Prays Hard Works Harder

Cryptographic Protocol
Building Block Protocols

Contents

Definition Type of Protocol Communications Using Symmetric Cryptography One-Way Functions & One-Way Hash Functions Communications Using Public-Key Cryptography Digital Signatures with Encryption Random and Pseudo-Random-Sequence Generation

Definition

Order

Step

Protocol
Two or More Parties

Task

Key Words Series of steps:

Each step must be well-dened There must be specied action for every possible situation Everyone involved must know the steps and follow them

Two or more parties:

Parties can be friends and trust each other or adversaries and mistrust each other

Accomplish a task:
This can involve sharing (parts of) a secret, conrming an identity, signing a contract, etc.

Protocol Cryptography Protocol Cryptography is a protocol that use cryptography algorithm.

Characteristic
Established in advance

Mutually subscribed Complete

Unambiguous

Definition

Everyone involved in the protocol must know the protocol and all of the steps to follow in advance. Everyone involved in the protocol must agree to follow it. The protocol must be unambiguous. The protocol must be complete

Definition

Use Cryptography Involves Some Cryptographic algorithm

Protocol

Confidentiality Integrity Authentication

Examples Face To face

Rely on peoples presence to ensure fairness and security

Over Computer Network

?????

Buying goods over the internet, playing online poker E-voting in an election Internet Banking Rekening Bersama

Type of Protocols

Arbitrated Protocols Adjudicated Protocols Self-Enforcing Protocols

Arbitrated Protocols An arbitrator is a disinterested third party trusted to complete the protocol
Has no allegiance to any party involved All people participating trust that he is acting honestly and correctly

Arbitrators can help complete protocols between parties that dont trust each other

Arbitrated Protocols
In the real world, lawyers, public notaries, and banksact as arbitrators For example, Bob can buy a car from Alice using anarbitrated protocol 1. Bob writes a check and gives it to the bank (Trent) 2. Bank puts enough money on hold to cover check and certies the check 3. Alice gives the title to Bob and Bob gives the certied check to Alice 4. Alice deposits the check This works, because Alice trusts the banks certication

Arbitrated Protocols There are some problems with arbitrated protocols in the virtual world:
Its more difcult for people to trust a faceless entity somewhere in the network An arbitrator can become a bottleneck, as he has to deal with every transaction
This may lead to even more delay (due to the arbitrator theres always some delay)

Lots of damage can be caused if arbitrator is subverted Someone has to pay for running an arbitration service

Adjudicated Protocols Arbitrators have high costs, so arbitrated protocols can be split into two sub-protocols:
A non-arbitrated part An arbitrated part that is executed only if there is adispute

This special kind of arbitrator is called an adjudicator

Adjudicated Protocols An adjudicator is a third party who can judge whether a transaction was performed fairly, in case of a dispute. Example: a notary public, who attests the authenticity of a signed document An adjudicated protocol allows an adjudicator to examine transaction data to decide whether two disputing parties acted fairly.

Adjudicated Protocols Example : Nonarbitrated subprotocol (executed every time):

(1) Alice and Bob negotiate the terms of the contract. (2) Alice signs the contract. (3) Bob signs the contract.

Adjudicated subprotocol (executed only in case of a dispute):

(4) (5) (6) (7) Alice and Bob appear before a judge. Alice presents her evidence. Bob presents his evidence. The judge rules on the evidence.

Adjudicated Protocols Issues with adjudicated protocols in the virtual world

Protocols rely in a rst instance on the parties being honest However, if someone suspects cheating, the protocol provides enough evidence to be able to detect this In a good adjudicated protocol, this evidence also identies the cheating party Instead of preventing cheating, adjudicated protocols detect cheating
The (inevitability of) detection acts as a deterrent

Self-Enforcing Protocols A self-enforcing protocol guarantees fairness of a transaction, without the presence of a third party. During the transaction, either partys attempt to cheat becomes immediately obvious to the other party.

Example :
There are several ways two people can divide a piece of cake in half.

Self-Enforcing Protocols Advantages:

no such cost as those associated with arbitrated or adjudicated protocols

Disadvantages:
There is not a self-enforcing protocol for every situation.

www.themegallery.com

Company Logo

Attack on Protocols Attack Cheaters

Attacks Eavesdropping Modification Replay Preplay

The advesary enganges in arun of the protocol prior to a run by legitimate principals

Reflection
The adversary send protocols messages back to the principal who sent them

Denial of Services
www.themegalle

Attack Typing Attack

The adversary replaces a (normally encrypted) protocol message field of one type with (normally encrypted) messages fields of another type

Cryptanalysis Certificate Manipulation

The adversary chooses or modifies certificate information to attack one or more protocol run.

