Download Lecture Notes on Computer Security - Cryptography - Fall 2006 | CSE 543 and more Study notes Computer Science in PDF only on Docsity!
CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger
CSE 543 - Computer Security
Lecture 4 - Cryptography
September 14, 2006
URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1
CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger
Review: secret vs. public key crypto.
- Secret key cryptography
- Symmetric keys, where A single key (k) is used is used for E and D
- D( E( p, k ), k ) = p
- All (intended) receivers have access to key
- Note: Management of keys determines who has access to encrypted data - E.g., password encrypted email
- Also known as symmetric key cryptography - Public key cryptography - Each key pair consists of a public and private component: k+ (public key), k- (private key) D( E(p, k+), k- ) = p D( E(p, k-), k+ ) = p - Public keys are distributed (typically) through public key certificates - Anyone can communicate secretly with you if they have your certificate - E.g., SSL-base web commerce
CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger
Hash Algorithms
- Hash algorithm
- Compression of data into a hash value
- E.g., h(d) = parity(d)
- Such algorithms are generally useful in programs
- … as used in cryptosystems
- One-way - (computationally) hard to invert h() , i.e., compute h - (y), where y=h(d)
- Collision resistant^ hard to find two data x 1 and x 2 such that h(x 1 ) == h(x 2 )
- Q: What can you do with these constructs?
CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger
- HMAC
- Authenticates integrity for data d
- Uses some key k and hash algorithm h
- To simplify, hmac(k,d) = h( k+d )
- Why does this provide authenticity?
- Cannot produce hmac(k,d) unless you know k, d
- If you could, then can break h
- Exercise for class: prove the previous statement
- Used in protocols to authenticate content
Hashed Message Authentication Code
CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger
Digital Signatures
- Models physical signatures in digital world
- Association between private key and document
- … and indirectly identity and document.
- Asserts that document is authentic and non- reputable
- To sign a document
- Given document d, private key k-
- Signature S(d) = E( k -, h(d) )
- Validation
- Given document d, signature S(d), public key k+
- Validate D(k +, S(d)) = H(d)
CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger
Basic truths of cryptography …
- Cryptography is not frequently the source of
security problems
- Algorithms are well known and widely studied
- Use of crypto commonly is … (e.g., WEP)
- Vetted through crypto community
- Avoid any “proprietary” encryption
- Claims of “new technology” or “perfect security” are almost assuredly snake oil
CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger
Building systems with cryptography
- Use quality libraries
- SSLeay, lim (from Lenstra), Victor Shoup’s library, RSAREF, cryptolib
- Find out what cryptographers think of a package before using it
- Code review like crazy
- Educate yourself on how to use library
- Caveats by original designer and programmer
CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger Common issues that lead to pitfalls
- Generating randomness
- Storage of secret keys
- Virtual memory (pages secrets onto disk)
- Protocol interactions
- Poor user interface
- Poor choice of key length, prime length, using parameters from one algorithm in another