CIS 365 Cryptography

Week 2 Lecture: Protocols I

Alberto LaCava, Ph.D., CISSP

 One-Way Functions

Functions that are central to public key
cryptography. Not protocol in themselves but
very useful part of protocols.

An one-way function are easy to compute but
significantly harder to reverse. This is similar to
breaking a plate.

Even that there are no mathematically perfect
one-way functions, in practice we can get quite
satisfactory functions.

Example: Unix password file
 One way Hash function
• Aliases
– Compression function
– Contraction function
– Message digest
– Cryptographic checksum
– Message integrity check(MIC)
– manipulation detection code (MDC)
 Hash functions
• Function, mathematical or otherwise, that
takes a variable length input and string(pre-
image) and converts it to a fixed-length output
string(hash value).
• Good one-way hash is collision-free. Hard to
generate two pre-images with the same hash
value.
 One-way hash function
• Message authentication codes (MAC) aka data
authentication code (DAC)
– One-way hash function with the addition of a
secret key
– Hash value is a function of both the pre-image
and the key. Only someone with key can verify
hash value

Simple example: take a binary number (message)
and XOR all the bits to obtain one bit: [1001 0011
1010 1001 1111] → [ 0 ]

This is typical of a “checksum”. Note that from the [0]
is very difficult to build the original number.
 In class exercise 1

Use powercrypt (www.spychecker.com) to
obtain the Hash of a text file. Write down the
hash code.

Make a change in the text file (one letter).
Obtain the hash of the file again.

Compare the two hash codes. What do you
conclude about the sensitivity of the hash
“checksum” to alterations in the message?

How can you use hash checksums to ensure
the integrity of a message during transmission?
 Timestamping

A simple method of timestamping is to obtain
the hash of a document and publish it in a
newspaper.

E.G. You want to timestamp a book you wrote
before you send it to a potential publisher.

Obtain the hash of the book and publish it in the
“personals” section of the New York Times.
 Protocols: Introduction

Protocol: series of steps, involving 2 or
more parties, designed to accomplish a task.

Series of steps-has a sequence from start to
finish. Must be executed in turn.

Involving 2 or more parties: at least 2 people
required to complete protocol.

Designed to accomplish task: protocol must
achieve something.
 Protocols: Introduction (2)

Other characteristics:

Everyone involved in protocol must know the
protocol and all of the steps to follow in
advance.

Everyone must agree to follow it.

The protocol must be unambiguous; each
step well defined and there must be no
chance of misunderstanding.

The protocol must be complete; there must be
a specified action for every possible situation.
 Characters in the Drama

Alice: First participant in all the protocols

Bob: Second participant in all the protocols

Carol: Participates in 3 and 4 party protocols

Dave: Participates in 4 party protocols

Eve: Eavesdropper

Mallory: Malicious active attacker

Trent: Trusted arbitrator

Walter: Warden; he'll be guarding Alice and Bob in some protocols

Peggy: Prover

Victor: Verifier
 Cryptographic Protocol

Cryptographic protocol: protocol that uses cryptography.

By formalizing protocols we can examine ways in which
dishonest parties can subvert them. Then we develop
protocols that are immune to that subversion.

Problems with computer arbitrators:

Can’t see the arbitrator. 2 parties that are suspicious of
one another are like to be suspicious of a faceless
arbitrator somewhere else.

Computer network bear the cost of maintaining an
arbitrator.

Delay inherent in any arbitrated protocol.

Arbitrator must deal with every transaction. Ie bottleneck

Everyone must trust the arbitrator-point of vulnerability.
 Adjudicated Protocol

Adjudicated protocol

Protocol divided into 2 subprotocols;
one non arbitrated, the other arbitrated-
exceptional case

When a dispute occurs the adjudicator
steps in to arbitrate.

Adjudicator is a trusted 3rd party.
 Self-Enforcing Protocols

Self-Enforcing Protocols

Best type of protocol

Protocol itself guarantees fairness

No arbitrator necessary

No adjudicator

If one party tries to cheat, the other party
immediately detects the cheating and the
protocol stops.
 Attacks Against Protocols
• Cryptographic attacks can be directed against
the crypto algorithms used in programs,
against cryptographic techniques, or against
protocols themselves. We will look at the
attacks on protocols themselves.
 Passive attack
• Someone not involved in the protocol
eavesdrops on some or all of the protocol.
– Does not affect the protocol
– Difficult to detect
– Protocols try to prevent this
• Eve
• Gain information about parties involved in
protocol
 Active attacks
• Try to alter protocol to own advantage
• Pretend to be someone else
• Active intervention
• More diverse objective
• Obtaining information
• Degrading system performance
• Corrupt information
• It is much more serious: Mallory
• Cheater
– Lies during protocol or not follows protocol
 Symmetric Cryptography
• To send message:
– Alice and Bob agree on cryptosystem
– Alice and Bob agree on a key
– Alice takes her plaintext message and encrypts
it using the encryption algorithm and the key.
Called ciphertext
– Alice send the ciphertext message to Bob
– Bob decrypts the ciphertext message with the
same algorithm and key then reads it.
 Problems with symmetric
cryptosystems
• Keys must be distributed in secret
• as valuable as the message
• if a key is compromised then Eve can decrypt
all message traffic encrypted with that key.
She can also pretend to be one of the parties
• assuming a separate key for each pair of
users in network, total # of keys increases
rapidly. n users require n(n-1)/2 keys.
 Public Key Cryptography
• Symmetric algorithm safe.
– The key is the combination.
• Public key crypto defined as two different keys
one public one private.
• It is computationally hard to deduce the
private key from the public one.
• Anyone with a public key can encrypt a
message but not decrypt it.
• Only the person w/ the private key can decrypt
the message.
 Message transmission
• Alice and Bob agree on a public-key
cryptosystem
• Bob sends Alice his public key
• Alice encrypts her message using Bob’s public
key and sends it to Bob.
• Bob decrypts Alice’s message using his
private key.
 More common message
transmission
• A more common approach: network of users
agree on a public-key cryptosystem. Every
user has his or her own public key and private
key. The public key is published in a
database somewhere. Here is the protocol:
• Alice gets Bob’s public key from the database
• Alice encrypts her message using Bob’s public
key and sends it to Bob.
• Bob then decrypts Alice’s message with his
private key.
 Hybrid Cryptosystems
• In the real world, public-key algorithms are not
a substitute for symmetric algorithms. They
are not used to encrypt messages, they are
used to encrypt keys.
• Two reasons for this:
• Public-key algorithms are slow
• Public-key cryptosystems are vulnerable to
chosen-plaintext attacks.
 Hybrid system
• Secure and distributes session keys.
• Session keys are used with symmetric algorithms to
secure message traffic.
• Example:
• Bob sends Alice his public key
• Alice generates a random session key, K, encrypts it
using Bob’s public key, and sends it to Bob. EB(K)
• Bob decrypts Alice’s message using his private key to
recover the session key. DB(EB(K))=K
• Both of them encrypt their communications using the
same session key.
 Digital Signatures
• Signatures
• Authentic
• Unforgeable
• Not reusable
• Signed document unalterable
• Signature cannot be repudiated
 Signing documents w/ symmetric
cryptosystems and an arbitrator
• Alice wants to sign a digital message and
send it to Bob. With the help of Trent and a
symmetric cryptosystems, she can.
• Trent is a powerful and trusted arbitrator
• Trent shares a secret key KA with Alice and KB
with Bob.
• Keys have been established long before the
protocol begins. Can be used multiple times.
 Scenario
• Alice encrypts her message to Bob with KA and
sends it to Trent.
• Trent decrypts the message with KA
• Trent takes the decrypted message and a statement
that he has received this message from Alice and
encrypts the whole bundle with KB
• Trent sends the encrypted bundle to Bob
• Bob decrypts the bundle with KB. He can now read
both the message & Trent’s certification that Alice
sent it.
 Signing Documents w/ Public-Key
Cryptography
• RSA is an example
• Either the public key or private key can be
used for encryption.
• Idea first invented by Diffie & Hellman
 Basic protocol
• Alice encrypts the document with her private
key, “signing”.
• Alice send the signed document to Bob
• Bob decrypts the document with Alice’s public
key, verifying.
• Trent is not needed to sign or verify but Trent
is needed to certify that Alice’s public key is
indeed her public key.
Signing documents and timestamps

• Digital signatures often include timestamps.

• The date and the time of the signature are
attached to the message and are signed along
with the rest of the message.
 Signing documents with public-key
cryptography and one-way hash
functions
• Public-key algorithms are often too inefficient
to sign long documents.
• Digital signature protocols are implemented
with one-way hash functions
• Instead of signing a document, Alice signs the
hash of the document.
• The one-way hash function and digital
signature algorithm are decided upon
beforehand.
 Procedure
• Alice produces one-way hash of document
• Alice encrypts hash w/ private key-signing
• Alice sends Bob the document and signed
hash
• Bob produces a one-way hash of the
document that Alice sent. He then uses the
digital signature algorithm, decrypts the signed
hash with Alice’s public key. If the signed
hash matches the hash he generated, the
signature is valid.
 Other benefits
• Other benefits
• Signature separate from the document
• Recipients storage requirements for the
document and signed signature much smaller.
 Algorithms and Terminology
• Signing process is called encrypting w/ private key
• Verification is called decrypting w/ public key
• Misleading and really only used with RSA
• Signing message w/ private key K:
• SK(M)-digital signature or signature

• VK(M)- verification of the digital signature (with the

public key)
• Authentication
– Entire protocol by which the receiver of a
message is convinced of the identity of the
sender and the integrity of the message.
Digital Signatures with Encryption
By combining digital signatures w/ public-key
encryption, we develop a protocol that combines
the security of encryption w/ the authenticity of
digital signatures.
 Example
Alice signs message w/ private key: SA(M)
Alice encrypts the signed message w/ Bob’s
public key and sends it to Bob: EB(SA(M))
Bob decrypts the message w/ his private key:
DB(EB(SA(M)))= SA(M)
Bob verifies w/ Alice’s public key and recovers
message:VA(SA(M))=M
See Resend Attack (p 42) and Foiling the Resend
attack (p 43)