end points of some interaction–Used to illustrate/define a security protocol•Other players occasionally join …–Trent - trusted third party–Mallory - malicious entity–Eve - eavesdropper–Ivan - an issuer (of some object)4CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerSome notation …•You will generally see protocols defined in terms of exchanges containing some notation like–All players are identified by their first initial •E.g., Alice=A, Bob=B–d is some data –pwA is the password for A–kAB is a symmetric key known to A and B–KA+,KA- is a public/private key pair for entity A–E(k,d) is encryption of data d with key k–H(d) is the hash of data d–Sig(KA-,d) is the signature (using A’s private key) of data d–“+” is used to refer to concatenation5CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerSome interesting things you want to do …•… when communicating.–Ensure the authenticity of a user–Ensure the integrity of the data •Also called data authenticity–Keep data confidential–Guarantee non-repudation6CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerBasic (User) AuthenticationAliceBob•Bob wants to authenticate Alice’s identity–(is who she says she is)[pwA]1[Y/N]27CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerHash User AuthenticationAliceBob•Bob wants to authenticate Alice’s identity–(is who she says she is)[h(pwA)]1[Y/N]28CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerChallenge/Response User AuthenticationAliceBob•Bob wants to authenticate Alice’s identity–(is who she says she is)[h(c+pwA)]21[c][Y/N]39CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerUser Authentication vs. Data Integrity•User authentication proves a property about the communicating parties–E.g., I know a password•Data integrity ensures that the data transmitted...–Can be verified to be from an authenticated user–Can be verified to determine whether it has been modified•Now, lets talk about the latter, data integrity10CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerSimple Data Integrity?AliceBob•Alice wants to ensure any modification of the data in flight is detectable by Bob (integrity)[d,h(d)]111CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerHMAC IntegrityAliceBob•Alice wants to ensure any modification of the data in flight is detectable by Bob (integrity)[d,hmac(k,d)]112CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerSignature IntegrityAliceBob•Alice wants to ensure any modification of the data in flight is detectable by Bob (integrity)[d, Sig(KA-, d)]113CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerData Integrity vs. Non-repudiation•If the integrity of the data is preserved, is it provably from that source?–Hash integrity says what about non-repudiation?–Signature integrity says what about non-repudiation?14CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerConfidentialityAliceBob•" Alice wants to ensure that the data is not exposed to anyone except the intended recipient (confidentiality)[E(kAB,d), hmac(kAB, d)]115CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Question•If I already have an authenticated channel (e.g., the remote party’s public key), why don’t I simply make up a key and send it to them?CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger•" Alice wants to ensure that the data is not exposed to anyone except the intended recipient (confidentiality)•" But, Alice and Bob have never met!!!!•" Alice randomly selects key kx to encrypt withConfidentialityAliceBob[E(kx,d), hmac(kx, d),E(KB+,kx)]117CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerReal Systems Security•The reality of the security is that 90% of the frequently used protocols use some variant of these constructs.–So, get to know them … they are your friends–We will see them (and a few more) over the semester•They also apply to systems construction–Protocols need not necessarily be online–Think about how you would use these constructs to secure files on a disk drive (integrity, authenticity,
View Full Document