Lecture 7-Basic Key Exchange Flashcards
What is TLS and why shouldn’t we use it?
It is a form of authenticated encryption but don’t use it because it uses unidirectional keys (so lot of overhead) and also using MAC-then-Encrypt
How does TLS decryption work?
Essentially it will send back the unique symbol with bad_record_mac error if tag or pad format is invalid (this provides AE)
What is the padding oracle attack on TLS?
Attacker can submit ciphertext and learn if last bytes of plaintext are a valid pad (because attacker can tell the difference between errors “pad error” and “MAC error”)
You can observe the timing, bad pad timing returns faster
Why are padding oracle attacks even an issue?
Because we pad after mac so pad is not authenticated (MAC then encrypt or MAC then CBC ) (So eve can learn the pad by XOR-ing bytes)
Why would Encrypt then MAC avoid padding oracle?
Because MAC is checked first and ciphertext gets discarded if it is invalid
Why shouldn’t you use SSH protocol?
Uses Encrypt-and-MAC where MAC is computed over plaintext. Also the protocol checks and uses the packet length before verifying the MAC tag which means Eve can send an encrypted block byte by byte to learn the length before MAC tag error gets out
How to avoid SSH attack?
Authenticate length with MAC first!
How does TTP work?
TTP sends Alice shared key + encrypted key that only Bob can decrypt. Alice sends Bob to decrypt the shared key on his end
Merkle Puzzle (Quadratic gap)
A way to share messages without TTP: Alice prepared a bunch of puzzles and sends it. Bob picks a puzzle at random to solve it, he gets decrypted key and he successfully decrypts a puzzle. Sends puzzle id so Alice knows which puzzle key to use. (THIS IS A WAY OF SYMMETRIC KEY EXCHANGE WITHOUT TTP)
Diffie-Hellman
Fix a large prime # + generator and compute the keys. Even cannot compute g^ab (mod P) ..considered discrete log problem (Hard)
When is diffie-hellman insecure?
Man in the middle attacks: Eve can generate her own a’ and send to bob and generate her own b’ to send to Alice
What is the diffie-hellman non-interactive property?
Each person has their own public key that can be used by someone else to raise it to their secret key: Kac = g^ac where a is secret key for Alice and g^c is already public information for Charlie
Can you do non-interactive DH for more than two people?
Super complicated as you add more people
Public Key Encryption
- another way for key exchange apart from merkle puzzles and DH
- public key used to encrypt, secret key to decrypt
What are some public key applications?
HTTPS exchange: encrypt using Alice’s public key and send an encrypted email to her that she can decrypt.
Also key escrow: same encryption encrypted with an escrow’s public key so that if a fight happens, the message can still be decrypted