Title: A Protocol Medley
1A Protocol Medley
- Funkspiel signatures and authentication
- Private Information Retrieval
- Chaffing and Winnowing confidentiality without
encryption - Gummy fingers
2Funkspiel Signatures
Lauwers worked as radio operator for SOE, British
underground during WW II
Captured by Germans, along with radio and three
message/ciphertext pairs
Germans sought to mount Funkspiel, i.e., pass
false messages to SOE
SOE made use of a kind of MAC
Lauwers
3Subverting the Funkspiel
- Germans demanded to know MAC
- Lauwers had been instructed to introduce an error
into 16th letter of every message as MAC - Lauwers made clever observation about his three
messages
Message 1
....stop..
....stop..
Message 2
.....
Message 3
- Claimed that MAC involved corruption of o in
stop
4Modern cryptographers view
5Funkspiel scheme
6Step 1 Alice sends messages to Bob
7Step 2 Alice changes key (maybe)
8Step 3 Eve steals Alices key
9Step 4 Eve impersonates Alice
10Step 5 Bob determines whether Alice changed key
She loves me? She loves me not?
11What do we want?
- Eve cant tell whether Alice changed key
- Even though Eve has seen MAC(message1),
MAC(message2),... - Bob can tell whether Alice changed key
12Related work
- Forward-secure signature schemes
- Attacker knows that key evolves
- Distress PIN
- No security against eavesdropper
- Deniable encryption
13A funkspiel scheme
MAC key 0
0
1
1
0
1
0
1
0
0
0
1
1
1
0
MAC key 1
Problems We need one bit for every MAC Eve can
cheat with small probability
14What this good for?
- Tamper resistant hardware
- Currently uses zeroization or forgetting
- Funkspiel schemes permit detection and tracing
- Funkspiel schemes can give false sense of
security or success to attacker
15Private Information Retrieval (PIR)
- Two entities database operator and user.
- User wants the ith element from the database, but
does not want to reveal what he wants. - Database operator is willing to give the user one
element, but not the entire database. - Size of database is n. Possible to limit
communication to O(log n), but not less.
16Chaffing and Winnowing
- What if encryption were outlawed, but
authentication was not? Could two sneaky users
still encrypt data for each other (without
breaking the law)? - Assume the use of a MAC with a shared key K.
- To send a bit 0, MAC a message with K to send a
bit 1, MAC a message with K.
17Gummy fingers
- From simple ingredients, fool fingerprint readers
even advanced ones that check that the applied
finger is live, etc. - Use gelatin to construct a fingerprint wear it
on the appropriate finger authenticate/identify
eat the evidence!