Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Topic 2.5

advertisement 
Computer Science
CSC 774 Advanced Network Security
Topic 2.5 Secret Handshake
Slides by Tong Zhou
CSC 774
Dr. Peng Ning
Goals
• Authenticate without revealing credentials
– Consider two groups G1 and G2, two parties A 
G1 and B  G2. A and B wants to authenticate each
other.
– If G1 ≠ G2: A and B only know they are not in the
same group.
– If G1 = G2: A and B can authenticate to each other.
– A third party learns nothing by observing
conversations between A and B.
Computer Science
CSC 774
Dr. Peng Ning
Preliminaries: Pairing-based Cryptography
• Bilinear Maps:
– Two cyclic groups of large prime order q: G1 and G2
– eˆ : G1  G1  G 2 is a bilinear map if
a, b  Z q ; P, Q  G1; eˆ(aP, bQ)  eˆ( P, Q)ab
• ê should be computable, non-degenerate and satisfies
Bilinear Diffie-Hellman assumption, i.e., given P, aP,
abc
ˆ
e
(
P
,
P
)
bP, cP, it is hard to compute
Computer Science
CSC 774
Dr. Peng Ning
Protocol Sketch
• Equipped with bilinear map ê and one-way
hash function H1
• CA has a master key t.
• Assume a drivers and cops scenario.
Computer Science
CSC 774
Dr. Peng Ning
Protocol Sketch
K A  eˆ( H1 (“xy6542678 d - cop”), TA ) K B  eˆ(TB , H1 (“p65748392 a - driver” ))
K A me
 KDriver’s
B
Please show
licence,
your pseudonym.please.
xy6542678d
p65748392a
Driver’s Licence:
Traffic cop credential:
“p65748392a”,TA
“xy6542678d”,TB
TB = tH1(“xy6542678d-cop”)
TA = tH1(“p65748392a-driver”)
Computer Science
CSC 774
Dr. Peng Ning
Protocol Sketch – Attacker Igor
K A  eˆ( H1 (“xy6542678 d - cop”), TA )
???
This guy
is me
notI aam a cop. Driver’s
Please
show
cop.
your
pseudonym.licence, please.
xy6542678d
p65748392a
Driver’s Licence:
Obtains Bob’s pseudonym
“p65748392a”,TA
“xy6542678d”
TA = tH1(“p65748392a-driver”)
Computer Science
CSC 774
Dr. Peng Ning
Secret-Handshake Scheme (SHS)
•
SHS.CreateGroup(G): executed by an administrator,
generates the group secret GroupSecretG for G.
•
SHS.AddUser(U,G,GroupSecretG): creates user secret
UserSecretU,G for new user U.
•
SHS.HandShake(A,B): Users A and B authenticates each
other. B discovers A  G if and only if A discovers B  G.
•
SHS.TraceUser: Administrator tells the user from a
transcript T generated during conversation between A and B.
•
SHS.RemoveUser: Administrator revokes user U
Computer Science
CSC 774
Dr. Peng Ning
Pairing-Based Handshake (PBH)
• PBH.CreateGroup: Administrator sets GroupSecretG as a
random number sG  Z q
• PBH.AddUser: Administrator generates pseudonyms for users:
{id U 1 ,, id Ut }
and then generates the corresponding secret points:
{priv U 1 ,, priv Ut }
where
priv Ui  sG H1 (id Ui )
H1 is a one-way hash function.
Computer Science
CSC 774
Dr. Peng Ning
Pairing-Based Handshake (PBH)
•
PBH.Handshake:
•
•
•
A
id A , nA
B
id B , nB ,V0
A
B
V1
A
B
V0  H 2 (eˆ( H1 (id A ), priv B ) | id A | id B | nA | nB | 0)
V1  H 2 (eˆ(priv A , H1 (id B )) | id A | id B | nA | nB | 1)
S  H2 (eˆ(priv A ,H1 (id B )) | id A | id B | nA | nB | 2)
 H2 (eˆ(H1(id B ),priv B ) | id A | id B | nA | nB | 2)
Computer Science
CSC 774
Dr. Peng Ning
Pairing-Based Handshake (PBH)
• PBH.TraceUser: Since the conversations of
handshaking include the pseudonyms,
administrator can easily figure out the users.
• PBH.RemoveUser: Administrator removes
user U by broadcasting its pseudonyms to all
the other users, so that other users won’t accept
pseudonyms of U.
Computer Science
CSC 774
Dr. Peng Ning
Computational Diffie-Hellman Instead of
Bilinear Diffie-Hellman
• CreateGroup: Administrator picks (p,q,g). p and q are primes,
g is a generator of a subgroup in Z *p of order q. Also, picks up a
private key x, and computes the public key y=gx mod p
• AddUser: For user U, administrator generates idU, then
generates a pair
(w, t )  (Z*p , Z q )
so that
g t  wy H ( w, ID )
idU, w, t will be given to the user.
Computer Science
CSC 774
Dr. Peng Ning
Computational Diffie-Hellman Instead of
Bilinear Diffie-Hellman
• AddUser: For user U, administrator generates idU, then generates a pair
(w, t )  (Z*p , Z q )
so that
g t  wy H ( w, ID )
idU, w, t will be given to the user.
– How to generate the pair (w,t)?
Randomly pick r, compute
w  g mod p
r
t  r  xH ( w, ID )
Computer Science
CSC 774
Dr. Peng Ning
Computational Diffie-Hellman Instead of
Bilinear Diffie-Hellman
• Handshake: Assume user A has (idA, wA, tA) and user
B has (idB, wB, tB). Define several marks (ElGamal
Encryption):
–
Recover( y, id, w)  PK  wy H ( w,id) mod p
–
Enc PK (m)  [c1 , c2 ]
 [ g R mod p, m  H ' ( PK R mod p)]
–
Dec t ([c1 , c2 ])  m  c2  H ' (c1t mod p)
Computer Science
CSC 774
Dr. Peng Ning
Computational Diffie-Hellman Instead of
Bilinear Diffie-Hellman
• Handshake:
PKB  Recover( y,id B , wB )
randomly picks ra , cha
computes
Ca  Enc PKb (ra )
id B , wB
A
A
id A , wA , C A , cha
B
B PK A  Recover( y,id A , wA )
ra  Dec tb (Ca )
randomly picks rb , chb
computes
verifies respb
rb  Dec ta (Cb ) A
CB , respb , chb
respa  H (ra , rb , chb )
A
Computer Science
respa
CSC 774
B
B
Cb  Enc PKa (rb )
respb  H (ra , rb , cha )
verifies respa
Dr. Peng Ning
Related documents
Topic 2.5 - Dr. Peng Ning
Topic 2.5 - Dr. Peng Ning
CSC 774 -- Network Security About the Presentation • Will be graded.
CSC 774 -- Network Security About the Presentation • Will be graded.
CSC 774 Advanced Network Security About the Presentation • Will be graded.
CSC 774 Advanced Network Security About the Presentation • Will be graded.
CSC 474/574 Information Systems Security Approaches to Multi-level Databases • Partitioning
CSC 474/574 Information Systems Security Approaches to Multi-level Databases • Partitioning
CSC 474/574 Information Systems Security COVERT CHANNELS
CSC 474/574 Information Systems Security COVERT CHANNELS
CSC 111 Computers for Math and Science
CSC 111 Computers for Math and Science
CSC 474/574 Information Systems Security Authentication • Authentication is the process of reliably
CSC 474/574 Information Systems Security Authentication • Authentication is the process of reliably
Download
advertisement