slides8 - CS 531 Fall 2007 CS531 Cryptography Concepts(Part...

Info icon This preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
T 1 CS 531, Fall 2007 Copyright © William C. Cheng CS531 Cryptography Concepts (Part 3) Bill Cheng
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
T 2 Protocols and Mechanisms CS 531, Fall 2007 Copyright © William C. Cheng a mechanism is a more general term encompassing protocols, algorithms (steps followed by a single entity), and non-cryptographic techniques (e.g., hardware protection and procedural controls) to achieve specific security objectives A cryptographic protocol is a distributed algorithm defined by a sequence of steps precisely specifying the actions required of two or more entities to achieve a specific security objective Example of a protocol over an unsecured channel Bob sends public key to Alice over the channel Alice genereates a secret key for symmetric-key encryption Alice encrypts key using Bob’s public key and send to Bob Bob decrypts to recover the secret key Alice and Bob communicate with privacy using the secret key
Image of page 2
T 3 Protocol and Mechanism Failures CS 531, Fall 2007 Copyright © William C. Cheng in a manner whereby an adversary gains advantage not by breaking an underlying primitive such as an encryption algorithm directly A protocol or mechanism failure occurs when a mechanism fails to meet the goals for which it was intended but by manipulating the protocol or mechanism itself Some causes of protocol failure e.g., assume that a stream cipher is a one-time pad 1) weakness in a particular cryptographic primitive which may be amplified by the protocol or mechanism 2) 3) claimed or assumed security guarantees which are overstated or not clearly understood oversight of some principle applicable to a broad class of primitives such as encryption
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Ex: mechanism failure Alice and Bob communicates over a Vernam Cipher Messages are known to have a special form: first 20 bits carry a numeric value representing a monetary amount an active adversary can simply XOR a bitstring into the first 20 bites of ciphertext and change the amount encryption was not compromised but the protocol failed T 4 Protocol Failure Examples CS 531, Fall 2007 Copyright © William C. Cheng assumption that encryption provides data integrity is incorrect Ex: forward search attack 32-bit field used to record the amount in a bank transaction encrypted using a public-key for privacy brute-force attack can recover the value in the transaction similar to a dictionary attack
Image of page 4
T 5 Protocol Design CS 531, Fall 2007 Copyright © William C. Cheng identify all assumptions in the protocol or mechanism design When designing cryptographic protocols and mechanisms, the following two steps are essential 1) for each assumption, determine the effect on the security objective if that assumption is violated 2)
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Communication with symmetric-key cryptography requires pairwise secret keys T 6 Key Establishment/Management/Certification CS 531, Fall 2007 Copyright © William C. Cheng including replacing older keys with new keys Key establishment is any process whereby a shared secret key becomes available to two or more parties, for subsequent cryptographic use
Image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern