T Cryptography and Data Security

Similar documents
T Cryptography and Data Security

Cryptography and Network Security Chapter 7. Fourth Edition by William Stallings

Analysis, demands, and properties of pseudorandom number generators

Computer Security: Principles and Practice

Analysis of Cryptography and Pseudorandom Numbers

Cryptography and Network Security Chapter 14

Key Management and Distribution

CSC/ECE 774 Advanced Network Security

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 7

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Basic principles of pseudo-random number generators

CS Computer Networks 1: Authentication

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Cryptography and Network Security

ECE 646 Lecture 3. Key management

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Network Security. Random Number Generation. Chapter 6. Network Security (WS 2003): 06 Random Number Generation 1 Dr.-Ing G.

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Blum-Blum-Shub cryptosystem and generator. Blum-Blum-Shub cryptosystem and generator

UNIT - IV Cryptographic Hash Function 31.1

CSC 774 Network Security

Lecture 1 Applied Cryptography (Part 1)

Encryption. INST 346, Section 0201 April 3, 2018

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Key Management and Distribution

Cryptography V: Digital Signatures

Introduction to Cryptography. Vasil Slavov William Jewell College

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CT30A8800 Secured communications

Lecture 2 Applied Cryptography (Part 2)

Key Management and Distribution

Key management. Pretty Good Privacy

1. Diffie-Hellman Key Exchange

Cryptography V: Digital Signatures

Diffie-Hellman. Part 1 Cryptography 136

Cryptographic Concepts

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

Kurose & Ross, Chapters (5 th ed.)

Cryptography and Network Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Public Key Algorithms

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers

APPENDIX D RANDOM AND PSEUDORANDOM NUMBER GENERATION

Security. Communication security. System Security

A Secured Key Generation Scheme Using Enhanced Entropy

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography. Summer Term 2010

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Chapter 6 Random Number Generation

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Chapter 9. Public Key Cryptography, RSA And Key Management

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

What did we talk about last time? Public key cryptography A little number theory

CS 161 Computer Security

Applied Cryptography and Computer Security CSE 664 Spring 2018

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

Stream Ciphers An Overview

CSCE 715: Network Systems Security

Cryptographic Protocols 1

Contents Digital Signatures Digital Signature Properties Direct Digital Signatures

Public Key Algorithms

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Random and Pseudorandom Bit Generators

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

UNIT III 3.1DISCRETE LOGARITHMS

Cryptography MIS

Public Key Cryptography

Chapter 10: Key Management

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Recurrent Neural Network Models for improved (Pseudo) Random Number Generation in computer security applications

Computer Networks. Wenzhong Li. Nanjing University

Security: Cryptography

Garantía y Seguridad en Sistemas y Redes

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Technological foundation

Overview. SSL Cryptography Overview CHAPTER 1

Study Guide to Mideterm Exam

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

U-III PUBLIC KEY CRYPTOGRAPHY. Prime number is a positive integer greater than 1 whose only factors are 1 and number itself

Chapter 9: Key Management

(2½ hours) Total Marks: 75

Cryptography (Overview)

Chapter 3 Public Key Cryptography

Transcription:

T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings: Ch 7.4; 7.3; 10.1 1 The Use of Random Numbers Random numbers are needed in cryptographic protocols: there is no security without apparent randomness and unpredictability; things must look random to an external observer. Cryptographic keys symmetric keys Keys for asymmetric cryptosystems, random numbers with some additional properties Cryptographic nonces (= numbers used once) to guarantee freshness 2 1

Random and pseudorandom numbers Random numbers are characterised using the following statistical properties: Uniformity: Random numbers are uniformly distributed Independence: generated random numbers cannot be derived from other generated random numbers Generated using physical devices, e.g, quantum random number generator Pseudorandom numbers are nonrandom numbers that cannot be distinguished from random numbers: Statistical distribution cannot be distinguished from the uniform distribution Independent-looking: pseudorandom numbers should be unpredictable, given a sequence of previously generated pseudorandom numbers Generated using deterministic algorithms from a short truly random or pseudorandom seed. 3 Linear Congruential Generator (Lehmer 1951) m the modulus, m > 0 a the multiplier, 0 < a < m c the increment, 0 c < m the starting value, or seed x 0 The sequence of pseudorandom numbers is computed as x n+1 = (ax n + c) mod m n = 0,1,2,. Example: m = 32; a = 7; c = 0, x 0 = 7; then x 1 = 7, x 2 = 17, x 3 = 23, x 4 = 1, x 5 =7, The period of the sequence is 4. This is due to the fact that the order of 7 modulo 32 equals 4. For unpredictability the period should be large. This can be achieved by suitable choice of the numbers: IBM360 family of computers use LCG with a = 16807= 7 5 ; m = 2 31-1; c = 0. 4 2

Weaknesses of LCG Given the parameters a, c and m, and just one term of the generated sequence, then one can compute any term after and before this term. Assume a,c and m are unknown. Then given just four known terms x 0, x 1, x 2, x 3 of the generated sequence, one gets a system of equations: x 1 = (ax 0 +c) mod m x 2 = (ax 1 +c) mod m x 3 = (ax 2 +c) mod m from where one can try to solve for a,c and m. Linear Feedback Shift Registers (LFSR) are very similar to LCG: good statistical properties, but no cryptographic security in itself. Given an output sequence of length 2 times the length of the LFSR, one can solve for the feedback coefficients. Therefore they are used as a part of a construction for a cryptographically secure key stream or pseudorandom number generator. 5 Cryptographical PRNGs The security requirements for a cryptographically secure pseudorandom number generator are similar than those for a keystream generator. In practice, the difference lies in the fact that keystream generators are used for encryption and must be fast, and consequently, security is traded off to achieve the required speed. Random number generators are used for key and nonce generation, and therefore security is more important than speed. Some standard PRNGs: Counter mode keystream generator is a cryptographically strong PRNG ANSI X9.17 PRNG based on Triple DES with two keys in encryption-decryption-encryption mode. FIPS 186-2 specifies a random number generator based on SHA-1 for generation of the private keys and per-message nonces for siganture generation Blum-Blum-Shub generator is provably secure if factoring is hard 6 3

Also known as Cyclic Encryption (Meyers 1982): Consist of a counter with period N and an encryption algorithm with a secret key. IV Initial value of the counter C K Key of the block cipher encryption function i-th pseudorandom number output X i Counter Mode PRNG C i C 0 = IV; C i = C i-1 +1; X i = (C i ), i = 1,2, The period is N. If the length of the counter is less than the block size of then all generated numbers within one period are different. X i 7 ANSI X9.17 PRNG DT i V i X i 64-bit time variant parameter, date and time seed variable 3-DES encryption with two 56-bit keys K 1 and K 2, K = (K 1,K 2 ) i-th pseudorandom number output DT i V i V i+1 X i = (V i (DT i )), V i+1 = (X i (DT i )), i = 1,2, X i 8 4

FIPS 186-2 PRNG for generation of permessage random numbers k j for DSA m number of messages to be signed q the 160-bit prime in the definition of DSA KKEY 0 initial b-bit seed KKEY j b-bit seed variable t the fixed initial value (a cyclic shift of the initial value of SHA-1) G(t,c) operation of SHA-1 on one 512-bit V i message block M (without length appending) M = c all-zero padding to the right, and CV 0 = t initial value (see Lecture 5) k j j-th per-message pseudorandom number output k j = G(t,KKEY j ) mod q KKEY j+1 = (1 + KKEY j + k j,) mod 2 b, j = 0,1,,m-1 KKEY i-1 add 1 mod 2 b KKEY j G k j 9 Blum-Blum-Shub Cryptographically provably secure PRNG Very slow, output 1 pseudorandom bit per one modular squaring modulo a large integer p, q two different large primes; p = q = 3 (mod 4) n modulus, n = pq s seed; set x 0 = s 2 mod n x i i-th intermediate number B i i-th output bit For i = 1,2, x i = (x i-1 ) 2 mod n B i = x i mod 2 10 5

Key Distribution Distribution of shared symmetric keys for A and B; using one of the following options: 1. Physically secured A selects or generates a key and delivers it to B using some physically secure means A third party C can select a key and delivers it to A and B using some physically secure means 2. Key distribution using symmetric techniques If A and B have a shared secret key, A can generate a new key and send it to B encrypted using the old key If party C is alredy using a shared secret key K 1 with A and a second one K 2 with B, then C can generate a key and send it encrypted to A and B. 3. Key management using asymmetric techniques If Party A has a public key of B, then A can generate a key and send it to B encrypted using a public key If party C has the public key of A and the public key of B, it can generate a key and send it to A and B encrypted using their public keys. 11 Model for network security Trusted third party Sender Receiver Secret information Secret information Message Secure Message Secure Message Message Security related transformation Opponent Security related transformation 12 6

Key Hierarchy 1. Master Keys long term secret keys used for authentication and session key set up Distributed using physical security or public key infrastructure 2. Session Keys short term secret keys used for protection of the session data distributed under protection of master keys 3. Separated session keys short term secrets to achieve cryptographic separation: Different cryptographic algorithms should use different keys. Weaknesses in one algorithm should not endanger protection achieved by other algorithms derived from the main session key 13 Initiator (A) A Key Management Scenario* (1) Request N 1 Key distribution center (KDC) (2) a (Ks Request N 1 b (Ks,ID A )) (3) b (K s ID A ) (4) s (N 2 ID B )** (5) s (N 2 +1 ID A )** *Stallings, Section 7.3 Ka Symmetric key shared by KDC and A Kb Symmetric key shared by KDC and B Ks Session key N 1, N 2 Nonces ID A Identity of A ID B Identity of B Responder (B) ** slightly modified from Stallings protocol 14 7

Authenticated Diffie-Hellman Key Exchange Recall: Diffie-Hellman Key Exchange provides confidentiality against passive wiretapper. Active man-in-the-middle attack can be prevented using authentication, e.g. as follows: g a ID A Initiator A g b MAC K (g a,g b,id A ) Responder B MAC K (g a,g b,id B ) K a ID A Authentication key shared by A and B private exponent of A Identity of A ID B Identity of B 15 Distribution of Public Keys Public announcement Just appending one s public key, or the fingerprint (hash) of the public key in one s signed email message is not secure PGP public key fingerprints need to be truly authenticated based on face-to-face or voice contact Publicly available directory An authorised directory, similar to phone directory that is published in print Public-key Authority Public keys obtained from an online service. Communication needs to be secured Public-key Certificates Public keys bound to user s identities using a certificate signed by a Certification Authority (CA) 16 8

X509 Public Key Certificates Mandatory fields The version number of the X509 standard The certificate serial number The CA s Signing Algorithm Identifier The name of the issuing CA The validity period (not before date, not after date) The subject s name, i.e. whose public key is being signed The subject s public key value, including the algorithm and associated domain parameters The issuer s signature on the public key and all other data that is to be bound to the subject s public key such as the subject s name, the validity period and other terms of usage of the subject s public key. 17 CA and Registration Authority Certification Authority E.g. in Finland: Population Register Center The certificate is stored in the subject s Electronic Identity Card Registration Authority Identifies the user based on user s true identity and establishes a binding between the public key and the subject s identity Management of private keys Private keys generated by the user Private key generated by a tusted authority Private key generated inside a smart card from where it is never taken out. The public key is taken out. Certificate Revocation List Black list for lost or stolen private keys CRL must be available online for certificates with long validity period 18 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback