Professional Documents
Culture Documents
Systems
CS60002: Distributed Systems
Bhaskar Pal
Dept. of Computer Sc. & Engg.,
Indian Institute of Technology Kharagpur
Outline
Background
Conventional Cryptography
Modern Cryptography
Private Key
Public Key
Authentication Protocols
System Model
P1
P2
P4
P3
Role of Cryptography
P1
P2
P4
P3
Goals
Confidentiality of Information
Authentication
Data integrity
Encryption
Algorithm
E
Plaintext P
KD
Ciphertext C
Decryption
Algorithm
D
Plaintext P
P is plaintext
C is ciphertext
KC and KD are encryption and decryption keys
E and D are encryption and decryption algorithms
C= EKC(P) P=DKD(C)= DKD(EKC(P))
Intruder
Intruder
KC
Encryption
Algorithm
E
Plaintext P
KD
Ciphertext C
Decryption
Algorithm
D
Plaintext P
Modern systems
Private key system Public Key system
Conventional Systems
Plain-text a text written in some language. Use a
secret mapping procedure to map a letter (or a set of
letters) to some other letter (s) in the same alphabet
Example: adr pgk
Conventional Cryptography
Simple Substitution
Eliminate positional correlation of caeser cipher
Cipher line can be any permutation of the alphabets
frequency distribution of letters are not changed- !attack
Polyalphabetic Ciphers
periodic sequence of n substitution alphabet ciphers
11, 3, 4, 5, 6
Modern Cryptography
Secret key K
Alice
Bob
Encryption
Algorithm
E
Plaintext P
Dept. of CSE, IIT KGP
C=EK(P)
Decryption
Algorithm
D
P=DK(C)
Plaintext P
The crux of the system is the length of the key (56 bits),
the intruder has to search 256 values
Bob
Encryption
Algorithm
E
Plaintext P
Dept. of CSE, IIT KGP
C=EBpub(P) Decryption
Algorithm
D
P=DBprv(C)
Plaintext P
Decryption is performed as
M = Cd mod n = Med mod n
System Model
A set of computers connected by a network
No shared memory
Communication solely by passing messages to each
other
Authentication Services
Signed Communication
Message is signed by the sender
Senders identity and content of the message can be
authenticated to a third party
Potential Threats
An intruder
Can gain access to any point in the network
Can copy or alter parts of the message
Can replay back an old message
Can transmit erroneous messages
An Intruder
May involved in an on-going transaction
Can try to prevent a secure authenticated communication
Authentication Servers
Issues Involved
How A can get the conversation key from AS?
How A can send the received conversation key to B?
A AS : A, B, IA
AS A : EKA(IA, B, CK, EKB(CK, A))
A, B, IA
AS
EKA (IA , B, CK, EKB (CK, A))
(1)
(2)
A B : EKB (CK, A)
B A : ECK (IB)
A B : ECK (IB - 1)
(3)
(4)
(5)
EKB (CK, A)
ECK (IB)
ECK (IB - 1)
Dept. of CSE, IIT KGP
C B : EKB (CK, A)
B A : ECK (IB)
A B : ECK (IB - 1)
(3)
(4)
(5)
EKB (CK, A)
ECK (IB)
ECK (IB - 1)
Dept. of CSE, IIT KGP
A AS : A, B
AS A : EKA (B, CK, T, EKB (CK, T, A))
A B : EKB (CK, T, A)
Check at B: | CLOCKB - T | < t1 + t2
t1 : Max discrepancy with the servers clock
t1 : Expected Network Delay
Dept. of CSE, IIT KGP
Main Issue:
No explicit conversation key is required for communication
Public encryption keys are used
Handshake protocol
A B : EPKB (IA, A)
A AS : A, B
AS A : ESKAS (PKB, B)
A, B
A
Dept. of CSE, IIT KGP
AS
ESKAS (PKB, B)
Asynchronous
A AS : A, B, IA
AS A : EKA(IA, B, CK, EKB(CK, A))
A, B, IA
AS
EKA (IA , B, CK, EKB (CK, A))
(1)
(2)