Presentation is loading. Please wait.

Presentation is loading. Please wait.

Private Key Algorithms RSA SSL

Published byCecil Golden Modified over 8 years ago

Similar presentations

Presentation on theme: "Private Key Algorithms RSA SSL"— Presentation transcript:

1 Private Key Algorithms RSA SSL
CPS 512 Computer Security Private Key Algorithms RSA SSL CPS 290

2 Private Key Exchange Private Key method Trent Eka(k) Ekb(k)
Generates k Alice Bob Trusted third party Trent has already exchanged private keys ka and kb with Alice and Bob, respectively. Public Key method Ek1(k) Alice Bob Generates k k1 = Bob’s public key Or we can use a direct protocol, such as Diffie-Hellman (discussed later) CPS 290

3 Private Key Algorithms
Encryption Decryption Key1 Cyphertext Ek(M) = C Dk(C) = M Original Plaintext Plaintext What granularity of the message does Ek encrypt? CPS 290

4 Private Key Algorithms
Block Ciphers: blocks of bits at a time DES (Data Encryption Standard) Banks, linux passwords (almost), SSL, kerberos, … Blowfish (SSL as option) IDEA (used in PGP, SSL as option) Rijndael (AES) – the new standard Stream Ciphers: one bit (or a few bits) at a time RC4 (SSL as option) PKZip Sober, Leviathan, Panama, … CPS 290

5 Private Key: Block Ciphers
Encrypt one block at a time (e.g. 64 bits) ci = f(k,mi) mi = f’(k,ci) Keys and blocks are often about the same size. Equal message blocks will encrypt to equal codeblocks Why is this a problem? Various ways to avoid this: E.g. ci = f(k,ci-1  mi) “Cipher block chaining” (CBC) Why could this still be a problem? Solution: attach random block to the front of the message CPS 290

6 Iterated Block Ciphers
m key Consists of n rounds R = the “round” function si = state after round i ki = the ith round key k1 R s1 k2 R s2 . . kn R c CPS 290

7 Iterated Block Ciphers: Decryption
m key Run the rounds in reverse. Requires that R has an inverse. k1 R-1 s1 k2 R-1 s2 . . kn R-1 c CPS 290

8 Feistel Networks If function is not invertible rounds can still be made invertible. Requires 2 rounds to mix all bits. high bits low bits R R-1 ki ki F F XOR XOR Forwards Backwards Used by DES (the Data Encryption Standard) CPS 290

9 Product Ciphers Each round has two components:
Substitution on smaller blocks Decorrelate input and output: “confusion” Permutation across the smaller blocks Mix the bits: “diffusion” Substitution-Permutation Product Cipher Avalanche Effect: 1 bit of input should affect all output bits, ideally evenly, and for all settings of other in bits CPS 290

10 Rijndael Selected by AES (Advanced Encryption Standard, part of NIST) as the new private-key encryption standard. Based on an open “competition”. Competition started Sept Narrowed to 5 Sept. 1999 MARS by IBM, RC6 by RSA, Twofish by Counterplane, Serpent, and Rijndael Rijndael selected Oct Official Oct. 2001? (AES page on Rijndael) Designed by Rijmen and Daemen (Dutch) The competition of 5 included an RSA entry. CPS 290

11 Public Key Cryptosystems
Introduced by Diffie and Hellman in 1976. Plaintext Public Key systems K1 = public key K2 = private key K1 Encryption Ek(M) = C Cyphertext Digital signatures K1 = private key K2 = public key K2 Decryption Dk(C) = M Original Plaintext Typically used as part of a more complicated protocol. CPS 290

12 Example of SSL (3.0) SSL (Secure Socket Layer) is the standard for the web (https). Protocol (somewhat simplified): B (Bob) -> A (amazon.com) B->A: client hello: protocol version, acceptable ciphers A->B: server hello: cipher, session ID, |amazon.com|verisign B->A: key exchange, {masterkey}amazon’s public key A->B: server finish: ([amazon,prev-messages,masterkey])key1 B->A: client finish: ([bob,prev-messages,masterkey])key2 A->B: server message: (message1,[message1])key1 B->A: client message: (message2,[message2])key2 |h|issuer = Certificate = Issuer, <h,h’s public key, time stamp>issuer’s private key <…>private key = Digital signature {…}public key = Public-key encryption [..] = Secure Hash (…)key = Private-key encryption key1 and key2 are derived from masterkey and session ID hand- shake data CPS 290

13 Server Name Issue The client expects the server to send a certificate matching the domain of the requested Web site. But the client doesn’t tell the server which Web site it is requesting -- not a problem if server hosts only one site. For servers hosting multiple secure Web sites, the “solution” is to assign multiple IP addresses to the network interface, one for each certificate. Akamai uses approximately 10M IP addresses for this purpose. Better solution: “server name” extension in successor to SSL, TLS CPS 290

14 TLS Client Hello – TLS Version 1.0 (SSL 3.1)
CPS 290

15 TLS Client Hello Message – Cipher Suite
CPS 290

16 TLS Client Hello – Server Name Extension
CPS 290

17 TLS Server Hello -- Cypher
CPS 290

18 TLS Server Hello – Certificate
CPS 290

Download ppt "Private Key Algorithms RSA SSL"

Similar presentations

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.

15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Chapter 8 Web Security.

Chapter 8 Web Security.
15-853:Algorithms in the Real World

15-853:Algorithms in the Real World
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Similar presentations

Ads by Google