We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byEmma Hamilton
Modified over 2 years ago
Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu
2 © Ravi Sandhu DIGITAL SIGNATURES Signature Algorithm S Verification Algorithm V Plain- text Yes/No Plaintext + Signature INSECURE CHANNEL A's Private Key A's Public Key RELIABLE CHANNEL A A B B
3 © Ravi Sandhu COMPARE PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext INSECURE CHANNEL B's Public Key B's Private Key RELIABLE CHANNEL A A B B
4 © Ravi Sandhu DIGITAL SIGNATURES IN RSA RSA has a unique property, not shared by other public key systems Encryption and decryption commute (M e mod n) d mod n = Mencryption (M d mod n) e mod n = Msignature Same public key can be use for encryption and signature
5 © Ravi Sandhu EL GAMAL AND VARIANTS encryption only signature only 1000s of variants including NISTs DSA
6 © Ravi Sandhu NIST DIGITAL SIGNATURE STANDARD System-wide constants p bit prime q160 bit prime divisor of p-1 g g = h ((p-1)/q) mod p, 1
7 © Ravi Sandhu NIST DIGITAL SIGNATURE STANDARD to sign message m: private key x choose random r compute v = (g r mod p) mod q compute s = (m+xv)/k mod q signature is (s,v,m) to verify signature: public key y compute u1 = m/s mod q compute u2 = v/s mod q verify that v = (g u1 *y u2 mod p) mod q
8 © Ravi Sandhu NIST DIGITAL SIGNATURE STANDARD signature does not repeat, since r will be different on each occasion if same random number r is used for two messages, the system is broken message expands by a factor of 2 RSA signatures do repeat, and there is no message expansion
9 © Ravi Sandhu DIFFIE-HELLMAN KEY AGREEMENT A A B B y A =a x A mod p public key private key x A private key x B y B =a x B mod p public key k = y B x A mod p = y A x B mod p = a x A * x B mod p system constants: p: prime number, a: integer
10 © Ravi Sandhu DIFFIE-HELLMAN KEY ESTABLISHMENT security depends on difficulty of computing x given y=a x mod p called the discrete logarithm problem
11 © Ravi Sandhu MAN IN THE MIDDLE ATTACK A A C C B B
12 © Ravi Sandhu CURRENT GENERATION PUBLIC KEY SYSTEMS RSA (Rivest, Shamir and Adelman) the only one to provide digital signature and encryption using the same public-private key pair security based on factoring ElGamal Encryption public-key encryption only security based on digital logarithm DSA signatures public-key signature only one of many variants of ElGamal signature security based on digital logarithm
13 © Ravi Sandhu CURRENT GENERATION PUBLIC KEY SYSTEMS DH (Diffie-Hellman) secret key agreement only security based on digital logarithm ECC (Elliptic curve cryptography) security based on digital logarithm in elliptic curve field uses analogs of ElGamal encryption DH key agreement DSA digital signature
14 © Ravi Sandhu ELLIPTIC CURVE CRYPTOGRAPHY mathematics is more complicated than RSA or Diffie-Hellman elliptic curves have been studied for over one hundred years computation is done in a group defined by an elliptic curve
15 © Ravi Sandhu ELLIPTIC CURVE CRYPTOGRAPHY 160 bit ECC public key is claimed to be as secure as 1024 bit RSA or Diffie-Hellman key good for small hardware implementations such as smart cards
16 © Ravi Sandhu ELLIPTIC CURVE CRYPTOGRAPHY ECDSA: Elliptic Curve digital signature algorithm based on NIST Digital Signature Standard ECSVA: Elliptic Curve key agreement algorithm based on Diffie-Hellman ECES: Elliptic Curve encryption algorithm based on El-Gamal
17 © Ravi Sandhu PKCS STANDARDS de facto standards initiated by RSA Data Inc.
18 © Ravi Sandhu MESSAGE DIGEST message digest algorithm original message no practical limit to size message digest 128 bit/160 bit easyhard
19 © Ravi Sandhu MESSAGE DIGEST for performance reasons sign the message digest not the message one way function m=H(M) is easy to compute M=H -1 (m) is hard to compute
20 © Ravi Sandhu DESIRED CHARACTERISTICS weak hash function difficult to find M' such that H(M')=H(M) given M, m=H(M) try messages at random to find M with H(M)=m 2 k trials on average, k=80 to be safe
21 © Ravi Sandhu DESIRED CHARACTERISTICS strong hash function difficult to find any two M and M' such that H(M')=H(M) try pairs of messages at random to find M and M such that H(M)=H(M) 2 k/2 trials on average, k=128 to be safe k=160 is better
22 © Ravi Sandhu CURRENT GENERATION MESSAGE DIGEST ALGORITHMS MD5 (Message Digest 5) 128 bit message digest falling out of favor SHA (Secure Hash Algorithm) 160 bit message digest slightly slower than MD5 but more secure
Asymmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC KEY ENCRYPTION Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text Ciphertext.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Symmetric Message Authentication Codes Prof. Ravi Sandhu.
Symmetric Encryption Prof. Ravi Sandhu. 2 © Ravi Sandhu SECRET KEY CRYPTOSYSTEM Encryption Algorithm E Decryption Algorithm D Plain- text Plain- text.
Seminar on (ENCODING AND DECODING TECHNIQUES)
1 El Gamel Public Key Cryptosystem. 2 The Discrete Log Problem The El Gamel public key cryptosystem is based upon the difficulty of solving the discrete.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Chapter 3 Public Key Cryptography and Message authentication.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Cryptography Ch-1 prepared by: Diwan. Essential Terms Cryptography Encryption Plain text Cipher text Decryption Cipher text Plain text Cryptanalysis Cryptology.
Security – Keys, Digital Signatures and Certificates I CS3517 Distributed Systems and Security Lecture 19.
Peer-to-peer and agent-based computing Security in Distributed Systems.
Public Key Infrastructure and Applications. Agenda PKI Overview Digital Signatures What is it? How does it work? Digital Certificates Public Key Infrastructure.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Public Key Encryptions CS461/ECE422 Fall Reading Material Text Chapters 2 and 20 Handbook of Applied Cryptography, Chapter 8 –
Md. Kamrul Hasan Assistant Professor and Chairman Computer and Communication Engineering Dept. Network Security.
1 RSA. 2 Prime Numbers An integer p is a prime number if it has no factors other than 1 and itself. An integer which is greater than 1 and not a prime.
Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy.
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
The Diffie-Hellman Algorithm. Overview Introduction Implementation Example Applications Conclusion.
CONTROLS & PROTECTION MECHANISMS Today’s Reference: Whitman & Mattord, Management of Information Security, 2 nd edition, 2008 Chapter 9.
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Computer Security Set of slides 4 Dr Alexei Vernitski.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
© 2016 SlidePlayer.com Inc. All rights reserved.