CSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerCSE 543 - Computer SecurityLecture 3 - PrinciplesSeptember 4, 2007URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/1CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Data Encryption Standard (DES)•Introduced by the US NBS (now NIST) in 1972•Signaled the beginning of the modern area of cryptography•Block cipher–Fixed sized input•8-byte input and a 8-byte key (56-bits+8 parity bits)CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Cryptanalysis of DES•DES has an effective 56-bit key length–Wiener: $1,000,000 - 3.5 hours (never built)–July 17, 1998, the EFF DES Cracker, which was built for less than $250,000 < 3 days–January 19, 1999, Distributed.Net (w/EFF), 22 hours and 15 minutes (over many machines)–We all assume that NSA and agencies like it around the world can crack (recover key) DES in milliseconds•What now? Give up on DES?CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Variants of DES•DESX (XOR with separate keys ~= 60-bits)–Linear cryptanalysis•Triple DES (three keys ~= 112-bits)–keys k1, k2, k3 •c = E( D( E( p, k1), k2), k3)E EDk1k2k3p cCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Advanced Encryption Standard (AES)•Result of international NIST bakeoff between cryptographers–Intended as replacement for DES–Rijndael (pronounced “Rhine-dall”)–Currently implemented in many devices and software, but not yet fully embraced–Cryptography community is actively vetting the the theory and implementations (stay tuned)CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Public Key Cryptography•Public Key cryptography–Each key pair consists of a public and private component: k+ (public key), k- (private key)D( E(p, k+), k- ) = pD( E(p, k-), k+ ) = p•Public keys are distributed (typically) through public key certificates–Anyone can communicate secretly with you if they have your certificate–E.g., SSL-base web commerceCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page How do you use such cryptosystems?•Can’t use a secret by myselfCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Needham and Schroeder•This is where they come in–Symmetric and public key systems are being invented (DES, Diffie-Hellman, RSA)–Network computation is somewhat common–Want to setup a general approach to secure network communicationCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Authenticated Interactive Communication•Scenario–Two principals, A and B–Principal A wants to send a secure message to principal B–They have never met•What do we need to proceed?CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Trusted Third Party•Authentication Server•What is it entrusted to do?–Maintains a database of keys for each principal•KAS where A is the principal and S is the authentication server–Generate information necessary for principal A to initiate a communication with principal B•A --> AS: A, B, IA•AS --> A: {IA, B, KAB, {KAB, A}KBS}KAS•A --> B: {KAB, A}KBS•B --> A: {IB}KAB•A --> B: {IB - 1}KABCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page What Do The Messages Mean?•First and Second Messages–A --> AS: A, B, IA–AS --> A: {IA, B, KAB, {KAB, A}KBS}KAS–A --> B: {KAB, A}KBS–B --> A: {IB}KAB–A --> B: {IB - 1}KAB•A asks to communicate with B•AS provides A with the basis to set it up–Session key: KAB–Ticket: {KAB, A}KBS–Protected by the key that is shared between A and the server: KAS•Why is it OK for the first message to be ‘in the clear’?CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page What do the messages mean?•Third message–A --> AS: A, B, IA–AS --> A: {IA, B, KAB, {KAB, A}KBS}KAS–A --> B: {KAB, A}KBS–B --> A: {IB}KAB–A --> B: {IB - 1}KAB•What does this message contain?CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page What do the messages mean?•Fourth and Fifth Messages–A --> AS: A, B, IA–AS --> A: {IA, B, KAB, {KAB, A}KBS}KAS–A --> B: {KAB, A}KBS–B --> A: {IB}KAB–A --> B: {IB - 1}KAB•A and B now have the key: KAB•They need to prove that they can really use it–Why does A believe that B really has the key?–Why does B believe that A really has the key?CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Other Protocols•Public key: discuss next week•One-way communicationCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page One-way communication•Goal: Enable secrecy and integrity when the sender is no longer ‘online’•With symmetric key:–Encrypt email with session key (obtained from AS)–Put ticket in the email header–A --> B: {KAB, A}KBS•Why is this sufficient?•How do we ensure freshness?CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Trustworthiness•How do you ensure their trustworthiness?•Do you need to do anything on the clients to ensure the security of the protocol?CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Alternatives•Can you devise a shorter protocol?–with the same properties–or slightly weaker, but perhaps useful
View Full Document
Unlocking...