A Protocol Medley - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

A Protocol Medley

Description:

Chaffing and Winnowing: confidentiality without encryption ... Step 3: Eve steals Alice's key. Alice. Step 4: Eve impersonates Alice. Bob. Eve 'I love you' ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 18
Provided by: rsa78
Category:

less

Transcript and Presenter's Notes

Title: A Protocol Medley


1
A Protocol Medley
  • Funkspiel signatures and authentication
  • Private Information Retrieval
  • Chaffing and Winnowing confidentiality without
    encryption
  • Gummy fingers

2
Funkspiel Signatures
Lauwers worked as radio operator for SOE, British
underground during WW II
Captured by Germans, along with radio and three
message/ciphertext pairs
Germans sought to mount Funkspiel, i.e., pass
false messages to SOE
SOE made use of a kind of MAC
Lauwers
3
Subverting the Funkspiel
  • Germans demanded to know MAC
  • Lauwers had been instructed to introduce an error
    into 16th letter of every message as MAC
  • Lauwers made clever observation about his three
    messages

Message 1
....stop..
....stop..
Message 2
.....
Message 3
  • Claimed that MAC involved corruption of o in
    stop

4
Modern cryptographers view
5
Funkspiel scheme
6
Step 1 Alice sends messages to Bob
7
Step 2 Alice changes key (maybe)
8
Step 3 Eve steals Alices key
9
Step 4 Eve impersonates Alice
10
Step 5 Bob determines whether Alice changed key
She loves me? She loves me not?
11
What do we want?
  • Eve cant tell whether Alice changed key
  • Even though Eve has seen MAC(message1),
    MAC(message2),...
  • Bob can tell whether Alice changed key

12
Related work
  • Forward-secure signature schemes
  • Attacker knows that key evolves
  • Distress PIN
  • No security against eavesdropper
  • Deniable encryption

13
A funkspiel scheme
MAC key 0
0
1
1
0
1
0
1
0
0
0
1
1
1
0
MAC key 1
Problems We need one bit for every MAC Eve can
cheat with small probability
14
What this good for?
  • Tamper resistant hardware
  • Currently uses zeroization or forgetting
  • Funkspiel schemes permit detection and tracing
  • Funkspiel schemes can give false sense of
    security or success to attacker

15
Private Information Retrieval (PIR)
  • Two entities database operator and user.
  • User wants the ith element from the database, but
    does not want to reveal what he wants.
  • Database operator is willing to give the user one
    element, but not the entire database.
  • Size of database is n. Possible to limit
    communication to O(log n), but not less.

16
Chaffing and Winnowing
  • What if encryption were outlawed, but
    authentication was not? Could two sneaky users
    still encrypt data for each other (without
    breaking the law)?
  • Assume the use of a MAC with a shared key K.
  • To send a bit 0, MAC a message with K to send a
    bit 1, MAC a message with K.

17
Gummy fingers
  • From simple ingredients, fool fingerprint readers
    even advanced ones that check that the applied
    finger is live, etc.
  • Use gelatin to construct a fingerprint wear it
    on the appropriate finger authenticate/identify
    eat the evidence!
Write a Comment
User Comments (0)
About PowerShow.com