Building Block Protocol

8/2/2019 Building Block Protocol

1/44

Prays Hard Works Harder

CryptographicProtocol

Building Block Protocols


2/44

Contents

Communications Using Symmetric Cryptography

Definition

Type of Protocol

Digital Signatures with Encryption

Communications Using Public-Key Cryptography

One-Way Functions & One-Way Hash Functions

Random and Pseudo-Random-Sequence Generation


3/44

Definition

Step

Order

ProtocolProtocolProtocolProtocol

Task

Two or More Parties


4/44

Key Words

Series of steps:

Each step must be well-defined

There must be specified action for every possiblesituation

Everyone involved must know the steps and follow

Two or more parties:

Parties can be friends and trust each other or

adversaries and mistrust each other Accomplish a task:

This can involve sharing (parts of) a secret,confirming an identity, signing a contract, etc.


5/44

Protocol Cryptography

Protocol Cryptography is a protocol that usecryptography algorithm.


6/44

Characteristic

Establishedin advance

Complete

u ua ysubscribed

Unambiguous


7/44

Definition

Everyone involved in the protocol must know theprotocol and all of the steps to follow in advance.

Everyone involved in the protocol must agree to.

The protocol must be unambiguous.

The protocol must be complete


8/44

Definition

Use Cryptography

Involves Some Cryptographic algorithm

Confidentiality

Integrity

Authentication

ProtocolProtocolProtocolProtocol


9/44

Examples

Face To face

Rely on peoples presence to ensure fairness and

security

Over Computer Network

?????

Buying goods over the internet,

playing online poker

E-voting in an election

Internet Banking

Rekening Bersama


10/44

Type of Protocols

Arbitrated Protocols

Adjudicated Protocols

Self-Enforcing Protocols


11/44


An arbitrator is a disinterested third party trustedto complete the protocol

Has no allegiance to any party involved All people participating trust that he is acting honestly

and correctly

Arbitrators can help complete protocols betweenparties that dont trust each other


12/44


In the real world, lawyers, public notaries, andbanksact as arbitrators

For example, Bob can buy a car from Alice usinganarbitrated protocol

1. Bob writes a check and gives it to the bank(Trent)

2. an puts enoug money on o to covercheck and certifies the check3. Alice gives the title to Bob and Bob gives the

certified check to Alice

4. Alice deposits the check This works, because Alice trusts the banks

certification


13/44


There are some problems with arbitratedprotocols in the virtual world:

Its more difficult for people to trust a faceless entitysomewhere in the network

An arbitrator can become a bottleneck, as he has to

deal with every transaction This may lead to even more delay (due to the arbitrator

theres always some delay)

Lots of damage can be caused if arbitrator is

subverted

Someone has to pay for running an arbitration

service


14/44


Arbitrators have high costs, so arbitratedprotocols can be split into two sub-protocols:

A non-arbitrated part An arbitrated part that is executed only if there is

adispute

This special kind of arbitrator is called anadjudicator


15/44


An adjudicator is a third party who can judgewhether a transaction was performed fairly, in

case of a dispute. Example: a notary public, who attests the

authenticit of a si ned document

An adjudicated protocol allows an adjudicator toexamine transaction data to decide whether twodisputing parties acted fairly.


16/44


Example :

Nonarbitrated subprotocol (executed every

time):(1) Alice and Bob negotiate the terms of the contract.

(2) Alice signs the contract.

(3) Bob signs the contract.

Adjudicated subprotocol (executed only in caseof a dispute):(4) Alice and Bob appear before a judge.

(5) Alice presents her evidence.

(6) Bob presents his evidence.(7) The judge rules on the evidence.


17/44


Issues with adjudicated protocols in the virtualworld

Protocols rely in a first instance on the parties beinghonest

provides enough evidence to be able to detect this In a good adjudicated protocol, this evidence also

identifies the cheating party

Instead of preventing cheating, adjudicated protocolsdetect cheating

The (inevitability of) detection acts as a deterrent


18/44


A self-enforcing protocol guarantees fairness ofa transaction, without the presence of a third

party. During the transaction, either partys attempt to

cheat becomes immediatel obvious to the other

party.

Example :

There are several ways two people can divide a pieceof cake in half.


19/44


Advantages:

no such cost as those associated with arbitrated or

adjudicated protocols

There is not a self-enforcing protocol for everysituation.

www.themegallery.com Company Logo


20/44

Attack on Protocols

Attack

Cheaters


21/44

Attacks

Eavesdropping

Modification

Replay

Preplay

e a vesary enganges n arun o e pro oco pr orto a run by legitimate principals

Reflection

The adversary send protocols messages back to theprincipal who sent them

Denial of Services

www.theme alle


22/44

Attack

Typing Attack

The adversary replaces a (normally encrypted)

protocol message field of one type with (normallyencrypted) messages fields of another type

Cryptanalysis

Certificate Manipulation The adversary chooses or modifies certificate

information to attack one or more protocol run.

Protocol Interaction The adversary chooses a new protocol to interact with

known protocol

www.theme alle


23/44

Cheaters


24/44

Communications Using Symmetric Cryptography

(1) Alice and Bob agree on a cryptosystem

(2) Alice and Bob agree on a key

(3) Alice takes her plaintext message and encrypts it using

.

ciphertext message.

(4) Alice sends the ciphertext message to Bob.

(5) Bob decrypts the ciphertext message with the samealgorithm and key and reads it.


25/44

Problem

Keys must be distributed in secret

If a key is compromised (stolen, guessed,

extorted, bribed, etc.), the security has been

gone.

The total number of keys increases rapidly as

the number of users increases


26/44

One-Way Functions

One-way functions are relatively easy to

compute, but significantly harder to reverse.

Given xit is easy to compute f(x), but given f(x) it

is hard to compute x

Problem :A trapdoor one-way function


27/44

One-Way Hash Functions

a.k.a compression function, contraction function,message digest, fingerprint, cryptographic

checksum, message integrity check (MIC), andmanipulation detection code (MDC).

a variable-length input string (called a pre-image)

an converts t to a xe - engt genera y sma eroutput string (called a hash value)

Collision-Free

Message Authentication Codes A.k.a. data authentication code (DAC)

is a one-way hash function with the addition of a secret key


28/44

Communications Using Public-Key Cryptography

In 1976, Whitfield Diffie and Martin Hellman

General protocol(1) Alice and Bob agree on a public-key cryptosystem.

2 Bob sends Alice his ublic ke .

(3) Alice encrypts her message using Bobs public keyand sends it to Bob.

(4) Bob decrypts Alices message using his private key.


29/44

Problems

Public-key algorithms are slow, Large Number

requirement Public-key cryptosystems are vulnerable to

-


30/44

Hybrid Cryptosystem

(1) Bob sends Alice his public key.

(2) Alice generates aK, encrypts it using Bobs

public key, and sends it to Bob. EB(K) randomsession key,

key to recover the session key. DB(EB(K)) = K

(4) Both of them encrypt their communicationsusing the same session key.


31/44

Digital Signatures

Requirement

The signature is authentic The signature is unforgeable

The signature is not reusable

The signed document is unalterable The signature cannot be repudiated

In reality, none of these statements about signatures is

completely true.


32/44

Signing Documents with Symmetric Cryptosystemsand an Arbitrator

(1) Alice encrypts her message to Bob with KA and

sends it to Trent.(2) Trent decrypts the message with KA.

3 Trent takes the decr ted messa e and a

statement that he has received this message fromAlice, and encrypts the whole bundle with KB.

(4) Trent sends the encrypted bundle to Bob.

(5) Bob decrypts the bundle with KB. He can now readboth the message and Trents certification thatAlice sent it.


33/44

Advantages

All requirements on Signatures are fulfilled

The signature is authentic

The signature is unforgeable The signature is not reusable

The si ned document is unalterable

The signature cannot be repudiated Because the scheme use the Trent


34/44

Problems

The protocol take too much time for Trent

Hard to creating and maintaining good Trent

Trent is bottlenecks in any communication

system


35/44

Digital Signature Trees

Ralph Merkle proposed a digital signaturesscheme using a tree structure.

Use Root, node and sub node hierarchical

Signing Documents with Public-Key


36/44

Signing Documents with Public KeyCryptography

Basic Protocols

(1) Alice encrypts the document with herprivate key, thereby signing the document.

(3) Bob decrypts the document with Alices publickey, thereby verifying the signature.


37/44

Advantages

Fulfilled the requirement of Signatures

Trent is not needed to either sign and verify

signatures.


38/44

Other Digital Signature

Signing Documents and Timestamps

Signing Documents with Public Key

Cryptography and One-Way Hash Functions1. Alice produces a one-way hash of a document.

2. Alice encrypts the hash with her private key, therebysigning the document.

3. Alice sends the document and the signed hash toBob.

4. Bob produces a one-way hash of the document that

Alice sent. He then, using the digital signaturealgorithm, decrypts the signed hash with Alicespublic key. If the signed hash matches the hash he

generated, the signature is valid.


39/44

Multiple Signatures

(1) Alice signs the hash of the document.

(2) Bob signs the hash of the document.

(3) Bob sends his signature to Alice.

(4) Alice sends the document, her signature, and .

(5) Carol verifies both Alices signature and Bobssignature.


40/44

Digital Signatures with Encryption

The signature provides proof of authorship andthe envelope provides privacy.

(1) Alice signs the message with her private key. SA(M)(2) Alice encrypts the signed message with Bobs

public key and sends it to Bob. EB(SA(M))

(3) Bob decrypts the message with his private key.DB(EB(SA(M))) = SA(M)

(4) Bob verifies with Alices public key and recovers themessage. VA(SA(M)) = M


41/44

Random and Pseudo-Random-Sequence Generation

Pseudo-Random Sequences

It looks random. This means that it passes all the

statistical tests of randomness Cryptographically Secure Pseudo-Random

Sequences

It is unpredictable Use Key, The Key is generally the seed used to set

the initial state of generator

Real Random Sequences It cannot be reliably reproduced


42/44

B i P t l


43/44

Basic Protocols

Key Exchange

Authentication

Authentication and Key Exchange


44/44

Prays Hard Works Harder