Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Similar documents
Encryption. INST 346, Section 0201 April 3, 2018

Lecture 6 - Cryptography

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Security and authen.ca.on

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Network Security. Chapter 8. MYcsvtu Notes.

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Cryptography (Overview)

Diffie-Hellman. Part 1 Cryptography 136

CS 332 Computer Networks Security

Chapter 9 Public Key Cryptography. WANG YANG

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Public Key Algorithms

Overview. Public Key Algorithms I

Network Security Chapter 8

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

14. Internet Security (J. Kurose)

CSE 127: Computer Security Cryptography. Kirill Levchenko

The evolving storage encryption market

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CS 161 Computer Security

Authentication and Key Distribution

Cryptographic Protocols 1

Public Key Algorithms

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

CS61A Lecture #39: Cryptography

Kurose & Ross, Chapters (5 th ed.)

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Chapter 9. Public Key Cryptography, RSA And Key Management

2.1 Basic Cryptography Concepts

Security: Focus of Control. Authentication

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Key Exchange. Secure Software Systems

Introduction to Cryptography. Vasil Slavov William Jewell College

Spring 2010: CS419 Computer Security

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Information Security CS 526

CPSC 467b: Cryptography and Computer Security

Key Management and Distribution

Security: Focus of Control

CSC 474/574 Information Systems Security

Encryption 2. Tom Chothia Computer Security: Lecture 3

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Overview. SSL Cryptography Overview CHAPTER 1

Lorenz Cipher. Menu. Class 4: Modern Cryptography. British Cipher Machine. German Code-Breaking Efforts. Some loose ends on WWII Maurice Burnett

CSC 8560 Computer Networks: Network Security

Cryptography III Want to make a billion dollars? Just factor this one number!

1.264 Lecture 28. Cryptography: Asymmetric keys

Cryptography and Network Security

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Key Establishment and Authentication Protocols EECE 412

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

David Wetherall, with some slides from Radia Perlman s security lectures.

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Ref:

Crypto meets Web Security: Certificates and SSL/TLS

PROTECTING CONVERSATIONS

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2

Data Security and Privacy. Topic 14: Authentication and Key Establishment

ECEN 5022 Cryptography

Internet and Intranet Protocols and Applications

CPSC 467: Cryptography and Computer Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 2 Applied Cryptography (Part 2)

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Introduction and Overview. Why CSCI 454/554?

Authentication Part IV NOTE: Part IV includes all of Part III!

Chapter 9: Key Management

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Uzzah and the Ark of the Covenant

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Topics. Number Theory Review. Public Key Cryptography

CS Computer Networks 1: Authentication

Grenzen der Kryptographie

SECURITY IN NETWORKS 1

Public Key Cryptography

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

CS Lab 11. Today's Objectives. Prime Number Generation Implement Diffie-Hellman Key Exchange Implement RSA Encryption

Cryptography and Network Security. Sixth Edition by William Stallings

Public Key Algorithms

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Transcription:

Modern cryptography 2 CSCI 470: Web Science Keith Vertanen

Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital signing Public key infrastructure (PKI) Securing web commerce SSL / TLS https 2

Diffie-Hellman Diffie-Hellman (DH) key exchange 1976, Whitfield Diffie & Martin Hellman Alice and Bob agree on a private secret: On a public channel Where Eve hears all the traffic Only Alice and Bob end up knowing the secret Relies on one-way function http://www.youtube.com/watch?v=3qnd2c4xovk Function must be easy to do, but difficult to undo Whitfield Diffie Martin Hellman 3

Alice Bob Alice and Bob agree publicly on values for Y and P for the one-way function: Y x (mod P), e.g. Y = 7, P = 11 Alice chooses secret number: A = 3 α = 7 A (mod 11) = 7 3 (mod 11) = 343 (mod 11) = 2 Sends α = 2 to Bob Using Bob's result: β A (mod 11) 4 3 (mod 11) = 9 Bob chooses secret number: B = 6 β = 7 B (mod 11) = 7 6 (mod 11) = 117649 (mod 11) = 4 Sends β = 4 to Alice Using Alice's result α B (mod 11) 2 6 (mod 11) = 9 Why the same? 4 = 7 6 (mod 11) = 4 3 (mod 11) = (7 6 ) 3 (mod 11) = 7 B*A (mod 11) 2 = 7 3 (mod 11) = 2 6 (mod 11) = (7 3 ) 6 (mod 11) = 7 A*B (mod 11) 4

Public key cryptography Diffie-Helman key exchange Both parties had to be around to negotiate secret Symmetric encryption Encrypting message M with key K: E k (M) = C Decrypting ciphertext C with key K: D K (C) = M Asymmetric encryption 1975, Diffie conceives of idea Users have a private key and a public key Alice encrypts plaintext with Bob's public key Only Bob can (tractably) decrypt using his private key Special one-way function Hard to reverse unless you know something special 5

RSA RSA public key encryption 1977: Rivest, Shamir, Adlerman Choose two prime numbers, p and q Public key: N = pq Private key: p and q If N is product of two large primes, factoring is hard 1973: equivalent algorithm, Clifford Cocks (GCHQ) http://www.youtube.com/watch?v=wxb-v_keiu8 6

RSA example Alice Alice Bob Bob Alice picks two giant primes, p and q e.g. p = 61, q = 53 N = p * q = 61 * 53 = 3233 (p - 1) * (q - 1) = 60 * 52 = 3120 Find number 1 < e < 3120, e is relatively prime with 3120, say e = 17 Alice's public key: N = 3233, e = 17 Bob wants to send message 65 to Alice, looks up her public key. C = M e (mod N) C = 65 17 (mod 3233) = 2790 7

RSA example Alice Alice Bob Bob Bob wants to send message 65 to Alice, looks up her public key. Compute special number d e * d = 1 (mod (p 1) * (q 1)) 17 * d = 1 (mod 3120) d = 2753 (using Euclid's algorithm) C = M e (mod N) C = 65 17 (mod 3233) = 2790 Alice's private key d = 2753 (derived from p and q) Decrypt message: M = C d (mod N) M = 2790 2753 (mod 3233) = 65 8

Security of RSA Attacks on RSA Brute force Try all possible private keys Use a large key space, but large keys slows things down Mathematical Factoring product of 2 large primes Timing Keep track of how long it takes to decipher messages Chosen ciphertext General number field sieve, b-bit number 2009: 768-bit RSA factored using hundreds of machines in 2 years 9

PGP Problem: RSA hard to use, resource intensive Pretty Good Privacy (PGP) 1991 Phil Zimmermann "In the past, if the Government wanted to violate the privacy of ordinary citizens, it had to expend a certain amount of effort to intercept and steam open and read paper mail, and listen to and possibly transcribe spoken telephone conversation. This is analogous to catching fish with a hook and a line, one fish at a time. Fortunately for freedom and democracy, this kind of labor-intensive monitoring is not practical on a large scale. Today, electronic mail is gradually replacing conventional paper mail, and is soon to be the norm for everyone, not the novelty it is today. Unlike paper mail, E mail messages are just too easy to intercept and scan for interesting keywords. This can be done easily, routinely, automatically, and undetectably on a grand scale. This is analogous to driftnet fishing -- making a quantitative and qualitative Orwellian difference to the health of democracy." -Philip Zimmermann, testimony to Congress 10

PGP Pretty Good Privacy (PGP) Focus on efficiency: RSA for symmetric key exchange Symmetric cipher (IDEA) for bulk of encryption Focus on ease of use: Allow average Joe to use strong cryptography User clicks to encrypt/sign an email First widely available public-key crypto Released via friend to the Usenet Problems: RSA was patented by RSA Data Security, Inc. Strong encryption considered a munition by US 11

Alice Bob Asymmetric key lengths Need to be longer than symmetric keys 384 bits = casual, broken easily today 512 bits = commercial, breakable by 3-letter orgs 1024 bits = military, not breakable on earth 2048 bits = alien, unbreakable on other planets 12

Digital signing Alice Bob Mallory Problem: Impersonation in public-key crypto Mallory encrypts message with Bob's public key Only Bob can decrypt using his private key Message is a love letter claiming to be from Alice 13

Digital signing Digital signing via public key crypto Alice encrypts message with her private key Everybody can decrypt using Alice's public key But proves message came from Alice since no one else has her private key Alice can additional encrypt using Bob's public key Only Bob can decrypt using his private key Verify authorship by decrypting with Alice's public key Problem: Signing entire message expensive Hash the message Encrypt just the hash 14

Hash-based digital signing 15

Distributing public keys Alice needs Bob's public key Downloads Bob's key from some web site How does she know it is really Bob's key? Man in the middle attack: Mallory fools Alice into using fake Bob public key Mallory decrypts using fake Bob's private key Mallory reads message Re-encrypts using Bob's real public key and sends on Alice and Bob think there are communicating securely but actually aren't Problem 1: How to distribute public keys? Problem 2: How to establish trust of keys? 16

PKI Public Key Infrastructure (PKI) Digital certificate Prove ownership of a public key e.g. X.509 Certificate Authority (CA) Fields in a X.509 certificate Trusted 3 rd party, validates identity of person/org Digitally signs and publishes public key bound to a user Signed with CA's private key CA's public key trusted by user, e.g. by web browser 17

PKI Public Key Infrastructure (PKI) Registration Authority (RA) Optional component Handles administration functions: Accept requests Authenticate person/organization Make request to CA Certificate repository Publically accessible location of certificates/keys 18

Securing web commerce Customer fills out order with credit card # Problem 1: Keep data secure from customer's browser to the web server Problem 2: Keep data secure on server or in transit to order fulfillment 22

HTTPS Hypertext Transfer Protocol Secure (HTTPS) https:// Typically running on port 443 23

SSL Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Client requests secure connection from server Client sends supported ciphers & hashes Server picks strongest mutual cipher & hash Server sends back digital certificate Client contacts CA to confirm key belongs to site Client generates session key by encrypting random number with server's public key Client and server switch to symmetric cipher 24

https://www.ssllabs.com/ssltest/

Modern cryptography Summary Asymmetric cryptography Diffie-Hellman: exchange of secrets on public channel RSA: public key encryption PGP: end-user application of public key encryption Digital signing Prove authorship via asymmetric cryptography Public key infrastructure (PKI) Publicize/verify public keys Securing web commerce SSL/TLS 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback