chapter 10

# $ " 10
Network Security, Principles and
Practice,3rd Ed.
* '+ , :% &' (
http://mehr.sharif.edu/~shahriari
DSS
2
1
- '.
/0 - " +.
)-" 3
1.
45 6 7+ 8 '.
&'. +9 :
!' - 3. &'
1 .> (&' ;
@
'.
!-
&'
1 2
'+ $ " &- <
:
&' &-
6 7+
'-
3
: +9A
D
E
B " C&'
;'
6 7+ G
(IK L "
4
G M -)6
I J%
B
H ++7 6'F
;'
B
:
' " +.
.'
+9 5)-
45 "
.'
M 6 + 1 1 3 &' '+N
+ 1
&- < &'
1
H G FKJ "
( .
- 1 H 9- 1
' B > B> (verify)'+
P+QR
'
+.
H S. " B> 45
1 - - 5 83 B> & +LT B
5
:
-.
'.
6
' " +.
(
F '+ $)B U .
V.W
M
. &'. +9 &'
C . 6'F X
" . +R
Y
.' $ &- < Z R '+ $ 8 "
:
(Key Generation Alg)'+ $ '+N 0
.' $
- +9
'+N
F '+ $ [ " 8
-
(Signature Alg)
-
B F1
&'
(Signature Verification Alg)
1 '+
- +9
-
B F 1 &'
.'. - 9
VN
G
'+N 0
M
1<N
VN
L '+ $ 6 7+
.' $ '+N
'+ 0
VN
F '+ $
5 LB F1
7
1. .
Sharif Network Security Center
8
\ .
: (Direct)0+U 3
.' 3
M
1 3 &'
'+ $ CT B " -
'$
. 3+. $
_
.' $ 45 6 + T B " "
.
'.
+L- ]
L '+ $
I J - %U
+ 1 : ^4*
6 7+ D
'.
&'
1 timestamp " &- <
.' 1
N &'
M L
05 G M _ -
(Arbitrated)%
'$
I J
&'
1 6 7+ ; 4
R PQ 6 8 - 5
IK L " G M - B> 1 145 B
9
! "#$ ! $% &'() *$+,
(a) Conventional Encryption, Arbiter Sees Message
(1) X Æ A: M || E K xa [ IDX || H( M )]
[
(2) A Æ Y: E K IDX M E K [ IDX H( M )] T
xa
ay
]
(b) Conventional Encryption, Arbiter Does Not See Message
[
(
(1) X Æ A: IDX || E K [ M ] || E K IDX || H E K [ M ]
xy
xa
xy
(2) A Æ Y: E K ÈÍ IDX
ay Î
)]
˘
T˙
˚
(c) Public-Key Encryption, Arbiter Does Not See Message
[
(
)]
E K xy [ M ] E K xa IDX H E K xy [ M ]
[
)]
(
(1) X Æ A: IDX || E KR IDX || E KU E KR [ M ]
x
y
x
[
[
] ]
(2) A Æ Y: E KR IDX || E KU E KR [ M ] || T
a
y
x
Notation:
X = sender
Y = recipient
A = Arbiter
M = message
T = timestamp
Sharif Network Security Center
10
:D
6 7+
&'. +9 &'
^4*
V. H
%
F 6'F
. B
:6 &'. +9 &'
^4*
%
. B
:6
W
3+. ] "
U `+ 1 " +.
- . " a32 Cx M L '+ $ _
NG M . 3+. V - PQ % ' - b 4 - 6 + _
11
!
.'.
Yc V'
" ' ]
I J -
$"
R
12
.' $ G d - L
F& 98 -
" #
] I J8
6 + 8 PQ 8 : &- <
!
6"e
.' $
" #
%
"
&' ( # '% ) * +
,
!
-./0
13
(Replay Attacks)
' " '4 B> D
6 7+ B%U
N
14
4 ” . "& g “6
'
6 7+ 1 E
.
M 6 7+
"
"2
&
GK , \ .
6 7+ _ 9 : Simple Replay
D
6 7+ _ 9 : Logged Replay
"
! 3 4 : Undetected Replay
'
45 6 7+
: Backward Replay without modification
&'. +9 g
1 U
- 9 '$
(Sequence Number) N - 'F " &- <
- F 6 7+ 1 &'. +9 : (TimeStamp) . " a32 " &- <
! F
V G * .'
N
. " &- 'H
m||T
X
X 1 X. . 8 C- - X " . 6 + 8
.' X. . B> &
'$
S . 1$ Y : Challenge/Response
- 1$ + 1$ - - S . ' $ D
N
X
Y
m||N
X
Y
Y
15
6
V.W " &- <
(Session & Master keys) '+ $ 1 e - a 1 3
_i c (KDC) '+ $ Y " W$
- j9
-
16
Z
1 KDC
- L M '+ $ PQ
' $ '+N
13 5 '+ $ KDC
_+ J 1 13 5 '+ $ D U .
M
'+ $
Needham-Schroeder
1. A KDC: IDA || IDB || N1
2. KDC A: EKa[Ks || IDB || N1 || EKb[Ks || IDA]]
3. A B: EKb[Ks || IDA]
4. B A: EKs[N2]
5. A B: EKs[f(N2)]
5 4
17
j a+ > Replay Attack 1
' '5 13 5 B
'
1
N
3. @
13 5 '+ $
_
.- - + R
. " a32 B- $ 1 * : , &
1. A KDC: IDA || IDB
2. KDC A: EKa[Ks || IDB || T || EKb[Ks || IDA || T]]
3. A B: EKb[Ks || IDA || T]
4. B A: EKs[N1]
5. A B: EKs[f(N1)]
18
:-
|clock-T| < t1+ t2
+L B W+
KDC
1 , '. + 05
H
!'
"; J" B
6 + B- &" 1
F
&'. +9
IK L a+
.' 3 1
F
"
1
t2, t1
- S. -
5 &'
!'
F
1 -
9
19
B> 1 U
Suppress-replay 1 ,
j a+ > Suppress_replay 1 , 1
3. @
.
. &'. +9 &'
clock B- . B
" 1 ,_
.' &'. +9 clock "
5 &'
clock
.-
:1 U
KDC B " #
B- $ 82
nonce ; J " ;
20
Suppress- 1 ,
1 U
5)1 (Attack
1. A B: IDA|| Na
2. B KDC: IDB || Nb || EKb[IDA || Na || Tb]
3. KDC A: EKa[IDB || Na || Ks || Tb] ||
EKb[IDA || Ks || Tb] || Nb
4. A B:
EKb[IDA || Ks || Tb] || EKs[Nb]
21
F '+ $
'. '. 0
- g 1<+k C13 5 '+ $ Y "
nonce
22
4 '+ $ _ 3. - 1 " +. _+ J
& KF (AS)
- - &' F
. " a32 " B
V.W " &- <
C6
W9 $
F '+ $
9
V.W ' .
- $ &- <
. " a32
F '+ $
1. A AS : IDA || IDB
2. AS A : EKRas[IDA|| KUa|| T] || EKRas[IDB||KUb||T]
3. A B :EKRas[IDA|| KUa || T] ||
EKRas[IDB|| KUb || T] || EKUb[EKRa[Ks||T]]
_+ J
0 3+ B " B- B
:
5
23
nonce
F '+ $
1. A KDC
2. KDC A
3. A B
4. B KDC
5. KDC B
: IDA || IDB
: EKRauth [IDb||KUb]
: EKUb[Na||IDA]
: IDB || IDA || EKUauth[Na]
:
EKRauth [IDA||KUa]||EKUb[EKRauth[Na||IDA||IDB]]
6. B
7. A
: EKUa[EKRauth[Na||IdA||IDB||Nb]]
: EKs[Nb]
24
A
B
1 c
E-mail : (&'
$-
"
:
1. .
' " +.
)
V. H
,&
6
F '+ $
V.W
V.W
25
6
A
KDC
KDC
A
A
26
V.W " &- <
IDA||IDB||N1
EKA[KS||IDB||N1||EKB[KS||IDA]]
B
EKB[KS,IDA]||EKS[M]
F '+ $ " &- <
A
B
A
B
A
B
V. H : I'
EKub [KS]||EKS[M]
" , : I'
M||EKRA[H(M)]
V'
F '+ $ " _+ J \KJ B ' C
" ,
M||EKRA[H(M)]||EKRAS[T||IDA||KUA]
27
- '.
Digital Signature Standard
NIST FIPS 186 %
-
# 3H
&' - '.
- '.
_
: DSS
R
EL Gamal
%
&' - '.
: RSA Digital Signature
ISO 9776
ANSI X9.31
CCITT X.509
28
DSS
- '.
DSS
+9A
- '. B F 1 NIST % &' 1 j
6 7+ &'+ 2 '+N
SHA 0 VN " &- <
B- $W
&'
M L '+ $ DSA 0 VN " &- <
&' '+N &'+ 2
(RSA 13 U -) '+ $ DV.W " . + R 6'F
$ RSA " DSA 5 F
% 1 339
0 VN 1 H B- 1 B> +
29
M
H
M
||
KR a
H
KU a
E
Compare
D
EKR [ H(M) ]
a
(a) RSA Approach
M
M
||
s
r
KU G KR a
H
Sig
H
KU G KU
a
Ver
Compare
k
(b) DSS Approach
Sharif Network Security Center
30
- '.
6" 7 (#
p,q,g
x
y
k
–
-
global public-key Components
user private key
user public key
user per-message secret number
r = (gk mod p) mod q
s = [k-1(H(M) + xr)] mod q
Signature = (r,s)
precompute gk, k-1
31
- '.
-
V- 1
" '4 ' 1$)k
_+ " &- <
'.
1 H
"G
r = (gk mod p) mod q
s = [k-1(H(M) + xr)] mod q
SHA-1 0
VN " &- <
-
32
8
&-
(r,s)
9:
-
6" 7
'+ $ 8 '+N
(- +V.
&- <
a
[ " Xl
M " &' '+N 0 - 'U : H(M)
&' @ HN M 6 7+ 1 (r,s)
Signing
33
Sharif Network Security Center
- '.
;'
'$
w =
u1=
u2=
v =
- (r’,s’) M’ &'. +9
:' $ 1 H
" -U
(s’)-1 mod q
H(M’)w mod q
(r’)w mod q
(gu1yu2 mod p) mod q
+
34
9 : ; v=r’
Verifying
Sharif Network Security Center
35
Sharif Network Security Center
36
- '.
;'
- (r’,s’) M’ &'. +9
:' $ 1 H
" -U
'$
w =
u1=
u2=
v =
(s’)-1 mod q
H(M’)w mod q
(r’)w mod q
(gu1yu2 mod p) mod q
+
9 : ; v=r’
37
- '.
:0
VN &
-
1 H 6 7+ " U 3 r 'U
- - V3
F
3 k1
+.
1 H
38
H S. " s
-
(+ "
'U "
" x1 H r
" k1 H
1 339
0 VN 1 H
+L B 2 C'
Y
0
.'
VN
.
- '.
DSA
+
.. n & Vo+ x M L '+ $
. 3+. 3+ x _ - B '
45 B
. 3+. C' ; c
1$ V - 6 7+ - g B
6 7+
k ' '5 M L '+ $ " &- <
39
e-

Download Report

chapter 10

Paperzz.com

Your Paperzz