Class home page


Exchange the key in person



Yüklə 501 b.
səhifə7/12
tarix03.08.2018
ölçüsü501 b.
#66903
1   2   3   4   5   6   7   8   9   ...   12

Exchange the key in person

  • Exchange the key in person

    • Can exchange key before it is needed.
    • Could be a password.
  • Hide the key in something else

    • Steganography, fairly weak
  • Armored courier

    • If all else fails
  • Send key over the net encrypted

    • But, using what key (bootstrap)


Choose large prime n, and generator g

  • Choose large prime n, and generator g

    • For any b in (1, n-1), there exists an a such that ga = b. This means that every number mod p can be written as a power of g (mod p).
      • To find such a g, pick the p such that p = 2q + 1 where q is also prime.
      • For such choices of p, half the numbers will be generators, and you can test if a candidate g is a generator by testing whether g^q (mod n) is equal to n-1.


Alice, Bob select secret values x, y

  • Alice, Bob select secret values x, y

  • Alice sends X = gx mod n

  • Bob sends Y = gy mod n

  • Both compute gxy mod n, a shared secret

    • Can be used as keying material


DH provides key exchange, but not authentication

  • DH provides key exchange, but not authentication

  • Man in the middle

    • You exchange a key with eavesdropper, who exchanges key with the person you think you are talking to.
    • Eavesdropper relays all messages, but observes or changes them in transit.
  • Solutions:

    • Published public values
    • Authenticated DH (Sign or encrypt DH value)
    • Encrypt the DH exchange
    • Subsequently send hash of DH value, with secret


Can exchange a key with anyone, but you don’t know who you are talking with.

  • Can exchange a key with anyone, but you don’t know who you are talking with.

  • Can exchange keys with known parties in advance, but are limited to communication with just those parties.



Technically easy

  • Technically easy

    • Distribute keys in person
  • But it doesn’t scale

    • Hundreds of servers…
    • Times thousands of users…
    • Yields ~ million keys


Build toward Needham-Schroeder and Kerberos mechanisms

  • Build toward Needham-Schroeder and Kerberos mechanisms

  • Key-distribution tied to authentication.



Proving knowledge of encryption key

  • Proving knowledge of encryption key

    • Nonce = Non repeating value


As used in both Needham Schroeder and Kerberos we will use Kerberos terminology

  • As used in both Needham Schroeder and Kerberos we will use Kerberos terminology

  • User sends request to KDC: {s}

  • KDC generates a random key: Kc,s

    • Encrypted twice: {Kc,s}Kc, {Kc,s}Ks
    • {Kc,s}Ks called ticket
    • Ticket plus Kc,s called credentials
    • Ticket is opaque and forwarded with application request
  • No keys ever traverse net in the clear



Third-party authentication service

  • Third-party authentication service

    • Distributes session keys for authentication, confidentiality, and integrity


User now trusts credentials

  • User now trusts credentials

  • But can server trust user?

  • How can server tell this isn’t a replay?

  • Legitimate user makes electronic payment to attacker; e.g. attacker replays message to get paid multiple times

    • Requires no knowledge of session key


Add challenge-response

  • Add challenge-response

  • Effective, but adds second round of messages

    • Can use timestamps as nonces
      • But must remember what seen


What happens if attacker does get session key?

  • What happens if attacker does get session key?




Yüklə 501 b.

Dostları ilə paylaş:
1   2   3   4   5   6   7   8   9   ...   12




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin