IT代写 COMP30023 – Computer Systems

COMP30023 – Computer Systems
2022 – Semester 1 – Week 4 – Lecture 2

Secure communication

• Announcement on LMS
• Spec is available via LMS
• Extra consultation hours
• Participation in Ed discussions

• Symmetric vs. asymmetric cryptography
• Encryption
• Signatures

– Message authentication code
– Authenticated encryption
– Diffie Hellman Key Exchange
– Public Key Infrastructure (Certificates)

What does the lock mean?

Goal: Secure Communication

controls Wi-Fi, DNS, routers, can create its own websites, can listen to
any packet, modify packets in transit, inject its own packets into the network

Goal: Secure Communication

S: symmetric encryption
secret key

(PKB, SKB)

Enc(PKB, S)

Confidentiality – Authentication – Integrity

Objective is to provide secure private communication between
two end-points, with integrity checks to ensure data does not
change in transit, and authentication to establish identities of
one or both of the end-points.

Secure Communication

S: symmetric encryption
secret key

(PKB, SKB)

Enc(PKB, S)

Question: the protocol provides
• Confidentiality?
• Integrity?
• Authentication?

Goal: Secure Communication

2 problems:
1. How does Alice know ciphertext has not been modified?
2. How does Alice know PKB is Bob’s public key?

– Message authentication code
– Authenticated encryption
– Diffie Hellman Key Exchange
– Public Key Infrastructure (Certificates)

Towards Secure Communication

CBC – Cipher Block Chaining
Tampering I (previous lecture)

Encryption

Decryption

Attacker can:
– reorder ciphertext
– flip bits
Every possible ciphertext corresponds to some valid plaintext

CBC – Cipher Block Chaining
Tampering I (previous lecture)

Towards Authenticated Encryption

Properties we want: confidentiality and integrity

m: message

Secret key SK of
symmetric encryption

c: ciphertext

• Hashing? (Is Hash(m) a good authentication method? Is Hash(c)?)
• Digital signatures? (Is Sign(SigningKey, m)? Is Sign(SigningKey, c)?)

Potential solutions for message
authentication

t := Authenticate (, m/c, )
Verify(…,m/c, t,…) ??

m: message

Secret key SK of
symmetric encryption

c: ciphertext

Hash: collision resistant hash function

Left blank

• Detect if message has been tampered with
• s: MAC’s secret key; m: message
• t := Mac(s,m); b := Verify(s,m,t)

– b is 0/1 indicating successful verification
• Verifies integrity of a message using a secret key
• Security: Adversary cannot create (m’, t’) such that

Verify(s,m’,t’) returns b = 1 for m’ it has not seen

Message Authentication Code (MAC)

CBC-MAC based on encryption (careful with variable length

HMAC: Industry standard and used widely in practice

HMAC: Generate a MAC tag t:
t := Hash ( (s ⊕ opad) ∥ Hash ((s ⊕ ipad) ∥ m))

ipad and opad are fixed constants used for padding

CBC-MAC and HMAC

• Confidentiality and integrity of messages exchanged
between Alice and Bob

• General construction: Encrypt-then-Mac:
– c :=Encrypt(SK, m)
– t := Mac(s, c)

• Verify: if Verify(s,t,c) returns 0, do not decrypt

• Examples: AES-GCM, AES-OCB, AES-CCM

Authenticated Encryption

Secret key SK of symmetric encryption

– Message authentication code
– Authenticated encryption
– Diffie Hellman Key Exchange
– Public Key Infrastructure

Towards Secure Communication

• Fundamental to protocols such as HTTPS, Secure Shell (SSH),
Internet Protocol Security (IPsec), Simple Mail Transfer
Protocol Secure (SMTPS), and other protocols that rely on
Transport Layer Security (TLS).

• Agree on a shared key
• Provides perfect forward secrecy: exposure of long term

keys does not compromise security of past sessions
• Sends information in a way that allows both parties to

calculate a shared key without having to ever explicitly
communicate the shared key

Diffie- Exchange
Turing award 2015

Diffie- Exchange

• Generate some public information:
– A large prime p
– A generator g (primitive root modulo p)

• Alice picks a random value x and computes X=gx mod p
– Sends X to Bob

• Bob picks a random value y and computes Y=gy mod p
– Send Y to Alice

• Alice calculates the secret s=Yx mod p = gyx mod p
• Bob calculates the secret s=Xy mod p = gxy mod p
• gyx mod p = gxy mod p

Left blank

Diffie- [DH’76]

both parties compute the secret key s=gxy

* note: all operations are modulo p

Diffie- Exchange

• At the end of the process we have a shared secret, the
component parts of which we have never openly
communicated

• Solving the discrete log (in the particular group we operate)
is considered a hard problem

• As such, it is considered infeasible to recover the x from gx

• Provided the two parties discard their secrets, even if one of
them loses their private key, it will not allow past
communication to be decrypted

• Secret key should look indistinguishable from random
• DH key exchange relies on Decisional DH

What does it mean secure

Assumptions based on Hard Problems

https://web.cs.ucdavis.edu/~rogaway/classes/227/spring05/book/main.pdf

Assumptions based on Hard Problems

Bonus Question:
• If you can solve DL, can you solve CDH?
• If you can solve CDH, can you solve DDH?

https://web.cs.ucdavis.edu/~rogaway/classes/227/spring05/book/main.pdf

– Message authentication code
– Authenticated encryption
– Diffie Hellman Key Exchange

• The slides were prepared by based on
some material developed previously by

• Reference: KR 8.3, 8.3.1, 8.3.2 and references from Week 4

• Some of the images included in the notes were supplied as
part of the teaching resources accompanying the text books
listed in lecture 1.
– (And also) Wikimedia Commons

Acknowledgement

程序代写 CS代考加微信: powcoder QQ: 1823890830 Email: powcoder@163.com

Related Posts