Prays Hard Works Harder
Cryptographic Protocol
Building Block Protocols
�Contents
Definition Type of Protocol Communications Using Symmetric Cryptography One-Way Functions & One-Way Hash Functions Communications Using Public-Key Cryptography Digital Signatures with Encryption Random and Pseudo-Random-Sequence Generation
�Definition
Order
Step
Protocol
Two or More Parties
Task
�Key Words Series of steps:
Each step must be well-dened There must be specied action for every possible situation Everyone involved must know the steps and follow them
Two or more parties:
Parties can be friends and trust each other or adversaries and mistrust each other
Accomplish a task:
This can involve sharing (parts of) a secret, conrming an identity, signing a contract, etc.
�Protocol Cryptography Protocol Cryptography is a protocol that use cryptography algorithm.
�Characteristic
Established in advance
Mutually subscribed Complete
Unambiguous
�Definition
Everyone involved in the protocol must know the protocol and all of the steps to follow in advance. Everyone involved in the protocol must agree to follow it. The protocol must be unambiguous. The protocol must be complete
�Definition
Use Cryptography Involves Some Cryptographic algorithm
Protocol
Confidentiality Integrity Authentication
�Examples Face To face
Rely on peoples presence to ensure fairness and security
Over Computer Network
?????
Buying goods over the internet, playing online poker E-voting in an election Internet Banking Rekening Bersama
�Type of Protocols
Arbitrated Protocols Adjudicated Protocols Self-Enforcing Protocols
�Arbitrated Protocols An arbitrator is a disinterested third party trusted to complete the protocol
Has no allegiance to any party involved All people participating trust that he is acting honestly and correctly
Arbitrators can help complete protocols between parties that dont trust each other
�Arbitrated Protocols
In the real world, lawyers, public notaries, and banksact as arbitrators For example, Bob can buy a car from Alice using anarbitrated protocol 1. Bob writes a check and gives it to the bank (Trent) 2. Bank puts enough money on hold to cover check and certies the check 3. Alice gives the title to Bob and Bob gives the certied check to Alice 4. Alice deposits the check This works, because Alice trusts the banks certication
�Arbitrated Protocols There are some problems with arbitrated protocols in the virtual world:
Its more difcult for people to trust a faceless entity somewhere in the network An arbitrator can become a bottleneck, as he has to deal with every transaction
This may lead to even more delay (due to the arbitrator theres always some delay)
Lots of damage can be caused if arbitrator is subverted Someone has to pay for running an arbitration service
�Adjudicated Protocols Arbitrators have high costs, so arbitrated protocols can be split into two sub-protocols:
A non-arbitrated part An arbitrated part that is executed only if there is adispute
This special kind of arbitrator is called an adjudicator
�Adjudicated Protocols An adjudicator is a third party who can judge whether a transaction was performed fairly, in case of a dispute. Example: a notary public, who attests the authenticity of a signed document An adjudicated protocol allows an adjudicator to examine transaction data to decide whether two disputing parties acted fairly.
�Adjudicated Protocols Example : Nonarbitrated subprotocol (executed every time):
(1) Alice and Bob negotiate the terms of the contract. (2) Alice signs the contract. (3) Bob signs the contract.
Adjudicated subprotocol (executed only in case of a dispute):
(4) (5) (6) (7) Alice and Bob appear before a judge. Alice presents her evidence. Bob presents his evidence. The judge rules on the evidence.
�Adjudicated Protocols Issues with adjudicated protocols in the virtual world
Protocols rely in a rst instance on the parties being honest However, if someone suspects cheating, the protocol provides enough evidence to be able to detect this In a good adjudicated protocol, this evidence also identies the cheating party Instead of preventing cheating, adjudicated protocols detect cheating
The (inevitability of) detection acts as a deterrent
�Self-Enforcing Protocols A self-enforcing protocol guarantees fairness of a transaction, without the presence of a third party. During the transaction, either partys attempt to cheat becomes immediately obvious to the other party.
Example :
There are several ways two people can divide a piece of cake in half.
�Self-Enforcing Protocols Advantages:
no such cost as those associated with arbitrated or adjudicated protocols
Disadvantages:
There is not a self-enforcing protocol for every situation.
www.themegallery.com
Company Logo
�Attack on Protocols Attack Cheaters
�Attacks Eavesdropping Modification Replay Preplay
The advesary enganges in arun of the protocol prior to a run by legitimate principals
Reflection
The adversary send protocols messages back to the principal who sent them
Denial of Services
www.themegalle
�Attack Typing Attack
The adversary replaces a (normally encrypted) protocol message field of one type with (normally encrypted) messages fields of another type
Cryptanalysis Certificate Manipulation
The adversary chooses or modifies certificate information to attack one or more protocol run.
Protocol Interaction
The adversary chooses a new protocol to interact with known protocol
www.themegalle
�Cheaters
�Communications Using Symmetric Cryptography
(1) Alice and Bob agree on a cryptosystem (2) Alice and Bob agree on a key (3) Alice takes her plaintext message and encrypts it using the encryption algorithm and the key. This creates a ciphertext message. (4) Alice sends the ciphertext message to Bob. (5) Bob decrypts the ciphertext message with the same algorithm and key and reads it.
�Problem Keys must be distributed in secret If a key is compromised (stolen, guessed, extorted, bribed, etc.), the security has been gone. The total number of keys increases rapidly as the number of users increases
�One-Way Functions
One-way functions are relatively easy to compute, but significantly harder to reverse. Given x it is easy to compute f(x), but given f(x) it is hard to compute x Problem : A trapdoor one-way function
�One-Way Hash Functions
a.k.a compression function, contraction function, message digest, fingerprint, cryptographic checksum, message integrity check (MIC), and manipulation detection code (MDC). a variable-length input string (called a pre-image) and converts it to a fixed-length (generally smaller) output string (called a hash value) Collision-Free Message Authentication Codes
A.k.a. data authentication code (DAC) is a one-way hash function with the addition of a secret key
�Communications Using Public-Key Cryptography
In 1976, Whitfield Diffie and Martin Hellman General protocol
(1) Alice and Bob agree on a public-key cryptosystem. (2) Bob sends Alice his public key. (3) Alice encrypts her message using Bobs public key and sends it to Bob. (4) Bob decrypts Alices message using his private key.
�Problems
Public-key algorithms are slow, Large Number requirement Public-key cryptosystems are vulnerable to chosen-plaintext attacks
�Hybrid Cryptosystem (1) Bob sends Alice his public key. (2) Alice generates aK, encrypts it using Bobs public key, and sends it to Bob. EB(K) random session key, (3) Bob decrypts Alices message using his private key to recover the session key. DB(EB(K)) = K (4) Both of them encrypt their communications using the same session key.
�Digital Signatures
Requirement
The signature is authentic The signature is unforgeable The signature is not reusable The signed document is unalterable The signature cannot be repudiated In reality, none of these statements about signatures is completely true.
�Signing Documents with Symmetric Cryptosystems and an Arbitrator
(1) Alice encrypts her message to Bob with KA and sends it to Trent. (2) Trent decrypts the message with KA. (3) Trent takes the decrypted message and a statement that he has received this message from Alice, and encrypts the whole bundle with KB. (4) Trent sends the encrypted bundle to Bob. (5) Bob decrypts the bundle with KB. He can now read both the message and Trents certification that Alice sent it.
�Advantages All requirements on Signatures are fulfilled
The signature is authentic The signature is unforgeable The signature is not reusable The signed document is unalterable The signature cannot be repudiated
Because the scheme use the Trent
�Problems The protocol take too much time for Trent Hard to creating and maintaining good Trent Trent is bottlenecks in any communication system
�Digital Signature Trees Ralph Merkle proposed a digital signatures scheme using a tree structure. Use Root, node and sub node hierarchical
�Signing Documents with Public-Key Cryptography
Basic Protocols (1) Alice encrypts the document with her private key, thereby signing the document. (2) Alice sends the signed document to Bob. (3) Bob decrypts the document with Alices public key, thereby verifying the signature.
�Advantages Fulfilled the requirement of Signatures Trent is not needed to either sign and verify signatures.
�Other Digital Signature Signing Documents and Timestamps Signing Documents with Public Key Cryptography and One-Way Hash Functions
1. Alice produces a one-way hash of a document. 2. Alice encrypts the hash with her private key, thereby signing the document. 3. Alice sends the document and the signed hash to Bob. 4. Bob produces a one-way hash of the document that Alice sent. He then, using the digital signature algorithm, decrypts the signed hash with Alices public key. If the signed hash matches the hash he generated, the signature is valid.
�Multiple Signatures (1) (2) (3) (4) Alice signs the hash of the document. Bob signs the hash of the document. Bob sends his signature to Alice. Alice sends the document, her signature, and Bobs signature to Carol. (5) Carol verifies both Alices signature and Bobs signature.
�Digital Signatures with Encryption The signature provides proof of authorship and the envelope provides privacy.
(1) Alice signs the message with her private key. SA(M) (2) Alice encrypts the signed message with Bobs public key and sends it to Bob. EB(SA(M)) (3) Bob decrypts the message with his private key. DB(EB(SA(M))) = SA(M) (4) Bob verifies with Alices public key and recovers the message. VA(SA(M)) = M
�Random and Pseudo-Random-Sequence Generation
Pseudo-Random Sequences
It looks random. This means that it passes all the statistical tests of randomness
Cryptographically Secure Pseudo-Random Sequences
It is unpredictable Use Key, The Key is generally the seed used to set the initial state of generator
Real Random Sequences
It cannot be reliably reproduced
�Question ?
�Basic Protocols
Key Exchange Authentication Authentication and Key Exchange
� Prays Hard Works Harder
