Document Sample
Cryptography Powered By Docstoc
					COEN 351
E-Commerce Security

   Essentials of Cryptography
   Scrambles a plain-text into crypto-text.
   Enables to descramble plain text.
Symmetric Cryptography
   Uses the same key for encryption,
Asymmetric Cryptography
   Uses different key for encryption,
     Message Authentication Codes
         Condenses message into a short hash

• SHA1, … MD5, … are appropriate cryptographically secure hash functions
• For example, encrypt only the MAC with a key known to sender and
Message Authentication Code
   Alternatively, use a secret key.
   This also provides authentication.
Use of Asymmetric Cryptography
   Generic idea: Make one key public.
       How?
           Website
                Website can be spoofed.
           On your business card
                Works for individuals, requires recipient to type in
                 several lines of gibberish correctly.
           From a trusted source
                Going back and back: Where does the trust stem
Use of Asymmetric Cryptography
   Notations:
       E – public key, D – secret key
       EC (M) – encryption of M using key C.
       DC(M) – decryption of M using key C.
   Asymmetric cryptography key identities
       DEED(M) = M
       DDEE(M) = M
Use of Asymmetric Cryptography
   Secret Transmission of messages
       Alice uses public key of Bob to encrypt her
        messages to him: EE(Bob)(M).
       Bob uses his private key to decrypt the
        message: DD(Bob)EE(Bob)(M).
Use of Asymmetric Cryptography
   Signing a message I:
       Alice encrypts the message with her private key:
       Bob decrypts with her public key and obtains M =
        DE(Alice) ED(Alice)(M).
       If M makes sense, Bob knows that someone with
        Alice secret key send the message.
Use of Asymmetric Cryptography
   Signing a message II
       This method avoids encryption of the whole
            Asymmetric cryptography is very compute intensive.
       Alice uses a MAC of her message: MAC(M).
       She sends Bob M and ED(Alice)(MAC(M)).
       Bob calculates
            MAC(M) = DE(Alice) (ED(Alice)(MAC(M))).
       Bob verifies that this is the correct MAC.
       Bob concludes that the message was sent by
        someone knowing Alice’s private key.
Key Management
   Generic Rules:
       Use symmetric cryptography as much as
        possible for performance.
       Never use keys more than once.
   Key Management becomes an issue.
Key Management
   Keys have limited lifetimes:
       Cryptanalysis is easier with more material.
            Breaking WEP involves harvesting a large
             number of packets.
       Once found, a compromised key continues
        to do damage.
Key Management
   Key Management Life Cycles:
       Key establishment
            Key generation
            Key distribution
       Key backup / recovery, key escrow
       Key replacement / update (rekeying)
       Key revocation
       Key expiration / Key termination / Key
Key Management
   Key generation
       Uses random number generation
           Pseudo-random generation derived from a seed
           WEP: seed based on user key word. Not as
            random as appeared.
       Hardware random number generation
       Combined methods
Key Management
   Key distribution
       Has issues of authentication and confidentiality.
       Diffie-Hellman protocol solves confidentiality:
            Allows two parties to agree on a common secret.
       Subject to the man-in-the-middle attack
            Alice thinks that she shares a secret with Bob.
            In reality, she communicates with M, and shares the
             secret with him.
            M shares another secret with Bob.
Key Management
   Key backup / recovery
       Accidental loss of key
            hardware failure, forgotten password …
       Control of encrypted information
            Employer cannot entrust enterprise-critical data to complete
             control of a single / group of employees.
   Key escrow
       To preserve possibility of access by law enforcement
            In the UK, it is a crime to withhold a key to encrypted data
             under subpoena.
            In the US, such a law is seen to contradict 5th amendment
Key Management
   Key destruction
       Secure key destruction is far easier than
        secure file erasure.
       Key destruction destroys accessibility to
        encrypted data.
   Key archiving
       Necessary for validation of old signatures,
        of integrity of old messages, …
Key Management
   Symmetric key transport:
       Send symmetric key along, protected by
        public key of recipient.
       Saves on processing time
   Uses calculation modulo p, p a large prime.
   Chooses generator g.
       Ideally, gx, x = 0, …, p -2 runs through all
        numbers 1, … p -1.
   Uses the fact that calculating powers gx is
    computationally feasible.
   But discrete logarithm (given gx find x) is not.
Diffie Hellman
   Alice generates random number a mod p.
   Bob generates random number b mod p.
   Alice sends Bob ga mod p.
   Bob sends Alice gb mod p.
   Alice calculates (gb)a mod p.
   Bob calculates (ga)b mod p.
   These numbers are identical and the shared
      Diffie Hellman
         Man in the middle attack

Bob                Man in the Middle   Alice
Diffie Hellman
   Alice sends Bob ga mod p.
       But message goes to alien. Alien sends Bob gc
        mod p.
   Bob sends Alice gb mod p.
       But message goes to alien. Alien sends Alice gd
        mod p.
   Alice calculates (gd)a mod p.
   Bob calculates (gc)b mod p.
   These set up a secure communication
    channel between the alien and Bob and one
    between the alien and Alice.
Diffie Hellman
   Secure against eavesdroppers.
   Can be secured against man-in-the-
    middle by using authenticated gb mod p
    or by using a published value gb mod p.
Diffie Hellman and all other
   The problem is one of authentication
    and trust.

Shared By: