1Computer security: authentication of principalsand cryptographic protocols6.033 Spring 2007HKN Underground Guidehttps://sixweb.mit.edu/student/evaluate/6.033-s2007Link posted on 6.033 home pageDeadline: May 20key distribution• 3 is a certificate for Alice’s public key• Charles is called a certificate authority• The interaction is an example of a cryptographic protocolCharlesBobAlice2. Alice?1. M, Sign(M, KApriv)3. M = {“A’s Kapub=…”},sign(M, KCpriv)Shorter notation• Subscript for signing• Superscript for encryptingCharlesBobAlice2. Alice?1. {M}KBpubKApriv3. {“A’s Kapub=…”}KCprivDenning-SaccoBobCAAlice{A, B}{A, KApub, T}KCApriv{A, KBpub, T}KCApriv{A, KApub, T}KCApriv+{{KAB, T}KApriv}KBpub{data, T}KAB1. Authenticate Alice to Bob and Bob to Alice2. Set up a shared-secret keyImpersonation AttackAliceCharlesBob{A, KApub, T}KCApriv+{{KAB, T}KApriv}KBpub{A, KApub, T}KCApriv{{KAB, T}Kapriv}KCpubThinks Bob is Alice{A, KApub, T}KCApriv+{{KAB, T}KApriv}KBpub2Denning-Sacco (fixed)BobCAAlice{A, B}{A, KApub, T}KCApriv{A, KBpub, T}KCApriv{A, KApub, T}KCApriv{{A, B, KAB, T}KApriv}KBpub{A, B, data, T}KABBe explicit!Example: Web (SSL simplified)• U: https://www.amazon.com• B →W: {randomc, session-id, ciphersuites}• B ←W: {randoms, session-id, {amazon.com, Kpub-amazon}Kversign}• B: verify({amazon.com, Kpub-amazon}Kversign, Kpub-verisign)?• B →W: {pre-master-secret}Kpub-amazon•......X509 certificate• struct X509_certificate { unsigned version; unsigned serial;signature_cipher_identifier;issuer_signature; issuer_name;subject_name;subject_public_key_cipher_identifier;subject_public_key; validity_period;};QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this
View Full Document