CSE597B: Special Topics in Network and Systems Security - PowerPoint PPT Presentation

About This Presentation
Title:

CSE597B: Special Topics in Network and Systems Security

Description:

CSE597B: Special Topics in Network and Systems Security The Miscellaneous Instructor: Sencun Zhu – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 28
Provided by: Senc150
Learn more at: https://www.cse.psu.edu
Category:

less

Transcript and Presenter's Notes

Title: CSE597B: Special Topics in Network and Systems Security


1
CSE597B Special Topics in Network and Systems
Security
  • The Miscellaneous
  • Instructor Sencun Zhu

2
Appetizer
  • Ten scientists are working on a secret project.
    They wish to lock up the documents in a cabinet
    so that the cabinet can be opened if and only if
    five or more of the scientists are present.
  • What is the smallest number of locks needed?
  • What is the smallest number of keys to the locks
    each scientist must carry?

3
Outline
  • A little maths
  • Group, ring, (finite) field
  • Increasing importance in cryptography
  • AES, Elliptic Curve, Threshold Cryptography
  • Secret sharing and threshold cryptography
  • Based on slides by Prof. Helger Lipmaa, Helsinki
    University of Technology
  • Design rules

4
Group
  • G, a set of elements or numbers
  • Obeys
  • Closure if a and b belong to G, a . B is also in
    G
  • associative law (a.b).c a.(b.c)
  • has identity e e.a a.e a
  • has inverses a-1 a.a-1 e
  • if commutative a.b b.a
  • then forms an abelian group

5
Cyclic Group
  • Define exponentiation as repeated application of
    operator
  • example a3 a.a.a
  • Let identity e be ea0
  • A group is cyclic if every element is a power of
    some fixed element
  • i.e. b ak for some a and every b in group
  • a is said to be a generator of the group

6
Ring
  • R, a set of numbers with two operations,
    addition and multiplication
  • an abelian group with addition operation
  • closure under multiplication
  • associative under multiplication
  • distributive law a(bc) ab ac
  • if multiplication operation is commutative, it
    forms a commutative ring
  • if multiplication operation has inverses and no
    zero divisors, it forms an integral domain

7
Field
  • F, a set of numbers with two operations
  • F is an integral domain
  • Multiplicative inverse
  • For each a in F, except 0, there is an element
    a-1 in F such that a a-1 a-1 a 1
  • In essence, a field is a set in which we can do
    addition, subtraction, multiplication, and
    division without leaving the set
  • Division a/b a b-1

8
Galois Fields
  • Finite fields (known as Galois fields) play a key
    role in cryptography
  • Theorem the number of elements in a finite field
    must be a power of a prime pn, denoted as GF(pn)
  • In particular often use the fields
  • GF(p)
  • GF(2n)

9
Galois Fields GF(p)
  • GF(p) is the set of integers 0,1, , p-1 with
    arithmetic operations modulo prime p
  • these form a finite field
  • since have multiplicative inverses
  • hence arithmetic is well-behaved and can do
    addition, subtraction, multiplication, and
    division without leaving the field GF(p)

10
Keep Secrets on a Computer
  • Very difficult
  • Wiping state
  • Easier in C/C, difficult in Java
  • Swap file
  • Virtual memory
  • Caches
  • Keep copies of data
  • Data retention by memory
  • SRAM/DRAM could learn and remember data
  • Access by others
  • Data integrity

11
Key Storage
  • Reliability and confidentiality of important
    data
  • Information can be secured by encryption
  • After that, many copies of the ciphertext can be
    made
  • How to secure the secret key?
  • Encrypting of key vicious cycle
  • Replicating key insecure
  • Idea distribute the key to a group, s.t. nobody
    by itself knows it

12
Secret SharingMore Motivations
  • USSR At least two of the three nuclear buttons
    must have been pressed simultaneously
  • Any other process where you might not trust a
    single authority
  • Threshold cryptography
  • Computation can be performed in a distributed way
    by trusted subsets of parties
  • Verifiable SS One can verify that inputs were
    shared correctly

13
Secret Sharing Schemes Definition
  • A dealer shares a secret key among n parties
  • Each party i in 1, n receives a share
  • Predefined groups of participants can cooperate
    to reconstruct the shares
  • Smaller subgroups cannot get any information
    about the secret

14
(k, n)-threshold schemes
  • A dealer shares a secret key between n parties
  • Each party i in 1, n receives a share
  • A group of any k participants can cooperate to
    reconstruct the shares
  • No group of k-1 participants can get any
    information about the secret

15
A Bad Example
  • Let K be a 100-bit block cipher key.
  • Share it between two parties
  • Giving to both parties 50 bits of the key
  • Why is this bad?
  • The requirement Smaller subgroups cannot get any
    information about the secret is violated
  • Ciphertext-only attack
  • Both participants can recover the plaintext by
    themselves, by doing a (250)-time exhaustive
    search

16
(2, 2)-threshold scheme
  • Let s G be a secret from group (G, ). Dealer
    chooses a uniformly random s1 G and lets s2 s
    s1
  • The two shares are s1 and s2
  • Given s1 and s2 , one can successfully recover s
    s1 s2
  • Given only s1, s2 is random, vice versa
  • Prs k s2 Prs1 k - s2 s2 2G
    for any k

17
(n, n)-threshold scheme
18
Shamirs (k,n) Threshold Scheme
  • Mathematical basis

19
Shamirs (k,n) Threshold Scheme
  • Dealing phase

20
Shamirs (k,n) Threshold Scheme
21
Shamirs (k,n) Threshold Scheme
22
Illustration
23
Shamirs Scheme Efficiency
24
Shamirs Scheme Flexibility
25
Remarks
26
Design Rules
  • Design rules
  • Complexity is the worst energy of security
  • There are no secure complex systems
  • Correctness must be a local property
  • every part of the system should behave correctly
    regardless of how the rest of the system works
  • For a security level of n bits, every
    cryptographic value should be at least 2n bits
    long
  • Due to collision attacks
  • Reliability
  • Do not assume message reliability
  • TCP cannot prevent active attacks

27
Presentation
  • Two presentations each class
  • Let us first see how it will be going
  • Time
  • 3035 minutes/person, including random
    interruption
  • Do not exceed
  • How to give a good talk
  • http//www.info.ucl.ac.be/people/PVR/giving_talk.p
    s
  • How to give a bad talk
  • http//www.eecs.berkeley.edu/messer/Bad_talk.html
Write a Comment
User Comments (0)
About PowerShow.com