Public Key Algorithms

Similar documents
CSC 474/574 Information Systems Security

Public Key Algorithms

Chapter 9. Public Key Cryptography, RSA And Key Management

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Lecture 2 Applied Cryptography (Part 2)

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Overview. Public Key Algorithms I

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Chapter 9 Public Key Cryptography. WANG YANG

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Public Key Cryptography

Key Management and Distribution

Spring 2010: CS419 Computer Security

Chapter 3 Public Key Cryptography

Chapter 7 Public Key Cryptography and Digital Signatures

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography and Network Security

Public Key Algorithms

Lecture 6 - Cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Cryptography and Network Security. Sixth Edition by William Stallings

1. Diffie-Hellman Key Exchange

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Public-key encipherment concept

Public Key (asymmetric) Cryptography

Encryption. INST 346, Section 0201 April 3, 2018

Public Key Cryptography

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

CSC/ECE 774 Advanced Network Security

CS669 Network Security

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Computer Security 3/23/18

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Cryptography (Overview)

Cryptographic Systems

Public Key Cryptography and RSA

Number Theory and RSA Public-Key Encryption

Diffie-Hellman. Part 1 Cryptography 136

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Kurose & Ross, Chapters (5 th ed.)

David Wetherall, with some slides from Radia Perlman s security lectures.

Introduction to Cryptography Lecture 7

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

CSC 774 Network Security

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

UNIT III 3.1DISCRETE LOGARITHMS

Public-Key Cryptography

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

CSE 127: Computer Security Cryptography. Kirill Levchenko

Key Exchange. Secure Software Systems

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Garantía y Seguridad en Sistemas y Redes

CS 332 Computer Networks Security

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Public-key Cryptography: Theory and Practice

The Application of Elliptic Curves Cryptography in Embedded Systems

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

What did we talk about last time? Public key cryptography A little number theory

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Uzzah and the Ark of the Covenant

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Applied Cryptography and Computer Security CSE 664 Spring 2018

Abhijith Chandrashekar and Dushyant Maheshwary

Chapter 3. Principles of Public-Key Cryptosystems

Public Key Cryptography and the RSA Cryptosystem

ECE 646 Lecture 3. Key management

Cryptography MIS

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

CS 161 Computer Security

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security

Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Channel Coding and Cryptography Part II: Introduction to Cryptography

Other Topics in Cryptography. Truong Tuan Anh

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Lecture 6: Overview of Public-Key Cryptography and RSA

Chapter 9: Key Management

Topics. Number Theory Review. Public Key Cryptography

Grenzen der Kryptographie

Encryption 2. Tom Chothia Computer Security: Lecture 3

Crypto CS 485/ECE 440/CS 585 Fall 2017

Transcription:

CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and digital signature Diffie-Hellman: key exchange DSA: digital signature Elliptic curve: encryption and digital signature Number theory underlies most of public key algorithms Prime numbers The Chinese Remainder Theorem (CRT) Discrete Logarithms Dr. Sencun Zhu, CSE/IST, PSU 2 Applications Encryption/decryption The sender encrypts a message with the receiver s public key Only the receiver can decrypt the message. Digital signature The sender signs a message with its private key. Authentication and non-repudiation Key exchange Two sides cooperate to exchange a session key. Secret key cryptosystems are often used with the session key. Dr. Sencun Zhu, CSE/IST, PSU 3 1

Requirements It is computationally easy to generate a pair of public key and private key. It is computationally easy to generate a ciphertext using the public key. It is computationally easy to decrypt the ciphertext using the private key. It is computationally infeasible to determine the private key from the public key. It is computationally infeasible to recover the message from the ciphertext and the public key. Dr. Sencun Zhu, CSE/IST, PSU 4 Trapdoor One-Way Function One-way function f Y=f(X): easy X=f 1 (Y): infeasible Trapdoor one-way function Y=f k (X): easy if k and X are known X=f 1 k(y): easy if k and Y are known X=f 1 k(y): infeasible if Y is known but k is unknown. Designing public-key algorithm is to find appropriate trapdoor one-way function Dr. Sencun Zhu, CSE/IST, PSU 5 Public-Key Cryptanalysis Brute-force attack Try all possible keys Derivation of private key from public key Try to find the relationship between the public key and the private key and compute the private key from the public one Probable-message attack The public key is known Encrypt all possible messages Try to find a match between the ciphertext and one of the above encrypted messages Dr. Sencun Zhu, CSE/IST, PSU 6 2

A Little Background Theorem 1 (Euclid): There are an infinite number of primes In the neighborhood of a number n, approximately one in every ln(n) numbers is prime ln(n) ~= 0.7 log 2 (n) In the neighborhood of a number of 2000 bits (2 1999 ~ 2 2000 ), there is about one prime in every 1386 numbers Dr. Sencun Zhu, CSE/IST, PSU 7 A Little More Background Generate Large Prime Input: lower/upper bound [l, u] of range in which prime should lie Output: a random prime p in [l, u] Method: randomly choose a number in the range and test its primality until success Generate a secure prime The range [l, u] should be large enough so that there are at least a certain number (e.g., 2 128 ) of primes in the interval Why? Do not compare the size of a symmetric key to that of a public key Dr. Sencun Zhu, CSE/IST, PSU 8 RSA (Rivest, Shamir, Adleman) The most popular one Support both public key encryption and digital signature Assumption/theoretical basis Factorization of large primes is hard Variable key length 1024, 2048, 4096 bits (512 bits was broken) Variable plaintext block size Plaintext must be smaller than the key Ciphertext block size is the same as the key length Dr. Sencun Zhu, CSE/IST, PSU 9 3

RSA Algorithm Key pair generation Pick large primes p and q Let n = p*q, keep p and q to yourself! For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = <e,n> For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let pri = <d,n> In practice small public exponents e=3, 5, 17, or 65537 Very large n, at least 1024 bits Dr. Sencun Zhu, CSE/IST, PSU 10 How Does RSA Work? Given pub = <e, n> and priv = <d, n> encryption: c = m e mod n, m < n decryption: m = c d mod n signature: s = m d mod n, m < n verification: m = s e mod n Correctness Decryption: m = c d mod n = m e*d mod n = m mod n = m (since m < n) Signature similar Dr. Sencun Zhu, CSE/IST, PSU 11 An Example Choose p = 7 and q = 17. Compute n = p*q=. Compute φ(n)=(p-1)(q-1)=. Select e = 5, which is relatively prime to φ(n). Compute d = _77_such that e*d=1 mod φ(n). Public key: <, > Private key: <, > Encryption: 19 5 mod 119 = 66 Decryption: 66 77 mod 119 = 19. Dr. Sencun Zhu, CSE/IST, PSU 12 4

The Security of RSA Attacks against RSA Brute force: Try all possible private keys Can be defeated by using a large key space Mathematical attacks Factor n into n=p*q. Determine ø(n) directly: equivalent to factoring n. Determine d directly: at least as difficult as factoring n. Timing attacks Recover the private key according to the running time of the decryption algorithm. Dr. Sencun Zhu, CSE/IST, PSU 13 Diffie-Hellman Key Exchange A public-key distribution scheme can establish a common key known only to the two participants cannot be used to exchange an arbitrary message Value of key depends on the participants (and their private and public key information) Theoretical basis Exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy Security relies on the difficulty of computing discrete logarithms (similar to factoring) hard Dr. Sencun Zhu, CSE/IST, PSU 14 Diffie-Hellman Setup All users agree on global parameters: large prime integer or polynomial q α a primitive root mod q Each user (eg. A) generates two keys chooses a secret key (number): x A < q compute their public key: y A = α xa mod q Each user makes public the key y A Dr. Sencun Zhu, CSE/IST, PSU 15 5

Diffie-Hellman Key Exchange Shared session key for users A & B is K AB : K AB = α xa.xb mod q = y xb A mod q (which B can compute) = y xa B mod q (which A can compute) K AB is used as session key in symmetric-key encryption scheme between Alice and Bob If Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys Attacker must solve discrete log to obtain x Dr. Sencun Zhu, CSE/IST, PSU 16 Diffie-Hellman Example users Alice & Bob who wish to swap keys: agree on prime q=353 and α=3 select random secret keys: A chooses x A =97, B chooses x B =233 compute public keys: y A =3 97 mod 353 = 40 (Alice) y B =3 233 mod 353 = 248 (Bob) compute shared session key as: K AB = y xa B mod 353 = 248 97 = 160 (Alice) K AB = y xb A mod 353 = 40 233 = 160 (Bob) Dr. Sencun Zhu, CSE/IST, PSU 17 Security of DH Scheme Security factors Discrete logarithm very difficult Shared key (the secret) itself never transmitted Security vulnerability No authentication of partners Man-in-the-middle attack Session key provides no non-repudiation, so you cannot sign anything Dr. Sencun Zhu, CSE/IST, PSU 18 6

Man-In-The-Middle Attack Alice Eve Bob g Sa =123 g Se =654 g Sb =255 123 654 654 255 654 Sa =123 Se 255 Se =654 Sb Eve impersonates Bob to Alice and Alice to Bob Dr. Sencun Zhu, CSE/IST, PSU 19 Phone Book Mode DH is subject to active man-in-the-middle attack because their public key-component may be intercepted and substituted Phone book mode allows everyone to generate the public key-component in advance and publish them through other reliable means All communicating parties agree on their common <g, p> Essential requirement: authenticity of the public key. Dr. Sencun Zhu, CSE/IST, PSU 20 An Example Application Connected to lab-218.cse.psu.edu:22. Exchanging SSH version...done. Server: SSH-2.0-OpenSSH_3.8.1p1. Client: SSH-2.0-Xssh_1.0. SSH2 is enabled. Negotiating algorithms... Initiating key exchange...done. Exchanging Diffie-Hellman KeyEx message...done. Waiting for new key message...received. Fingerprint: 1024 36:cb:f9:fc:13:ad:b2:65:6a:73:de:8e:0e:be:1a:bb.Verifying host key... Algorithm negotiation has been finished... CS Cipher: 3des-cbc, SC Cipher: 3des-cbc CS Compress: zlib, SC Compress: zlib CS MAC: hmac-sha1, SC MAC: hmac-sha1 Trying to login as szhu. Trying password authentication...done. Requesting session channel...done. Requesting X11 forwarding...done. Executing remote command...done. X11 channel request arrived. Establishing X11 connection (id=2)...done. Dr. Sencun Zhu, CSE/IST, PSU 21 7

Public Key Infrastructure (PKI) An infrastructure that allows you to recognize which public key belongs to whom Binding a public key to an identity Involving a trusted certificate authority (CA) CA signs the public key of a user I, the CA, have verified that public key P A belongs to Alice Everybody knows the public key of the CA Often a hierarchy providing multilevel certificates (or certificate chain) Dr. Sencun Zhu, CSE/IST, PSU 22 Certificates Content of a certificate A unique sequence number Identity of principal (who uses it) Corresponding public key Timestamp when issued and when to expire Other information Can this principle issue certificates to others What is the purpose of the public key Encryption or signature Dr. Sencun Zhu, CSE/IST, PSU 23 Certificate Revocation The hardest problem to solve in PKI The key issue: how do you know if a presented certificate is still valid? Why revocation before expiration? Public/private key compromise Change your company / fired CA made a mistake And so on Dr. Sencun Zhu, CSE/IST, PSU 24 8

Solutions Fast expiration Use a short expiration time, say minutes or hours Ask for a new certificate after it is expired Problem? CRL Publish the list of the revoked certificates Signed by CA Stored in some directory services Not necessary to be trusted Dr. Sencun Zhu, CSE/IST, PSU 25 CRL How to sign CRL Entire list Every individual Certificate revocation tree (CRT) How to distribute CRL Push Pull Online/offline Dr. Sencun Zhu, CSE/IST, PSU 26 PKI Difficulties What is a name? Hard to have a unique name Who has the authority? Government? Whom to trust? No one is trusted by everybody in the world What are authorized? Keys, not identities Dr. Sencun Zhu, CSE/IST, PSU 27 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback