Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Similar documents
ASYMMETRIC CRYPTOGRAPHY

Chapter 9 Public Key Cryptography. WANG YANG

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

1. Diffie-Hellman Key Exchange

Other Topics in Cryptography. Truong Tuan Anh

Public Key Algorithms

CSC 474/574 Information Systems Security

Kurose & Ross, Chapters (5 th ed.)

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

L13. Reviews. Rocky K. C. Chang, April 10, 2015

CPSC 467: Cryptography and Computer Security

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Public Key Algorithms

Key Exchange. Secure Software Systems

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Lecture 2 Applied Cryptography (Part 2)

Encryption. INST 346, Section 0201 April 3, 2018

Number Theory and RSA Public-Key Encryption

S. Erfani, ECE Dept., University of Windsor Network Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

CIS 4360 Secure Computer Systems Applied Cryptography

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

UNIT - IV Cryptographic Hash Function 31.1

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CS 161 Computer Security

Ref:

CS669 Network Security

CSC/ECE 774 Advanced Network Security

2.1 Basic Cryptography Concepts

UNIT III 3.1DISCRETE LOGARITHMS

Diffie-Hellman. Part 1 Cryptography 136

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Cryptographic Concepts

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Public-key Cryptography: Theory and Practice

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

Chapter 9. Public Key Cryptography, RSA And Key Management

Public-Key Cryptography

Topics. Number Theory Review. Public Key Cryptography

Applied Cryptography Protocol Building Blocks

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

CS 161 Computer Security

Key Management and Distribution

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Lecture 6 - Cryptography

CS408 Cryptography & Internet Security

Public Key (asymmetric) Cryptography

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Public Key Cryptography

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

CS Computer Networks 1: Authentication

What did we talk about last time? Public key cryptography A little number theory

Key Establishment and Authentication Protocols EECE 412

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Uzzah and the Ark of the Covenant

Public Key Algorithms

Cryptography and Network Security

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Cryptographic Systems

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

CS 161 Computer Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Cryptography and Network Security. Sixth Edition by William Stallings

Public-key encipherment concept

NETWORK SECURITY & CRYPTOGRAPHY

Cryptography (Overview)

Overview. Public Key Algorithms I

Lecture 3.4: Public Key Cryptography IV

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

Chapter 3. Principles of Public-Key Cryptosystems

Spring 2010: CS419 Computer Security

Lecture IV : Cryptography, Fundamentals

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2018

RSA Cryptography in the Textbook and in the Field. Gregory Quenell

Chapter 11 Message Integrity and Message Authentication

APNIC elearning: Cryptography Basics

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Public Key Cryptography

SECURITY IN NETWORKS

Appendix A: Introduction to cryptographic algorithms and protocols

CRYPTOGRAPHY & DIGITAL SIGNATURE

Digital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2

Encryption 2. Tom Chothia Computer Security: Lecture 3

Transcription:

Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass Protocol

Primitive Root A primitive root of a prime number p as one whose powers modulo p generate all the integers from 1 to p-1. If α is primitive root of p, the numbers: are difference. α mod p, α 2 mod p, α 3 mod p,..., α p-1 mod p Example: A prime number 19 has primitive roots: 2, 3, 10, 13, 14, and 15. (It s shown by Powers of Integers, Modulo 19 Table)

Powers of Integers, Modulo 19 Table

Discrete Logarithm For a pair of primitive root α and a prime number p: dlog α,p (1) = 0 α 0 mod p = 1 mod p = 1 dlog α,p (α) = 1 α 1 mod p = α Based on Powers of Integers, Modulo 19 Table (previous slide) : dlog 2,19 (3) = 13 dlog 2,19 (6) = 14

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange The Diffie Hellman was the first public-key algorithm. It was invented in 1976. This algorithm can be used to generate secret key but not to encrypt and decrypt message. Alice and Bob agree on large prime q and α. α is primitive root of q. q and α do not have to be secret and transmitted over insecure channel.

Diffie-Helman Protocol (1) Alice chooses a random large integer X A and sends Bob Y A = α XA mod q Bob chooses a random large integer X B and sends Alice Y B = α XB mod q Alice computes K = Y XA B mod q Bob computes K = Y XB A mod q Everyone on the channel just know q, α, Y A, and Y B.

Diffie-Helman Protocol (2)

Diffie-Hellman with n Parties (1) n=3 Alice chooses a random large integer X A and sends Bob : Y A = α XA mod q. Bob chooses a random large integer X B and sends Carol : Y B = α XB mod q. Carol chooses a random large integer X C and sends Alice : Y C = α XC mod q. Alice sends Bob : Y C = Y XA C mod q. Bob sends Carol : Y A = Y XB A mod q. Carol sends Alice : Y B = Y XC B mod q. Alice computes secret key : K = (Y B ) XA mod q. Bob compues secret key : K = (Y C ) XB mod q. Carol computes secret key : K = (Y A ) XC mod q.

Diffie-Hellman with n Parties (2) How about 4 parties?

Man-in-the-Middle Attack (1) The key exchange of Diffie-Hellman is insecure against a manin-the-middle attack. Alice and Bob will exchange the key, Darth is the adversary. Darth prepares the attack by generating two random keys X D1 and X D2. Darth computes Y D1 and Y D2. Alice sends Bob Y A. Darth intercepts Y A and sends Bob Y D1. Darth computes K2 = (Y A ) XD2 mod q. Bob computes K1 = (Y D1 ) XB mod q. Bob sends Alice Y B. Darth intercepts Y B and sends Alice Y D2. Darth computes K1 = (Y B ) XD1 mod q. Alice computes K2 = (Y D2 ) XA mod q.

