Fragen und Lösungsansätze Sicherheit:

(1)

Fragen und Lösungsansätze

1

Sicherheit:

Fragen und Lösungsansätze

im Wintersemester 2012 / 2013 Prof. Dr. Jan Jürjens

TU Dortmund, Fakultät Informatik, Lehrstuhl XIV Teil 9: Some Further Cryptographic Protocols

v. 27.01.2013

(2)

Fragen und Lösungsansätze

Themen der Vorlesung

Part I: Challenges and Basic Approaches

1) Interests, Requirements, Challenges, and Vulnerabilities 2) Key Ideas and Combined Techniques

Part II: Control and Monitoring

3) Fundamentals of Control and Monitoring 4) Case Study: UNIX

Part III: Cryptography

5) Fundamentals of Cryptography 6) Case Studies: PGP and Kerberos 7) Symmetric Encryption

8) Asymmetric Encryption and Digital Signatures with RSA 9) Some Further Cryptographic Protocols

Part IV: Access Control

10) Discretionary Access Control and Privileges 11) Mandatory Access Control and Security Levels Part V: Security Architecture

12) Layered Design Including Certificates and Credentials

13) Intrusion Detection and Reaction

(3)

Fragen und Lösungsansätze

Covert commitments

• committing :

the committer discretionarily selects some value v _com

and commits to this value, in a covert form regarding the receiver

• revealing :

the committer reveals a value v _show to the receiver,

who in turn either accepts or rejects it as the committed value

• binding property (combined correctness and unforgeability property):

for all values v _com :

if the committer enters the revealing phase at all, then the receiver accepts the revealed value v show

if and only if it is the committed value v com

• secrecy property (after committing and before revealing):

for all values v _com ,

the receiver cannot “determine”

the committed value v com from the covert form

3

(4)

Fragen und Lösungsansätze

Secret sharing

• distributing :

the owner of the secret v computes shares s ₁ ,… , s _n and distributes them to appropriate receivers

• combining :

for some threshold t ≤ n, t (or more) receivers collect their shares s _i ,… , s _i

1 t

and use them to recover the secret

• correctness property:

for all values v :

the receivers succeed in determining the secret value v from any set of t distinct shares s _i ,… , s _i

1 t

• secrecy property:

for all values v :

the receivers cannot “determine” the secret value v

from any set of t-1 shares

(5)

Fragen und Lösungsansätze

Multiparty computations

• multiparty computations address a very general situation of cooperation in the presence of threats between n parties P _i

• parties aim at jointly computing the value y of some agreed n-ary function f:

- each P _i secretly provides an argument x _i

- at the end, each P _i knows the computed value y = f (x ₁ ,…, x _n ) - no P _i learns anything new about the other parties’ arguments

• correctness property (with threshold t):

for all inputs x ₁ ,…, x _n of the parties P ₁ ,…, P _n , respectively, with n > 2, if the adversary is formed by at most t attacking parties (a strict minority), then each of the honest parties obtains f (x ₁ ,…, x _n ) as the final result

• secrecy property (with threshold t):

for all inputs x ₁ ,…, x _n of the parties P ₁ ,…, P _n , respectively, with n > 2, an adversary formed by at most t attacking parties (a strict minority)

cannot “determine” any of the secret inputs of the honest parties

5

(6)

Fragen und Lösungsansätze

channels

(7)

Fragen und Lösungsansätze

7 operating on ciphertexts

(8)

Fragen und Lösungsansätze

and message transmissions

(9)

Fragen und Lösungsansätze

whatever violations of correctness and secrecy can be achieved in the model of

parties cooperating by protected local operations and message transmissions can also (inevitably) happen in the trusted-host model,

and thus, in particular,

without observing messages of the honest parties at all

9 secrecy property (with threshold t)

Fragen und Lösungsansätze Sicherheit:

Fragen und Lösungsansätze

1

Sicherheit:

Fragen und Lösungsansätze

im Wintersemester 2012 / 2013 Prof. Dr. Jan Jürjens

TU Dortmund, Fakultät Informatik, Lehrstuhl XIV Teil 9: Some Further Cryptographic Protocols

v. 27.01.2013

Fragen und Lösungsansätze

Themen der Vorlesung

Part I: Challenges and Basic Approaches

1) Interests, Requirements, Challenges, and Vulnerabilities 2) Key Ideas and Combined Techniques

Part II: Control and Monitoring

3) Fundamentals of Control and Monitoring 4) Case Study: UNIX

Part III: Cryptography

5) Fundamentals of Cryptography 6) Case Studies: PGP and Kerberos 7) Symmetric Encryption

8) Asymmetric Encryption and Digital Signatures with RSA 9) Some Further Cryptographic Protocols

Part IV: Access Control

10) Discretionary Access Control and Privileges 11) Mandatory Access Control and Security Levels Part V: Security Architecture

12) Layered Design Including Certificates and Credentials

13) Intrusion Detection and Reaction

Fragen und Lösungsansätze

Covert commitments

• committing :

the committer discretionarily selects some value v com

and commits to this value, in a covert form regarding the receiver

• revealing :

the committer reveals a value v show to the receiver,

who in turn either accepts or rejects it as the committed value

• binding property (combined correctness and unforgeability property):

for all values v com :

if the committer enters the revealing phase at all, then the receiver accepts the revealed value v show

if and only if it is the committed value v com

• secrecy property (after committing and before revealing):

for all values v com ,

the receiver cannot “determine”

the committed value v com from the covert form

3

Fragen und Lösungsansätze

Secret sharing

• distributing :

the owner of the secret v computes shares s 1 ,… , s n and distributes them to appropriate receivers

• combining :

for some threshold t ≤ n, t (or more) receivers collect their shares s i ,… , s i

1 t

and use them to recover the secret

• correctness property:

for all values v :

the receivers succeed in determining the secret value v from any set of t distinct shares s i ,… , s i

1 t

• secrecy property:

for all values v :

the receivers cannot “determine” the secret value v

from any set of t-1 shares

Fragen und Lösungsansätze

Multiparty computations

• multiparty computations address a very general situation of cooperation in the presence of threats between n parties P i

• parties aim at jointly computing the value y of some agreed n-ary function f:

- each P i secretly provides an argument x i

- at the end, each P i knows the computed value y = f (x 1 ,…, x n ) - no P i learns anything new about the other parties’ arguments

• correctness property (with threshold t):

for all inputs x 1 ,…, x n of the parties P 1 ,…, P n , respectively, with n > 2, if the adversary is formed by at most t attacking parties (a strict minority), then each of the honest parties obtains f (x 1 ,…, x n ) as the final result

• secrecy property (with threshold t):

for all inputs x 1 ,…, x n of the parties P 1 ,…, P n , respectively, with n > 2, an adversary formed by at most t attacking parties (a strict minority)

cannot “determine” any of the secret inputs of the honest parties

5

Fragen und Lösungsansätze

channels

Fragen und Lösungsansätze

7

operating on ciphertexts

Fragen und Lösungsansätze

and message transmissions

Fragen und Lösungsansätze

whatever violations of correctness and secrecy can be achieved in the model of

parties cooperating by protected local operations and message transmissions can also (inevitably) happen in the trusted-host model,

and thus, in particular,

without observing messages of the honest parties at all

9

secrecy property (with threshold t)

the committer discretionarily selects some value v _com

the committer reveals a value v _show to the receiver,

for all values v _com :

for all values v _com ,

the owner of the secret v computes shares s ₁ ,… , s _n and distributes them to appropriate receivers

for some threshold t ≤ n, t (or more) receivers collect their shares s _i ,… , s _i

the receivers succeed in determining the secret value v from any set of t distinct shares s _i ,… , s _i

• multiparty computations address a very general situation of cooperation in the presence of threats between n parties P _i

- each P _i secretly provides an argument x _i

- at the end, each P _i knows the computed value y = f (x ₁ ,…, x _n ) - no P _i learns anything new about the other parties’ arguments

for all inputs x ₁ ,…, x _n of the parties P ₁ ,…, P _n , respectively, with n > 2, if the adversary is formed by at most t attacking parties (a strict minority), then each of the honest parties obtains f (x ₁ ,…, x _n ) as the final result

for all inputs x ₁ ,…, x _n of the parties P ₁ ,…, P _n , respectively, with n > 2, an adversary formed by at most t attacking parties (a strict minority)