CSCI6268L07 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #7 Sep 11 th 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The Big (Partial) Picture Primitives Block Ciphers Hash Functions Hard Problems Stream Ciphers First-Level Protocols Symmetric Encryption Digital Signatures MAC Schemes Asymmetric Encryption Second-Level Protocols SSH, SSL/TLS, IPSec Electronic Cash, Electronic Voting (Can do proofs) (Can do proofs) (No one knows how to prove security; make assumptions)
Background image of page 2
Symmetric Authentication: The Intuitive Model Here’s the intuition underlying the authentication model: Alice and Bob have some shared, random string K They wish to communicate over some insecure channel An active adversary is able to eavesdrop and arbitrarily insert packets into the channel Adversary Alice Key K Key K Bob
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Authentication: The Goal Alice and Bob’s Goal: Alice wishes to send packets to Bob in such a way that Bob can be certain (with overwhelming probability) that Alice was the true originator Adversary’s Goal: The adversary will listen to the traffic and then (after some time) attempt to impersonate Alice to Bob If there is a significant probability that Bob will accept the forgery, the adversary has succeeded
Background image of page 4
The Solution: MACs The cryptographic solution to this problem is called a Message Authentication Code (MAC) A MAC is an algorithm which accepts a message M, a key K, and possibly some state (like a nonce N), and outputs a short string called a “tag” MAC M K N tag = MAC K (M, N)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
MACs (cont) Alice computes tag = MAC K (M, N) and sends Bob the message (M, N, tag) Bob receives (M’, N’, tag’) and checks if MAC K (M’, N’) == tag’ If YES, he accepts M’ as authentic If NO, he rejects M’ as an attempted forgery Note: We said nothing about privacy here! M might not be encrypted (M’, N’, tag’) MAC K (M’, N’) == tag’ ?? Y N ACCEPT REJECT Bob
Background image of page 6
Security for MACs The normal model is the ACMA model Adaptive Chosen-Message Attack Adversary gets a black-box called an “oracle” Oracle contains the MAC algorithm and the key K Adversary submits messages of his choice and the oracle returns the MAC tag After some “reasonable” number of queries, the adversary must “forge” To forge, the adversary must produce a new message M * along with a valid MAC tag for M * If no adversary can efficiently forge, we say the MAC is secure in the ACMA model
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Building a MAC with a Blockcipher Let’s use AES to build a MAC A common method is the CBC MAC: CBC MAC is stateless (no nonce N is used) Proven security in the ACMA model provided messages are all of once fixed length Resistance to forgery quadratic in the aggregate length of adversarial queries plus any insecurity of AES Widely used: ANSI X9.19, FIPS 113, ISO 9797-1 AES K M 1 AES K AES K tag M 2 M m
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/11/2010 for the course CSCI 6268 taught by Professor Black during the Winter '09 term at University of Colombo.

Page1 / 33

CSCI6268L07 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online