# CS代考 COMP4337/9337 WK02-02Authenticaton, Key Distribution (Asymmetric) – cscodehelp代写

Professor Sanjay K. Jha

Securing Fixed and Wireless Networks, COMP4337/9337 WK02-02Authenticaton, Key Distribution (Asymmetric)

School of Computer Science and Engineering, UNSW

Copyright By cscodehelp代写 加微信 cscodehelp

Today’s Agenda

• AuthenticationRecap

• Keydistributionusingasymmetricencryption – Public-key distribution of secret keys

• FormalMethodforProtocolSpecificationand Verification: AVISPA Tool

Recap Authentication Basics

• Quickrecap,possiblyalreadydonein 3331/9331 (Kurose- 8)

• Thesearebasicbuildingblocks

– Make sure you understand this well as they help material covered in this subject.

Authentication

Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice”

“I am Alice”

Failure scenario??

Authentication

Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice”

“I am Alice”

In a network,

Bob can not “see” Alice, so Eve simply declares herself to be K 02-02

Authentication: another try

Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address

Alice’s IP address

“I am Alice”

Failure scenario??

Authentication: another try

Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address

Eve can create

a packet “spoofing” Alice’s address

Alice’s IP address

“I am Alice”

Authentication: another try

Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.

Alice’s IP addr

Alice’s password

“I’m Alice”

Failure scenario??

Alice’s IP addr

Authentication: another try

Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.

playback attack: Eve records Alice’s packet and later

plays it back to ’s IP addr

Alice’s password

“I’m Alice”

Alice’s IP addr

Alice’s IP addr

Alice’s password

“I’m Alice”

Authentication: yet another try

Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.

Alice’s IP addr

encrypted password

“I’m Alice”

Failure scenario??

Alice’s IP addr

Authentication: yet another try

Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.

record and playback still works!

Alice’s IP addr

encrypted password

“I’m Alice”

Alice’s IP addr

Alice’s IP addr

encrypted password

“I’m Alice”

Authentication: yet another try

Goal: avoid playback attack

nonce: number (R) used only once-in-a-lifetime

ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key

“I am Alice”

Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!

Failures, drawbacks?

Authentication: ap5.0

ap4.0 requires shared symmetric key

• can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography

“I am Alice”

Bob computes

K A- ( R )

K (K (R))=R AA

“send me your public key”

and knows only Alice

could have the private key,

that encrypted R such

A(K (R))=R A

ap5.0: security hole

man (or woman) in the middle attack: Eve poses as Alice (to Bob) and as Bob (to Alice)

I am K- (R) Send me your public key

Send me your public key K+

sends m to Alice encrypted with Alice’s public key

m=K(K (m))

m=K(K (m))

ap5.0: security hole

man (or woman) in the middle attack: Eve poses as Alice (to Bob) and as Bob (to Alice)

difficult to detect:

v Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation!)

v problem is that Eve receives all messages as well!

Public key encryption algorithms

Requirements:

needK ()andK ()suchthat

K (K (m)) = m

2 given public key K+, it should be

impossible to compute private key K-

RSA: Rivest, Shamir, Adelson algorithm 17

Public Key Cryptography

symmetric key crypto

• requires sender, receiver know shared secret key

• Q: how to agree on key in first place (particularly if never “met”)?

public key crypto

v radically different approach [Diffie- Hellman76, RSA78]

v sender, receiver do not share secret key

v public encryption key known to all

v private decryption key known only to receiver

RSA: getting ready

• A message is a bit pattern.

• A bit pattern can be uniquely represented by an integer

• Thus encrypting a message is equivalent to encrypting a number.

• m= 10010001.This message is uniquely represented by the decimal number 145.

• To encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext).

RSA: Creating public/private key pair

1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

3. Choose e (with e