Download presentation

Presentation is loading. Please wait.

1
Introduction to cryptography for authentication and identification systems --- FIT3105 --- Lecture 2 & 3

2
FIT3105 - Security and Identity Management2Outline Why study crypto-based authentication and identification systems? The importance of cryptography for authentication and identification The importance of light and secure ciphers for portable devices. E.g; smart cards Introduction to private key cryptography Introduction to public key cryptography Introduction to one-way hash functions Introduction to digital signatures

3
FIT3105 - Security and Identity Management3 Some references http://www.rsa.com/ (RSA website) http://www.rsa.com/ http://www.certicom.com/index.php?action=r es,ecc_faq (good introduction papers) http://www.certicom.com/index.php?action=r es,ecc_faq http://www.certicom.com/index.php?action=r es,ecc_faq http://cnscenter.future.co.kr/crypto/algorithm /ecc.html (more materials) http://cnscenter.future.co.kr/crypto/algorithm /ecc.html http://cnscenter.future.co.kr/crypto/algorithm /ecc.html http://www.cs.mdx.ac.uk/staffpages/m_chen g/link/ecc_simple.pdf (good introduction for students with strong maths background) http://www.cs.mdx.ac.uk/staffpages/m_chen g/link/ecc_simple.pdf http://www.cs.mdx.ac.uk/staffpages/m_chen g/link/ecc_simple.pdf (You can find many more from the Web)

4
FIT3105 - Security and Identity Management4 The importance of cryptography for authentication and identification If we can generate a unique key for each entity (a person, an object, etc) universally, then –An entity can be identified by its key (one single key or hash value) –An entity can be identified by a pair of key (one private key and one public key). –An entity can be identified by a digital signature.

5
FIT3105 - Security and Identity Management5 The importance of light and secure ciphers for small and portable devices For some applications, the size of the key and the encrypt/decrypt algorithms are the critical factor –Smart cards require to work with encrypt/decrypt algorithms, so wee need light and good ciphers. –A portable device may be used to store many different keys to identify an entity. –Keys are stored together with other information to identify an entity.

6
FIT3105 - Security and Identity Management6 Why study crypto: the basic problem We consider the confidentiality goal: –Alice and Bob are Friends –Marvin is a rival –Alice wants to send secret messages (M 1,M 2,…) to Bob over the Internet –Rival Marvin wants to read the messages (M 1,M 2,…) - Alice and Bob want to prevent this! –Assumption: The network is OPEN: Marvin is able to eavesdrop and read all data sent from Alice to Bob. –Consequence: Alice must not send messages (M 1,M 2,…) directly – they must be “scrambled” or encrypted using a ‘secret code’ unknown to Marvin but known to Bob.

7
FIT3105 - Security and Identity Management7 Cryptography plaintext (data file or messages) encryption ciphertext (stored or transmitted safely) decryption plaintext (original data or messages)

8
FIT3105 - Security and Identity Management8 E D Message (cleartext, plaintext) Encrypted message (ciphertext) Encrypted message (ciphertext) EncryptionDecryption key Alice Bob Private key cipher Message (cleartext,plaintext)

9
FIT3105 - Security and Identity Management9 Basic terms Cryptology (to be very precise) –Cryptography --- code designing –Cryptanalysis --- code breaking Cryptologist: –Cryptographer & cryptanalyst Encryption/encipherment –Scrambling data into unintelligible to unauthorised parties Decryption/decipherment –Un-scrambling

10
FIT3105 - Security and Identity Management10 Types of ciphers Private key cryptosystems/ciphers –The secret key is shared between two parties Public key cryptosystems/ciphers –The secret key is not shared and two parties can still communicate using their public keys

11
FIT3105 - Security and Identity Management11 Examples of “Messages” Types of secret “Messages” Alice might want to send Bob (in increasing length): –Decision (yes/no), eg. as answer to the question “Are we meeting tomorrow?” –Numerical Value, eg. as answer to the question “at what hour are we meeting?” –Document –Software, –Images etc.

12
FIT3105 - Security and Identity Management12 Concepts A private key cipher is composed of two algorithms –encryption algorithm E –decryption algorithm D The same key K is used for encryption & decryption K has to be distributed beforehand

13
FIT3105 - Security and Identity Management13 Notations Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P) Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C) Note: P = D(K,C) = D(K, E(K,P))

14
FIT3105 - Security and Identity Management14 The Caesar cipher (e.g) The Caesar cipher is a substitution cipher, named after Julius Caesar. Operation principle: each letter is translated into the letter a fixed number of positions after it in the alphabet table. The fixed number of positions is a key both for encryption and decryption.

15
FIT3105 - Security and Identity Management15 The Caesar cipher (cnt’d) K=3 Inner: ciphertext Outer: plaintext

16
FIT3105 - Security and Identity Management16 An example For a key K=3, plaintext letter: ABCDEF...UVWXYZ ciphtertext letter: DEF...UVWXYZABC Hence TREATY IMPOSSIBLE is translated into WUHDWB LPSRVVLEOH

17
FIT3105 - Security and Identity Management17 Breaking classic ciphers With the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks (described later). Modern cluster computers and future quantum computers can break several existing ciphers due to the power of such computers.

18
FIT3105 - Security and Identity Management18 Breaking the Caesar cipher By trial-and error By using statistics on letters –frequency distributions of letters letterpercent A7.49% B1.29% C3.54% D3.62% E14.00%..................................

19
FIT3105 - Security and Identity Management19 Toy example of private key Assume that a message is broken into 64-bit blocks and each 64-bit block of plaintext is encrypted separately: Key space are combinations of numerical digits – max: 7 digits- –(eg: key = [1]; or key = [1,3], or key = [1,4,2]). Assume that all 8 bits of a byte is used and key digits start from left to right. Encryption: Each plaintext block is first shifted by the number of binary digits before the last non-zero digit of the key. It is then exclusive-ored with the key starting from the first byte of the block, repeatedly to the end of the block (the key moves a distance of its size from left to right of the plaintext block). Decryption: do the reverse of encryption: the cipher-text is exclusive-ored and then shifted. 000= 110= 011= 101= : exclusive or

20
FIT3105 - Security and Identity Management20 Using TPC n Use TPC to encrypt the plaintext “12345”, key = [1,4,2] n Use TPC to encrypt the plaintext “TREATY IMPOSSIBLE”; key = [4]; n Use TPC to encrypt the plaintext “100 dollars”, key = [2,4];

21
FIT3105 - Security and Identity Management21 Principles of Private Key Encryption Devise cryptographic algorithms: –a set of fast functions (E1, E2, E3,..En) that when in turn applied to an input (initial or intermediate input) will produce a more potentially scrambled output. –and a set of functions (D1,D2,D3,.. Dn) that when in turn applied to the cipher text (final or intermediate) will produce the original input text. Devise algorithms, tests and proofs to validate your cryptographic algorithms –Analysing algorithms. –Tests with powerful computers such as specialised, parallel, cluster, or quantum computers. –Mathematical proofs.

22
FIT3105 - Security and Identity Management22 Toy example of public key cryptography Definition: The multiplicative inverse of x with modulo n is y such that (x*y) mod n = 1 E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1 E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1 The above multiplicative inverse can be used to create a simple public key cipher: either x or y can be thought of as a secret key and the other is the public key. Let x = 3, y = 7, n = 10, and M be the message: –M = 4 ; 3*4 mod 10 = 2; (ciphertext) - encrypting 2*7 mod 10 = 4 = M ; (message) - decrypting –M =6 ; 3*6 mod 10 = 8; 8*7 mod 10 = 6 = M (message)

23
FIT3105 - Security and Identity Management23 Problems with private key ciphers In order for Alice & Bob to be able to communicate securely using a private key cipher, such as DES, they have to have a shared key in the first place. –Question: What if they have never met before ? Alice needs to keep 100 different keys if she wishes to communicate with 100 different people

24
FIT3105 - Security and Identity Management24 Motivation of Public Key Cryptography Is it possible for Alice & Bob, who have no shared secret key, to communicate securely ? This led to the SINGLE MOST IMPORTANT discovery of public key communications: –Diffie & Hellman’s ideas of public key cryptography: –Diffie & Hellman’s ideas of public key cryptography:

25
FIT3105 - Security and Identity Management25 Main ideas Bob: – publishes, say in Yellow/White pages, his public (for encryption) key, and encryption algorithm. –keeps to himself the matching secret (for decryption) key.

26
FIT3105 - Security and Identity Management26 Main ideas (2) Alice: –Looks up the phone book, and finds out Bob’s public key, and encryption algorithm. –Encrypts a message using Bob’s public key and encryption algorithm. –sends the ciphertext to Bob.

27
FIT3105 - Security and Identity Management27 Main ideas (3) Bob: –Receives the ciphertext from Alice –Decrypts the ciphertext using his secret key, together with the decryption algorithm

28
FIT3105 - Security and Identity Management28 Public Key Cryptosystem E Network Plain Text Cipher Text D Plain Text Alice Bob Bob: Public Key Directory (Yellow/White Pages) Secret Key

29
FIT3105 - Security and Identity Management29 Main differences with DES The public key is different from the secret key. Infeasible for an attacker to find out the secret key from the public key. No need for Alice & Bob to distribute a shared secret key beforehand ! Only one pair of public and secret keys is required for each user !

30
FIT3105 - Security and Identity Management30 Realising public key ciphers The most famous system that implements Diffie & Hellman’s ideas on public key ciphers is due to –Ronald Rivest –Adi Shamir –Leonard Adleman This public key cryptosystem is called RSA.

31
FIT3105 - Security and Identity Management31 Mathematical background Assume that we are working with non-negative integers: Prime and composite numbers –a prime number is an integer that can be divided only by 1 and itself E.g.2,3,5,7,11,13, 101,...... –all other integers are composite E.g.4,6,8,9,10,12, 523743960876432,800164386535

32
FIT3105 - Security and Identity Management32 Mathematical background Modular operations “remainder” –13 mod 5 = 3, 1 mod 7 = 1 –20 mod 5 = 0,32 mod 7 = 4 modular exponentiation –2 2 mod 3 = 1, 3 2 mod 3 = 0 –2 2 mod 5 = 4, 10 2 mod 92 = 8 –4 6 mod 10 = 6, 3 11 mod 10 = 7

33
FIT3105 - Security and Identity Management33 Mathematical background a is relative prime to b if the largest integer that divides both a & b is 1 –E.g: any m (<>0) is relatively prime to a prime number is 9 relatively prime to 10?

34
FIT3105 - Security and Identity Management34 Mathematical background Let ø(n) denote the total numbers that are less than n and relatively prime to n –If n is a prime number then ø(n) = n – 1 –If p, q are prime numbers and n=p*q, then Ø(n) = Ø(p*q) = p*q – (p + q -1) = (p-1)*(q-1) - p & q are prime numbers => only multiples of p and q are not relatively prime to p*q - That is: there are (p + q – 1) multiples [0 is counted once] of p and q E.g: p = 3; q=7; {0, 3, 7, 6, 9, 12, 14, 15, 18} are not relatively prime to p*q Ø(n) = ø(p*q) = 12 ; {1,2,4,5,8,10,11,13,16,17,19,20}

35
FIT3105 - Security and Identity Management35 Mathematical background y & n are integers and y (mod ø(n)) = 1, for any x < n, x y mod n = x (1) –E.g: y=13 ; n=7; x = 4; ø(n) = 6; y mod ø(n) = 13 mod 6 = 1; x y = 4 13; x y mod n = 4 13 mod 6 = 4 = x mod n;

36
FIT3105 - Security and Identity Management36 Mathematical background The multiplicative inverse of x with modulo n is y such that: (x*y) mod n = 1 (2). The above multiplicative inverse can be used to create a simple public key cipher: either x or y can be thought of as a secret key and the other is the public key. E.g: x=3; n=10; y=7; we have: (3*7) mod 10 = 1; –M =5 ; 3*5 (mod 10) = 5 ; 5*7 (mod 10) = 5 = M (message) –M =6 ; 3*6 (mod 10) = 8; 8*7 (mod 10) = 6 = M (message)

37
FIT3105 - Security and Identity Management37 RSA Public Key Cryptosystem c= m e mod n Network Plain TextCipher Text Plain Text Alice Bob Bob: (e, n) Public Key Directory (Yellow/White Pages) public key: e & n secret key: d m= c d mod n

38
FIT3105 - Security and Identity Management38 RSA (1) Bob: –chooses 2 large prime numbers:p, q multiplies p and q:n = p*q –finds out two numbers e & d such that (e * d) mod ø(n) = 1 [ similar to (2) ] Or (e * d) mod [(p-1)*(q-1)] = 1 –public key (published in the phone book) 2 numbers:(e, n) encryption alg:modular exponentiation –secret key:(d,n)

39
FIT3105 - Security and Identity Management39 RSA (2) Alice has a message m to be sent to Bob: –finds out Bob’s public encryption key (e, n) –calculates m e (mod n) -> c –sends the ciphertext c to Bob

40
FIT3105 - Security and Identity Management40 RSA (3) Bob: –receives the ciphertext c from Alice –uses his matching secret decryption key d to calculate c d (mod n) -> m

41
FIT3105 - Security and Identity Management41 RSA --- 1st small example (1) Bob: –chooses 2 primes:p=5, q=11 multiplies p and q:n = p*q = 55 –finds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1 –Bob’s public key 2 numbers:(3, 55) encryption alg:modular exponentiation –secret key:(27,55)

42
FIT3105 - Security and Identity Management42 RSA --- 1st small example (2) Alice has a message m=13 to be sent to Bob: –finds out Bob’s public encryption key (3, 55) –calculates c: c = m e (mod n) = 13 3 (mod 55) = 2197 (mod 55) = 52 –sends the ciphertext c=52 to Bob

43
FIT3105 - Security and Identity Management43 RSA --- 1st small example (3) Bob: –receives the ciphertext c=52 from Alice –uses his matching secret decryption key 27 to calculate m: m = 52 27 (mod 55) = 13 (Alice’s message)

44
FIT3105 - Security and Identity Management44 Elliptic curve cryptosystem (ECC) Extract from my student’s Thesis – Markku N.M. Pekkarinen Key Size Equivalence Against Best Known Attacks (Based on López and Dahab, 2000 and Fibíková, 2002) 30:15121536015360AES-256256 20:138476807680AES-192192 12:125630723072AES-128128 9:122420482048 Triple DES 112 6:116010241024 SKIPJACK2 2 80 5:1112512512-56 Key size ratio of RSA to ECC (approx) ECC key size for equivalent security (n in bits) RSA key size for equivalent security (n in bits) DLP key size for equivalent security (p in bits) Example algorithm Symmetric key size (in bits)

45
FIT3105 - Security and Identity Management45 Year Number of decimal digits Number of bits MIPS Years Calendar Time to Solution Method (year method developed) 19941294295000 8 months, using 1600 computers Quadratic Sieve (1984) 1995119395250 1996130432750 General Number Field Sieve (1989) 19991404662000 19991555128000 3.7 months General Number Field Sieve (1989) RSA and ECC challenges Progress in Integer Factorisation(Certicom 1997)

46
FIT3105 - Security and Identity Management46 The Need of Digital Signature Social & business activities and their associated documents are becoming digital –Authentication –digital conferences –digital contract signing –digital cash payments,...... Hand-written signatures are not applicable to digital data

47
FIT3105 - Security and Identity Management47 Digital Signature (based on RSA) Public Key Directory (Yellow/White Pages) Bob: E Network Plain Text Bob Secret Key + Cathy Signature Accept if equal D Signature ? Public Key

48
FIT3105 - Security and Identity Management48 Digital Signature (for short doc) Public Key Directory (Yellow/White Pages) Bob: (e, n) Network Plain Text Bob Secret Key d + Cathy Signature Accept if equal Signature ? Public Key (e, n) s = m d mod n t =s e mod n

49
FIT3105 - Security and Identity Management49 RSA Signature --- an eg (1) Bob: –chooses 2 primes:p=5, q=11 multiplies p and q:n = p*q = 55 –finds out two numbers e=3 & d=27 which satisfy (3 * 27) mod 40 = 1 –Bob’s public key 2 numbers:(3, 55) encryption alg:modular exponentiation –secret key:(27,55)

50
FIT3105 - Security and Identity Management50 RSA Signature --- an eg (2) Bob has a document m=19 to sign: –uses his secret key d=27 to calculate the digital signature of m=19: s = m d (mod n) = 19 27 (mod 55) = 24 –appends 24 to 19. Now (m, s) = (19, 24) indicates that the doc is 19, and Bob’s signature on the doc is 24.

51
FIT3105 - Security and Identity Management51 RSA Signature --- an eg. (3) Cathy, a verifier: –receives a pair (m,s)=(19, 24) –looks up the phone book and finds out Bob’s public key (e, n)=(3, 55) –calculatest = s e (mod n) = 24 3 (mod 55) = 19 –checks whether t=m –confirms that (19,24) is a genuinely signed document of Bob if t=m.

52
FIT3105 - Security and Identity Management52 How about Long Documents ? In the previous example, a document has to be an integer in [1,...,n) To sign a very long document, we need a so called one-way hash algorithm Instead of signing directly on a doc, we hash the doc first, and sign the hashed data which is normally short.

53
FIT3105 - Security and Identity Management53 One-Way Hash Algorithm A one-way hash algorithm hashes an input document into a condensed short output (say of 100 bits) –Denoting a one-way hash algorithm by H(.), we have: Input: m - a binary string of any length Output: H(m) - a binary string of L bits, called the “hash of m under H”. The output length parameter L is fixed for a given one- way hash function H, eg –The one-way hash function “MD5” has L = 128 bits –The one-way hash function “SHA-1” has L = 160 bits

54
FIT3105 - Security and Identity Management54 One-Way Hash Algorithm A document (of any length) A condensed short output, say of 100 bits

55
FIT3105 - Security and Identity Management55 Properties of One-Way Hash Algorithm A good one-way hash algorithm H needs to have these properties : –1. Easy to Evaluate: The hashing algorithm should be fast I.e. given any document m, the hashed value h = H(m) can be computed quickly. –2. Hard to Reverse: There is no feasible algorithm to “reverse” a hashed value, I.e. given any hashed value h, it is computationally infeasible to find any document m such that H(m) = h. –NOTE: An algorithm is called ‘One-Way’ if it has BOTH properties 1 and 2. –3. Hard to find Collisions: There is no feasible algorithm to find two or more input documents which are hashed into the same condensed output, I.e it is computationally infeasible to find any two documents m 1, m 2 such that H(m 1 )= H(m 2 ).

56
FIT3105 - Security and Identity Management56 The One-way Property Hash value h (length= L bits) H Document m (any length) This direction is easy to compute! Hash value h (length= L bits) H Document m (any length) But this direction is infeasible to compute!

57
FIT3105 - Security and Identity Management57 Finding Collision is Infeasible (same condensed output) I, Bob, will pay $1,000 to Alice. I, Bob, will pay $10,000 to Alice. HH Document m 1 Document m 2

58
FIT3105 - Security and Identity Management58 Digital Signature (for long doc) Public Key Directory (Yellow/White Pages) Bob: Network Plain Text H 100 bits Bob Secret Key + H 100 bits Cathy Signature Accept if equal 1-way hash 100 bits Signature ? Public Key

59
FIT3105 - Security and Identity Management59 Why Digital Signature ? Unforgeable –takes 1 billion years to forge ! Un-deniable by the signatory Universally verifiable Differs from doc to doc Easily implementable by –software or –hardware or –software + hardware

60
FIT3105 - Security and Identity Management60 Unforgeable Digital Signature I, Bob, will pay $1,000 to Alice. a valid signature 101001010 I, Bob, will pay $10,000 to Alice. 001001101 also a valid signature?

61
FIT3105 - Security and Identity Management61 Digital Signature -- summary Three (3) steps are involved in digital signature –Setting up public and secret keys –Signing a document –Verifying a signature

62
FIT3105 - Security and Identity Management62 Setting up Public & Secret Keys Bob does the following –prepares a pair of public and secret keys –publishes his public key in the public key file (such as an on-line phone book) –keeps the secret key to himself Note: –Setting up needs only to be done once !

63
FIT3105 - Security and Identity Management63 Signing a Document Once setting up is completed, Bob can sign a document (such as a contract, a cheque, a certificate,...) using the secret key The pair of document & signature is a proof that Bob has signed the document.

64
FIT3105 - Security and Identity Management64 Verifying a Signature Any party, say Cathy, can verify the pair of document and signature, by using Bob’s public key in the public key file. Important ! –Cathy does NOT have to have public or secret key !

Similar presentations

© 2019 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google