Man-in-the-Middle Attack (2) Communication between Alice and bob after key exchange process. Alice sends Bob encrypted message M: E(K2,M). Darth intercepts the encrypted message and decrypts it. Darth sends Bob E(K1,M) or E(K1,M ), M is any message (In this case, Darth alter the message).

ElGamal Key Exchange

ElGamal Key Exchange (1) ElGamal was announced a public-key scheme based on discrete logarithms in 1984. ElGamal is closelly related to Diffie-Hellman technique. A prime number q and α in ElGamal an Diffie-Hellman are the same. Alice can generate a private/public key: Alice generates a random integer X A (1 < X A < q-1). Alice computes Y A = α XA mod q. Alice has a private X A and public key {q, α, Y A }.

ElGamal Key Exchange (2) Bob can encrypt a message using Alice s public key: The message is integer M in the range 0 M q-1. Bob chooses a random integer k (1 k q-1). Bob computer one-time key K = (Y A ) k mod q. Bob encrypts M (C 1,C 2 ) where: C 1 = α k mod q C 2 = KM mod q Alice can recover the plaintext: Alice recovers the key by computing K = (C 1 ) XA mod q. Alice computes M = (C 2 K -1 ) mod q.

Security of ElGamal To recover Alice s private key, an adversary would have to compute discrete logarithm X A = dlog α,q (Y A ). To recover the one-time key K, an adversary would have to compute discrete logarithm k = dlog α,q (C 1 ).

One-Way Function

One Way Function one-way function is central to public-key cryptography One-way functions are relatively easy to compute, but significantly harder to reverse That is, given x it is easy to compute f(x), but given f(x) it is hard to compute x.

Trapdoor A trapdoor one-way function is a special type of one-way function, one with a secret trapdoor. It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction That is, it is easy to compute f(x) given x, and hard to compute x given f(x). However, there is some secret information, y, such that given f(x) and y it is easy to compute x

One Way Hash Function A one-way hash function has many names: compression function, contraction function, message digest, fingerprint, cryptographic checksum, message integrity check (MIC), and manipulation detection code (MDC).

One Way Hash Function A hash function is a function mathematical or otherwise, that takes a variable-length input string (called a pre-image) and converts it to a fixed-length (generally smaller) output string (called a hash value). to produce a value that indicates whether a candidate pre-image is likely to be the same as the real pre-image.

A one-way hash function is a hash function that works in one direction: It is easy to compute a hash value from pre-image, but it is hard to generate a pre-image that hashes to a particular value. A good one-way hash function is also collision-free: It is hard to generate two pre-images with the same hash value.

Message Authentication Codes A message authentication code (MAC), also known as a data authentication code (DAC), is a oneway hash function with the addition of a secret key. The hash value is a function of both the pre-image and the key. The theory is exactly the same as hash functions, except only someone with the key can verify the hash value. You can create a MAC out of a hash function or a block encryption algorithm; there are also dedicated MACs

Digital Signature Why Signature? The signature is authentic. The signature is unforgeable. The signature is proof that the signer, and no one else, deliberately signed the document The signature is not reusable. The signed document is unalterable. After the document is signed, it cannot be altered. The signature cannot be repudiated.

Signing Documents with Public- Key Cryptography Basic Protocol: Alice encrypts the document with her private key, thereby signing the document. Alice sends the signed document to Bob. Bob decrypts the document with Alice s public key, thereby verifying the signature.

The Protocol Statisfies the Characteristic The signature is authentic; when Bob verifies the message with Alice s public key, he knows that she signed it. The signature is unforgeable; only Alice knows her private key. The signature is not reusable; the signature is a function of the document and cannot be transferred to any other document. The signed document is unalterable; if there is any alteration to the document, the signature can no longer be verified with Alice s public key. The signature cannot be repudiated. Bob doesn t need Alice s help to verify her signature.

Signing Documents with Public-Key Cryptography and One-Way Hash Functions Protocol: Alice produces a one-way hash of a document. Alice encrypts the hash with her private key, thereby signing the document. Alice sends the document and the signed hash to Bob. Bob produces a one-way hash of the document that Alice sent. He then, using the digital signature algorithm, decrypts the signed hash with Alice s public key. If the signed hash matches the hash he generated, the signature is valid.

The bit string attached to the document when signed (in the previous example, the one-way hash of the document encrypted with the private key) will be called the digital signature, or just the signature. The entire protocol, by which the receiver of a message is convinced of the identity of the sender and the integrity of the message, is called authentication

Public Key Algorithm Since 1976, numerous public-key cryptography algorithms have been proposed. Many of these are insecure. Of those still considered secure, many are impractical. Either they have too large a key or the ciphertext is much larger than the plaintext

Only three algorithms work well for both encryption and digital signatures: RSA, ElGamal, and Rabin. All of these algorithms are slow. They encrypt and decrypt data much more slowly than symmetric algorithms; usually that s too slow to support bulk data encryption.

Advantages Only private key must be kept secret. In large network, the number of keys may be smaller than in the symmetric algorithm. Disadvantages Key sizes are larger than the key of symmetric algorithm. No public-key scheme has been proven to be secure. The most effective public-key encryption schemes have their security based on the set of number.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback