{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

CSCI6268L07

CSCI6268L07 - Foundations of Network and Computer Security...

This preview shows pages 1–9. Sign up to view the full content.

Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #7 Sep 11 th 2009 CSCI 6268/TLEN 5550, Fall 2009

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
The Big (Partial) Picture Primitives Block Ciphers Hash Functions Hard Problems Stream Ciphers First-Level Protocols Symmetric Encryption Digital Signatures MAC Schemes Asymmetric Encryption Second-Level Protocols SSH, SSL/TLS, IPSec Electronic Cash, Electronic Voting (Can do proofs) (Can do proofs) (No one knows how to prove security; make assumptions)
Symmetric Authentication: The Intuitive Model Here’s the intuition underlying the authentication model: Alice and Bob have some shared, random string K They wish to communicate over some insecure channel An active adversary is able to eavesdrop and arbitrarily insert packets into the channel Adversary Alice Key K Key K Bob

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Authentication: The Goal Alice and Bob’s Goal: Alice wishes to send packets to Bob in such a way that Bob can be certain (with overwhelming probability) that Alice was the true originator Adversary’s Goal: The adversary will listen to the traffic and then (after some time) attempt to impersonate Alice to Bob If there is a significant probability that Bob will accept the forgery, the adversary has succeeded
The Solution: MACs The cryptographic solution to this problem is called a Message Authentication Code (MAC) A MAC is an algorithm which accepts a message M, a key K, and possibly some state (like a nonce N), and outputs a short string called a “tag” MAC M K N tag = MAC K (M, N)

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
MACs (cont) Alice computes tag = MAC K (M, N) and sends Bob the message (M, N, tag) Bob receives (M’, N’, tag’) and checks if MAC K (M’, N’) == tag’ If YES, he accepts M’ as authentic If NO, he rejects M’ as an attempted forgery Note: We said nothing about privacy here! M might not be encrypted (M’, N’, tag’) MAC K (M’, N’) == tag’ ?? Y N ACCEPT REJECT Bob
Security for MACs The normal model is the ACMA model Adaptive Chosen-Message Attack Adversary gets a black-box called an “oracle” Oracle contains the MAC algorithm and the key K Adversary submits messages of his choice and the oracle returns the MAC tag After some “reasonable” number of queries, the adversary must “forge” To forge, the adversary must produce a new message M * along with a valid MAC tag for M * If no adversary can efficiently forge, we say the MAC is secure in the ACMA model

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Building a MAC with a Blockcipher Let’s use AES to build a MAC A common method is the CBC MAC: CBC MAC is stateless (no nonce N is used) Proven security in the ACMA model provided messages are all of once fixed length Resistance to forgery quadratic in the aggregate length of adversarial queries plus any insecurity of AES Widely used: ANSI X9.19, FIPS 113, ISO 9797-1 AES K M 1 AES K AES K tag M 2 M m
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 33

CSCI6268L07 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online