Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Similar presentations

Presentation on theme: "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."— Presentation transcript:

1 Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture 6: Security Basics-2 Dr. Kemal Akkaya E-mail:

2 Kemal AkkayaWireless & Network Security 2 Public-Key Encryption  A public-key encryption scheme works as follows:  Each user has a public key e and a private key d.  To send a message M to Bob, Alice obtains Bob’s public key e Bob and encrypts M with e Bob : C = E e Bob (M)  When Bob receives the ciphertext C, he decrypts it with his private key d Bob : M = D d Bob (C)  The decryption algorithm D d must be the reverse of the encryption algorithm E e ; i.e., D d (E e (M)) = M for any message M.  It is computationally infeasible to determine the private key d given the knowledge of the public key e and the encryption and decryption algorithms.

3 Kemal AkkayaWireless & Network Security 3 Public-Key Encryption

4 Kemal AkkayaWireless & Network Security 4 RSA  The RSA cryptosystem was invented by Ron Rivest, Adi Shamir and Len Adleman at MIT in 1977. It is, to date, the first unbroken and most widely used public-key cryptosystem.  Rivest, Shamir and Adleman received the Turing Award 2002 for inventing RSA. Shamir, Rivest and Adleman in 1978 Adleman, Shamir, Rivest at CRYPTO '82 Rivest, Shamir and Adleman at RSA 2003 Shamir, Rivest and Adleman at Turing Award Lecture

5 Kemal AkkayaWireless & Network Security 5 RSA  Key generation 1.Choose two (large) distinct primes p and q at random. 2.Compute the RSA modulus n = pq. 3.Compute ø(n) = (p – 1)(q – 1). 4.Select a random integer e (called the encryption exponent), 1 < e < ø(n), such that gcd(e, ø(n)) = 1. 5.Compute the unique integer d (called the decryption exponent), 1 < d < ø(n), such that ed mod ø(n) = 1. 6.The public key is (e, n); the private key is (d, n).  Encryption  Given: receiver’s public key (e, n), message M ε [0, n-1]  Encrypt: C = M e mod n  Decryption  Given: private key (d, n), ciphertext C  Decrypt: M = C d mod n

6 Kemal AkkayaWireless & Network Security 6 RSA: Example  Key generation 1.Choose p = 11 and q = 47. 2.Compute the RSA modulus n = 11 × 47 = 517. 3.Compute ø(n) = 10 × 46 = 460. 4.Choose the encryption exponent e = 3. It is clear that gcd(e, ø(n)) = gcd(3, 460) = 1. 5.Compute the decryption exponent d = 307. 6.The public key is (3, 517); the private key is (307, 517).  Encryption  Given: public key (3, 517), message M = 26  Encrypt: C = 26 3 mod 517 = 515  Decryption  Given: private key (307, 517), ciphertext C = 515  Decrypt: M = 515 307 mod 517 = 26

7 Kemal AkkayaWireless & Network Security 7 RSA  The security of RSA depends on the hardness of the integer factorization problem: given an integer x > 1, what is its prime factorization? Currently there is no known algorithm that can efficiently factor a number whose prime factors are all arbitrarily large.  If one can factor the RSA modulus n into p and q, then he can compute ø(n) = (p – 1)(q – 1) and thus he can determine the decryption exponent d from e and ø(n) efficiently using the Extended Euclidean Algorithm.  The RSA modulus n should be at least 1024 bits long to guard against today’s factoring attacks.

8 Kemal AkkayaWireless & Network Security 8 Symmetric-Key vs. Public-Key  In symmetric-key encryption, the sender has to establish a secret key with the receiver prior to encryption. However, in public-key encryption, the sender just needs to obtain an authentic copy of the receiver’s public key.  In a network of n users, a symmetric-key cryptosystem requires n(n-1)/2 secret keys, but a public-key cryptosystem requires only n public-private key pairs.  Public-key cryptography (digital signatures) provides non-repudiation while symmetric-key cryptography (MAC) does not.  Public-key cryptosystems are substantially slower than symmetric-key cryptosystems since the key sizes of public-key cryptosystems are typically much larger.

