lecture_6

lecture_6 - Cryptographic Keys CS 136 Computer Security...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 6 Page 1 CS 136, Winter 2010 Cryptographic Keys CS 136 Computer Security Peter Reiher January 21, 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 6 Page 2 CS 136, Winter 2010 Outline Properties of keys Key management Key servers Kerberos Certificates
Background image of page 2
Lecture 6 Page 3 CS 136, Winter 2010 Introduction It doesn’t matter how strong your encryption algorithm is Or how secure your protocol is If the opponents can get hold of your keys, your security is gone Proper use of keys is crucial to security in computing systems
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 6 Page 4 CS 136, Winter 2010 Properties of Keys Length Randomness Lifetime Secrecy
Background image of page 4
Lecture 6 Page 5 CS 136, Winter 2010 Key Length If your cryptographic algorithm is otherwise perfect, its strength depends on key length Since the only attack is a brute force attempt to discover the key The longer the key, the more brute force required
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 6 Page 6 CS 136, Winter 2010 Are There Real Costs for Key Length? Generally, more bits is more secure Why not a whole lot of key bits, then? Much encryption done in hardware More bits in hardware costs more Software encryption slows down as you add more bits, too Public key cryptography costs are highly dependent on key length If the attack isn’t brute force, key length might not help
Background image of page 6
Lecture 6 Page 7 CS 136, Winter 2010 Key Randomness Brute force attacks assume you chose your key at random If the attacker can get any knowledge about your mechanism of choosing a key, he can substantially reduce brute force costs How good is your random number generator?
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 6 Page 8 CS 136, Winter 2010 Generating Random Keys Well, don’t use rand() The closer the method chosen approaches true randomness, the better But, generally, don’t want to rely on exotic hardware True randomness is not essential Need same statistical properties And non-reproducibility
Background image of page 8
Lecture 6 Page 9 CS 136, Winter 2010 Cryptographic Methods Start with a random number Use a cryptographic hash on it If the cryptographic hash is a good one, the new number looks pretty random Produce new keys by hashing old ones Depends on strength of hash algorithm Falls apart if any key is ever broken Doesn’t have perfect forward secrecy
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 6 Page 10 CS 136, Winter 2010 Random Noise Observe an event that is likely to be random Assign bit values to possible outcomes Record or generate them as needed Sources: Physical processes (cosmic rays, etc.) Real world processes (variations in disk drive delay, keystroke delays, etc.) More formally described as gathering entropy
Background image of page 10
Lecture 6 Page 11 CS 136, Winter 2010 On Users and Randomness Some crypto packages require users to provide entropy To bootstrap key generation or other uses of randomness Users do this badly (often very badly) They usually try to do something simple And not really random Better to have crypto package get its own entropy
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/08/2010 for the course ENGR 111 taught by Professor King during the Spring '09 term at UCLA.

Page1 / 64

lecture_6 - Cryptographic Keys CS 136 Computer Security...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online