CSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerCSE 543 - Computer SecurityLecture 4 - CryptographySeptember 14, 2006URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/1CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerReview: secret vs. public key crypto.•Secret key cryptography–Symmetric keys, where A single key (k) is used is used for E and D–D( E( p, k ), k ) = p•All (intended) receivers have access to key•Note: Management of keys determines who has access to encrypted data–E.g., password encrypted email•Also known as symmetric key cryptography• Public key cryptography– Each key pair consists of a public and private component: k+ (public key), k- (private key)D( E(p, k+), k- ) = pD( E(p, k-), k+ ) = p• Public keys are distributed (typically) through public key certificates– Anyone can communicate secretly with you if they have your certificate– E.g., SSL-base web commerce2CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerThe symmetric/asymmetric key tradeoff•Symmetric (shared) key systems–Efficient (Many MB/sec throughput)–Difficult key management•Kerberos•Key agreement protocols•Asymmetric (public) key systems–Slow algorithms (so far …)–Easy (easier) key management•PKI - public key infrastructures•Webs of trust (PGP)3CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerHash Algorithms•Hash algorithm–Compression of data into a hash value–E.g., h(d) = parity(d)–Such algorithms are generally useful in programs•… as used in cryptosystems–One-way - (computationally) hard to invert h() , i.e., compute h-1(y), where y=h(d)–Collision resistant hard to find two data x1 and x2 such that h(x1) == h(x2)•Q: What can you do with these constructs?4CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger•HMAC–Authenticates integrity for data d–Uses some key k and hash algorithm h–To simplify,! !! ! hmac(k,d) = h( k+d )•Why does this provide authenticity?–Cannot produce hmac(k,d) unless you know k, d–If you could, then can break h–Exercise for class: prove the previous statement•Used in protocols to authenticate contentHashed Message Authentication Code5CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerBirthday Attack•Q: Why is resilience to birthday attacks important?• A birthday attack is a name used to refer to a class of brute-force attacks. – birthday paradox : the probability that two or more people in a group of 23 share the same birthday is >than 50%• General formulation– function f() whose output is uniformly distributed – On repeated random inputs n = { n1, n2, , .., nk }• Pr(ni = nj) = 1.2k1/2, for some 1 <= i,j <= k, 1 <= j < k, i != j• E.g., 1.2(3651/2) ~= 236CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerDigital Signatures•Models physical signatures in digital world–Association between private key and document–… and indirectly identity and document.–Asserts that document is authentic and non-reputable•To sign a document–Given document d, private key k-–Signature S(d) = E( k-, h(d) )•Validation–Given document d, signature S(d), public key k+–Validate D(k+, S(d)) = H(d)7CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerBasic truths of cryptography …•Cryptography is not frequently the source of security problems–Algorithms are well known and widely studied•Use of crypto commonly is … (e.g., WEP)–Vetted through crypto community–Avoid any “proprietary” encryption–Claims of “new technology” or “perfect security” are almost assuredly snake oil8CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerImportant principles•Don’t design your own crypto algorithm–Use standards whenever possible•Make sure you understand parameter choices•Make sure you understand algorithm interactions–E.g. the order of encryption and authentication•Turns out that authenticate then encrypt is risky•Be open with your design–Solicit feedback–Use open algorithms and protocols–Open code? (jury is still out)9CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerBuilding systems with cryptography•Use quality libraries–SSLeay, lim (from Lenstra), Victor Shoup’s library, RSAREF, cryptolib–Find out what cryptographers think of a package before using it•Code review like crazy•Educate yourself on how to use library–Caveats by original designer and programmer 10CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerCommon issues that lead to pitfalls•Generating randomness•Storage of secret keys•Virtual memory (pages secrets onto disk)•Protocol interactions•Poor user interface•Poor choice of key length, prime length, using parameters from one algorithm in another11CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor JaegerA really good book on the topic•The Code Book, Simon Singh, Anchor Books,
View Full Document
Unlocking...