Protocol Interaction
The adversary chooses a new protocol to interact with known protocol
www.themegalle

Cheaters

Communications Using Symmetric Cryptography

(1) Alice and Bob agree on a cryptosystem (2) Alice and Bob agree on a key (3) Alice takes her plaintext message and encrypts it using the encryption algorithm and the key. This creates a ciphertext message. (4) Alice sends the ciphertext message to Bob. (5) Bob decrypts the ciphertext message with the same algorithm and key and reads it.

Problem Keys must be distributed in secret If a key is compromised (stolen, guessed, extorted, bribed, etc.), the security has been gone. The total number of keys increases rapidly as the number of users increases

One-Way Functions

One-way functions are relatively easy to compute, but significantly harder to reverse. Given x it is easy to compute f(x), but given f(x) it is hard to compute x Problem : A trapdoor one-way function

One-Way Hash Functions

a.k.a compression function, contraction function, message digest, fingerprint, cryptographic checksum, message integrity check (MIC), and manipulation detection code (MDC). a variable-length input string (called a pre-image) and converts it to a fixed-length (generally smaller) output string (called a hash value) Collision-Free Message Authentication Codes
A.k.a. data authentication code (DAC) is a one-way hash function with the addition of a secret key

Communications Using Public-Key Cryptography

In 1976, Whitfield Diffie and Martin Hellman General protocol

(1) Alice and Bob agree on a public-key cryptosystem. (2) Bob sends Alice his public key. (3) Alice encrypts her message using Bobs public key and sends it to Bob. (4) Bob decrypts Alices message using his private key.

Problems

Public-key algorithms are slow, Large Number requirement Public-key cryptosystems are vulnerable to chosen-plaintext attacks

Hybrid Cryptosystem (1) Bob sends Alice his public key. (2) Alice generates aK, encrypts it using Bobs public key, and sends it to Bob. EB(K) random session key, (3) Bob decrypts Alices message using his private key to recover the session key. DB(EB(K)) = K (4) Both of them encrypt their communications using the same session key.

Digital Signatures

Requirement
The signature is authentic The signature is unforgeable The signature is not reusable The signed document is unalterable The signature cannot be repudiated In reality, none of these statements about signatures is completely true.

Signing Documents with Symmetric Cryptosystems and an Arbitrator

(1) Alice encrypts her message to Bob with KA and sends it to Trent. (2) Trent decrypts the message with KA. (3) Trent takes the decrypted message and a statement that he has received this message from Alice, and encrypts the whole bundle with KB. (4) Trent sends the encrypted bundle to Bob. (5) Bob decrypts the bundle with KB. He can now read both the message and Trents certification that Alice sent it.

Advantages All requirements on Signatures are fulfilled

The signature is authentic The signature is unforgeable The signature is not reusable The signed document is unalterable The signature cannot be repudiated

Because the scheme use the Trent

Problems The protocol take too much time for Trent Hard to creating and maintaining good Trent Trent is bottlenecks in any communication system

Digital Signature Trees Ralph Merkle proposed a digital signatures scheme using a tree structure. Use Root, node and sub node hierarchical

Signing Documents with Public-Key Cryptography

Basic Protocols (1) Alice encrypts the document with her private key, thereby signing the document. (2) Alice sends the signed document to Bob. (3) Bob decrypts the document with Alices public key, thereby verifying the signature.

Advantages Fulfilled the requirement of Signatures Trent is not needed to either sign and verify signatures.

Other Digital Signature Signing Documents and Timestamps Signing Documents with Public Key Cryptography and One-Way Hash Functions
1. Alice produces a one-way hash of a document. 2. Alice encrypts the hash with her private key, thereby signing the document. 3. Alice sends the document and the signed hash to Bob. 4. Bob produces a one-way hash of the document that Alice sent. He then, using the digital signature algorithm, decrypts the signed hash with Alices public key. If the signed hash matches the hash he generated, the signature is valid.

Multiple Signatures (1) (2) (3) (4) Alice signs the hash of the document. Bob signs the hash of the document. Bob sends his signature to Alice. Alice sends the document, her signature, and Bobs signature to Carol. (5) Carol verifies both Alices signature and Bobs signature.

Digital Signatures with Encryption The signature provides proof of authorship and the envelope provides privacy.
(1) Alice signs the message with her private key. SA(M) (2) Alice encrypts the signed message with Bobs public key and sends it to Bob. EB(SA(M)) (3) Bob decrypts the message with his private key. DB(EB(SA(M))) = SA(M) (4) Bob verifies with Alices public key and recovers the message. VA(SA(M)) = M

Random and Pseudo-Random-Sequence Generation

Pseudo-Random Sequences
It looks random. This means that it passes all the statistical tests of randomness

Cryptographically Secure Pseudo-Random Sequences

It is unpredictable Use Key, The Key is generally the seed used to set the initial state of generator

Real Random Sequences

It cannot be reliably reproduced

Question ?

Basic Protocols

Key Exchange Authentication Authentication and Key Exchange

 Prays Hard Works Harder