2. 2
IntroductionIntroduction
What is a protocol?What is a protocol?
Protocol is an orderly sequence of steps two orProtocol is an orderly sequence of steps two or
more parties take to accomplish some task.more parties take to accomplish some task.
Everyone using a protocol must agree to theEveryone using a protocol must agree to the
protocol before using it.protocol before using it.
People use protocols to regulate behavior forPeople use protocols to regulate behavior for
mutual benefit.mutual benefit.
3. 3
IntroductionIntroduction
Good protocol has the following characteristics:Good protocol has the following characteristics:
(1)(1) Established in advanceEstablished in advance: the protocol is: the protocol is
completely designed before it is used.completely designed before it is used.
(2)(2) Mutually subscribedMutually subscribed: All parties to the protocol: All parties to the protocol
agree to follow its steps, in order.agree to follow its steps, in order.
(3)(3) UnambiguousUnambiguous: No party can fail to follow a: No party can fail to follow a
step properly because the party hasstep properly because the party has
misunderstood the step.misunderstood the step.
(4)(4) CompleteComplete: For every situation that can occur: For every situation that can occur
there is a prescribe action to be taken.there is a prescribe action to be taken.
4. 4
Types of ProtocolsTypes of Protocols
There are three types of protocols:There are three types of protocols:
Arbitrated protocolsArbitrated protocols
Adjudicated protocolsAdjudicated protocols
Self-enforcing protocolsSelf-enforcing protocols
5. 5
Types of ProtocolsTypes of Protocols
Arbitrated ProtocolsArbitrated Protocols
Arbitrator is a disinterested 3Arbitrator is a disinterested 3rdrd
party trusted toparty trusted to
complete a transaction between two distrustingcomplete a transaction between two distrusting
parties.parties.
Example: Buying and selling cars – banker orExample: Buying and selling cars – banker or
lawyer is the arbitrator.lawyer is the arbitrator.
In computer protocol, an arbitrator is aIn computer protocol, an arbitrator is a
trustworthy 3trustworthy 3rdrd
party who ensures fairness. Itparty who ensures fairness. It
might be a person, a program or a machine.might be a person, a program or a machine.
7. 7
Types of ProtocolsTypes of Protocols
Arbitrated computer protocols have severalArbitrated computer protocols have several
disadvantages:disadvantages:
The two sides may not be able to find a neutral 3The two sides may not be able to find a neutral 3rdrd
party that both sides trust. Suspicious users areparty that both sides trust. Suspicious users are
rightfully suspicious of an unknown arbiter in arightfully suspicious of an unknown arbiter in a
network.network.
Maintaining the availability of an arbiter represents aMaintaining the availability of an arbiter represents a
cost to the users or the network, that cost may becost to the users or the network, that cost may be
high.high.
For these reasons, an arbitrated protocol is avoided if possible!
8. 8
Types of ProtocolsTypes of Protocols
Arbitrated computer protocols have severalArbitrated computer protocols have several
disadvantages:disadvantages:
Arbitration causes a time delay in communicationArbitration causes a time delay in communication
because a third party must receive, act on and thenbecause a third party must receive, act on and then
forward every transaction.forward every transaction.
If the arbitration service is heavily used, it mayIf the arbitration service is heavily used, it may
become a bottleneck in the network as many usersbecome a bottleneck in the network as many users
try to access a single arbiter.try to access a single arbiter.
Secrecy becomes vulnerable, because the arbiterSecrecy becomes vulnerable, because the arbiter
has access to much sensitive information.has access to much sensitive information.
For these reasons, an arbitrated protocol is avoided if possible!
9. 9
Types of ProtocolsTypes of Protocols
Adjudicated ProtocolsAdjudicated Protocols
The idea of adjudicator is similar to arbiter.The idea of adjudicator is similar to arbiter.
With an adjudicated protocol enough data isWith an adjudicated protocol enough data is
available for a disinterested 3available for a disinterested 3rdrd
party to judgeparty to judge
fairness based on the evidence.fairness based on the evidence.
Not only can 3Not only can 3rdrd
party determine whether twoparty determine whether two
disputing parties acted fairly that is within thedisputing parties acted fairly that is within the
rules of the protocol but the 3rules of the protocol but the 3rdrd
party can alsoparty can also
determine who cheated.determine who cheated.
