Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Similar documents
Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptographic Systems

Computer Security 3/23/18

Encryption. INST 346, Section 0201 April 3, 2018

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public Key Algorithms

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

CSE 127: Computer Security Cryptography. Kirill Levchenko

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Public Key Cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Key Exchange. Secure Software Systems

Computer Security: Principles and Practice

Chapter 9 Public Key Cryptography. WANG YANG

Kurose & Ross, Chapters (5 th ed.)

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Chapter 9. Public Key Cryptography, RSA And Key Management

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

1.264 Lecture 28. Cryptography: Asymmetric keys

Lecture 2 Applied Cryptography (Part 2)

Public Key Algorithms

Public Key Cryptography

Ref:

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

CSC/ECE 774 Advanced Network Security

CSC 474/574 Information Systems Security

PROTECTING CONVERSATIONS

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Cryptographic Concepts

APNIC elearning: Cryptography Basics

Some Stuff About Crypto

Introduction to Cryptography. Vasil Slavov William Jewell College

n-bit Output Feedback

CSC 774 Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

UNIT III 3.1DISCRETE LOGARITHMS

Overview. Public Key Algorithms I

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

CSC 474/574 Information Systems Security

ASYMMETRIC CRYPTOGRAPHY

Security. Communication security. System Security

Public Key (asymmetric) Cryptography

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Key Management and Distribution

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptography MIS

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Cryptography and Network Security. Sixth Edition by William Stallings

Cryptography and Network Security

Public Key Algorithms

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Lecture 6 - Cryptography

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

David Wetherall, with some slides from Radia Perlman s security lectures.

Chapter 3 Public Key Cryptography

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Applied Cryptography and Computer Security CSE 664 Spring 2018

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Public-key encipherment concept

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Chapter 7 Public Key Cryptography and Digital Signatures

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

SECURITY IN NETWORKS

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Cryptography (Overview)

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Public-key Cryptography: Theory and Practice

CSC 8560 Computer Networks: Network Security

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Lecture 6: Overview of Public-Key Cryptography and RSA

SECURITY IN NETWORKS 1

2.1 Basic Cryptography Concepts

Topics. Number Theory Review. Public Key Cryptography

Lecture 1 Applied Cryptography (Part 1)

CS Computer Networks 1: Authentication

Spring 2010: CS419 Computer Security

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

1. Diffie-Hellman Key Exchange

BCA III Network security and Cryptography Examination-2016 Model Paper 1

The Application of Elliptic Curves Cryptography in Embedded Systems

Security: Cryptography

Digital Signature. Raj Jain

Part VI. Public-key cryptography

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Transcription:

Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1

Cryptography Security Cryptography may be a component of a secure system Adding cryptography may not make a system secure 2

Cryptography: what is it good for? Authentication determine origin of message Integrity verify that message has not been modified Nonrepudiation sender should not be able to falsely deny that a message was sent Confidentiality others cannot read contents of the message 3

Terms Plaintext (cleartext) message P Encryption E(P) Produces Ciphertext, C = E(P) Decryption, P = D(C) Cipher = cryptographic algorithm 4

Terms: types of ciphers Types restricted cipher symmetric algorithm public key algorithm Stream vs. Block Stream cipher Encrypt a message a character at a time Block cipher Encrypt a message a chunk at a time 5

Restricted cipher Secret algorithm Vulnerable to: Leaking Reverse engineering HD DVD (Dec 2006) and Blu-Ray (Jan 2007) RC4 All digital cellular encryption algorithms DVD and DIVX video compression Firewire Enigma cipher machine Every NATO and Warsaw Pact algorithm during Cold War Hard to validate its effectiveness (who will test it?) Not a viable approach! 6

The key BTW, the above is a bump key. See http://en.wikipedia.org/wiki/lock_bumping. 7

The key Source: en.wikipedia.org/wiki/pin_tumbler_lock 8

The key Source: en.wikipedia.org/wiki/pin_tumbler_lock 9

The key We understand how it works: Strengths Weaknesses Based on this understanding, we can assess how much to trust the key & lock Same for crypto Source: en.wikipedia.org/wiki/pin_tumbler_lock 10

Symmetric-key algorithm Same secret key, K, for encryption & decryption C = E K (P) P = D K (C) Examples: AES, 3DES, IDEA, RC5 Key length Determines number of possible keys DES: 56-bit key: 2 56 = 7.2 10 16 keys AES-256: 256-bit key: 2 256 = 1.1 10 77 keys Brute force attack: try all keys 11

The power of 2 Adding one extra bit to a key doubles the search space. Suppose it takes 1 second to search through all keys with a 20-bit key key length number of keys search time 20 bits 1,048,576 1 second 21 bits 2,097,152 2 seconds 32 bits 4.3 10 9 ~ 1 hour 56 bits 7.2 10 16 2,178 years 64 bits 1.8 10 19 > 557,000 years 256 bits 1.2 10 77 3.5 10 63 years Distributed & custom hardware efforts typically allow us to search between 1 and >100 billion 64-bit (e.g., RC5) keys per second 12

