Lec2 - Wrestling between Safeguard and Attack An example...

Info icon This preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Wrestling between Safeguard and Attack --- An example for security flaws
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 It is so easy to be flawed in cryptography! Cryptographic algorithms, protocols, and Systems usually contain security flaws. How can we deal with flaws? Fix them. But the fixed versions may again contain flaws. In this lecture, we show an example of attack- fix-attack-fix-…
Image of page 2
3 Preliminaries: Starting from Encryption Encryption Decryption “ Hello, how are you?” 00111010001001 11110100001010 ( Cleartext ) ( Ciphertext ) Encryption key Decryption key
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 Private Key versus Public Key Private (Symmetric) Key Cryptosystem : Encryption key = Decryption Key Public (Asymmetric) Key Cryptosystem : Encryption Key ≠ Decryption Key Encryption key often called public key ; Decryption key often called private key . Note the difference between private key cryptosystem and private key .
Image of page 4
5 Typical Use of Public Key Cryptosystem Each party has a pair of private/public key. Public key is well-known. Others use this key to encrypt message sent to this party. Private key is only known by this party. This party uses it to decrypt the received messages. All other parties do not know this private key, and thus can’t decrypt this party’s received messages.
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 Notations for Encryption/Decryption We use A(x) to denote the application of algorithm A to input x. Thus E(k,m) denotes encrypting cleartext m with encryption algorithm E and encryption key k. Similarly, D(k,C) denotes decrypting ciphertext C with decryption algorithm D and encryption key k.
Image of page 6
7 More Notations and Assumptions For simplicity, we often write {m} k in stead of E(k,m). We assume: Without knowing decryption key , one cannot learn anything about m from {m} k . One cannot learn anything about the decryption key from {m} k (and from k in a public key cryptosystem). Recall the decryption key is k in a private key cryptosystem; and it is the corresponding private key in a public key cryptosystem.
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8 Security Model: Dolev-Yao Besides the preliminary knowledge, we need to know the security model before talking about the example. We use the well-known Dolev-Yao model.
Image of page 8
9 Dolev-Yao Model (1) The adversary can do the following things: Obtain any message passing through the network.
Image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern