Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public.

Published byMercy Bond Modified over 7 years ago

Similar presentations

Presentation on theme: "Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public."— Presentation transcript:

1 Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public Key Cryptosystems Public Key Cryptosystems 10.1 Key Management 10.2 Diffie-Hellman Key Exchange 10.3 Elliptic Curve Arithmetic 10.4 Elliptic Curve Cryptography

2 Information Security Lab. Dept. of Computer Engineering 252/278 10.1 Key Management  Public-key encryption helps address key distribution problems  have two aspects of this: distribution of public keys use of public-key encryption to distribute secret keys Distribution of Public Keys  Techniques for the distribution of public keys public announcement publicly available directory public-key authority public-key certificates

3 Information Security Lab. Dept. of Computer Engineering 253/278 10.1 Key Management Distribution of Public Keys Public Announcement  Users distribute public keys to recipients or broadcast to community at large : Append PGP keys to email messages or post to news groups or email list  major weakness is forgery anyone can create a key claiming to be someone else and broadcast it; until forgery is discovered can masquerade as claimed user

4 Information Security Lab. Dept. of Computer Engineering 254/278 10.1 Key Management Distribution of Public Keys Publicly Available Directory  Can obtain greater security by registering keys with a public directory  Directory must be trusted with properties: contains {name, public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically  Still vulnerable to tampering or forgery

5 Information Security Lab. Dept. of Computer Engineering 255/278 10.1 Key Management Distribution of Public Keys Public-Key Authority  Improve security by tightening control over distribution of keys from directory  Has properties of directory; and requires users to know public key for the directory; then users interact with directory to obtain any desired public key securely.  A typical scenario is illustrated in Fig. 10.3

6 Information Security Lab. Dept. of Computer Engineering 256/278 10.1 Key Management Distribution of Public Keys Public-Key Authority Fig. 10.3 Public-Key Distribution Scenario

7 Information Security Lab. Dept. of Computer Engineering 257/278 10.1 Key Management Distribution of Public Keys Public-Key Certificates  Certificates allow key exchange without real-time access to public-key authority  A certificate binds identity to public key; usually with other info such as period of validity, rights of use etc  With all contents signed by a trusted private-key or Certificate Authority (CA)  Can be verified by anyone who knows the authorities public-key

8 Information Security Lab. Dept. of Computer Engineering 258/278 10.1 Key Management Distribution of Public Keys Public-Key Certificates Fig. 10.4 Exchange of Public-Key Certificate

9 Information Security Lab. Dept. of Computer Engineering 259/278 10.1 Key Management Distribution of Secret Keys Using Public-Key Cryptography  Use previous methods to obtain public-key.  Can use for secrecy or authentication; but public-key algorithms are slow; so usually want to use private-key encryption to protect message contents. Hence, a session key is needed.  Have several alternatives for negotiating a suitable session. Simple Secret Key Distribution  proposed by Merkle in 1979

10 Information Security Lab. Dept. of Computer Engineering 260/278 10.1 Key Management Distribution of Secret Keys Using Public-Key Cryptography Simple Secret Key Distribution  Problem is that an opponent can intercept and impersonate both halves of protocol; man-in-the-Middle attack Fig. 10. 5 Simple Use of Public-Key Encryption to Establish a Session Key

11 Information Security Lab. Dept. of Computer Engineering 261/278 10.1 Key Management Distribution of Secret Keys Using Public-Key Cryptography Secret Key Distribution with Confidentiality & Auth. Fig. 10.6 Public-Key Distribution of Secret Keys

12 Information Security Lab. Dept. of Computer Engineering 262/278 10.1 Key Management Distribution of Secret Keys Using Public-Key Cryptography A Hybrid Scheme  This scheme retains the use of a key distribution center (KDC) that shares a secret master key with each user and distributes secret session keys with the master key  A public-key scheme is used to distribute master keys  The rationale is provided for using this three-level approach: Performance : frequently distribution of session keys by public-key : slow --- occasionally distribution of master key by public-key; then session key distribution by master key Backward compatibility : overlaid on an existing KDC scheme

13 Information Security Lab. Dept. of Computer Engineering 263/278 10.2 Diffie-Hellman Key Exchange  The first public-key type scheme proposed.  a public-key distribution scheme cannot be used to exchange an arbitrary message rather it can establish a common key known only to the two participants  By Diffie & Hellman in 1976 along with the exposition of public key concepts; Note: now know that Williamson (UK CESG) secretly proposed the concept in 1970  Is a practical method for public exchange of a secret key  Used in a number of commercial products  security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard

14 Information Security Lab. Dept. of Computer Engineering 264/278 10.2 Diffie-Hellman Key Exchange The Algorithm & Key Exchange Protocol User A Select private X A Compute public Y A =  X A mod q User B Select private X B Compute public Y B =  X B mod q Global Public Elements q : prime number  :  < q and  : primitive root of q YAYA YBYB K = (Y A ) X B mod q K = (Y B ) X A mod q K AB = (Y B ) X A mod q =  X B X A mod q =  X A X B mod q = (Y A ) X B mod q

15 Information Security Lab. Dept. of Computer Engineering 265/278 10.2 Diffie-Hellman Key Exchange Man-in-the-Middle Attack  Both of these are vulnerable to a meet-in-the-Middle Attack; Authentication of the keys is needed Alice X A Y A =  X A mod q Y A Bob X B Y B =  X B mod q Darth X D1, X D2 Y D1 =  X D1 mod q Y D2 =  X D2 mod q Y A Y D1 K = (Y D1 ) X B mod q =  X D1 X B mod q YBYB YBYB YD2YD2 YD2YD2 K = (Y D2 ) X A mod q =  X D2 X A mod q K = (Y A ) D2 mod q =  X A X D2 mod q K = (Y D1 ) X B mod q =  X D1 X B mod q

16 Information Security Lab. Dept. of Computer Engineering 266/278 10.3 Elliptic Curve Arithmetic  Majority of public-key crypto (RSA, D-H) use either integer or polynomial arithmetic with very large numbers/polynomials  Imposes a significant load in storing and processing keys and messages  An alternative is to use elliptic curves;  In 1985, Neal Koblitz and Victor Miller proposed ECC  Offers same security with smaller bit sizes  Newer, but not as well analyzed,  Elliptic curve cryptography (ECC) is showing up in standardization efforts, IEEE P1363 standard for Public- key Cryptography

17 Information Security Lab. Dept. of Computer Engineering 267/278 10.3 Elliptic Curve Arithmetic Elliptic Curves over Real Numbers  An elliptic curve is defined by an equation in two variables x & y, with coefficients a, b, c, d, e y 2 + axy + by = x 3 + cx 2 + dx + e : Weierstrass equation  Consider a cubic elliptic curve of form; y 2 = x 3 + ax + b ( 4a 3 + 27b 2  0 )  Consider the set of points E(a, b) consisting of all of the points (x, y) that satisfy the equation y 2 = x 3 + ax + b, with the elements O called the point at infinity or the zero point. E = { E(a, b) }  { O } : additive abelian group operation( + ) : addition of two points identity elements of + : the point at infinity O

18 Information Security Lab. Dept. of Computer Engineering 268/278 10.3 Elliptic Curve Arithmetic Elliptic Curves over Real Numbers Geometric Description of Addition Fig. 10.9 Example of Elliptic Curves

19 Information Security Lab. Dept. of Computer Engineering 269/278 10.3 Elliptic Curve Arithmetic Elliptic Curves over Real Numbers Algebraic Description of Addition  For two distinct points P = (x P, y P ) and Q = (x Q, y Q ) Point addition : R (x R, y R ) = P + Q  = (y Q – y P )/(x Q – x P ) : slope of the line that join them x R =  2 – x P – x Q y R = – y P +  (x P – x R )  Doubling : R = P + P = 2P

20 Information Security Lab. Dept. of Computer Engineering 270/278 10.3 Elliptic Curve Arithmetic Elliptic Curves over Z p  prime curves E p (a, b) defined over Z p = {0, 1, …, p  1} use integers modulo prime p; best in software y x Fig. 10.10 The Elliptic Curve E 23 (1,1) y 2 mod p = (x 3 + ax + b ) mod p y 2 mod 23 = (x 3 + x + 1 ) mod 23

21 Information Security Lab. Dept. of Computer Engineering 271/278 10.3 Elliptic Curve Arithmetic Elliptic Curves over Z p  If P = (x P, y P ) and Q = (x Q, y Q ) with P  – Q R (x R, y R ) = P + Q x R = ( 2 – x P – x Q ) mod p y R = ( (x P – x R ) – y P ) mod p where  If P = (x P, y P ), then – P = (x P, – y P ),

22 Information Security Lab. Dept. of Computer Engineering 272/278 10.3 Elliptic Curve Arithmetic Elliptic Curves over GF(2 m )  Binary curves E 2 m (a, b) defined over GF(2 m ) use polynomials with binary coefficients; best in hardware. y x Fig. 10.10 The Elliptic Curve E 2 4 (g 4,1) y 2 + xy = x 3 + ax + b y 2 + xy = x 3 + g 4 x + 1 g 0 = 0001g 4 = 0011g 8 = 0101g 12 = 1111 g 1 = 0010g 5 = 0110g 9 = 1010g 13 = 1101 g 2 = 0100g 6 = 1100g 10 = 0111g 14 = 1001 g 3 = 1000g 7 = 1011g 11 =1110g 15 = 0001 GF(2 m ) = F[x]/(x 4 + x + 1)

23 Information Security Lab. Dept. of Computer Engineering 273/278 10.3 Elliptic Curve Arithmetic Elliptic Curves over GF(2 m )  If P = (x P, y P ) and Q = (x Q, y Q ) with P  – Q and P  Q R (x R, y R ) = P + Q x R = 2 + + x P + x Q + a y R = (x P + x R ) + x R + y P  If P = (x P, y P ) then R = 2P x R = 2 + + a y R = x 2 P + ( + 1)x R  If P = (x P, y P ), then – P = (x P, x P + y P ) where

24 Information Security Lab. Dept. of Computer Engineering 274/278 10.4 Elliptic Curve Cryptography  ECC addition is analog of modulo multiply  ECC repeated addition is analog of modulo exponentiation  “hard” problem equivalent to discrete logarithm Q = kP, where Q, P belong to a prime curve is “easy” to compute Q given k, P but “hard” to find k given Q, P known as the elliptic curve discrete logarithm problem  Example: E 23 (9,17) : y 2 mod 23 = (x 3 + 9x + 17) mod 23 What is k of Q = kP, where P = (16, 5), Q = (4, 5) Brute-force method: P = (16, 5), 2P = (20, 20), 3P = (14, 14), 4P = (19, 20), 5P = (13, 10), 6P = (7, 3) 7P = (8, 7), 8P = (12, 17), 9P = (4, 5)

25 Information Security Lab. Dept. of Computer Engineering 275/278 10.4 Elliptic Curve Cryptography Analog of Diffie-Hellman Key Exchange  Can do key exchange analogous to D-H  Select a suitable curve E p (a, b) Select base point G=(x 1, y 1 ) with large order n s.t. nG = O  A & B select private keys n A < n and n B < n, respectively  Both compute public keys: P A = n A G, P B = n B G  Both compute shared key: K = n A P B, K = n B P A K = n A P B = n A n B G = n B n A G = n B P A

26 Information Security Lab. Dept. of Computer Engineering 276/278 10.4 Elliptic Curve Cryptography EC Encryption/Decryption  Several alternatives, will consider simplest  must first encode any message M as a point on the elliptic curve P m  Select suitable curve & point G as in D-H  Each user chooses private key n A < n; computes public key P A = n A G  To encrypt P m : C m = {kG, P m + kP b }, k = random  To decrypt C m compute : P m + kP b – n B (kG) = P m + k(n B G) – n B (kG) = P m

27 Information Security Lab. Dept. of Computer Engineering 277/278 10.4 Elliptic Curve Cryptography Security of Elliptic Curve Cryptography  Relies on elliptic curve discrete logarithm problem  The fastest method is “Pollard rho method”  Compared to factoring, can use much smaller key sizes than with RSA etc  For equivalent key lengths computations are roughly equivalent  Hence for similar security ECC offers significant computational advantages

28 Information Security Lab. Dept. of Computer Engineering 278/278 10.4 Elliptic Curve Cryptography Security of Elliptic Curve Cryptography Table 10.3 Comparable Key Sizes in terms of Computational Effort for Cryptanalysis

Download ppt "Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public."

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.

Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.

Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.
Information Security Principles & Applications

Information Security Principles & Applications
Chapter 21 Public-Key Cryptography and Message Authentication.

Chapter 21 Public-Key Cryptography and Message Authentication.

Similar presentations

Ads by Google