Security Basics

Digital signatures
Cryptographic technique analogous to handwritten signatures.

sender (Bob) digitally signs document,
establishing he is document owner/creator.

verifiable, nonforgeable: recipient (Alice) can
prove to someone that Bob, and no one else
(including Alice), must have signed document
Message digests
Computationally
expensive to publickey-encrypt long
messages
Goal: fixed-length, easyto-compute digital
fingerprint
apply hash function H
to m, get fixed size
message digest, H(m).
large
message
m
H: Hash
Function
H(m)
Hash function properties:

many-to-1
produces fixed-size msg
digest (fingerprint)
given message digest x,
computationally
infeasible to find m such
that x = H(m)
2
Digital Signature = Signed Message

Digest
Alice verifies signature and
integrity of digitally signed
message:
Bob sends digitally signed

message:
large
message
m
H: Hash
function
Bobs
private
key
KB
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
m
H: Hash
function
KB(H(m))
Bobs
public
key
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
Authentication: A Nave Approach

Protocol: Alice says I am Alice and sends her
secret password to prove it.
Alices
Alices
Im Alice
IP addr password
Alices
IP addr
OK
playback attack: Trudy

records Alices packet
and later
plays it back to Bob
Alices
Alices
Im Alice
IP addr password
Authentication: Symmetric Key

Goal: avoid playback attack
Nonce: number (R) used only once in-a-lifetime

Protocol: to prove Alice live, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
I am Alice
R
KA-B (R)
Failures, drawbacks?
Alice is live, and

only Alice knows
key to encrypt
nonce, so it must
be Alice!
5
Authentication: Public/Private Key
I am Alice
R
Bob computes
+ -
K A (R)
send me your public key
KA
KA (KA (R)) = R
and knows only Alice

could have the private
key, that encrypted R
such that
+ K (K (R)) = R
A A
Failures, drawbacks?
6
Man (Woman) In The

Middle
I am Alice
I am Alice
R
K (R)
T
Send me your public key
K (R)
A
Send me your public+key
- +
m = K (K (m))
A A
+
K (m)
A
A
Trudy gets
- +
m = K (K (m))
T
sends m toT Alice
+
K (m)
T
encrypted with
Alices public key
7
Man (Woman) In The

Middle
Difficult to detect:
Bob receives everything that Alice sends, and vice
versa. (e.g., so Bob, Alice can meet one week later and
recall conversation)
problem is that Trudy receives all messages as well!
Key Establishment
Symmetric key problem:
Public key problem:
How do two entities
When Bob obtains Alices
establish shared secret key

in the first place?
Solutions:
Deffie-Hellman
trusted key distribution
center (KDC) acting as

intermediary between
entities
public key (from web site,

e-mail, diskette), how does
he know it is Alices public
key, not Trudys?
Solution:
trusted certification
authority (CA)
Deffie-Hellman Key Exchange

secret integer
prime number p, base g

ga
mod p
secret integer
gb mod p
(gb
mod
p)a
mod p
(ga mod p)b mod p
Key: (gb mod p)a mod p= (ga mod p)b mod p

10
Deffie-Hellman Key Exchange:

Example
Prime number p=23, base g=5.
Alice: a=6
Send Bob: g^a mod 23 = 8.
Bob: b=15
Send
Alice: g^b mod 23 = 19.
Alice compute: 19^6 mod 23 = 2

Bob computer: 8^15 mod 23 = 2
11
Key Distribution Center (KDC)

KDC: server shares different secret key with
registered user (many users)

Alice shares a key with KDC: KA-KDC
Bob shares a key with KDC: KB-KDC
each
KDC
KA-KDC KP-KDC
KP-KDC
KB-KDC
KA-KDC
KX-KDC
KY-KDC
KB-KDC
KZ-KDC
12
Key Distribution Center (KDC)

Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
KDC
generates
R1
KA-KDC(A,B)
Alice
knows
R1
KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)
Bob knows to
use R1 to
communicate
with Alice
Alice and Bob communicate: using R1 as

session key for shared symmetric encryption
13
Deffie-Hellman v.s. KDC

Deffie-Hellman
+:
no infrastructure support
-: computation load on users
KDC
-:
need infrastructure support

-: single bottleneck, single point of failure
+: computation load centered at KDC
Q: are these two approaches suitable for
sensor networks?
14
Certification authorities
Certification authority (CA): binds public key to particular
entity, E.
E registers its public key with CA.
E provides proof of identity to CA.

CA creates certificate binding E to its public key.
certificate containing Es public key digitally signed by CA CA
says this is Es public key
Bobs
public
key
Bobs
identifying
information
KB
digital
signature
(encrypt)
CA K -
private
key
CA
KB
certificate for
Bobs public key,
signed by CA
15

Security Basics

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Security Basics

Transféré par

Droits d'auteur :

Formats disponibles

Digital signatures

Cryptographic technique analogous to handwritten signatures.

establishing he is document owner/creator.

Hash function properties:

Digital Signature = Signed Message

Bob sends digitally signed

Authentication: A Nave Approach

playback attack: Trudy

Authentication: Symmetric Key

Nonce: number (R) used only once in-a-lifetime

Alice is live, and

Authentication: Public/Private Key

send me your public key

and knows only Alice

Man (Woman) In The

Send me your public key

Send me your public+key

Man (Woman) In The

Public key problem:

How do two entities

When Bob obtains Alices

establish shared secret key

center (KDC) acting as

public key (from web site,

Deffie-Hellman Key Exchange

prime number p, base g

(ga mod p)b mod p

Key: (gb mod p)a mod p= (ga mod p)b mod p

Deffie-Hellman Key Exchange:

Alice: g^b mod 23 = 19.

Alice compute: 19^6 mod 23 = 2

Key Distribution Center (KDC)

registered user (many users)

Key Distribution Center (KDC)

Alice and Bob communicate: using R1 as

Deffie-Hellman v.s. KDC

need infrastructure support

E provides proof of identity to CA.

Vous aimerez peut-être aussi