1

Normal executable Infected executable

Sequenceof

program instructions

Entry

Originalprogram

EntryJump

Replicationand

payload

Viruses

2

Firewall

Bastionhosts

Internalhosts

Global Internet

Secondfirewall

Public hosts

Protected enclave

3

Communication Goals

• Remote authentication– Based on something you know

• Message confidentiality– Even if adversary eavesdrops

• Message integrity– Even if adversary intervenes

• Message non-repudiation– Even if sender changes her mind

4

Verycomplicatedencryptionalgorithm

Message(bit string)

Encryptedmessage(bit string)

Key (bit string)

5

Lockingkey

(Identical)unlocking key

Message

Locking key

(Different)unlocking key

Symmetriclock and key

Asymmetriclock and key

6

Close and lock usingsender’s locking key

Recipient opensusing unlockingkey

Put messagein lockbox

Transport

torecipient

Symmetric case

Asymmetric case

Locking and unlockingkeys are different

7

0

n-1

P = plaintext

C = ciphertext

Encrypt

Decrypt

RSA asymmetric algorithm

C = Ps mod nP = Ct mod nt cannot becomputed from(n,s) in reasonabletime

8

Confidentiality

Bob must possessa secret not availableto anyone else

Alice (sender)Bob (recipient)

9

Confidentiality (con’t)

Bob must possessa secret not availableto anyone else

Alice (sender)Bob (recipient)

Alice must be able to transform the message so that only the person possessing that secret can read it

10

Confidentiality (con’t)

Bob must possessa secret not availableto anyone else

Alice (sender)Bob (recipient)

Alice must be able to transform the message so that only the person possessing that secret can read it

or

Encrypt Decrypt

11

Where to do encryption

12

Non-repudiation

Alice (sender)Bob (recipient)

Alice must sign the message using a secret not revealed to anybody else

Bob must be able to verify the signature using public information

13

Authentication

Alice (sender)Bob (recipient)

Alice must possessa secret not availableto anyone else

14

Authentication (con’t)

Alice (sender)Bob (recipient)

Alice must possessa secret not availableto anyone else

Bob must be able toverify that Alice possessesthat secret without Alicerevealing it on the networkor to Bob

15

Authentication (con’t)

Alice (sender)Bob (recipient)

Alice must possessa secret not availableto anyone else

or Bob must be able toverify that Alice possessesthat secret without Alicerevealing it on the network(and possibly not to Bob)

Challenge

Response

16

Digital certificate

(ID,public_key)

Encrypted withCA private_key

CA_ID

Certificate authority (CA)certifies (ID,key) binding

17

18

Bob Alice

CA

Alice convinces CA of her identity

Alice provides Bob with a replica of her digitalcertificate, which provides and certifies Alice’s public key

CA givesdigital certificateand secret keyto Alice Bob verifies CA

signature using CA public key

19

Certificateauthority

Bank’s certificateissued by CA

Merchant’s certificateissued by bank

Verifysignature

Authority’sknownpublic key

Bank’spublickey

Verifysignature

Merchant’spublickey

Chain of trust

20

CA

Seller (server)

Customer (client)

Trusting CA public key, client canobtain authenticated public key ofa seller

Consumer electronic commerce

21

Seller (server)

Customer (client)

Client can generate a random,secret “session key” and sendconfidentially to server

Client can authenticate serverusing challenge response protocol

22

Seller (server)

Customer (client)

Client and server cancommunicate confidentially