### Create a StudySoup account

#### Be part of our community, it's free to join!

Already have a StudySoup account? Login here

# 239 Class Note for CSE 543 at PSU

### View Full Document

## 19

## 0

## Popular in Course

## Popular in Department

This 20 page Class Notes was uploaded by an elite notetaker on Friday February 6, 2015. The Class Notes belongs to a course at Pennsylvania State University taught by a professor in Fall. Since its upload, it has received 19 views.

## Similar to Course at Penn State

## Reviews for 239 Class Note for CSE 543 at PSU

### What is Karma?

#### Karma is the currency of StudySoup.

#### You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 02/06/15

CSE 543 Computer Security Lecture 5 Public Key Cryptosystems September 11 2007 URL httpwwwcsepsuedutiaegercse543f07 PENNSTATE Key DistributionAgreement E Key Distribution is the process where we assign and transfer keys to a participant Out of band eg passwords simple During authentication eg Kerberos As part of communication eg skipencryption Key Agreement is the process whereby two parties negotiate a key 2 or more participants Typically key distributionagreement this occurs in conjunction with or after authentication However many applications can preIoad keys PENNSTATE DiffieHellman Key Agreement The DH paper really started the modern age of cryptography and indirectly the security community Negotiate a secret over an insecure media Eg in the clear seems impossible Idea participants exchange intractable puzzles that can be solved easily with additional information tquot Mathematics are very deep Working in multiplicative group G Use the hardness of computing discrete logarithms in finite field to make secure Things like RSA are variants that exploit similar properties CSE543 Computer and Network Security Fall 2007 Professor Jaeger PENNSTATE DiffieHellman Protocol For two participants p1 and p2 Setup We pick a prime number p and a base 9 ltp This information is public Eg p13 g4 Step 1 Each principal picks a private value X ltp1 Step 2 Each principal generates and communicates a new value ygxmodp Step 3 Each principal generates the secret shared key 2 zmeodp Perform a neighbor exchange PENNSTATE Attacks on DiffieHellman This is key agreement not authentication You really don t know anything about who you have exchanged keys with The man in the middle u 3 l l y l K fquot l 7quot H O Q Alice and Bob think they are talking directly to each other but Mallory is actually performing two separate exchanges You need to have an authenticated DH exchange The parties sign the exchanges more or less See Schneier for a intuitive description l n l l I l CSE543 Computer and Network Security Fall 2007 Professor Jaeger PENNSTATE Public Key Cryptography 3 Public Key cryptography Each key pair consists of a public and private component k public key k private key D EI0 k k39 I0 D EI0 k39 k I0 Public keys are distributed typically through public key certificates Anyone can communicate secretly with you if they have your certificate Eg SSL based web commerce RSA Rivest Shamir Adelman A dominant public key algorithm The algorithm itself is conceptually simple Why it is secure is very deep number theory Use properties of exponentiation modulo a product of large primes quotA method for obtaining Digital Signatures and Public Key Cryptosystems Communications of the ACM Feb 1978 212 pages 120126 CSE543 Computer and Network Security Fall 2007 Professor Jaeger PENNSTATE RSA Key Generation a Pick two large primes p and q 1 p3 q11 Calculate n pq Pick e such that it is relatively Ehi11 j 20 prime to phin q391p391 4 e 7 GCD20 7 1 Euler s Totient Function 39 d 9quot mod Phim 5 Euclid s Algorithmquot or d 71 mod 20 de mod phin 1 d 7 mod 20 1 d3 PENNSTATE RSA EncryptionDecryption Era Public key k is en and private key k is dn Encryption and Decryption EkP ciphertext plaintexte mod n DkC plaintext ciphertextd mod n Example Public key 788 Private Key 888 Data 4 encoding of actual data E7884 47 mod 33 16884 mod 33 16 D88816 163 mod 33 4096 mod 33 4 PENNSTATE Encryption using private key E Encryption and Decryption EkP ciphertext plaintextd mod n DkC plaintext ciphertexte mod n Eg E3454 43 mod 33 64 mod 33 31 D74519 317 mod 33 27512614111 mod 33 4 Q Why encrypt with private key PENNSTATE Digital Signatures 3 Models physical signatures in digital world Association between private key and