9 Kemal AkkayaWireless & Network Security 9 9 Digital Signatures  Encrypted messages that can be mathematically proven to be authentic  Created in response to rising need to verify information transferred using electronic systems  Asymmetric encryption processes used to create digital signatures  Digital Certificates  Electronic document containing key value and identifying information about entity that controls key  Digital signature attached to certificate’s container file to certify file is from entity it claims to be from

10 Kemal AkkayaWireless & Network Security 10 Digital Signatures  A digital signature scheme is composed of:  A public key e and a private key d for each user  A signing algorithm sig d that, with a message M and the signer’s private key d as input, produces the digital signature s = sig d (M) of M  A verification algorithm ver e that, with a message M, a digital signature s and the signer’s public key e as input, returns true if and only if s is the digital signature of M signed by e’s owner; i.e.,  RSA digital signature scheme  (d, n) = signer’s private key, (e, n) = signer’s public key  Sign: s = [H(M)] d mod n  Verify: return true if and only if H(M) = s e mod n  Hash-and-sign: if the message is long, it is common to sign the message digest instead of the message itself to save time.

11 Kemal AkkayaWireless & Network Security 11 Hash Functions  A hash function H: {0,1} *  {0,1} n maps (condenses) a variable-length bitstring to a bitstring of a fixed length.  Given an input x ε {0,1} *, the output h = H(x) is called the hash value or message digest of x, and x is called a preimage of h.  A cryptographic hash function exhibits the property of one-wayness: for any given value h ε {0,1} n, it is computationally infeasible to find an input x ε {0,1} * such that H(x) = h.  Cryptographic hash functions, such as MD5 and SHA-1, are widely used in security applications; for example, they can be used to produce file checksums for integrity check.

12 Kemal AkkayaWireless & Network Security 12 Simple Hash Functions  A one-way or secure hash function used in message authentication, digital signatures  All hash functions process input a block at a time in an iterative fashion  One of simplest hash functions is the bit-by- bit exclusive-OR (XOR) of each block C i = b i1  b i2 ...  b im  effective data integrity check on random data  less effective on more predictable data  virtually useless for data security

13 Kemal AkkayaWireless & Network Security 13 SHA Secure Hash Functions  SHA originally developed by NIST/NSA in 1993  Revised in 1995 as SHA-1  US standard for use with DSA signature scheme  standard is FIPS 180-1 1995, also Internet RFC3174  produces 160-bit hash values  NIST issued revised FIPS 180-2 in 2002  adds 3 additional versions of SHA SHA-256, SHA-384, SHA-512 with 256/384/512-bit hash values  same basic structure as SHA-1 but greater security  NIST intend to phase out SHA-1 use

14 Kemal AkkayaWireless & Network Security 14 SHA-512 Structure

15 Kemal AkkayaWireless & Network Security 15 SHA-512 Round

16 Kemal AkkayaWireless & Network Security 16 Other Secure Hash Functions  Most based on iterated hash function design  if compression function is collision resistant  so is resultant iterated hash function  MD5 (RFC1321)  was a widely used hash developed by Ron Rivest  produces 128-bit hash, now too small  also have cryptanalytic concerns  Whirlpool  developed by Vincent Rijmen & Paulo Barreto  compression function is AES derived W block cipher  produces 512-bit hash

17 Kemal AkkayaWireless & Network Security 17 Message Authentication Codes  Another main application of cryptographic hash functions is message authentication codes (MAC):  The sender shares a secret key K a with the receiver for message authentication.  The sender computes the MAC of a message M as follows: MAC K a (M) = H(M || K a ). The message-MAC pair is then transmitted to the receiver.  The receiver authenticates M by recalculating the MAC and comparing it with the received MAC. If the two MACs match, the receiver is assured that the message comes from the alleged sender and has not been altered during transmission.  Confidentiality can also be provided by encrypting the message- MAC pair with a separate shared secret key K e : E K e (M || MAC K a (M)).

18 Kemal AkkayaWireless & Network Security 18 HMAC  A MAC using a cryptographic hash  Due to speed and code availability  Must incorporate key into use of hash alg  HMAC (RFC2104) widely supported  Used in IPsec, TLS & SET  HMAC treats hash as “black box”  HMAC proven secure if embedded hash function has reasonable cryptographic strength

19 Kemal AkkayaWireless & Network Security 19 HMAC Structure

Download ppt "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."

Similar presentations

Ads by Google