Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Similar documents
Public Key Algorithms

Public Key Cryptography

Chapter 9 Public Key Cryptography. WANG YANG

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CSC 474/574 Information Systems Security

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Overview. Public Key Algorithms I

Public Key Algorithms

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Public Key Algorithms

Chapter 9. Public Key Cryptography, RSA And Key Management

Lecture 2 Applied Cryptography (Part 2)

Public Key Cryptography and RSA

CS669 Network Security

Public Key Cryptography and the RSA Cryptosystem

Chapter 3 Public Key Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Lecture 6: Overview of Public-Key Cryptography and RSA

Public Key Cryptography

Cryptography and Network Security. Sixth Edition by William Stallings

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Applied Cryptography and Computer Security CSE 664 Spring 2018

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 6 - Cryptography

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Chapter 7 Public Key Cryptography and Digital Signatures

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Public-key encipherment concept

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

Channel Coding and Cryptography Part II: Introduction to Cryptography

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Cryptography Intro and RSA

Number Theory and RSA Public-Key Encryption

CSC/ECE 774 Advanced Network Security

Crypto CS 485/ECE 440/CS 585 Fall 2017

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

RSA. Public Key CryptoSystem

Cryptography and Network Security

Key Management and Distribution

Introduction to Cryptography Lecture 7

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Part VI. Public-key cryptography

Public Key (asymmetric) Cryptography

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

RSA (algorithm) History

Public Key Encryption

Computer Security 3/23/18

Introduction to Cryptography Lecture 7

ASYMMETRIC CRYPTOGRAPHY

What did we talk about last time? Public key cryptography A little number theory

An overview and Cryptographic Challenges of RSA Bhawana

Kurose & Ross, Chapters (5 th ed.)

Uzzah and the Ark of the Covenant

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Key Exchange. Secure Software Systems

1.264 Lecture 28. Cryptography: Asymmetric keys

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

The Application of Elliptic Curves Cryptography in Embedded Systems

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security

4 PKI Public Key Infrastructure

Other Topics in Cryptography. Truong Tuan Anh

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Side-Channel Attacks on RSA with CRT. Weakness of RSA Alexander Kozak Jared Vanderbeck

Some Stuff About Crypto

Cryptographic Systems

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Public-Key Cryptanalysis

Computer Security: Principles and Practice

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms

Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7

Diffie-Hellman. Part 1 Cryptography 136

CS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.

Encryption. INST 346, Section 0201 April 3, 2018

CPSC 467b: Cryptography and Computer Security

Public Key Cryptography 2. c Eli Biham - December 19, Public Key Cryptography 2

Elliptic Curve Public Key Cryptography

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017

Topics. Number Theory Review. Public Key Cryptography

CSC 774 Network Security

Tuesday, January 17, 17. Crypto - mini lecture 1

Cryptography and Network Security

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)

A nice outline of the RSA algorithm and implementation can be found at:

Algorithms (III) Yijia Chen Shanghai Jiaotong University

Public-Key Cryptography

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Transcription:

CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1

Public Key Cryptography Modular Arithmetic RSA Diffie-Hellman Elliptic Curve Cryptography 2

Public Key Cryptography Aka: asymmetric cryptography, invented in 1970s Use two keys: a public key known to everyone, a private key kept secret to the owner Encryption/decryption: encryption can be done by everyone using the recipient s public key, decryption can be done only by the recipient with his/her private key Digital signature: signing is done with signer s private key, and verification is done with signer s public key Key exchange: establish a shared session key with PKC, SKC is used afterwards 3

Modular Arithmetic Fundamental to PKC Modulo n or mod n: non-negative integers < some integer n, sometimes mod n is omitted Modular addition Modular multiplication Modular exponentiation 4

Modular Addition Example: mod 10 5 + 5 = 0 3 + 9 =? 2 + 2 =? 9 + 9 =? Additive inverse: an additive inverse of x is the number we need to add to x to get 0, e.g., what s the additive inverse of 4 mod 10? 5

Modular Multiplication Example: 3 7 = 1 mod 10 Multiplicative inverse: if xy = 1 mod n, then x and y are each other s multiplicative inverse mod n Relatively prime: no common factors other than 1 Existence of multiplicative inverse: x has multiplicative inverse mod n iff x is relatively prime to n Euclid s algorithm: provides efficient method to find multiplicative inverses mod n 6

Modular Multiplication (Cont d) φ(n): totient function number of integers < n and relatively prime to n φ(n) = n 1 if n is prime φ(pq) = pq (p + q 1) = (p 1)(q 1), if p and q are prime 7

Modular Exponentiation Example: 4 6 = 4096 = 6 mod 10 x y mod n = x (y mod φ(n)) mod n φ(n) = 4 If y = 1 mod φ(n), then x y mod n = x mod n 8

RSA Named after Rivest, Shamir, and Adleman Public key / private key, use one to encrypt and the other to decrypt Key length: variable, most commonly 512 bits Plaintext block: smaller than the key length Ciphertext block: same as key length Advantage: Easy key management Disadvantage: much slower than secret key algorithms 9

RSA Algorithm Choose two large primes, p and q, >100 bits each n = pq, φ(n) = (p 1)(q 1) Choose e that is relatively prime to φ(n) By Euclid s algorithm, find d that is the multiplicative inverse of e mod φ(n), i.e., ed = 1 mod φ(n) Let <e, n> be the public key, <d, n> the private key 10

Encryption and Decryption Encryption with public key <e, n>: c = m e mod n Decryption with private key <d, n>: m = c d mod n c d mod n = (m e mod n) d mod n = (m e ) d mod n = m mod n = m 11

Why is RSA Secure? Given n, it is hard to factor it to get p and q RSA misuse: Alice uses Bob s public key to encrypt a message sent to Bob. If Frank knows the message is one of many possible messages, he can use the same public key to compute and compare the ciphertexts to find the message (Solution?) 12

Efficiency of RSA Operations Exponentiation of large numbers of several hundreds of bits Find big primes, p and q Find e and d 13

Exponentiating With Big Numbers Page 154 155 14

Finding Big Primes p and q The probability of a randomly chosen number n to be prime is 1 / ln n, which is about one in 230 for n of a hundred digit Test whether a random number n is a prime - Fermat s Theorem: if p is a prime and 0 < a < p, then a p-1 = 1 mod p - For a non-prime n of a hundred bits, the chance of a n-1 = 1 mod n is about 1 in 10 13 - Miller-Rabin algorithm 15

Finding e and d e: can be randomly chosen, relatively prime to φ(n) d: calculated by Euclid s algorithm, s.t. ed =1 mod φ(n) If e is chosen to be small such as 3, the encryption and signature verification will be faster, while the decryption and digital signature remain the same d should not be small 16

Popular Values of e 3 and 65537 (2 16 + 1) Advantage: computationally efficient - 3: 2 multiplies - 65537: 17 multiplies 17

Problems of e=3 Problem 1: c = m e mod n, if e is 3 and m is less than n 1/3, then m 3 < n and thus c = m 3 mod n = m 3 m = c 1/3 Solution: pad m to be larger than n 1/3 Problem 2: If a message is encrypted for three recipients using their public keys, <3, n1> <3, n2> <3, n3> to get three ciphertexts, c1 = m 3 mod n1, c2 = m 3 mod n2, c3 = m 3 mod n3, an attacker can compute c = m 3 mod n1n2n3 by Chinese Remainder Theorem. Since m is smaller than n1, n2, and n3, c = m 3 m = c 1/3 Solution: pad m with different numbers for c1, c2, c3 Problem 3: Need to choose p and q s.t. 3 is relatively prime to (p-1)(q-1). It is easier to choose eligible p and q for 65537. 18

Attacks on RSA Brute-force attacks: trying all possible private keys Mathematical attacks: trying to factor the product of two primes Timing attacks: depend on the running time of the decryption algorithm Chosen ciphertext attacks: exploit properties of the RSA algorithm 19

Countermeasures Brute-force attacks: use a large key space Mathematical attacks: use large enough n (1024-2048 bits), select p and q with constraints Timing attacks: constant exponentiation time, random delay, blinding the ciphertext Chosen ciphertext attacks: randomly pad the plaintext before encryption, e.g., optimal asymmetric encryption padding (OAEP) 20

Diffie-Hellman The first public key cryptosystem But does neither encryption nor signatures Used for key exchange: Alice and Bob negotiate a shared secret key over a public communication channel 21

Diffie- Hellman Key Exchange 22

Why Is Diffie-Hellman Secure? It is difficult to compute discrete logarithm: knowing g and g x, it is difficult to compute x 23

Man-in-the-Middle Attack Alice Bob A, g A B, g B g A K AB =g AB AB g B Alice Frank Bob A, g A F, g F B, g B g A g F g F g B K AF =g AF K FB =g FB 24

Countermeasures Publish public numbers: Alice keeps x private, but publishes X = g x mod p through a reliable, trusted service such as PKI Bob keeps y private, but publishes Y = g y mod p Alice retrieves Y from the trusted service Bob retrieves X from the trusted service No place for Frank to get in the middle. The key between Alice and Bob is in fact pre-determined. 25

Countermeasures (Cont d) Authenticated Diffie-Hellman: Encrypt the Diffie-Hellman exchange with the pre-shared secret Encrypt the Diffie-Hellman public number with the other side s public key Sign the Diffie-Hellman public number with your private key Following the Diffie-Hellman exchange, transmit a hash of the agreed key and the pre-shared secret Following the Diffie-Hellman exchange, transmit a hash of the pre-shared secret and your public number 26

Encryption with Diffie-Hellman Use Diffie-Hellman to establish a shared secret key, g AB, between Alice and Bob Encryption: use any secret key encryption scheme with the above secret key 27

Elliptic Curve Cryptography Known subexponential algorithms for breaking RSA and Diffie-Hellman (a brute-force attack requires exponential amount of computation), so required key size is large No known subexponential algorithm for breaking ECC ECC offers the same security with much smaller key size Comparable key sizes in terms of computational effort for cryptanalysis 28

Assignments Read [Kaufman] Chapter 6 Homework #1 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback