Professional Documents
Culture Documents
Symmetric cryptosystems
Asymmetric cryptosystems Symmetric and asymmetric solutions
Security management
Focus on key distribution using the Needham Schroeder protocol From Needham Schroeder to Kerberos
Introducing Security
A historical perspective
CSC253 / 2005-06 G. Blair/ F. Taiani 3
CSC253 / 2005-06
G. Blair/ F. Taiani
CSC253 / 2005-06
G. Blair/ F. Taiani
CSC253 / 2005-06
G. Blair/ F. Taiani
CSC253 / 2005-06
G. Blair/ F. Taiani
Security Mechanisms
Encryption
Digital signatures
To prevent tampering
Authentication
Cryptography
Authorisation
Auditing
CSC253 / 2005-06
G. Blair/ F. Taiani
E.g. Using Secure Sockets Layer (SSL) to securely send messages over a TCP connection
In middleware
Offering a range of services from secure RPC through to authentication and authorisation
Introduction to Cryptography
To encrypt a message M with key k
FK Key
Insecure Channel
CSC253 / 2005-06
G. Blair/ F. Taiani
10
Styles of Cryptosystems
Symmetric cryptosystems The same key is used to both encrypt and decrypt messages Also referred to as secret-key (or shared-key) systems Sender & receiver must share knowledge of key P=Dk(Ek(P))
Asymmetric cryptosystems The keys for encryption and decryption are different but together form a unique pair Also referred to as public-key systems One key is kept private and the other key is made public P=Dkd(Eke(P))
CSC253 / 2005-06
G. Blair/ F. Taiani
11
K A K A
CSC253 / 2005-06
G. Blair/ F. Taiani
12
CSC253 / 2005-06
G. Blair/ F. Taiani
13
Alternative Cryptosystems
Triple-DES - more complex (slower) than DES 4 Fenced DES - nearly as fast as DES
AES - new standard replacing DES [2001]
CSC253 / 2005-06
G. Blair/ F. Taiani
15
CSC253 / 2005-06
G. Blair/ F. Taiani
16
CSC253 / 2005-06
G. Blair/ F. Taiani
17
CSC253 / 2005-06
G. Blair/ F. Taiani
18
CSC253 / 2005-06
G. Blair/ F. Taiani
19
CSC253 / 2005-06
G. Blair/ F. Taiani
20
CSC253 / 2005-06
G. Blair/ F. Taiani
21
CSC253 / 2005-06
G. Blair/ F. Taiani
22
Comparison between ACLs and capabilities for protecting objects. a) Using an ACL b) Using capabilities.
CSC253 / 2005-06
G. Blair/ F. Taiani
23
Security Management
Need for security management
So far, we have seen a series of mechanisms for achieving encryption, authentication, etc Still many things missing
Key management
Authorisation management
<pic needed>
CSC253 / 2005-06
G. Blair/ F. Taiani
25
Relies on a key distribution centre (KDC) KDC is part of the trusted computing base
Has knowledge of secret keys of all participants in the system Must manage N keys (instead on N(N-1)/2 in a decentralised solution)
CSC253 / 2005-06
G. Blair/ F. Taiani
26
2
3. A decrypts reply & sends ticket to B: ticket
3
5
4. The ticket contains [K(A,B), A]K[B) (i.e. encrypted in Bs secret code). B decrypts it and sends A a unique ID encrypted in K(A, B): [ID2]K(A,B)
Additional Reading
The Code Book: The Secret History of
CSC253 / 2005-06
G. Blair/ F. Taiani
29
mechanisms used to implement security policies in distributed systems, i.e. encryption, digital signatures, authentication, authorisation and auditing
You should have a general appreciation of symmetric and asymmetric
cryptosystems and also how such cryptosystems can be used to realise encryption, digital signatures and authentication
You should also have a general understanding for the key design
management and also a more detailed understanding of the goal of key distribution and how it is achieved using the Needham Schroeder protocol
CSC253 / 2005-06 G. Blair/ F. Taiani 30