Lecture 7-Basic Key Exchange Flashcards

1
Q

What is TLS and why shouldn’t we use it?

A

It is a form of authenticated encryption but don’t use it because it uses unidirectional keys (so lot of overhead) and also using MAC-then-Encrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does TLS decryption work?

A

Essentially it will send back the unique symbol with bad_record_mac error if tag or pad format is invalid (this provides AE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the padding oracle attack on TLS?

A

Attacker can submit ciphertext and learn if last bytes of plaintext are a valid pad (because attacker can tell the difference between errors “pad error” and “MAC error”)

You can observe the timing, bad pad timing returns faster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why are padding oracle attacks even an issue?

A

Because we pad after mac so pad is not authenticated (MAC then encrypt or MAC then CBC ) (So eve can learn the pad by XOR-ing bytes)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why would Encrypt then MAC avoid padding oracle?

A

Because MAC is checked first and ciphertext gets discarded if it is invalid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why shouldn’t you use SSH protocol?

A

Uses Encrypt-and-MAC where MAC is computed over plaintext. Also the protocol checks and uses the packet length before verifying the MAC tag which means Eve can send an encrypted block byte by byte to learn the length before MAC tag error gets out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How to avoid SSH attack?

A

Authenticate length with MAC first!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does TTP work?

A

TTP sends Alice shared key + encrypted key that only Bob can decrypt. Alice sends Bob to decrypt the shared key on his end

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Merkle Puzzle (Quadratic gap)

A

A way to share messages without TTP: Alice prepared a bunch of puzzles and sends it. Bob picks a puzzle at random to solve it, he gets decrypted key and he successfully decrypts a puzzle. Sends puzzle id so Alice knows which puzzle key to use. (THIS IS A WAY OF SYMMETRIC KEY EXCHANGE WITHOUT TTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Diffie-Hellman

A

Fix a large prime # + generator and compute the keys. Even cannot compute g^ab (mod P) ..considered discrete log problem (Hard)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When is diffie-hellman insecure?

A

Man in the middle attacks: Eve can generate her own a’ and send to bob and generate her own b’ to send to Alice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the diffie-hellman non-interactive property?

A

Each person has their own public key that can be used by someone else to raise it to their secret key: Kac = g^ac where a is secret key for Alice and g^c is already public information for Charlie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can you do non-interactive DH for more than two people?

A

Super complicated as you add more people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Public Key Encryption

A
  • another way for key exchange apart from merkle puzzles and DH
  • public key used to encrypt, secret key to decrypt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some public key applications?

A

HTTPS exchange: encrypt using Alice’s public key and send an encrypted email to her that she can decrypt.

Also key escrow: same encryption encrypted with an escrow’s public key so that if a fight happens, the message can still be decrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Public Key semantic security

A

Challenger generates key pair and sends public key to eve (no CPA attack needed!)

Even will send two messages for challenger to encrype and Eve needs to figure out which message (secure because Eve doesn’t have secret key to decrypt and encryption itself is random)

17
Q

When is Public Key Encryption insecure?

A

Man-in-the-middle: Eve impersonates Alice and sends a diff public key to Bob one of which she has the secret key of