Applied Cryptography and Computer Security

1
Applied Cryptography and Computer Security

• Instructor Sheng Zhong

2
What is the purpose of this course?

• Our purpose is studying cryptography in a
  rigorous manner, with emphasis on careful design
  and analysis of secure systems using existing
  building blocks.
• Traditional crypto courses usually care more
  about math foundations than about applications.
• Traditional security courses usually present
  crypto tools informally, without rigorous
  definitions and derivations.

3
Our focus

• Correct application of crypto techniques in
  practical scenarios.
• Not the math principles behind these techniques.
• Not the implementation of crypto systems.

Implementation
Design and Analysis
Were here
Math Foundations
4
What does this course cover?

• Security model and cryptographic tools
• Encryption
• Symmetric-key encryption
• Asymmetric-key encryption
• Message authentication
• Message Authentication Code (MAC)
• Digital signature

5
What does this course cover?(Contd)

• Entity authentication
• Password-based authentication
• Public-key-based entity authentication
• Cryptographic protocol
• And more (if time allows)

6
Textbook and Prerequisites

• Recommended Textbooks (No Required)
• Wenbo Mao, Modern cryptography theory and
  practice. Prentice-Hall, PTR.
• Douglas Stinson, Cryptography Theory and
  Practice. CRS Press.
• Prerequisites
• Introductory class in theory of computation.
• Math maturity.

7
Grading

• Class participation 20
• Attendance is monitored in randomly sampled
  classes.
• If you need to skip a class, you should ask for
  permission before the class.
• Only in exceptional cases (like illness),
  after-class excuses can be accepted.
• Homeworks 40
• Project 40
• NO EXAM

8
Questions?
So much for the course information. For more
about this course http//www.cse.buffalo.edu/szh
ong/courses/664.htm
9
What is Cryptography?-- A Simple Game of Coin
Flipping
10
Coin Flipping Game

• Participants Alice and Bob.
• Computational model Each participant has a
  computer (probabilistic Turing machine running in
  polynomial time).
• Communication model The two computers are
  connected by the Internet (communication
  channel).
• Target Alice and Bob agree on the value of a
  fair coin.

11
NOTE Cryptography is NOT just scrambling bits

• It is a general theory about doing things
  securely and/or privately.
• Whenever we have a crypto problem, we need to
  consider (just as in the coin flipping game)
• Who are the participants?
• What is the computational model?
• What is the communication model?
• What is our target?

12
Tool for the Coin Flipping Game

• To solve this problem, we use the crypto tool of
  collision-resistant hash function.
• H() is collision-resistant iff
• For all x, H(x) is easy to compute.
• It is infeasible to find (x, y) such that x ? y
  and H(x) H(y).

13
Solution to the Coin Flipping Game

• Alice picks a random integer a
• Alice ? Bob H(a)
• Bob picks a random bit b
• Bob ? Alice b
• Alice ? Bob a
• Bob verifies the value of H(a) is consistent with
  a.
• The output is defined as (ab) mod 2.
• 0 stands for head 1 stands for tail
• We shall follow this convention when talking
  about coins.

14
The solution is correct.

• Correctness means the output is what we want if
  everybody follows the protocol.
• Analysis of Correctness
• Alice picks a random integer a
• The probability of a being even is ½.
• Alice ? Bob H(a)
• Bob picks a random bit b
• The probability of b being even is also ½.

15
Correctness Analysis (Contd)

• Bob ? Alice b
• Alice ? Bob a
• Bob verifies the value of H(a) is consistent with
  a.
• The output is defined as (ab) mod 2.
• With probability of ½, ab is even so (ab) mod
  20.
• With probability of ½, ab is odd so (ab) mod
  21.
• The output is a fair coin!

16
Security Analysis (1)

• Can Alice cheat in the protocol so that the
  output is what she wants?
• To achieve this goal, since b is chosen by Bob,
  Alice must manipulate the value of a.

• Alice picks a random integer a
• Alice ? Bob H(a)
• Bob picks a random bit b
• Bob ? Alice b
• Alice ? Bob a
• Bob verifies the value of H(a) is consistent with
  a.
• The output is defined as (ab) mod 2.

17
Security Analysis (2)

• To manipulate the value of a, since Bob verifies
  the value of H(a) is consistent with a, Alice
  must also manipulate the value of H(a).

• Alice picks a random integer a
• Alice ? Bob H(a)
• Bob picks a random bit b
• Bob ? Alice b
• Alice ? Bob a
• Bob verifies the value of H(a) is consistent with
  a.
• The output is defined as (ab) mod 2.

18
Security Analysis (3)

• However, Alice does not know how to manipulate
  the value of H(a) when she first sends it to Bob,
  since she does not know b at this moment.

• Alice picks a random integer a
• Alice ? Bob H(a)
• Bob picks a random bit b
• Bob ? Alice b
• Alice ? Bob a
• Bob verifies the value of H(a) is consistent with
  a.
• The output is defined as (ab) mod 2.

19
Security Analysis (4)

• Now we are fine with Alice. But can Bob cheat in
  the protocol so that the output is what he wants?
• To achieve this goal, since a is chosen by Alice,
  Bob must manipulate the value of b.

• Alice picks a random integer a
• Alice ? Bob H(a)
• Bob picks a random bit b
• Bob ? Alice b
• Alice ? Bob a
• Bob verifies the value of H(a) is consistent with
  a.
• The output is defined as (ab) mod 2.

20
Security Analysis (5)

• However, Bob does not know how to manipulate the
  value of b since he does not know the value of a
  at this moment.

• Alice picks a random integer a
• Alice ? Bob H(a)
• Bob picks a random bit b
• Bob ? Alice b
• Alice ? Bob a
• Bob verifies the value of H(a) is consistent with
  a.
• The output is defined as (ab) mod 2.