10. 10
Types of ProtocolsTypes of Protocols
Adjudicated ProtocolsAdjudicated Protocols
Adjudicated protocols involve the services of aAdjudicated protocols involve the services of a
33rdrd
party only in a case of a dispute.party only in a case of a dispute.
Therefore, they are usually less costly in termsTherefore, they are usually less costly in terms
of machine time or access to a trusted 3of machine time or access to a trusted 3rdrd
partyparty
software judge than arbitrated protocols.software judge than arbitrated protocols.
However, adjudicated protocols detect a failureHowever, adjudicated protocols detect a failure
to cooperate only after the failure has occurred.to cooperate only after the failure has occurred.
12. 12
Types of ProtocolTypes of Protocol
Self-Enforcing ProtocolsSelf-Enforcing Protocols
A self-enforcing protocol is one that guaranteesA self-enforcing protocol is one that guarantees
fairness.fairness.
If either party tries to cheat, that fact becomesIf either party tries to cheat, that fact becomes
evident to the other party.evident to the other party.
No outsider is needed to ensure fairness.No outsider is needed to ensure fairness.
Obviously, self-enforcing protocols areObviously, self-enforcing protocols are
preferable to the other types.preferable to the other types.
However, there is not a self-enforcing protocolHowever, there is not a self-enforcing protocol
for every situation.for every situation.
14. 14
Protocol to Solve ProblemsProtocol to Solve Problems
Cryptographic algorithms rely on the propertyCryptographic algorithms rely on the property
that it is easy to encrypt and decrypt messagesthat it is easy to encrypt and decrypt messages
with the appropriate keys but very hard to findwith the appropriate keys but very hard to find
keys.keys.
Therefore key management is really, reallyTherefore key management is really, really
important!!!important!!!
18. 18
Protocol to Solve ProblemsProtocol to Solve Problems
Several protocols developed for key distribution:Several protocols developed for key distribution:
Symmetric key exchange with serverSymmetric key exchange with server
Symmetric key exchange without serverSymmetric key exchange without server
Asymmetric key exchange with serverAsymmetric key exchange with server
Asymmetric key exchange without serverAsymmetric key exchange without server
19. 19
Protocol to Solve ProblemsProtocol to Solve Problems
Assume that two users already each have a copy of aAssume that two users already each have a copy of a
symmetric (secret) encryption key K known only to themsymmetric (secret) encryption key K known only to them
– small messages is ok to use K.– small messages is ok to use K.
But for greater security, they can agree to change keysBut for greater security, they can agree to change keys
on a frequent basis even as often as a different key foron a frequent basis even as often as a different key for
each message.each message.
To do this, either one can generate a fresh key calledTo do this, either one can generate a fresh key called
KKNEWNEW, encrypt it under K and send to the other., encrypt it under K and send to the other.
K is called the “master key”K is called the “master key”
KKNEWNEW is called the “traffic” or “session” key.is called the “traffic” or “session” key.
Symmetric key exchange without serverSymmetric key exchange without server
20. 20
Block replay attack
Assume two bank use fixed format on electronic
exchange
name of depositor account no transfer amount
Suppose outsiders (Tipah) able to tap the data channel
between these banks.
The first day, Tipah has his bank transfer $10 on his
behalf from one bank to another. (Tipah has account
with both banks). The next day she does the same thing
but the amount is $20.
Why Knew?
21. 21
Assume that both transmissions were sent under the
same encryption key.
Tipah would noticed that the first two blocks encrypted
were the same. So she know that the first two blocks are
her name and her account no. The only different is the
third block (the amount of money).
22. 22
By inserting data onto the transmission line, Tipah can
now replace any person and account number with his
own name and account number, leaving the amount
alone.
Tipah does not need to know who should be getting the
money or how much is being obtained; Tipah simply
changes name and account no to his own and watches
the balance in his account grow.
In ease, the interceptor does not necessarily have to
break the encryption.
23. 23
Protocol to Solve ProblemsProtocol to Solve Problems
Symmetric key exchange with serverSymmetric key exchange with server
i. Please give me a key to
communicate with Renee
ii. Here’s a key for you and
a copy for Renee
iii. Renee, the distribution center
gave me this key for our private
communication.
