Secure channels

Security in Computing (3rd Edition)

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Secure Channels CS 161/194-1 Anthony D. Joseph September 26, 2005 September 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 2 Main Points • Applying last week’s lectures in practice • Creating Secure Channels • Example Applications – PGP: Pretty Good Privacy – TLS: Transport Layer Security – VPN: Virtual Private Network September 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 3 What is a Secure Channel? A stream with these security requirements: – Authentication • Ensures sender and receiver are who they claim to be – Confidentiality • Ensures that data is read only by authorized users – Data integrity • Ensures that data is not changed from source to destination – Non-repudiation (not discussed today) • Ensures that sender can’t deny message and rcvr can’t deny msg Internet Encryption / Decryption Plaintext Plaintext Ciphertext and MAC Encryption / Decryption September 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 4 Creating Secure Channels • Authentication and Data Integrity – Use Public Key Infrastructure or third-party server to authenticate each end to the other – Add Message Authentication Code for integrity • Confidentiality – Exchange session key for encrypt/decrypt ops • Bulk data transfer • Key Distribution and Segmentation September 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 5 Symmetric Key-based Secure Channel • Sender (A) and receiver (B) share secret keys – One key for A L B confidentiality – One for A L B authentication/integrity – Each message sent from A L B contains: • Ciphertext = E_KAB encrypt (nonce + msg) • Authenticity/Integrity check = MAC_KAB auth (Ciphertext) • Different keys for each direction = 4 keys – KAB encrypt , KAB auth , KBA encrypt , KBA auth September 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 6 Symmetric Key-based Secure Channel Message Alice Bob C = E_KAB encrypt (M), MAC_KAB auth (C) MAC KAB auth KAB encrypt KAB auth KAB encrypt MAC Compare? How to exchange secret keys? Encryption Nonce + Message Message Decryption Nonce Check?
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 September 26, 2005 CS161 Fal 2005 Joseph/Tygar/Vazirani/Wagner 7 Secure Channel: Choice #1 • Use public key certificates • Requires Public Key Infrastructure (PKI) – Manages wide-scale public key distribution – Provides a trust distribution mechanism • PKI Properties
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/29/2008 for the course CS 194 taught by Professor Joseph during the Fall '05 term at Berkeley.

Page1 / 5

Secure channels - Main Points Applying last week's lectures...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online