Future Developments in Non-Repudiation in GSM WAP Applications
Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified...
-
Upload
scott-melton -
Category
Documents
-
view
212 -
download
0
Transcript of Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified...
![Page 1: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/1.jpg)
Cryptography 101
![Page 2: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/2.jpg)
• Manage WHO can view data (Secrecy)
• Make sure data is unmodified (Authentication/data integrity)
• Know the origin of the data(Non-Repudiation)
Cryptography: Goals
![Page 3: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/3.jpg)
Alice & Bob Are two persons who want to communicate without anybody
else knows the content
Eve Eavesdropper, normally a passive person that will try to listen
in on Alice and Bob (perhaps an ex-girlfriend or wife)
Oscar Opponent, an active person that will try to send messages in
the name of Bob or Alice, or modify messages in transit
Dramatis Personæ
![Page 4: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/4.jpg)
Hash functionsSymmetric encryptionAsymmetric encryption
What is in our toolbox?
![Page 5: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/5.jpg)
Hash FunctionsA cryptographic hash function takesas input a binary string of arbitrarylength and returns a binary stringof a fixed length. Hash functionswhich satisfy some security proper-ties are very important in cryptog-raphy and are widely used in cryp-tographic applications such as dig-ital signatures, public-key encryp-tion systems, password protectionschemes, and conventional messageauthentication. Some of these ap-plications are shown in the follow-ing chapters.Let H : {0, 1} ! {0, 1}n denote ahash function which returns a stringof length n, see Figure 6.1.
H 0101...010111001
H : {0, 1}* {0, 1}n
Oscar cannot “tweak” the text and have same hash.Oscar cannot find two texts with same hash.
Hash Algorithms: MD2,MD4,MD5 WhirlPool,SHA1,SHA256
![Page 6: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/6.jpg)
Keyed Hash FunctionsA cryptographic hash function takesas input a binary string of arbitrarylength and returns a binary stringof a fixed length. Hash functionswhich satisfy some security proper-ties are very important in cryptog-raphy and are widely used in cryp-tographic applications such as dig-ital signatures, public-key encryp-tion systems, password protectionschemes, and conventional messageauthentication. Some of these ap-plications are shown in the follow-ing chapters.Let H : {0, 1} ! {0, 1}n denote ahash function which returns a stringof length n, see Figure 6.1.
H 0101...010111001
MAC :{0,1} k x {0, 1}* {0, 1}n
Key
Message Authentication Code
![Page 7: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/7.jpg)
Both Alice and Bob use the same keyfor encryption and decryption
Example of Cipher Algorithms:DES, 3-DES, BlowFish, RC2,
RC4, AES and Cameillia
Symmetric encryption
![Page 8: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/8.jpg)
Alice and Bob each have a Key Pair:A Public key and a Private Key
Each Key Pair is constructed so that data encrypted with either key can be
decrypted with the other.
Asymmetric encryption
![Page 9: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/9.jpg)
• Public keys are published for all to see, private keys kept secret, thus:
• If Alice encrypts with her private key, anyone can decrypt the message
• If Alice encrypts with Bobs public key, only Bob can decrypt the messages with his private key
• Examples: RSA, DSA and EC elliptic curves.
Asymmetric encryption
![Page 10: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/10.jpg)
Symmetric vs Asymmetric
Speed SlowFast
# of Keys
2 per person {2×⍵}
Many {.5×⍵×⍵-1}
Key Distribution
Easy Public key
Needs secure communicati
on
![Page 11: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/11.jpg)
Alice creates MACMAC ← AuthSym(SymKeyAlice&Bob, Data)
Bob verifies MACMAC ≡ AuthSym(SymKeyAlice&Bob, Data)
Authentication: Symmetric
![Page 12: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/12.jpg)
Alice creates Signaturesig←Encrypt(PrivKeyAlice,Hash(data))
Bob verifies SignatureDecrypt(PubKeyAlice,sig) ≡ Hash(data)
Also non-repudiation
Authentication: Asymmetric
![Page 13: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/13.jpg)
Alice EncryptsCipherText ← Encrypt(SymKeyAlice&Bob,PlainText)
Bob DecryptsPlainText ← Decrypt(SymKeyAlice&Bob,CipherText)
Secrecy: Symmetric
![Page 14: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/14.jpg)
Alice EncryptsCipherText ← Encrypt(PubKeyBob,PlainText)
Bob DecryptsPlainText ← Decrypt(PrivKeyBob,CipherText)
Secrecy: Asymmetric
![Page 15: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/15.jpg)
Alice EncryptsSymKey←Random
CipherText ←Encrypt(SymKey,PlainText)EncSymKey←Encrypt(PubKeyBob,SymKey)
Bob DecryptsSymKey←Decrypt(PrivKeyBob,EncSymKey)PlainText←Decrypt(SymKey,CipherText)
Better Secrecy: Asymmetric
![Page 16: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/16.jpg)
Alice EncryptsSymKey←Random
EncSymKey←Encrypt(PubKeyBob,SymKey) CipherText ←Encrypt(SymKey,PlainText)
sig←Encrypt(PrivKeyAlice,Hash(PlainText))
Bob DecryptsSymKey←Decrypt(PrivKeyBob,EncSymKey)PlainText←Decrypt(SymKey,CipherText)
Decrypt(PubKeyAlice,sig)=Hash(PlainText)
Even Better Secrecy
![Page 17: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/17.jpg)
How do we keep our keys safe?
Windows Certificate StorePKCS#11 smartcard
From APL: in a PKCS#8
PKCS => Public-Key Cryptographics Standard
Key Problem
![Page 18: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/18.jpg)
• The DCL is a DLL/so and a set of cover-functions• Provides access to a large set of hashing and
encryption functions• Provides tools for dealing with ”certificates”
containing keys• Cross-platform (but cross Unicode/Classic is
problematic due to translation issues)
Dyalog Cryptographic Library
![Page 19: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/19.jpg)
• Store certificates and keep private keys secret.
But:• Limits on available algorithms• Mimited tools for Dyalog
• Microsoft.Net• Some Conga support
Certificate Stores
![Page 20: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/20.jpg)
OO example: Keyed Component file
kf←⎕New KeyedFile ('D:\download\Keyed') kf['Products' 'Sales']←'Many' 'None' kf[⊂'Products'] Many
Samples
![Page 21: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/21.jpg)
OO example: Keyed Component file
Extended to handle encrypted and compressed components.
Samples
![Page 22: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/22.jpg)
Based on the Keyed Component ClassWe need to add:
User informationAccess information
Encrypted Component file
![Page 23: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/23.jpg)
1. User Id2. Public Key3. Salt4. Repetitions5. Initial Vector 6. Encrypted Private Key
User Information
![Page 24: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/24.jpg)
1. User Id2. Key3. EncryptUserPubKey(
SymKey +Initial Vector +Hash )
Access Information
![Page 25: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/25.jpg)
∇ AddUser(user para);..... (PrivKey PubKey)←GenerateAsymKeys AsymKeyPairSize Salt←Random SaltSize iv←Random CipherBlockSize rep←PBKDF2Repetitions DerivedKey←DeriveKey para Salt rep CipherKeySize EncPrivKey←PrivKey EncryptSym DerivedKey iv users⍪←user PubKey Salt rep iv EncPrivKey∇
Add New User
![Page 26: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/26.jpg)
∇ data←apl NewComp key;... (type plain)←Compress Serialize apl symkey←Random CipherKeySize iv←Random CipherBlockSize digest←Hash plain uix←FindUser cuser cipher←plain EncryptSym symkey iv pubkey←⊃users[uix;2] encaccesskey←(symkey,iv,digest)EncryptASym pubkey access⍪←cuser key encaccesskey data←type cipher∇
Append Component
![Page 27: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/27.jpg)
∇ apl←data DecryptComp key;... (type cipher)←data (secret iv digest)←GetAccess cuser key cpara plain←cipher DecryptSym secret iv apl←Deserialize Decompress type plain∇
Read a Component
![Page 28: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/28.jpg)
∇ r←GetAccess(user key para);... uix←FindUser user ('User ',user,' not found')⎕SIGNAL(0>uix)/11 aix←FindAccess user key ('User ',user,' has no access to ',key)⎕SIGNAL(0>aix)/11 (user Pubkey Salt rep iv EncPrivKey)←users[uix;]
derivedkey←DeriveKey para Salt rep CipherKeySize privkey←EncPrivKey DecryptSym derivedkey iv accessinfo←⊃access[aix;3] r←SplitAccesskey(accessinfo)DecryptASym privkey∇
Get Access
![Page 29: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/29.jpg)
∇ data←apl ReplaceComp key;... (type plain)←Compress Serialize apl (secret iv digest)←GetAccess cuser key cpara cipher←plain EncryptSym secret iv data←type cipher∇
Replace Component
![Page 30: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/30.jpg)
∇ accesskey GiveAccessTo(user key);... uix←FindUser user ('User ',user,' not found')⎕SIGNAL(0>uix)/11 aix←FindAccess user key ('User ',user,' has access to ',key)⎕SIGNAL(0<aix)/11encaccesskey←((⊃,/accesskey))EncryptASym⊃users[uix;2] access⍪←user key encaccesskey∇
Give Access to another user
![Page 31: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/31.jpg)
Without experience and deep knowledge, it is difficult to
evaluate the security of any mechanism:
Use established standards!
On your own
![Page 32: Cryptography 101. Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)](https://reader035.fdocuments.us/reader035/viewer/2022070411/56649cc95503460f94991514/html5/thumbnails/32.jpg)
• RFC for Public Key Cryptography Standard (PKCS#)
• The Handbook of Applied Cryptograhy
• Dyalog Cryptographic Library
Futher infomation