# slides8 - CS 531 Fall 2007 CS531 Cryptography Concepts(Part...

• Notes
• 26

This preview shows pages 1–7. Sign up to view the full content.

T 1 CS 531, Fall 2007 Copyright © William C. Cheng CS531 Cryptography Concepts (Part 3) Bill Cheng

This preview has intentionally blurred sections. Sign up to view the full version.

T 2 Protocols and Mechanisms CS 531, Fall 2007 Copyright © William C. Cheng a mechanism is a more general term encompassing protocols, algorithms (steps followed by a single entity), and non-cryptographic techniques (e.g., hardware protection and procedural controls) to achieve specific security objectives A cryptographic protocol is a distributed algorithm defined by a sequence of steps precisely specifying the actions required of two or more entities to achieve a specific security objective Example of a protocol over an unsecured channel Bob sends public key to Alice over the channel Alice genereates a secret key for symmetric-key encryption Alice encrypts key using Bob’s public key and send to Bob Bob decrypts to recover the secret key Alice and Bob communicate with privacy using the secret key
T 3 Protocol and Mechanism Failures CS 531, Fall 2007 Copyright © William C. Cheng in a manner whereby an adversary gains advantage not by breaking an underlying primitive such as an encryption algorithm directly A protocol or mechanism failure occurs when a mechanism fails to meet the goals for which it was intended but by manipulating the protocol or mechanism itself Some causes of protocol failure e.g., assume that a stream cipher is a one-time pad 1) weakness in a particular cryptographic primitive which may be amplified by the protocol or mechanism 2) 3) claimed or assumed security guarantees which are overstated or not clearly understood oversight of some principle applicable to a broad class of primitives such as encryption

This preview has intentionally blurred sections. Sign up to view the full version.

Ex: mechanism failure Alice and Bob communicates over a Vernam Cipher Messages are known to have a special form: first 20 bits carry a numeric value representing a monetary amount an active adversary can simply XOR a bitstring into the first 20 bites of ciphertext and change the amount encryption was not compromised but the protocol failed T 4 Protocol Failure Examples CS 531, Fall 2007 Copyright © William C. Cheng assumption that encryption provides data integrity is incorrect Ex: forward search attack 32-bit field used to record the amount in a bank transaction encrypted using a public-key for privacy brute-force attack can recover the value in the transaction similar to a dictionary attack
T 5 Protocol Design CS 531, Fall 2007 Copyright © William C. Cheng identify all assumptions in the protocol or mechanism design When designing cryptographic protocols and mechanisms, the following two steps are essential 1) for each assumption, determine the effect on the security objective if that assumption is violated 2)

This preview has intentionally blurred sections. Sign up to view the full version.

Communication with symmetric-key cryptography requires pairwise secret keys T 6 Key Establishment/Management/Certification CS 531, Fall 2007 Copyright © William C. Cheng including replacing older keys with new keys Key establishment is any process whereby a shared secret key becomes available to two or more parties, for subsequent cryptographic use
This is the end of the preview. Sign up to access the rest of the document.
• Spring '08
• Cheng
• Cryptography, Public key infrastructure, Public-key cryptography, William C. Cheng, William C. Cheng T

{[ snackBarMessage ]}

### What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern