Page 1 Secure Communication Minqi Zhou [email protected] Distributed Systems Except as...
-
Upload
claud-simon -
Category
Documents
-
view
217 -
download
0
Transcript of Page 1 Secure Communication Minqi Zhou [email protected] Distributed Systems Except as...
![Page 1: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/1.jpg)
Page 1Page 1
Secure Communication
Minqi [email protected]
Distributed Systems
Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.
![Page 2: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/2.jpg)
Page 2
Alice
Symmetric cryptography• Both parties must agree on a secret key, K• message is encrypted, sent, decrypted at other
side
• Key distribution must be secret– otherwise messages can be decrypted– users can be impersonated
EK(P) DK(C)
Bob
2
![Page 3: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/3.jpg)
Page 3
Key explosion
Each pair of users needs a separate key for secure communication
Alice Bob
KAB
2 users: 1 key
BobAlice
KAB
Charles
KBCKAC
3 users: 3 keys
6 users: 15 keys
4 users: 6 keys
100 users: 4950 keys
1000 users: 399500 keys
n users: keys 2
1)( nn
3
![Page 4: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/4.jpg)
Page 4
Key distribution
Secure key distribution is the biggest problem with symmetric cryptography
4
![Page 5: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/5.jpg)
Page 5
Key exchange
How can you communicate securely with someone you’ve never met?
Whit Diffie: idea for a public key algorithm
Challenge: can this be done securely?Knowledge of public key should not allow derivation of private key
5
![Page 6: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/6.jpg)
Page 6
Diffie-Hellman exponential key exchange
Key distribution algorithm– first algorithm to use public/private keys– not public key encryption– based on difficulty of computing discrete
logarithms in a finite field compared with ease of calculating exponentiation
Allows us to negotiate a secret session key without fear of eavesdroppers
6
![Page 7: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/7.jpg)
Page 7
Diffie-Hellman exponential key exchange
• All arithmetic performed infield of integers modulo some large number
• Both parties agree on– a large prime number p– and a number < p
• Each party generates a public/private key pair
private key for user i: Xi
public key for user i: Yi =
7
![Page 8: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/8.jpg)
Page 8
Diffie-Hellman exponential key exchange
• Alice has secret key XA
• Alice has public key YA
• Alice computes
• Bob has secret key XB
• Bob has public key YB
K = (Bob’s public key) (Alice’s private key) mod p
8
![Page 9: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/9.jpg)
Page 9
Diffie-Hellman exponential key exchange
• Alice has secret key XA
• Alice has public key YA
• Alice computes
• Bob has secret key XB
• Bob has public key YB
• Bob computes
K’ = (Alice’s public key) (Bob’s private key) mod p
9
![Page 10: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/10.jpg)
Page 10
Diffie-Hellman exponential key exchange
• Alice has secret key XA
• Alice has public key YA
• Alice computes
• expanding:
• Bob has secret key XB
• Bob has public key YB
• Bob computes
• expanding:
K is a common key, known only to Bob and AliceK = K’
10
![Page 11: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/11.jpg)
Page 11
Diffie-Hellman example
Alice picksXA = 18
Alice’s public key is:YA = 718 mod 31667 = 6780
K = 2218418 mod 31667K = 14265
Bob picks XB = 27
Bob’s public key is:YB = 727 mod 31667 = 22184
K = 678027 mod 31667K = 14265
Suppose p = 31667, = 7
11
![Page 12: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/12.jpg)
Page 12
Key distribution problem is solved!
• User maintains private key• Publishes public key in database
(“phonebook”)
• Communication begins with key exchange to establish a common key
• Common key can be used to encrypt a session key– increase difficulty of breaking common key by
reducing the amount of data we encrypt with it– session key is valid only for one communication
session12
![Page 13: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/13.jpg)
Page 13
RSA: Public Key Cryptography
• Ron Rivest, Adi Shamir, Leonard Adleman created a true public key encryption algorithm in 1977
• Each user generates two keys– private key (kept secret)– public key
• difficulty of algorithm based on the difficulty of factoring large numbers– keys are functions of a pair of large (~200
digits) prime numbers
13
![Page 14: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/14.jpg)
Page 14
RSA algorithm
Generate keys:– choose two random large prime numbers p, q– Compute the product n = pq – randomly choose the encryption key, e,
such that:e and (p - 1)(q - 1) are relatively prime
– use the extended Euclidean algorithm to compute the decryption key, d: ed = 1 mod ((p - 1) (q - 1)) d = e-1 mod ((p - 1) (q - 1))
– discard p, q
14
![Page 15: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/15.jpg)
Page 15
RSA algorithm
Encrypt:– divide data into numerical blocks < n– encrypt each block:
c = me mod n
Decrypt:m = cd mod n
15
![Page 16: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/16.jpg)
Page 16
Communication with public key algorithms
Different keys for encrypting and decrypting– no need to worry about key distribution
16
![Page 17: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/17.jpg)
Page 17
Communication with public key algorithms
Alice BobAlice’s public key: KAAlice’s public key: KA
Bob’s public key: KB
Bob’s public key: KB
exchange public keys(or look up in a directory/DB)
17
![Page 18: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/18.jpg)
Page 18
EB(P) Db(C)
Alice BobAlice’s public key: KAAlice’s public key: KA
Bob’s public key: KBBob’s public key: KB
encrypt message withBob’s public key
decrypt message withBob’s private key
Communication with public key algorithms
18
![Page 19: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/19.jpg)
Page 19
EB(P) Db(C)
Alice BobAlice’s public key: KAAlice’s public key: KA
Bob’s public key: KB
Bob’s public key: KB
Da(C) EA(P)
decrypt message withAlice’s private key
encrypt message withAlice’s public key
encrypt message withBob’s public key
decrypt message withBob’s private key
Communication with public key algorithms
19
![Page 20: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/20.jpg)
Page 20
Public key woes
Public key cryptography is great but:– RSA about 100 times slower than DES in
software, 1000 times slower in HW
– Vulnerable to chosen plaintext attack• if you know the data is one of n messages, just
encrypt each message with the recipient’s public key and compare
– It’s a good idea to reduce the amount of data encrypted with any given key
• but generating RSA keys is computationally very time consuming
20
![Page 21: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/21.jpg)
Page 21
Hybrid cryptosystems
Use public key cryptography to encrypt a randomly generated symmetric key
session key
21
![Page 22: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/22.jpg)
Page 22
Communication with a hybrid cryptosystem
Alice BobBob’s public key: KB
Bob’s public key: KB
Get recipient’s public key(or fetch from directory/database)
22
![Page 23: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/23.jpg)
Page 23
Communication with a hybrid cryptosystem
Alice BobBob’s public key: KB
Bob’s public key: KB
Pick random session key, K
EB(K)EB(K)
Encrypt session keywith Bob’s public key
Bob decrypts K withhis private key
K = Db(EB(K))
23
![Page 24: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/24.jpg)
Page 24
Communication with a hybrid cryptosystem
Alice BobBob’s public key: KB
Bob’s public key: KB
EB(K)EB(K) K = Db(EB(K))
EK(P) DK(C)
encrypt message using asymmetric algorithm
and key K
decrypt message using asymmetric algorithm
and key K
24
![Page 25: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/25.jpg)
Page 25
Communication with a hybrid cryptosystem
Alice BobBob’s public key: KB
Bob’s public key: KB
EB(K)EB(K) K = Db(EB(K))
EK(P) DK(C)
decrypt message using asymmetric algorithm
and key K
encrypt message using asymmetric algorithm
and key K
DK(C’) EK(P’)
25
![Page 26: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/26.jpg)
Page 26Page 26
Digital Signatures
![Page 27: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/27.jpg)
Page 27
Signatures
We use signatures because a signature is:Authentic UnforgeableNot reusable Non repudiatableRenders document unalterable
Source: http://www.archives.gov/exhibits/charters/declaration.html
27
![Page 28: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/28.jpg)
Page 28
Signatures
We use signatures because a signature isAuthentic UnforgeableNot reusable Non repudiatableRenders document unalterable
ALL UNTRUE!
Can we do better with digital signatures?
28
![Page 29: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/29.jpg)
Page 29
Digital signatures - arbitrated protocol
Arbitrated protocol using symmetric encryption– turn to trusted third party (arbiter) to authenticate
messages
Alice Bob
Trent
C=EA(P)
Alice encrypts message for herself and sends it to Trent
Trent is trustedand has everyone’s keys
29
![Page 30: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/30.jpg)
Page 30
Digital signatures - arbitrated protocol
Alice Bob
Trent
P= DA(C)
Trent receives Alice’s message and decrypts it with Alice’s key- this authenticates that it came from Alice- he may choose to log a hash of the message to create a record of the transmission
30
![Page 31: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/31.jpg)
Page 31
Digital signatures - arbitrated protocol
Alice Bob
Trent
Trent now encrypts the message for Bob and sends it to Bob
C’= EB(P)
31
![Page 32: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/32.jpg)
Page 32
Digital signatures - arbitrated protocol
Alice Bob
Trent
Bob receives the message and decrypts it - it must have come from Trent since only Trent and Bob have Bob’s key - if the message says it’s from Alice, it must be - we trust Trent
P’= DB(C’)
32
![Page 33: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/33.jpg)
Page 33
Digital signatures with multiple parties
• Bob can forward the message to Charles in the same manner.
• Trent can validate stored hash to ensure that Bob did not alter the message
Alice Bob
Trent
Bob encrypts message with his key and sends it to Trent
P’= DB(C’)
Charles
C’’= EB(P’)
33
![Page 34: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/34.jpg)
Page 34
Digital signatures with multiple parties
Alice Bob
Trent
Trent decrypts the message - knows it must be from Bob - looks up ID to match original hash from Alice’s message - validates that the message has not been modified - adds a “signed by Bob” indicator to the message
Charles
P’’= DB(C’’)
34
![Page 35: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/35.jpg)
Page 35
Digital signatures with multiple parties
Alice Bob
Trent
Trent encrypts the new message for Charles
Charles
C’’’= EC(P’’)
35
![Page 36: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/36.jpg)
Page 36
Digital signatures with multiple parties
Alice Bob
Trent
Charles decrypts the message - knows the message must have come from Trent - trusts Trent’s assertion that the message originated with Alice and was forwarded through Bob
Charles
P’’’= DC(C’’’)
36
![Page 37: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/37.jpg)
Page 37
Digital signatures - public key cryptography
Ea(P) DA(C)
Alice Bob
encrypt message withAlice’s private key
decrypt message withAlice’s public key
Encrypting a message with a private key is the same as signing!
37
![Page 38: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/38.jpg)
Page 38
Digital signatures - public key cryptography
• What if Alice was sending Bob binary data?– Bob might have a hard time knowing whether
the decryption was successful or not
• Public key encryption is considerably slower than symmetric encryption– what if the message is very large?
• What if we don’t want to hide the message, yet want a valid signature?
38
![Page 39: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/39.jpg)
Page 39
Digital signatures - public key cryptography
• Create a hash of the message
• Encrypt the hash and send it with the message
• Validate the hash by decrypting it and comparing it with the hash of the received message
• The signature is now a distinct entity from the message
39
![Page 40: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/40.jpg)
Page 40
Digital signatures - public key cryptography
Alice Bob
H(P)
Alice generates a hash of the message
40
![Page 41: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/41.jpg)
Page 41
Digital signatures - public key cryptography
Alice Bob
H(P)
Alice encrypts the hash with her private key
Ea(H(P))
41
![Page 42: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/42.jpg)
Page 42
Digital signatures - public key cryptography
Alice Bob
H(P)
Alice sends Bob the message and the encrypted hash
Ea(H(P))
42
![Page 43: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/43.jpg)
Page 43
Digital signatures - public key cryptography
Alice Bob
H(P)
1. Bob decrypts the has using Alice’s public key2. Bob computes the hash of the message sent by Alice
C = Ea(H(P)) H(P)
H’ = DA(C)
43
![Page 44: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/44.jpg)
Page 44
Digital signatures - public key cryptography
Alice Bob
H(P)
If the hashes match - the encrypted hash must have been generated by Alice - the signature is valid
C = Ea(H(P)) H(P)
H’ = DA(C)
44
![Page 45: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/45.jpg)
Page 45
Digital signatures - multiple signers
Bob
Bob generates a hash (same as Alice’s) and encrypts itwith his private key - sends Charles: {message, Alice’s encrypted hash, Bob’s encrypted hash}
Alice
H(P)
C = Ea(H(P))
C2 = Eb(H(P))
Charles
45
![Page 46: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/46.jpg)
Page 46
Digital signatures - multiple signers
Bob
Charles: - generates a hash of the message: H(P) - decrypts Alice’s encrypted hash with Alice’s public key - validates Alice’s signature - decrypts Bob’s encrypted hash with Bob’s public key - validates Bob’s signature
Alice
H(P)
C = Ea(H(P))
C2 = Eb(H(P))
Charles
H2 = DA(C2)
H1 = DA(C)
46
![Page 47: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/47.jpg)
Page 47
Secure and authenticated messaging
If we want secrecy of the message– combine encryption with a digital signature– use a session key:
pick a random key, K, to encrypt the message with a symmetric algorithm
– encrypt K with the public key of each recipient– for signing, encrypt the hash of the message
with sender’s private key
47
![Page 48: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/48.jpg)
Page 48
Secure and authenticated messaging
Alice
H(P)
Alice generates a digital signature by encryptingthe message digest with her private key.
C1 = Ea(H(P))
48
![Page 49: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/49.jpg)
Page 49
Secure and authenticated messaging
Alice
H(P)
Alice picks a random key, K, and encrypts the message (P)with it using a symmetric algorithm.
C1 = Ea(H(P))
C = EK(P)
49
![Page 50: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/50.jpg)
Page 50
Secure and authenticated messaging
Alice
H(P)
Alice encrypts the session key for each recipient ofthis message: Bob and Charles using their public keys.
C1 = Ea(H(P))
C = EK(P)
KK KKC2 = EB(K)
KKC3 = EC(K)
50
![Page 51: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/51.jpg)
Page 51
Secure and authenticated messaging
Alice
H(P)
The aggregate message is sent to Bob and Charles
C1 = Ea(H(P))
C = EK(P)
KK KKC2 = EB(K)
KKC3 = EC(K)
Message:
Signature:
Key for Bob: KK
KKKey forCharles:
Bob
Charles
Message from Alice
51
![Page 52: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/52.jpg)
Page 52
Message:
Signature:
Key for Bob: KK
KKKey forCharles:
Message from Alice
Secure and authenticated messaging
Bob receives the message: - extracts key by decrypting it with his private key
K = Eb(C2)
52
![Page 53: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/53.jpg)
Page 53
Message:
Signature:
Key for Bob: KK
KKKey forCharles:
Message from Alice
Secure and authenticated messaging
Bob decrypts the message using K
K = Eb(C2)
P = DK(C)
53
![Page 54: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/54.jpg)
Page 54
Message:
Signature:
Key for Bob: KK
KKKey forCharles:
Message from Alice
Secure and authenticated messaging
Bob computes the hash of the message
K = Eb(C2)
P = DK(C) H(P)
54
![Page 55: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/55.jpg)
Page 55
Message:
Signature:
Key for Bob: KK
KKKey forCharles:
Message from Alice
Secure and authenticated messaging
Bob looks up Alice’s public key
K = Eb(C2)
P = DK(C) H(P)
KA
55
![Page 56: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/56.jpg)
Page 56
Message:
Signature:
Key for Bob: KK
KKKey forCharles:
Message from Alice
Secure and authenticated messaging
Bob decrypts Alice’s signature using Alice’s public key
K = Eb(C2)
P = DK(C) H(P)
H1 = DA(C1)
56
![Page 57: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/57.jpg)
Page 57
Message:
Signature:
Key for Bob: KK
KKKey forCharles:
Message from Alice
Secure and authenticated messaging
Bob validates Alice’s signature
K = Eb(C2)
P = DK(C) H(P)
H1 = DA(C1)
H1 = H(P) ?
57
![Page 58: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/58.jpg)
Page 58
Cryptographic toolbox
• Symmetric encryption• Public key encryption• One-way hash functions• Random number generators
– Nonces, session keys
58
![Page 59: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/59.jpg)
Page 59
Examples
• Key exchange– Public key cryptography
• Key exchange + secure communication– Public key + symmetric cryptography
• Authentication– Nonce + encryption
• Message authentication codes– Hashes
• Digital signature– Hash + encryption
59
![Page 60: Page 1 Secure Communication Minqi Zhou mqzhou@sei.ecnu.edu.cn Distributed Systems Except as otherwise noted, the content of this presentation is licensed.](https://reader030.fdocuments.in/reader030/viewer/2022033108/56649ed05503460f94bddc1a/html5/thumbnails/60.jpg)
Page 60Page 60
The end.