document and indirectly identity and document Asserts that document is authentic and non reputable To sign a document Given document d private key k Signature Sd E kv hd Validation Given document d signature Sd public key k Validate Dkv Sd Hd A Protocol Story Pmwa NeedhamSchroeder Public Key Protocol Defined in 1978 Assumed Correct Many years without a flaw being discovered Proven Correct BAN Logic 80 It s Correct Right NO WE BEALLV DON39T KNOW lF HE39S DEAD OR JUST HAVING lT BUT lT39S POSSUM G ZIMNAL JAJSTISE PROTo oL TO DRAW THE lMPQESSlVE FOLlGE OUTLINE PENNSTATE NeedhamSchroeder Public Key Era Does It Still Look OK Message at A gt B AB NA Ang A initiates protocol with fresh value for B Message a2 B gtA BA NA NBPKA B demonstrates knowledge of NA and challenges A Message as A gt B AB NBPKB Ademonstrates knowledge of N3 A and B are the only ones who can read NA and NB PENNSTATE Gavin Lowe s Attack on NS Public Key An active intruder X participates Message at A gt X AX NA Aka Message b1 XA gt B AB NA Ang X as A initiates protocol with fresh value for B Message b2 B gt XA BA NA NBPKA Message a2 X gtA XA NA NBPKA X asks Ato demonstrates knowledge of NB Message as A gt X AX NBpr Atells X NB thanks A Message b3 XA gt B AB NBPKB X completes the protocol as A PENNSTATE What Happened X can get A to act as an oracle for nonces Hey A what s the N3 in this message from any B A assumes that any message encrypted for it is legit Bad idea X can enable multiple protocol executions to be interleaved Should be part of the threat model NOTHING EVER HAPPENED t HERE CSE543 Computer and Network Security Fall 2007 Professor Jaeger PENNSTATE The Fix It s Trivial Find it Message a A gt B AB NA Asz A initiates protocol with fresh value for B Message a2 B gtA BA NA NB BPKA B demonstrates knowledge of NA and challenges A Message as A gt B AB NBsz Ademonstrates knowledge of N3 PENNSTATE Impact on Protocol Analysis 3 Protocol Analysis Took a Black Eye BAN Logic ls Insufficient BAN Logic ls Misleading Protocol Analysis Became a Hot Topic Lowe s FDR Meadow s NRL Analyzer Millen s lnterrogator Rubin s Nonmonotonic protocols In the end could find known flaws but attacker model is too complex PENNSTATE DolevYao Result Era Strong attacker model Attacker intercepts every message Attacker can cause one of a set of operators to be applied at any time Operators for modifying generating any kind of message Attacker can apply any operator except other s decryption Theoretical Results Polynomial Time for One Session Undecidable for Multiple Sessions Moral Analysis is Dif cult Because Attacker Can Exploit Interactions of Multiple Sessions End Result Manual Induction and ExpertAnalysis are the main approaches PENNSTATE Review secret vs public key crypto Secret key cryptography Symmetric keys where A single key k is used is used for E and D DEPakakP All intended receivers have access to key Note Management of keys determines who has access to encrypted data Eg password encrypted email Also known as symmetric key cryptography Public key cryptography Each key pair consists of a public and private component k public key k private key D EI0 k k I0 D EI0 k k I0 Public keys are distributed typically through public key certificates Anyone can communicate secretly with you ifthey have your certi cate Eg SSLbased web commerce PENNSTATE The symmetricasymmetric key tradeoff Symmetric shared key systems Efficient Many MBsec throughput Difficult key management Kerberos Key agreement protocols Asymmetric public key systems Slow algorithms so far Easy easier key management PKI public key infrastructures Webs of trust PG P

### BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.

### You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

## Why people love StudySoup

#### "Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

#### "I made $350 in just two days after posting my first study guide."

#### "Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

#### "It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

### Refund Policy

#### STUDYSOUP CANCELLATION POLICY

All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email support@studysoup.com

#### STUDYSOUP REFUND POLICY

StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here: support@studysoup.com

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to support@studysoup.com

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.