Renee
Pablo
Distribution Centre
24. 24
Protocol to Solve ProblemsProtocol to Solve Problems
Disadvantage of this approach:Disadvantage of this approach:
Two users must both share one key that isTwo users must both share one key that is
unique to them.unique to them.
Other pairs of users need unique keys andOther pairs of users need unique keys and
in general n users need n(n-1)/2.in general n users need n(n-1)/2.
Eg. 5 users –> 5(5-1)/2 = 10 keys.Eg. 5 users –> 5(5-1)/2 = 10 keys.
Symmetric key exchange without serverSymmetric key exchange without server
25. 25
IssuesIssues
1.1. E(M, Rpub) – slow.E(M, Rpub) – slow.
2.2. E(Knew, Rpub) – no authentication.E(Knew, Rpub) – no authentication.
Protocols to Solve ProblemsProtocols to Solve Problems
Asymmetric key exchange without serverAsymmetric key exchange without server
26. 26
Protocols to Solve ProblemsProtocols to Solve Problems
Suppose Pablo and Reene want to exchange aSuppose Pablo and Reene want to exchange a
message, each has a public/private key pair and eachmessage, each has a public/private key pair and each
has access to the others public key.has access to the others public key.
Denote Ppub –> Pablo public key and Ppriv –> PabloDenote Ppub –> Pablo public key and Ppriv –> Pablo
private key.private key.
Rpub -> Renee public key and Rpriv -> Renee privateRpub -> Renee public key and Rpriv -> Renee private
key.key.
Pablo can send E(Knew, Rpub) directly to Reene.Pablo can send E(Knew, Rpub) directly to Reene.
But how sure that E(Knew, Rpub) is from Pablo? ReeneBut how sure that E(Knew, Rpub) is from Pablo? Reene
couldn’t tell that.couldn’t tell that.
So to improve better – Pablo sends to Reene E(E(Knew,So to improve better – Pablo sends to Reene E(E(Knew,
Ppriv), Rpub)Ppriv), Rpub)
Asymmetric key exchange without serverAsymmetric key exchange without server
27. 27
Protocol to Solve ProblemsProtocol to Solve Problems
Asymmetric key exchange with serverAsymmetric key exchange with server
1. Please give me
Renee’s Public Key
2. Here is Renee
Public Key
3. I’m Pablo,
Lets talk
4. Please give me
Pablo’s Public Key
5. Here is Pablo’s
Public Key
6. Renee here
what’s up?
7. How are you
Distribution Centre
Renee
Pablo
28. 28
Protocol to Solve ProblemsProtocol to Solve Problems
Distribution Center (DC)
How do DC deals with keys? – publish its own public
key widely – anybody wish to register, deliver the
key and personal identity under the DC key
Can have more than one center:
– as backup, overload, if it doesn’t have the key, request from
other DC
– performance, size, reliability
– must be available any time
So, what gives us confidence that the keys
registered are authentic?? That is, they belong to the
people whose identification are associated.
29. 29
Protocol to Solve ProblemsProtocol to Solve Problems
Certificate
Develop ways for two people to establish trust
without having both parties to be present.
Trust coordinated => Certificate Authority
Advantages and Disadvantages of Key Distribution
Operational Restriction – availability of DC
Trust – who must be trusted
Protection from failure – anybody impersonate any
entities
Efficient Protocol – use several time-consuming
steps for one-time use (establish an encryption
key)
Protocol – easy to implement or not (computer
implementation vs manual use)
30. 30
Digital SignatureDigital Signature
A Digital Signature is a protocol that produces
the same effect as a real signature.
It has the following characteristics:
– Authentic : the recipient believes the signer
deliberately signed the document
– Unforgeable : the signature proves that the signer
and nobody else signed the document
– Single purpose : the signature is attached to the
document and cannot be moved to a different one
– Unalterable : after it has been signed, the document
can no longer be changed.
– Unrepudiable : after the fact, the signer cannot
successfully deny having signed the document.
31. 31
How does Digital Signature Works?How does Digital Signature Works?
Refer to extra notes…