Download
1 / 14
140 likes | 147 Views
Chapter 2 - Supplement Using Encryption in Cryptographic Protocols & Practices. Outline. Protocols Use of protocols on “ real ” tasks Distribution of keys, Electronic voting, oblivious transfer Criteria of good encryption practices Other security-enhancing methods
E N D
Chapter 2 - SupplementUsing Encryption in Cryptographic Protocols & Practices
Outline • Protocols • Use of protocols on “real” tasks • Distribution of keys, Electronic voting, oblivious transfer • Criteria of good encryption practices • Other security-enhancing methods • Block chaining, one-way encryption, cryptographic sealing, time stamps V. Sawma, Computer Security and their Data
Voting protocols • The problem: Transmitting an untraceable but authentic message • Examples: anonymous questionnaire, electronic voting, automating private transactions. • Voting protocol: Each voter has two public key functions: (E, D) and (R, Q) Each user’s vote is multiply encrypted: RJ(RK (RL (EJ (EK (EL(vote))) ))) A two-phase protocol: verification phase + signing phase V. Sawma, Computer Security and their Data
Voting protocols • Phase 1 • Jan receives: RJ(RK (RL (EJ (EK (EL(votes))) ))) • Checks his vote is there • Sends RK (RL (EJ (EK (EL(votes))) )) to Keith • Keith checks his vote is there • Sends (RL (EJ (EK (EL(votes))) ) to Lee • Lee checks his vote is there • Sends EJ (EK (EL(votes))) back to Jan • Phase 2 • Jan receives: EJ (EK (EL(votes))) • Checks his vote is there • Sends and certifies EK (EL(votes)) to Keith • Keith checks his vote is there • Sends and certifies EL(votes) to Lee • Lee checks his vote is there • Sends and certifies votes back to Jan • Jan Publishes the results V. Sawma, Computer Security and their Data
Analysis of the Voting protocol • Secrecy • Each voter can only vote once. • Nobody other than the authenticated voters may vote. • In phase 2, each voter independently ‘certifies’ the votes. • Digitally signs the votes • This enables post-vote verification, in case a voter decided to tamper with the votes. V. Sawma, Computer Security and their Data
Oblivious Transfer • The problem: Sending one of two messages, with the restriction that neither the sender nor the receiver will know until later which message was sent • Example: remote coin flipping • obliv·i·ous: lacking remembrance, memory, or mindful attention • Transfer protocol P, the sender, has two pairs of public keys, Ei, Di, Ej, Dj. N, the receiver, has a secret key, KN. V. Sawma, Computer Security and their Data
Oblivious Transfer V. Sawma, Computer Security and their Data
Considerations of encryption practices • Review of Shannon’s criteria: • Amount of secrecy should be appropriate to the degree of confidentiality of the data being preserved. • Key management issues: generation, updating, distribution, supersession (replacement of old keys) • The implications of lost keys: e.g., in contract signing V. Sawma, Computer Security and their Data
Considerations of encryption practices • Two issues related to the complexity to perform an encryption: Initial delay The delay before encryption commences depends on the type of encryption – block or stream – and the size of the block. Many common cryptographic algorithms (RSA, El Gamal, DES) are block ciphers. Encryption speed Public key algorithms are significantly slower than symmetric ones. [Lampson 92] reports that symmetric encryption performs 1,000 to 5,000 times faster than public key cryptography. V. Sawma, Computer Security and their Data
Considerations of encryption practices • Propagation of errors Network errors are often handled by the network itself (e.g., retransmission). Tamper-protection mechanism: An error resulted from an interceptor’s attempted modification should be apparent in the ciphertext. • Size of ciphertext Should size(ciphertext) size (plaintext) ? V. Sawma, Computer Security and their Data
The ‘Block Replay’ Problem • Security weakness broken secrecy • There are other types of attacks. • Example: block replay Encrypted blocks from one transmission are sent in a 2nd transmission, with possible alteration of some fields. • Analysis A block replay is possibly an insider’s attack. Information that may have been exposed: the format of the transmissions, the frequency with which encryption keys are changed, the frequency of transmissions, … Block ciphers, which treat each block of plaintext independently, are prone to block replay. Solution: block chaining V. Sawma, Computer Security and their Data
Block Chaining • Arithmetic basis: (a XOR b) XOR a = b • The encryption of a block is preceded by an XOR with the previous block’s ciphertext. Cj= E( Cj-1 XOR Bj), for all j > 1. • Deciphering of a block is followed by an XOR with the previous block’s ciphertext : Given Cj-1, D(Cj) XOR Cj-1 = D( E( Cj-1 XOR Bj) ) XOR Cj-1 = Bj V. Sawma, Computer Security and their Data
Characteristics of Block Chaining • Identical plaintext blocks transmitted separately or within the same transmission do not necessarily produce the same ciphertext. • Prevention of ‘block replay’ • Initial chaining value may be used to further strengthen this characteristic. To prevent standard message headers from being encrypted the same way V. Sawma, Computer Security and their Data
Other methods • One-way encryption • Functions that are much easier to compute than their inverses • Examples: stored, encrypted passwords • Cryptographic sealing • Encryption can be used to seal a file, a record, a data value, or a single byte. • A checksum is calculated based on the content of the file. Any change to the file by an interceptor would be detected because the calculated checksum would not match the stored checksum value. • Authentication via encryption • Time stamps to prevent forgery V. Sawma, Computer Security and their Data
