CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Similar documents
Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public Key Algorithms

Crypto CS 485/ECE 440/CS 585 Fall 2017

Lecture 2 Applied Cryptography (Part 2)

CSE 127: Computer Security Cryptography. Kirill Levchenko

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

CS 161 Computer Security

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Key Exchange. Secure Software Systems

Public Key Cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Overview. Public Key Algorithms I

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Uzzah and the Ark of the Covenant

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Public-Key Cryptography

Cryptographic Protocols 1

1. Diffie-Hellman Key Exchange

Key Establishment and Authentication Protocols EECE 412

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Chapter 9 Public Key Cryptography. WANG YANG

CSC/ECE 774 Advanced Network Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Public Key Algorithms

Public Key Algorithms

CIS 4360 Secure Computer Systems Applied Cryptography

Public-key encipherment concept

Information Security CS 526

What did we talk about last time? Public key cryptography A little number theory

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

CSC 474/574 Information Systems Security

Chapter 9. Public Key Cryptography, RSA And Key Management

Network Encryption. Dr. Michael Ritter. September 18 th, 2015

Session key establishment protocols

Lecture 6 - Cryptography

Computer Security 3/23/18

Session key establishment protocols

Diffie-Hellman. Part 1 Cryptography 136

UNIT - IV Cryptographic Hash Function 31.1

Spring 2010: CS419 Computer Security

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Encryption. INST 346, Section 0201 April 3, 2018

Introduction to Public-Key Cryptography

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Kurose & Ross, Chapters (5 th ed.)

Key Management and Distribution

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Making and Breaking Ciphers

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

CSC 774 Network Security

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

T Cryptography and Data Security

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

ASYMMETRIC CRYPTOGRAPHY

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Introduction to Cryptography Lecture 7

CS669 Network Security

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

CS 161 Computer Security

Fall 2010/Lecture 32 1

Chapter 7 Public Key Cryptography and Digital Signatures

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Other Topics in Cryptography. Truong Tuan Anh

Cryptography (Overview)

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

Cryptographic Systems

Unit 8 Review. Secure your network! CS144, Stanford University

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

Cryptography and Network Security. Sixth Edition by William Stallings

Part VI. Public-key cryptography

Public Key Encryption. Modified by: Dr. Ramzi Saifan

1.264 Lecture 28. Cryptography: Asymmetric keys

Introduction to Cryptography Lecture 7

David Wetherall, with some slides from Radia Perlman s security lectures.

Some Stuff About Crypto

Chapter 10 : Private-Key Management and the Public-Key Revolution

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Chapter 3 Public Key Cryptography

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Applied Cryptography and Computer Security CSE 664 Spring 2018

CPSC 467b: Cryptography and Computer Security

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7

Introduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information

POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

Transcription:

ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas at Dallas contains material from: Dr. Alvaro Cardenas February 12, 2019 1

Announcement: - Watch video (about crypto APIs): https://youtu.be/_kj9sn0m-hs - Quiz next Tuesday, February 19 th based on the contents of this video. February 12, 2019 2 February 12, 2019 2

Outline ² RSA & DH - KEY ESTABLISHMENT ² Quantum ² Summary February 12, 2019 3 February 12, 2019 3

More Details on RSA - RSA algorithm > Involves four steps: generation of keys, key distribution, encryption, decryption - based on the difficulty of factoring integers Let s see more details now! February 12, 2019 4 February 12, 2019 4

RSA - Rivest, Shamir, Adleman 1977 Steps for generating the keys 1) Select two distinct prime numbers:! and " A prime number is one that is only divisible by 1 and by itself: 2, 3, 5, 7, 11, 13, 2) Calculate the product of them: # =! " 3) Calculate the Totient of #: & ' =! ) " )!, ", and & ' are kept private 4) Choose an integer * such that ) < * < & ' and * and & ' are coprime. Coprime numbers do not share any other factors except for 1, i.e., 670 8, & ' = ) 5) Calculate the value of +: +, * )./0 & ' or + = * 1) mod & ' Using Extended Euclidean algorithm + is kept private February 12, 2019 5 February 12, 2019 5

RSA - Rivest, Shamir, Adleman 1977 Steps for generating the keys The security of RSA is based on the difficulty of factoring two large prime numbers. Note:! " = $ & ' & Easy to compute! " if you know the factorization of " Hard to compute! " if you do not know the factorization of " Theorem: If () & +,-! " then /, / 1 - / +,- ". February 12, 2019 6 February 12, 2019 6

Vanilla (insecure) RSA Summary Key generation algorithm: 1. Choose random primes! and " 2. Define # =! " and & ' =! ) " ) 3. Compute * and + such that +, * )./0 & '. (e.g., * = 1, 17, 65537) Assuming we calculated:!, ", ', & ', 8, 0. Then, public key = (', 8) and private key = (', 0) Encryption algorithm: *<=>?@A( ', 8, B) =. 8./0 ' Decryption algorithm: +*=>?@A( ', 0, =) = C 0./0 ' Vanilla RSA is insecure! Because it is deterministic: the same message has the same ciphertext. Recommendation: RSA- OAEP and RSA-KEM. February 12, 2019 7 February 12, 2019 7

RSA Example: Key Generation 1. Choose two random primes:! = #$ and % = $& 2. Compute ' =! % = #$ $& = )))$ 3. Compute * + =! & % & = #- $. = )//. 4. Select 0 = ) (such that & < 1 < )//. and 234 0, * + = &) 5. Compute 6 = 1 7& mod * + 6 = ) 7& mod )//. 6 = 2147 public key = +, 0 = ()))$, )) private key = +, 4 = ()))$, /&#$) Note: Everyone knows N but it is difficult to compute * + and derive the secret key February 12, 2019 8 February 12, 2019 8

RSA Example: Encryption & decryption public key =!, # = (&&&', &) private key =!, ) = &&&', *+,' Let s encrypt m = 688 If we want to decrypt: - =. #./)! - = 011 &./) &&&' - = 2842 m = - )./)! m = *1,* *+,'./) &&&' m = 688 Hint: Feel free to use an online tool (e.g., Wolfram Alpha) to calculate the modular exponentiation. February 12, 2019 9 February 12, 2019 9

Key Distribution Problem: Key-Exchange in TLS using RSA A Browser C Give me your certificate VeriSign certificate Public key Encrypt one-time key with server s public key $%jilwd Encrypted shopping fhwh$%... Amazon.com B Both the browser and server have their key pair. The browser generates a premaster key, and encrypts using the server s public key (after verifying the signature in the certificate binding a public key with the server s identity). C Both the browser and server use the premaster key to generate additional keys, e.g., keys for symmetric encryption and MAC. A B February 12, 2019 10 February 12, 2019 10

Forward secrecy Limitation with RSA key transport We want Forward Secrecy (aka Perfect Forward Secrecy): - (Past) session keys should remain secret even if the adversary compromises the long-term key(s) (e.g., secret key) of the parties. As we saw last class, when we use RSA for establishing keys between two parties it does not provide forward secrecy. Example: If an attacker records all messages exchanged and in the future obtains B s secret key (e.g., compromises a server), then it can extract the premaster secret and obtain old session keys (and decrypt old encrypted traffic). We can achieve forward secrecy using Diffie-Hellman Key Exchange protocol February 12, 2019 11 February 12, 2019 11

Diffie-Hellman Protocol: Key-Exchange using DH Based on the assumption that it is hard to compute the discrete logarithm Given!, where! = # $ %&' ( - It is assumed to be computationally intractable to obtain $ from! - for large random primes ( February 12, 2019 12 February 12, 2019 12

Diffie-Hellman Protocol: Key-Exchange using DH Key generation algorithm: Two parties agree on! and " (public info) where! is a large prime (e.g., 600 digits) and " Is an integer in {1,,!}. Alice chooses a random # in {1,,! - 1} and calculate $ = " # &'(! A Alice, $ "# &'(! Bob, * " ) &'(! B Bob chooses a random ) in {1,,! - 1} and calculate * = " ) &'(! * Only Alice knows about #, and only Bob knows about ). February 12, 2019 13 February 12, 2019 13

Diffie-Hellman Protocol: Key-Exchange using DH Key generation algorithm: To generate the key! "# : * Only Alice knows about &, and only Bob knows about +. A Alice, " %& '() * B Bob, # % + '() * Alice calculates! "# using: # & Bob calculates! "# using: " + # & = (% + ) & =! "# = % &+ = (% & ) + = " + February 12, 2019 14 February 12, 2019 14

Diffie-Hellman Protocol: Insecure against man-in-the-middle 6, -) = ) $ =# $ + A 1 7 chooses random $! # $ %&' ( ) # + %&' ( 2 6 chooses $ MiTM chooses + 3 5! # $ %&' ( 4 ) # + %&' (, -) =! + =# $ + B chooses random + 8, -! = ) $ =(# + ) $ = # $+ 9, -! =! + =# $+ The attacker relays traffic from Alice to Bob; and reads it in the clear. February 12, 2019 15 February 12, 2019 15

Diffie-Hellman Protocol: Key-Exchange using DH Original: public info: +, # * Only Alice knows about $, and only Bob knows about &. A '!% = (# & ) $! # $ % # & B '!% = (# $ ) & Modify to solve DH problem (example): public info: +' %, +, #, +'! Assume A & B have,'!! # $,' % public key pairs: A B - A has +'!,,'! Verify signature - B has +' % # &,,-# % (# &, # $,!) %,,' % using +' %,-#! (# $, # &, %) Verify signature using +'! February 12, 2019 16 February 12, 2019 16

Diffie-Hellman Protocol: To prevent MITM attacks, we need Authenticated Diffie-Hellman - Add signatures / MACs and nonces to Diffie-Hellman protocol - Achieves forward secrecy (Ephemeral DH) Make sure! and " are randomly selected every time February 12, 2019 17 February 12, 2019 17

Outline ² RSA & DH - Key Establishment ² QUANTUM ² Summary February 12, 2019 18 February 12, 2019 18

Key Distribution So Far: How do parties agree on a symmetric key? - Using only symmetric key primitives e.g., use a Key Distribution Center (KDC) like Kerberos - Using asymmetric key concepts: RSA key transport, or DHE - Sometimes use: Quantum Key Distribution - enables two parties to produce a shared random key, only known to them - uses components of quantum mechanics February 12, 2019 19 February 12, 2019 19

Requires two channels between Alice and Bob: Quantum Key Distribution (QKD) is only used to produce & distribute a key We assume an eavesdropper (Eve) can interfere in any way with the quantum channel. We can then use the key with any encryption algorithm to securely transmit a message February 12, 2019 20 February 12, 2019 20

Quantum Channel: - Key is a stream of photons or light - Polarization of photons (states): horizontal, vertical, and two diagonals (angle of +45 or -45 ) - Filters: can distinguish horizontal states from vertical ones, and +45 from -45 - Photons have a property called spin and can change when passed through a filter February 12, 2019 21 February 12, 2019 21

Translating a photon spin into a key: Idea: 0 0 1 1 If Alice wants to send: 1 1 0 0, she can send: Or: She selects a basis (filter) to send the photons February 12, 2019 22 February 12, 2019 22

Quantum Key Distribution: General idea States cannot be measured without disturbing the original state We have a linear polarization basis (+) and a diagonal basis (x) Alice and Bob communicate over the public channel and both disclose the basis they used. Then, they both discard measurements where Bob used a different basis. February 12, 2019 23 February 12, 2019 23

Quantum Channel: February 12, 2019 24 February 12, 2019 24

Note: In addition to Quantum Key Distribution (QKD), there is also another topic called Quantum Computers. February 12, 2019 25 February 12, 2019 25

Quantum Computer: (Breaking Crypto?) - Can solve the factoring problem (using Shor s algorithm) and the discrete logarithm problem - Potential to break RSA, ECC, ElGamal, etc. - Not clear if they can scale, plus new research says if the RSA key is long enough (a terabyte-size key) it might not be broken. February 12, 2019 26 February 12, 2019 26

NSA warning: To move away from crypto vulnerable to quantum computing February 12, 2019 27

NSA warning: Recommendations February 12, 2019 28 February 12, 2019 28

NSA warning: Do they know something we don t? February 12, 2019 29

NSA warning: Mitigations February 12, 2019 30 February 12, 2019 30

Outline ² RSA & DH - Key Establishment ² Quantum ² SUMMARY February 12, 2019 31 February 12, 2019 31

Crypto Warnings: Crypto appears deceptively simple - Why does it so often fail? Important to distinguish various issues: 1. Bad cryptography, bad implementations, bad design, etc. 2. Even good cryptography can often be circumvented by adversaries operation outside the model 3. Even the best cryptography only shifts the weakest point of failure to elsewhere in your system 4. Systems are complex Avoid the first, be aware of 2-4 February 12, 2019 32 February 12, 2019 32

Limitations of cryptography: Cryptography is a tremendous tool And the basis for many security mechanisms Most security problems are not crypto problems In general, crypto - is not the solution to all security problems - is not reliable unless implemented properly - is not reliable unless used properly Misuse of crypto is fatal for security February 12, 2019 33 February 12, 2019 33

Crypto Libraries: Some recommendations - Use existing, high-level crypto libraries Watch video (about crypto APIs): - cryptlib https://youtu.be/_kj9sn0m-hs - NaCl Quiz next Tuesday, February 19 th - KeyCzar (designed for usability) based on the contents of this video. - libsodium - These provide an appropriate interface to crypto algorithms - Avoid low-level libraries, i.e., Java Cryptography Extension (JCE) too much possibility for misuse - Avoid writing your own low-level crypto. February 12, 2019 34 February 12, 2019 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback