Security in Computing (3rd Edition)

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Secure Channels CS 161/194-1 Anthony D. Joseph September 26, 2005 September 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 2 Main Points Applying last week’s lectures in practice Creating Secure Channels Example Applications – PGP: Pretty Good Privacy – TLS: Transport Layer Security – VPN: Virtual Private Network September 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 3 What is a Secure Channel? A stream with these security requirements: – Authentication Ensures sender and receiver are who they claim to be – Confidentiality Ensures that data is read only by authorized users Data integrity Ensures that data is not changed from source to destination Non-repudiation (not discussed today) Ensures that sender can’t deny message and rcvr can’t deny msg Internet Encryption / Decryption Plaintext Plaintext Ciphertext and MAC Encryption / Decryption September 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 4 Creating Secure Channels Authentication and Data Integrity – Use Public Key Infrastructure or third-party server to authenticate each end to the other – Add Message Authentication Code for integrity • Confidentiality – Exchange session key for encrypt/decrypt ops • Bulk data transfer Key Distribution and Segmentation September 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 5 Symmetric Key-based Secure Channel Sender (A) and receiver (B) share secret keys – One key for A L B confidentiality – One for A L B authentication/integrity – Each message sent from A L B contains: • Ciphertext = E_KAB encrypt (nonce + msg) Authenticity/Integrity check = MAC_KAB auth (Ciphertext) Different keys for each direction = 4 keys – KAB encrypt , KAB auth , KBA encrypt , KBA auth September 26, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 6 Symmetric Key-based Secure Channel Message Alice Bob C = E_KAB encrypt (M), MAC_KAB auth (C) MAC KAB auth KAB encrypt KAB auth KAB encrypt MAC Compare? How to exchange secret keys? Encryption Nonce + Message Message Decryption Nonce Check?
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon