CS代考 COMP4337/9337 WK02-02Authenticaton, Key Distribution (Asymmetric) – cscodehelp代写
Professor Sanjay K. Jha
Securing Fixed and Wireless Networks, COMP4337/9337 WK02-02Authenticaton, Key Distribution (Asymmetric)
School of Computer Science and Engineering, UNSW
Copyright By cscodehelp代写 加微信 cscodehelp
Today’s Agenda
• AuthenticationRecap
• Keydistributionusingasymmetricencryption – Public-key distribution of secret keys
• FormalMethodforProtocolSpecificationand Verification: AVISPA Tool
Recap Authentication Basics
• Quickrecap,possiblyalreadydonein 3331/9331 (Kurose- 8)
• Thesearebasicbuildingblocks
– Make sure you understand this well as they help material covered in this subject.
Authentication
Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
Failure scenario??
Authentication
Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
In a network,
Bob can not “see” Alice, so Eve simply declares herself to be K 02-02
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address
Alice’s IP address
“I am Alice”
Failure scenario??
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address
Eve can create
a packet “spoofing” Alice’s address
Alice’s IP address
“I am Alice”
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
Alice’s IP addr
Alice’s password
“I’m Alice”
Failure scenario??
Alice’s IP addr
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.
playback attack: Eve records Alice’s packet and later
plays it back to ’s IP addr
Alice’s password
“I’m Alice”
Alice’s IP addr
Alice’s IP addr
Alice’s password
“I’m Alice”
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.
Alice’s IP addr
encrypted password
“I’m Alice”
Failure scenario??
Alice’s IP addr
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.
record and playback still works!
Alice’s IP addr
encrypted password
“I’m Alice”
Alice’s IP addr
Alice’s IP addr
encrypted password
“I’m Alice”
Authentication: yet another try
Goal: avoid playback attack
nonce: number (R) used only once-in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key
“I am Alice”
Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!
Failures, drawbacks?
Authentication: ap5.0
ap4.0 requires shared symmetric key
• can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography
“I am Alice”
Bob computes
K A- ( R )
K (K (R))=R AA
“send me your public key”
and knows only Alice
could have the private key,
that encrypted R such
A(K (R))=R A
ap5.0: security hole
man (or woman) in the middle attack: Eve poses as Alice (to Bob) and as Bob (to Alice)
I am K- (R) Send me your public key
Send me your public key K+
sends m to Alice encrypted with Alice’s public key
m=K(K (m))
m=K(K (m))
ap5.0: security hole
man (or woman) in the middle attack: Eve poses as Alice (to Bob) and as Bob (to Alice)
difficult to detect:
v Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation!)
v problem is that Eve receives all messages as well!
Public key encryption algorithms
Requirements:
needK ()andK ()suchthat
K (K (m)) = m
2 given public key K+, it should be
impossible to compute private key K-
RSA: Rivest, Shamir, Adelson algorithm 17
Public Key Cryptography
symmetric key crypto
• requires sender, receiver know shared secret key
• Q: how to agree on key in first place (particularly if never “met”)?
public key crypto
v radically different approach [Diffie- Hellman76, RSA78]
v sender, receiver do not share secret key
v public encryption key known to all
v private decryption key known only to receiver
RSA: getting ready
• A message is a bit pattern.
• A bit pattern can be uniquely represented by an integer
• Thus encrypting a message is equivalent to encrypting a number.
• m= 10010001.This message is uniquely represented by the decimal number 145.
• To encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext).
RSA: Creating public/private key pair
1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e