ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Similar documents
Kurose & Ross, Chapters (5 th ed.)

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Encryption. INST 346, Section 0201 April 3, 2018

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

CS Computer Networks 1: Authentication

Ref:

SECURITY IN NETWORKS

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

SECURITY IN NETWORKS 1

14. Internet Security (J. Kurose)

CSC 8560 Computer Networks: Network Security

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Lecture 2 Applied Cryptography (Part 2)

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Computer Communication Networks Network Security

UNIT - IV Cryptographic Hash Function 31.1

Internet and Intranet Protocols and Applications

Public Key Algorithms

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

CS 332 Computer Networks Security

Computer Networks. Wenzhong Li. Nanjing University

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Chapter 8 Network Security

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Chapter 9 Public Key Cryptography. WANG YANG

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 9. Public Key Cryptography, RSA And Key Management

Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Welcome to CS 395/495 Internet Security: A Measurement-based Approach

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

L13. Reviews. Rocky K. C. Chang, April 10, 2015

1.264 Lecture 28. Cryptography: Asymmetric keys

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Diffie-Hellman. Part 1 Cryptography 136

Introduction to Cryptography. Vasil Slavov William Jewell College

Chapter 8 Security. Computer Networking: A Top Down Approach

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

CSC/ECE 774 Advanced Network Security

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Chapter 8 Network Security

What did we talk about last time? Public key cryptography A little number theory

Public Key Algorithms

Computer Networks II

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Overview. Public Key Algorithms I

David Wetherall, with some slides from Radia Perlman s security lectures.

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

CSC 474/574 Information Systems Security

Network Security. Chapter 8. MYcsvtu Notes.

Lecture 6 - Cryptography

Cryptographic Systems

Cryptography and Network Security. Sixth Edition by William Stallings

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

S. Erfani, ECE Dept., University of Windsor Network Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

Chapter 8 Network Security

CSC 774 Network Security

ASYMMETRIC CRYPTOGRAPHY

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Cryptographic Checksums

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Number Theory and RSA Public-Key Encryption

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Lecture 1 Applied Cryptography (Part 1)

Other Topics in Cryptography. Truong Tuan Anh

Key Exchange. Secure Software Systems

Cryptographic Concepts

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Public Key Cryptography and the RSA Cryptosystem

Password. authentication through passwords

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

Security: Focus of Control. Authentication

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

CS669 Network Security

Cryptography (Overview)

Chapter 3 Public Key Cryptography

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CRYPTOGRAPHY & DIGITAL SIGNATURE

System and Network Security

Public Key Algorithms

Applied Cryptography Protocol Building Blocks

Public Key (asymmetric) Cryptography

EEC-682/782 Computer Networks I

Computer Security: Principles and Practice

Key Establishment and Authentication Protocols EECE 412

CS 161 Computer Security

CS61A Lecture #39: Cryptography

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

Transcription:

Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010, J.F Kurose and K.W. Ross, All Rights Reserved. symmetric crypto requires sender, receiver know shared secret Q: how to agree on in first place (particularly if never met )? public cryptography radically different approach [Diffie Hellman76, RSA78] sender, receiver do not share secret public encryption known to all private decryption known only to receiver 82 Public cryptography Public encryption algorithms plaintext, m encryption algorithm ciphertext K (m) B decryption algorithm public ob s private B plaintext m = K (K (m)) Requirements: 1 2.. need K ( ) and K ( ) such that K (K (m)) = m given public K B, it should be impossible to compute private RSA: Rivest, Shamir, Adelson algorithm 83 84 Prerequisite: modular arithmetic RSA: getting ready x mod n = remainder of x when divide by n Facts: [(a mod n) (b mod n)] mod n = (ab) mod n [(a mod n) (b mod n)] mod n = (ab) mod n [(a mod n) * (b mod n)] mod n = (a*b) mod n Thus (a mod n) d mod n = a d mod n Example: x=14, n=10, d=2: (x mod n) d mod n = 4 2 mod 10 = 6 x d = 14 2 = 196 x d mod 10 = 6 A is a bit pattern. A bit pattern can be uniquely represented by an integer number. Thus encrypting a is equivalent to encrypting a number. Example m= 10010001. This is uniquely represented by the decimal number 145. To encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext). 85 86 1

RSA: Creating public/private pair RSA: Encryption, decryption 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p1)(q1) 3. Choose e (with e<n) that has no common factors with z. (e, z are relatively prime ). 4. Choose d such that ed1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public is (n,e). Private is (n,d). 0. Given (n,e) and (n,d) as computed above 1. To encrypt m (<n), compute c = m e mod n 2. To decrypt received bit pattern, c, compute m = c d mod n Magic happens! m = (m e d mod n) mod n c 87 88 RSA example: Why does RSA work? Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed1 exactly divisible by z). Encrypting 8bit s. encrypt: decrypt: bit pattern m m e c = m e mod n 0000l000 12 24832 17 c c d m = c d mod n 17 481968572106750915091411825223071697 12 Must show that c d mod n = m where c = m e mod n Fact: for any x and y: x y mod n = x (y mod z) mod n where n= pq and z = (p1)(q1) Thus, c d mod n = (m e mod n) d mod n = m ed mod n = m (ed mod z) mod n = m 1 mod n = m 89 810 RSA: another important property The following property will be very useful later: Why K (K (m)) = m = K (K (m))? K (K (m)) = m = K (K (m)) Follows directly from modular arithmetic: use public first, followed by private use private first, followed by public (m e mod n) d mod n = m ed mod n = m de mod n = (m d mod n) e mod n Result is the same! 811 812 2

Why is RSA Secure? Session s suppose you know public (n,e). How hard is it to determine d? essentially need to find factors of n without knowing the two factors p and q. fact: factoring a big number is hard. Generating RSA s have to find big primes p and q approach: make good guess then apply testing rules (see Kaufman) Exponentiation is computationally intensive DES is at least 100 times faster than RSA Session, K S Bob and Alice use RSA to exchange a symmetric K S Once both have K S, they use symmetric cryptography 813 814 Chapter 8 roadmap Message Integrity 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing email 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS allows communicating parties to verify that received s are authentic. Content of has not been altered Source of is who/what you think it is Message has not been replayed Sequence of s is maintained let s first talk about digests 815 816 Message Digests function H( ) that takes as input an arbitrary length and outputs a fixedlength string: note that H( ) is a manyto1 function H( ) is often called a hash function large m H: Hash Function desirable properties: easy to calculate irreversibility: Can t determine m from collision resistance: computationally difficult to produce m and m such that = H(m ) seemingly random output Internet checksum: poor digest Internet checksum has some properties of hash function: produces fixed length digest (16bit sum) of input is manytoone but given with given hash value, it is easy to find another with same hash value. e.g.,: simplified checksum: add 4byte chunks at a time: I O U 1 0 0. 9 9 B O B ASCII format 49 4F 55 31 30 30 2E 39 39 42 D2 42 B2 C1 D2 AC I O U 9 0 0. 1 9 B O B different s but identical checksums! ASCII format 49 4F 55 39 30 30 2E 31 39 42 D2 42 B2 C1 D2 AC 817 818 3

Hash Function Algorithms MD5 hash function widely used (RFC 1321) computes 128bit digest in 4step process. SHA1 is also used. US standard [NIST, FIPS PUB 1801] 160bit digest Message Authentication Code (MAC) s s = shared secret s H( ) H( ) compare Authenticates sender Verifies integrity No encryption! Also called ed hash Notation: MD m = H(s m) ; send m MD m 819 820 Endpoint authentication Playback attack want to be sure of the originator of the endpoint authentication assuming Alice and Bob have a shared secret, will MAC provide endpoint authentication? we do know that Alice created. but did she send it? MAC = f(msg,s) Transfer $1M from Bill to Trudy MAC Transfer $1M from Bill to Trudy MAC 821 822 Defending against playback attack: nonce MAC = f(msg,s,r) I am Alice R Transfer $1M from Bill to Susan MAC Digital Signatures cryptographic technique analogous to handwritten s. sender (Bob) ly signs document, establishing he is document owner/creator. goal is similar to that of MAC, except now use public cryptography verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document 823 824 4

Digital Signatures simple for m: Bob signs m by encrypting with his private, creating signed, (m), m Dear Alice Oh, how I have missed you. I think of you all the time! (blah blah blah) Bob K private B Public encryption algorithm (m), m, signed (encrypted) with his private 825 Digital = signed digest Bob sends ly signed : large m H: Hash function private (encrypt) encrypted msg digest () Alice verifies and integrity of ly signed : large m H: Hash function public equal? encrypted msg digest () (decrypt) 826 Digital Signatures (more) suppose Alice receives msg m, (m) Alice verifies m signed by Bob by applying public to (m) then checks ( (m) ) = m. if ( (m) ) = m, whoever signed m must have used private. Alice thus verifies that: Bob signed m. no one else signed m. Bob signed m and not m. Nonrepudiation: Alice can take m, and (m) to court and prove that Bob signed m. Public certification motivation: Trudy plays pizza prank on Bob Trudy creates email order: Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you, Bob Trudy signs order with her private Trudy sends order to Pizza Store Trudy sends to Pizza Store her public, but says it s public. Pizza Store verifies ; then delivers four pizzas to Bob. Bob doesn t even like Pepperoni 827 828 Certification Authorities Certification authority (): binds public to particular entity, E. E (person, router) registers its public with. E provides proof of identity to. creates certificate binding E to its public. certificate containing E s public ly signed by says this is E s public identifying information public (encrypt) private K certificate for public, signed by Certification Authorities when Alice wants public : gets certificate (Bob or elsewhere). apply s public to certificate, get public (decrypt) public K public K B 829 830 5

Certificates: summary primary standard X.509 (RFC 2459) certificate contains: issuer name entity name, address, domain name, etc. entity s public (signed with issuer s private ) PublicKey Infrastructure (PKI) certificates, certification authorities often considered heavy Why study computer networks? An interface between theory (algorithms, mathematics) and practice Understanding the design principles of a truly complex system Industryrelevant knowledge Fun! Challenges in teaching computer networks Students feedback 831 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback