Diffie-Hellman. Part 1 Cryptography 136

Similar documents
Key Establishment and Authentication Protocols EECE 412

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Kurose & Ross, Chapters (5 th ed.)

Cryptographic Protocols 1

CS Computer Networks 1: Authentication

Lecture 2 Applied Cryptography (Part 2)

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Key Exchange. Secure Software Systems

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Key Management and Distribution

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

ECE 646 Lecture 3. Key management

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Chapter 9 Public Key Cryptography. WANG YANG

Overview. Public Key Algorithms I

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Cryptography and Network Security

Fall 2010/Lecture 32 1

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Public Key Algorithms

Chapter 9: Key Management

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

CS 161 Computer Security

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Authentication and Key Distribution

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Key management. Pretty Good Privacy

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

Public-Key Infrastructure NETS E2008

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Public Key Algorithms

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Cryptography and Network Security Chapter 14

Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

CPSC 467: Cryptography and Computer Security

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Introduction to Cryptography Lecture 10

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

Lecture 6 - Cryptography

1. Diffie-Hellman Key Exchange

PROVING WHO YOU ARE TLS & THE PKI

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Encryption 2. Tom Chothia Computer Security: Lecture 3

Encryption. INST 346, Section 0201 April 3, 2018

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

KEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington

UNIT - IV Cryptographic Hash Function 31.1

Spring 2010: CS419 Computer Security

CSE 565 Computer Security Fall 2018

Other Topics in Cryptography. Truong Tuan Anh

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Using Cryptography CMSC 414. October 16, 2017

CT30A8800 Secured communications

CIS 4360 Secure Computer Systems Applied Cryptography

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Key Management and Elliptic Curves

Cryptography III Want to make a billion dollars? Just factor this one number!

T Cryptography and Data Security

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

CS 425 / ECE 428 Distributed Systems Fall 2017

The evolving storage encryption market

Cryptography (Overview)

Grenzen der Kryptographie

Real-time protocol. Chapter 16: Real-Time Communication Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

2.1 Basic Cryptography Concepts

Public-key Cryptography: Theory and Practice

T Cryptography and Data Security

CSC 8560 Computer Networks: Network Security

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Digital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2

Ref:

Uzzah and the Ark of the Covenant

CIS 6930/4930 Computer and Network Security. Final exam review

CS 494/594 Computer and Network Security

Session key establishment protocols

Public Key Algorithms

Transcription:

Diffie-Hellman Part 1 Cryptography 136

Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for encrypting or signing Based on discrete log problem: o Given: g, p, and g k mod p o Find: exponent k Part 1 Cryptography 137

Diffie-Hellman Let p be prime, let g be a generator o For any x {1,2,,p-1} there is n s.t. x = g n mod p Alice selects her private value a Bob selects his private value b Alice sends g a mod p to Bob Bob sends g b mod p to Alice Both compute shared secret, g ab mod p Shared secret can be used as symmetric key Part 1 Cryptography 138

Diffie-Hellman Suppose Bob and Alice use Diffie-Hellman to determine symmetric key K = g ab mod p Trudy can see g a mod p and g b mod p o But g a g b mod p = g a+b mod p g ab mod p If Trudy can find a or b, she gets key K If Trudy can solve discrete log problem, she can find a or b Part 1 Cryptography 139

Diffie-Hellman Public: g and p Private: Alice s exponent a, Bob s exponent b g a mod p g b mod p Alice, a Bob, b Alice computes (g b ) a = g ba = g ab mod p Bob computes (g a ) b = g ab mod p Use K = g ab mod p as symmetric key Part 1 Cryptography 140

Diffie-Hellman Paint Analogy (courtesy of Wikipedia) common paint: g, p secret colors: a, b blue paint: g a mod p orange paint: g b mod p common secret: g ab mod p Part 1 Cryptography 141

Diffie-Hellman Paint Analogy (courtesy of Wikipedia) common paint: g, p secret colors: a, b blue paint: g a mod p orange paint: g b mod p common secret: g ab mod p Part 1 Cryptography 142

Diffie-Hellman Subject to man-in-the-middle (MiM) attack g a mod p g t mod p g t mod p g b mod p Alice, a Trudy, t Bob, b Trudy shares secret g at mod p with Alice Trudy shares secret g bt mod p with Bob Alice and Bob don t know Trudy exists! Part 1 Cryptography 143

Diffie-Hellman How to prevent MiM attack? o Encrypt DH exchange with symmetric key o Encrypt DH exchange with public key o Sign DH values with private key o Other? At this point, DH may look pointless o but it s not (more on this later) In any case, you MUST be aware of MiM attack on Diffie-Hellman Part 1 Cryptography 144

Elliptic Curve Cryptography Part 1 Cryptography 145

Elliptic Curve Crypto (ECC) Elliptic curve is not a cryptosystem Elliptic curves are a different way to do the math in public key system Elliptic curve versions DH, RSA, etc. Elliptic curves may be more efficient o Fewer bits needed for same security o But the operations are more complex Part 1 Cryptography 146

What is an Elliptic Curve? An elliptic curve E is the graph of an equation of the form y 2 = x 3 + ax + b Also includes a point at infinity What do elliptic curves look like? See the next slide! Part 1 Cryptography 147

Elliptic Curve Picture y! P 1! P 2! P 3! x! Consider elliptic curve E: y 2 = x 3 - x + 1! If P 1 and P 2 are on E, we can define!!p 3 = P 1 + P 2 as shown in picture Addition is all we need Part 1 Cryptography 148

Points on Elliptic Curve Consider y 2 = x 3 + 2x + 3 (mod 5)!x = 0 y 2 = 3 no solution (mod 5)!!x = 1 y 2 = 6 = 1 y = 1,4 (mod 5)!!x = 2 y 2 = 15 = 0 y = 0 (mod 5)!!x = 3 y 2 = 36 = 1 y = 1,4 (mod 5)!!x = 4 y 2 = 75 = 0 y = 0 (mod 5)! Then points on the elliptic curve are (1,1) (1,4) (2,0) (3,1) (3,4) (4,0) and the point at infinity: Part 1 Cryptography 149

Elliptic Curve Math Addition on: y 2 = x 3 + ax + b (mod p)!p 1 =(x 1,y 1 ), P 2 =(x 2,y 2 ) P 1 + P 2 = P 3 = (x 3,y 3 ) where x 3 = m 2 - x 1 - x 2 (mod p) y 3 = m(x 1 - x 3 ) - y 1 (mod p) And m = (y 2 -y 1 )*(x 2 -x 1 ) -1 mod p, if P 1 P 2 m = (3x 12 +a)*(2y 1 ) -1 mod p, if P 1 = P 2 Special cases: If m is infinite, P 3 =, and + P = P for all P Part 1 Cryptography 150

Elliptic Curve Addition Consider y 2 = x 3 + 2x + 3 (mod 5). Points on the curve are (1,1) (1,4) (2,0) (3,1) (3,4) (4,0) and! What is (1,4) + (3,1) = P 3 = (x 3,y 3 )? m = (1-4)*(3-1) -1 = -3*2-1!!! = 2(3) = 6 = 1 (mod 5) x 3 = 1-1 - 3 = 2 (mod 5) y 3 = 1(1-2) - 4 = 0 (mod 5)! On this curve, (1,4) + (3,1) = (2,0) Part 1 Cryptography 151

ECC Diffie-Hellman Public: Elliptic curve and point (x,y) on curve Private: Alice s A and Bob s B A(x,y) B(x,y) Alice, A Bob, B Alice computes A(B(x,y)) Bob computes B(A(x,y)) These are the same since AB = BA Part 1 Cryptography 152

ECC Diffie-Hellman Public: Curve y 2 = x 3 + 7x + b (mod 37) and point (2,5) b = 3! Alice s private: A = 4 Bob s private: B = 7! Alice sends Bob: 4(2,5) = (7,32) Bob sends Alice: 7(2,5) = (18,35)! Alice computes: 4(18,35) = (22,1)! Bob computes: 7(7,32) = (22,1) Part 1 Cryptography 153

Uses for Public Key Crypto Part 1 Cryptography 154

Uses for Public Key Crypto Confidentiality o Transmitting data over insecure channel o Secure storage on insecure media Authentication (later) Digital signature provides integrity and non-repudiation o No non-repudiation with symmetric keys Part 1 Cryptography 155

Non-non-repudiation Alice orders 100 shares of stock from Bob Alice computes MAC using symmetric key Stock drops, Alice claims she did not order Can Bob prove that Alice placed the order? No! Since Bob also knows the symmetric key, he could have forged message Problem: Bob knows Alice placed the order, but he can t prove it Part 1 Cryptography 156

Non-repudiation Alice orders 100 shares of stock from Bob Alice signs order with her private key Stock drops, Alice claims she did not order Can Bob prove that Alice placed the order? Yes! Only someone with Alice s private key could have signed the order This assumes Alice s private key is not stolen (revocation problem) Part 1 Cryptography 157

Public Key Notation Sign message M with Alice s private key: [M] Alice Encrypt message M with Alice s public key: {M} Alice Then {[M] Alice } Alice = M [{M} Alice ] Alice = M Part 1 Cryptography 158

Sign and Encrypt vs Encrypt and Sign Part 1 Cryptography 159

Confidentiality and Non-repudiation? Suppose that we want confidentiality and integrity/non-repudiation Can public key crypto achieve both? Alice sends message to Bob o Sign and encrypt {[M] Alice } Bob o Encrypt and sign [{M} Bob ] Alice Can the order possibly matter? Part 1 Cryptography 160

Sign and Encrypt M = I love you {[M] Alice } Bob {[M] Alice } Charlie Alice Bob Charlie Q: What s the problem? A: No problem public key is public Part 1 Cryptography 161

Encrypt and Sign M = My theory, which is mine. [{M} Bob ] Alice [{M} Bob ] Charlie Alice Charlie Note that Charlie cannot decrypt M Q: What is the problem? A: No problem public key is public Bob Part 1 Cryptography 162

Public Key Infrastructure Part 1 Cryptography 163

Public Key Certificate Certificate contains name of user and user s public key (and possibly other info) It is signed by the issuer, a Certificate Authority (CA), such as VeriSign M = (Alice, Alice s public key), S = [M] CA Alice s Certificate = (M, S) Signature on certificate is verified using CA s public key: Verify that M = {S} CA Part 1 Cryptography 164

Certificate Authority Certificate authority (CA) is a trusted 3rd party (TTP) creates and signs certificates Verify signature to verify integrity & identity of owner of corresponding private key o Does not verify the identity of the sender of certificate certificates are public keys! Big problem if CA makes a mistake (a CA once issued Microsoft certificate to someone else) A common format for certificates is X.509 Part 1 Cryptography 165

Part 1 Cryptography 166

PKI Public Key Infrastructure (PKI): the stuff needed to securely use public key crypto o Key generation and management o Certificate authority (CA) or authorities o Certificate revocation lists (CRLs), etc. No general standard for PKI We mention 3 generic trust models Part 1 Cryptography 167

PKI Trust Models Monopoly model o One universally trusted organization is the CA for the known universe o Big problems if CA is ever compromised o Who will act as CA??? System is useless if you don t trust the CA! Part 1 Cryptography 168

PKI Trust Models Oligarchy o Multiple trusted CAs o This is approach used in browsers today o Browser may have 80 or more certificates, just to verify certificates! o User can decide which CAs to trust Part 1 Cryptography 169

Anarchy model PKI Trust Models o Everyone is a CA o Users must decide who to trust o This approach used in PGP: Web of trust Why is it anarchy? o Suppose a certificate is signed by Frank and you don t know Frank, but you do trust Bob and Bob says Alice is trustworthy and Alice vouches for Frank. Should you accept the certificate? Many other trust models and PKI issues Part 1 Cryptography 170

Confidentiality in the Real World Part 1 Cryptography 171

Symmetric Key vs Public Key Symmetric key + s o Speed o No public key infrastructure (PKI) needed Public Key + s o Signatures (non-repudiation) o No shared secret (but, private keys ) Part 1 Cryptography 172

Notation Reminder Public key notation o Sign M with Alice s private key [M] Alice o Encrypt M with Alice s public key {M} Alice Symmetric key notation o Encrypt P with symmetric key K C = E(P,K) o Decrypt C with symmetric key K P = D(C,K) Part 1 Cryptography 173

Real World Confidentiality Hybrid cryptosystem o Public key crypto to establish a key o Symmetric key crypto to encrypt data {K} Bob Alice E(Bob s data, K) E(Alice s data, K) Bob Can Bob be sure he s talking to Alice? Part 1 Cryptography 174

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback