Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan

Transcription

1 Advanced Crypto 2. Public key, private key and key exchange. Bob Alice Key Entropy. Key generators. Private key (AES, Twofish, CAST, IDEA, Blowfish, DES, 3DES, RC2, RC4/RC5, Skipjack, Camellia, Affine). Stream or block? ECB/CBC/OFB. Salting. Public key (RSA, DSA, ElGamal). Elliptic curve. Diffie-Hellman. FIPS. Eve Trent

2 Encryption Introduction Intruder Eve Privacy (Private Key) Identity (Public Key) Integrity (Public/Private Key) Bob Alice John John Trent Trusted third party

3

4

5

6 Encryption Conclusion Encryption Bob Eve Public key Encryption/ Decryption Typical application: Diffie-Hellman used to generate private-key. Public-key used for authentication. Private-key used for encryption. Encryption/ Decryption Key exchange (Diffie-Hellman) Secret key used to encrypt/decrypt (DES/3DES/AES) Communications Channel Used to authenticate (RSA) Encryption/ Decryption Alice Private key Private key Key exchange (Diffie-Hellman) John John Public key Secret key used to encrypt/decrypt (DES/3DES/AES) Public key Used to authenticate (RSA) Private key Private key John John RSA 2048 bits Replace by: ElGamal 160bits Public key

7 Advanced Crypto 2. Public key, private key and key exchange. Bob Alice Eve Block or stream? Trent

8

9

10 RC4. This is a stream encryption algorithm, and is used in wireless communications (such as in WEP) and SSL (Secure Sockets). IV and Key RC4 Pseudo infinite stream (eg ) + Cipher stream (eg ) Private-key methods The IV (Initiation Vector) gives variation in the output for the same key Ex-OR operator Data stream (eg ) Data stream Pseudo infinite stream Cipher stream Encryption

11 Advanced Crypto 2. Public key, private key and key exchange. Bob Alice Eve Private Key Trent

12 Encryption Private key DES AES Blowfish DES (Enc) DES (Dec) DES (Enc) K 1 K 2 K 1 DES. DES encryption algorithm is block cipher and uses a 64-bit block and a 64-bit encryption key. 3DES. DES encryption algorithm is block cipher and uses a 64-bit block and a 64-bit encryption key (of which only 56 bits are actively used in the encryption process). Unfortunately DES has been around for a long time, and the 56-bit version is now easily crackable (in less than a day, on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3- DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (2x54 bits - with a combination of the three keys - of which two of the keys are typically the same). The algorithm is EncryptK3( DecryptK2( EncryptK1(message), where K1 and K3 are typically the same (to keep compatibility). Twofish Bruce Schneier created Twofish with a general-purpose private key block cipher encryption algorithm. AES. AES (or Rijndael) is a new block cipher, and is the new replacement for DES, and uses 128- bit blocks with 128, 192 and 256 bit encryption keys. It was selected by NIST in 2001 (after a five year standardisation process). The name Rijndael comes from its Belgium creators: Joan Daemen and Vincent Rijmen. RC2 RC2. RC2. RC2 ("Rivest Cipher") is a block cipher, and is seen as a replacement for DES. It was created by Ron Rivest in 1987, and is a 64- bit block code and can have a key size from 40 bits to 128-bits (in increments of 8 bits). The 40-bit key version is seen as weak, as the encryption key is so small, but is favoured by governments for export purposes, as it can be easily cracked. In this case the key is created from a Key and an IV (Initialisation Vector). The key has 12 characters (96 bits), and the IV has 8 characters (64 bits), which go to make the overall key. Blowfish. Bruce Schneier created Blowfish with a general-purpose private key block cipher encryption algorithm. Blowfish (with CBC). Blowfishcbc. With CBC we split the message into blocks and encrypt each block. The input from the first stage is the IV (Initialisation Vector), and the input to the following stages is the output from the previous stage. In this example we will use Blowfish to encrypt, using CBC. Others Skipjack. Skip jack. Skipjack is a block cipher, using private-key encryption algorithm, and designed by NSA. Camellia. Camillia is a block cipher created by Mitsubishi and NTT. RC4. RC4 is a stream cipher used in WEP (in wireless encryption). Affine. Affine is a stream cipher which uses an equation to encrypt.

13

14

15

16

17

18

19

20

21

22 Advanced Crypto 2. Public key, private key and key exchange. Bob Alice Eve Key Exchange Trent

23

24

25 Encryption Logs Eve Bob A x A y A (x+y) Alice (A x ) y A xy John John

26 Encryption Logs Eve Random value x A Agreed number Random value y Bob A x A Y Alice A Y A x Private key

27 Encryption Logs Eve Random value x A Agreed number Random value y Bob A x A Y Alice A Y A x (A Y ) x (A x ) y

28

29

30

31 Advanced Crypto 2. Public key, private key and key exchange. Bob Alice Eve Public Key Trent

32

33

34 Encryption RSA Select two primes (p,q) Next, the n value is calculated. Thus: n = p x q = 11 x 3 = 33 Next PHI is calculated by: PHI = (p-1)(q-1) = 20 e selected so that GCD(e,PHI)=1 Public key: (n,e)

35 Bob Select two prime numbers: a and b n = a x b e is chosen so that e and (a-1)x(b-1) are relatively prime (no common factor greater than 1) d = e-1 mod [(a-1)x(b-1)] Public-key encryption Public key is now: <e,n> Private key is now: <d,n> Encryption Generating public and private keys

36 Eve Public key generates two keys: A public key and a private one. These are special in that if one is applied to encrypt, the other can be used to decrypt Public-key Public key are keys which relate to extremely large prime numbers (as it is difficult to factorise large prime numbers). It is extremely difficult to determine a private key from a public key. Public-key encryption Bob Encryption Communications Channel Decryption Alice Public key Public key Private key Private key Encryption

37 Public-key Public-key encryption Bob Eve Public key Encryption A. Bob creates the message. B. Bob encrypts with Alice s public key and sends Alice the encrypted message C. Alice decrypts with her private key D. Alice receives the message A Hello Communications Channel B Once Bob encrypts the message, the only key which can decrypt it is Alice s private key. Bob and Alice keep their private keys secret. Decryption Alice Public key Encryption Private key H&$d. C D Private key Hello

38

39

40

41 Using Bob s private key to authenticate himself Message Message MD5 Encrypted MD5 The magic private key Bob s private key Bob Bob s public key Authentication

42 Bob encrypts the message/hash with Alice s public key Message Message MD5 Encrypted MD5 Bob The magic private key Bob s public key Bob s private key Encrypted Content Alice s public key Alice Authentication Alice s private key

43 Bob encrypts the message/hash with Alice s public key Message MD5 Message Encrypted MD5 Encrypted Content Bob Bob s private key The magic private key Authentication Bob s public key Encrypted Content Alice s public key Alice s private key Alice

44 Alice decrypts the message Message MD5 Message Encrypted MD5 Encrypted Content Bob Bob s private key The magic private key Bob s public key Alice Authentication Encrypted Content Message Encrypted MD5 Alice s public key Alice s private key

45 Alice decrypts the message Message MD5 Message Encrypted MD5 Encrypted Content Bob Bob s private key The magic private key Bob s public key Alice Authentication Encrypted Content Message Encrypted MD5 MD5 (message) MD5 (result) Alice compares the MD5 values. If they are the same Bob sent the message

46 Advanced Crypto 2. Public key, private key and key exchange. Bob Alice Key Entropy. Key generators. Private key (AES, Twofish, CAST, IDEA, Blowfish, DES, 3DES, RC2, RC4/RC5, Skipjack, Camellia, Affine). Stream or block? ECB/CBC/OFB. Salting. Public key (RSA, DSA, ElGamal). Elliptic curve. Diffie-Hellman. FIPS. Eve Trent

47

48 Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier Introduction. Encryption: Public/Private Key. Key Exchange. Authentication. Signatures. ElGamal. Alice Bob John John ElGamal Eve Trent

49 Encryption Napier s logs John John g log(g) g = a.b = log(a)+log(b) = Inverse Log (log(a)+log(b)) ` g log(g) g g log(g) g = a/b = log(a)-log(b) = Inverse Log (log(a)-log(b)) = a x = x.log(a) = Inverse Log (x.log(a)) Eg g = 10 3 log 10 (g) = 3.log 10 (10) g = 10 (3x1) = 1,000

50 Encryption Discrete Logs John John g = a x mod P For example: a=5, x=3, P=7 g = 5 3 mod 7 = 125 mod 7 = 6 ` x Bob a x y Alice a y (a y ) x (a x ) y a xy a xy

51 Encryption ElGamal Bob John Y = g x mod p John Extremely difficult to the value of x, and there can be many solutions Eve Eve Y = 3 4 mod 17 -> 13 Alice

52 Encryption ElGamal Bob First Bob generates a prime number (p) and a number (g) which is between 1 and (p-1): p g x P: G: Bob select a random number (x) which will be his private key: Bob selects a random number(x): He then calculates Y: Bob sends g, p and Y to Alice. Y = g x mod p John Alice John

53 Alice p g y M (message) John K (random) John a=g k mod P b=y k M mod P a,b Bob