Communicating with symmetric cryptography Both parties must agree on a secret key, K Message is encrypted, sent, decrypted at other side E K (P) D K (C) Bob Alice Key distribution must be secret otherwise messages can be decrypted users can be impersonated 13

Key explosion Each pair of users needs a separate key for secure communication Alice Bob Alice Bob K AB K AB 2 users: 1 key K AC K BC Charles 4 users: 6 keys 3 users: 3 keys 100 users: 4,950 keys 1000 users: 399,500 keys 6 users: 15 keys n users: n( n 1) 2 keys 14

Key distribution Secure key distribution is the biggest problem with symmetric cryptography 15

Key exchange How can you communicate securely with someone you ve never met? Whit Diffie: idea for a public key algorithm Challenge: can this be done securely? Knowledge of public key should not allow derivation of private key 16

Diffie-Hellman Key Exchange Key distribution algorithm First algorithm to use public/private keys Not public key encryption Based on difficulty of computing discrete logarithms in a finite field compared with ease of calculating exponentiation Allows us to negotiate a secret session key without fear of eavesdroppers 17

Diffie-Hellman Key Exchange All arithmetic performed in a field of integers modulo some large number Both parties agree on a large prime number p and a number < p Each party generates a public/private key pair Private key for user i: X i Public key for user i: Y i = i X mod p 18

Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes Bob has secret key X B Bob has public key Y B K Y X A B mod p K = (Bob s public key) (Alice s private key) mod p 19

Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes Bob has secret key X B Bob has public key Y B Bob computes K Y X A B mod p K Y XB A mod p K = (Alice s public key) (Bob s private key) mod p 20

Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes K Y X A B modp Bob has secret key X B Bob has public key Y B Bob computes K Y XB A modp expanding: expanding: K Y ( X A modp B X X B mod p) A mod p K Y ( XB mod p B X X A mod p) B mod p X B X A mod p X A X B mod p K = K K is a common key, known only to Bob and Alice 21

RSA Public Key Cryptography Ron Rivest, Adi Shamir, Leonard Adleman created a true public key encryption algorithm in 1977 Each user generates two keys: Private key (kept secret) Public key (can be shared with anyone) Difficulty of algorithm based on the difficulty of factoring large numbers keys are functions of a pair of large (~300 digits) prime numbers 22

RSA algorithm How to generate keys choose two random large prime numbers p, q Compute the product n = pq randomly choose the encryption key, e, such that: e and (p - 1)(q - 1) are relatively prime Compute a decryption key, d such that: ed = 1 mod ((p - 1) (q - 1)) d = e -1 mod ((p - 1) (q - 1)) discard p, q 23

RSA Encryption Key pair: e, d Agreed-upon modulus: n Encrypt: divide data into numerical blocks < n encrypt each block: c = m e mod n Decrypt: m = c d mod n 24

Public-key algorithm Two related keys. C = E K1 (P) P = D K2 (C) C = E K2 (P) P = D K1 (C ) K 1 is a public key K 2 is a private key Examples: RSA, Elliptic curve algorithms DSS (digital signature standard), Diffie-Hellman (key exchange only!) Key length Unlike symmetric cryptography, not every number is a valid key 3072-bit RSA = 256-bit elliptic curve = 128-bit symmetric cipher 15360-bit RSA = 521-bit elliptic curve = 256-bit symmetric cipher 25

Communication with public key algorithms Different keys for encrypting and decrypting No need to worry about key distribution 26

Communication with public key algorithms Alice Bob Alice s public key: K A Bob s public key: K B (Alice s private key: K a ) (Bob s private key: K b ) E B (P) D b (C) encrypt message with Bob s public key decrypt message with Bob s private key D a (C) E A (P) decrypt message with Alice s private key encrypt message with Alice s public key 27

Hybrid Cryptosystems Session key: randomly-generated key for one communication session Use a public key algorithm to send the session key Use a symmetric algorithm to encrypt data with the session key Public key algorithms are almost never used to encrypt messages MUCH slower; vulnerable to chosen-plaintext attacks RSA-2048 approximately 55x slower to encrypt and 2000x slower to decrypt than AES-256. 28

Communication with a hybrid cryptosystem Alice Bob Pick a random session key, K Bob s public key: K B K E B (K) K encrypt session key with Bob s public key K = D b (E B (K)) Bob decrypts K with his private key Now Bob knows the secret session key, K 29

Communication with a hybrid cryptosystem Alice Bob Bob s public key: K B E B (K) K = D b (E B (K)) E K (P) D K (C) encrypt message using a symmetric algorithm and key K decrypt message using a symmetric algorithm and key K 30

Communication with a hybrid cryptosystem Alice Bob Bob s public key: K B E B (K) K = D b (E B (K)) E K (P) D K (C) D K (C ) E K (P ) decrypt message using a symmetric algorithm and key K encrypt message using a symmetric algorithm and key K 31

Message Authentication 32

McCarthy s puzzle (1958) The setting: Two countries are at war One country sends spies to the other country To return safely, spies must give the border guards a password Spies can be trusted Guards chat information given to them may leak 33

McCarthy s puzzle Challenge How can a guard authenticate a person without knowing the password? Enemies cannot use the guard s knowledge to introduce their own spies 34

Solution to McCarthy s puzzle: Michael Rabin, 1958 Use a one-way function, B = f (A) Guards get B Enemy cannot compute A if they know A Spies give A, guards compute f(a) If the result is B, the password is correct. 35

One-way functions Easy to compute in one direction Difficult to compute in the other Examples: Factoring: pq = N EASY find p,q given N DIFFICULT Discrete Log: a b mod c = N EASY find b given a, c, N DIFFICULT 36

McCarthy s puzzle example Example with an 18 digit number A = 289407349786637777 A 2 = 83756614110525308948445338203501729 Middle square, B = 110525308948445338 Given A, it is easy to compute B Given B, it is difficult to compute A Difficult = no known short-cuts; requires an exhaustive search 37

Message Integrity: Digital Signatures Validate the creator (signer) of the content Validate the the content has not been modified since it was signed The content itself does not have to be encrypted 38

Digital Signatures: Public Key Cryptography Encrypting a message with a private key is the same as signing it! Trusted directory of public keys Alice Bob E a (P) D A (C) Encrypt message with Alice s private key Decrypt message with Bob s public key 39

But Not quite what we want We don t want to permute or hide the content We just want Bob to verify that the content came from Alice Moreover... Public key cryptography is much slower than symmetric encryption What if Alice sent Bob a multi-gb movie? 40

Hashes to the rescue! Cryptographic hash function (also known as a digest) Input: arbitrary data Output: fixed-length bit string Properties One-way function Given H=hash(M), it should be difficult to compute M, given H Collision resistant Given H=hash(M), it should be difficult to find M, such that H=hash(M ) For a hash of length L, a perfect hash would take 2 (L/2) attempts Efficient Computing a hash function should be computationally efficient 41

Popular hash functions SHA-2 Designed by the NSA; published by NIST SHA-224, SHA-256, SHA-384, SHA-512 e.g., Linux passwords used MD5 and now SHA-512 SHA-3 NIST standardization still in progress MD5 128 bits (not often used now since weaknesses were found) Derivations from ciphers: Blowfish (used for password hashing in OpenBSD) 3DES used for old Linux password hashes 42

Digital signatures using hash functions You: Create a hash of the message Encrypt the hash with your private key & send it with the message Recipient: Decrypts the encrypted hash using your public key Computes the hash of the received message Compares the decrypted hash with the message hash If they re the same then the message has not been modified 43

Digital signatures: public key cryptography Alice Bob H(P) Alice generates a hash of the message 44

Digital signatures: public key cryptography Alice Bob H(P) S=E a (H(P)) Alice encrypts the hash with her private key This is her signature. 45

Digital signatures: public key cryptography Alice Bob H(P) S=E a (H(P)) Alice sends Bob the message & the encrypted hash 46

Digital signatures: public key cryptography Alice H(P) Bob H(P) S=E a (H(P)) D A (S) 1. Bob decrypts the hash using Alice s public key 2. Bob computes the hash of the message sent by Alice 47

Digital signatures: public key cryptography Alice H(P) Bob H(P) S=E a (H(P)) D A (S) If the hashes match, the signature is valid the encrypted hash must have been generated by Alice 48

Digital signatures: multiple signers Alice Bob Charles H(P) H(P) H(P) S=E a (H(P)) D A (S) S =E b (H(P)) D A (S) D B (S ) Charles: Generates a hash of the message, H(P) Decrypts Alice s signature with Alice s public key - Validates the signature: D A (S) H(P) Decrypts Bob s signature with Bob s public key - Validates the signature: D B (S) H(P) 49

Covert AND authenticated messaging If we want to keep the message secret combine encryption with a digital signature Use a session key: Pick a random key, K, to encrypt the message with a symmetric algorithm encrypt K with the public key of each recipient for signing, encrypt the hash of the message with sender s private key 50

Covert and authenticated messaging Alice H(P) S=E a (H(M)) Alice generates a digital signature by encrypting the message with her private key 51

Covert and authenticated messaging Alice H(P) C=E K (M) S=E a (H(M)) Alice picks a random key, K, and encrypts the message P with it using a symmetric cipher 52

Covert and authenticated messaging Alice H(P) C=E K (M) S=E a (H(M)) K C 1 =E B (K) K C 2 =E C (K) K for Charles Alice encrypts the session key for each recipient of this message using their public keys 53

Covert and authenticated messaging Alice Bob H(P) Sender: Alice Message: Bob K S=E a (H(P)) C 1 =E B (K) K Signature: Key for Bob: Key for Charles: K K Charles C 2 =E C (K) K The aggregate message is sent to Bob & Charles 54

Cryptographic toolbox Symmetric encryption Public key encryption One-way hash functions Random number generators 55

The End 56

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback