Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CS 356 – Lecture 3 Cryptographic Tools

advertisement 
CS 356 – Lecture 3
Cryptographic Tools
Spring 2013
Review
•  Chapter 1: Basic Concepts and Terminology
–  Integrity, Confidentiality, Availability,
Authentication, and Accountability
–  Types of threats: active vs. passive, insider/
outsider
–  Lots of terminology and general concepts
•  Chapter 2: Basic Cryptographic Tools
–  Symmetric key encryption and secure hashing
Message
Authentication
Using a
One-Way
Hash Function
asymmetric
publicly
proposed by
Diffie and
Hellman in
1976
based on
mathematica
l functions
•  uses two
separate keys
•  public key
and private
key
•  public key is
made public
for others to
use
some form
of protocol
is needed for
distribution
l  plaintext l 
readable message or data that is fed into the algorithm as input l  encryption algorithm l 
performs transformations on the plaintext l  public and private key l 
pair of keys, one for encryption, one for decryption l  ciphertext l 
• ***directed toward providing confidentiality
scrambled message produced as output l  decryption key l 
produces the original plaintext computationally
easy to create key
pairs
useful if either key
can be used for
each role
computationally
easy for sender
knowing public key
to encrypt
messages
computationally
infeasible for
opponent to
otherwise recover
original message
computationally
easy for receiver
knowing private
key to decrypt
ciphertext
computationally
infeasible for
opponent to
determine private
key from public key
RSA (Rivest,
Shamir,
Adleman)
developed in 1977
most widely accepted and
implemented approach to
public-key encryption
Diffie-Hellman
key exchange
algorithm
enables two users to
securely reach agreement
about a shared secret that
can be used as a secret key
for subsequent symmetric
encryption of messages
limited to the exchange of
the keys
Digital
Signature
Standard
(DSS)
provides only a digital
signature function with
SHA-1
cannot be used for
encryption or key exchange
Elliptic curve
cryptography
(ECC)
security like RSA, but with
much smaller keys
block cipher in which the
plaintext and ciphertext are
integers between 0 and n-1
for some n.
PubKey Algorithms
• Applications for Public-Key
Cryptosystems
Digital Signatures
l used for authenticating both source and
data integrity
l created by encrypting hash code with
private key
l does not provide confidentiality
l even in the case of complete encryption
l message is safe from alteration but not
eavesdropping
Digital
Envelopes
l  protects a message
without needing to
first arrange for
sender and
receiver to have
the same secret key • 
***equates to the same thing
as a sealed envelope
containing an unsigned letter
Random
Numbers
• Uses include generation of: l keys for public-key
algorithms
l stream key for
symmetric stream
cipher
l symmetric key for
use as a temporary
session key or in
creating a digital
envelope
l handshaking to
prevent replay
attacks
l  session key
Summary
•  introduced cryptographic algorithms
•  symmetric encryption algorithms for
confidentiality
•  message authentication & hash
functions
•  public-key encryption
•  digital signatures and key management
•  random numbers
Cryptography is like magic fairy dust,
we just sprinkle it on our protocols
and its makes everything secure
14
A Simple DNS Attack
Easy to observe UDP DNS query sent to
well known server on well known port.
www.ucla.edu A?
Root DNS Server
www.ucla.edu A
169.232.33.135
Eric’s
Laptop
www.ucla.edu A
128.9.128.127
Caching
DNS Server
edu DNS Server
Dan’s
Laptop
First response wins. Second response is silently dropped.
And of course much more complex attacks….
(Bellovin 95 Kaminsky 08)
ucla.edu DNS Server
15
Secure DNS Query and
Response
• Caching DNS Server
• www.ucla.edu
• Authoritative DNS Servers
• End-user
• 
• 
www.ucla.edu =
169.232.33.135
• Plus (RSA) signature by the
ucla.edu private key
Follow the DNS tree to authenticate the response:
1)  Assume root public key is well known
2)  Root key signs edu key
3)  edu key signs ucla.edu key
4)  ucla.edu key signs the data
16
There is no magic fairy dust
17
What’s Next
•  Read Chapter 1, 2, and 3
–  Chap 1: Focus on big picture and recurring concepts
–  Chap 2: Identify cryptographic tools and properties
•  Homework 2 is Posted on Course Website
–  Due Tuesday
•  Next Lecture Topics from Chapter 3
–  User Authentication
Related documents
UCLA Extension - Au Pair in America
UCLA Extension - Au Pair in America
HW2_Solutions
HW2_Solutions
Hwk #11
Hwk #11
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
Crypto In-Class Exercise
Crypto In-Class Exercise
353742_2_Week4-Part2
353742_2_Week4-Part2
pptx
pptx
Download
advertisement