Presentation is loading. Please wait.

Presentation is loading. Please wait.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Published byZoe Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research."— Presentation transcript:

1 How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research

2 November 26, 20022 Transfer of Confidential Data You (client)Merchant (server) I want to make a purchase. What is your Credit Card Number? My Credit Card is 6543 2345 6789 8765.

3 November 26, 20023 Transfer of Confidential Data  But the Internet provides no privacy.  Is there any way to protect my data from prying eyes at intermediate nodes?

4 November 26, 20024 Symmetric Encryption  If the user has a pre-existing relationship with the merchant, they may have a shared secret key K – known only to the two parties.  User encrypts private data with key K.  Merchant decrypts data with key K.

5 November 26, 20025 Asymmetric Encryption  What if the user and merchant have no prior relationship?  Asymmetric encryption allows me to encrypt a message for a recipient without knowledge of the recipient’s decryption key.

6 November 26, 20026 The Fundamental Equation Z=Y X mod N

7 November 26, 20027 The Fundamental Equation Z=Y X mod N When Z is unknown, it can be efficiently computed.

8 November 26, 20028 The Fundamental Equation Z=Y X mod N When X is unknown, the problem is known as the discrete logarithm and is generally believed to be hard to solve.

9 November 26, 20029 The Fundamental Equation Z=Y X mod N When Y is unknown, the problem is known as discrete root finding and is generally believed to be hard to solve … without the factorization of N.

10 November 26, 200210 The Fundamental Equation Z=Y X mod N The problem is not well-studied for the case when N is unknown.

11 November 26, 200211 How to compute Y X mod N Compute Y X and then reduce mod N.  If X, Y, and N each are 1,000-bit integers, Y X consists of ~2 1010 bits.  Since there are roughly 2 250 particles in the universe, storage is a problem.

12 November 26, 200212 How to compute Y X mod N  Repeatedly multiplying by Y (followed each time by a reduction modulo N) X times solves the storage problem.  However, we would need to perform ~2 900 32-bit multiplications per second to complete the computation before the sun burns out.

13 November 26, 200213 How to compute Y X mod N Multiplication by Repeated Doubling To compute X Y, compute Y, 2Y, 4Y, 8Y, 16Y,… and sum up those values dictated by the binary representation of X. Example: 26Y = 2Y + 8Y + 16Y.

14 November 26, 200214 How to compute Y X mod N Exponentiation by Repeated Squaring To compute Y X, compute Y, Y 2, Y 4, Y 8, Y 16, … and multiply those values dictated by the binary representation of X. Example: Y 26 = Y 2 Y 8 Y 16.

15 November 26, 200215 How to compute Y X mod N We can now perform a 1,000-bit modular exponentiation using ~1,500 1,000-bit modular multiplications.  1,000 squarings: y, y 2, y 4, …, y 2 1000  ~500 “ordinary” multiplications

16 November 26, 200216 The Fundamental Equation Z=Y X mod N When Y is unknown, the problem is known as discrete root finding and is generally believed to be hard to solve … without the factorization of N.

17 November 26, 200217 RSA Encryption/Decryption  Select two large primes p and q.  Publish the product N = pq.  The exponent X is typically fixed at 65537.  Encrypt message Y as E(Y) = Y X mod N.  Decrypt ciphertext Z as D(Z) = Z 1/X mod N.  Note D(E(Y)) = (Y X ) 1/X mod N = Y.

18 November 26, 200218 RSA Signatures and Verification  Not only is D(E(Y)) = (Y X ) 1/X mod N = Y, but also E(D(Y)) = (Y 1/X ) X mod N = Y.  To form a signature of message Y, create S = D(Y) = Y 1/X mod N.  To verify the signature, check that E(S) = S X mod N matches Y.

19 November 26, 200219 Transfer of Confidential Data You (client)Merchant (server) I want to make a purchase. What is your Credit Card Number? My Credit Card is 6543 2345 6789 8765.

20 November 26, 200220 Transfer of Confidential Data You (client)Merchant (server) I want to make a purchase. Here is my RSA public key E. My Credit Card is E(6543 2345 6789 8765).

21 November 26, 200221 Intermediary Attack You (client)Merchant (server) I want to make a purchase. My public key is Ẽ. Ẽ(CC#) Intermediary I want to make a purchase. My public key is E. E(CC#)

22 November 26, 200222 Digital Certificates “Alice’s public modulus is N A = 331490324840…” -- signed … someone you trust.

23 November 26, 200223 Transfer of Confidential Data You (client)Merchant (server) I want to make a purchase. Here is my RSA public key E and a cert. My Credit Card is E(6543 2345 6789 8765).

24 November 26, 200224 Replay Attack You (client)Merchant (server) I want to make a purchase. Here is my RSA public key E and a cert. My Credit Card is E(6543 2345 6789 8765). Later … EavesdropperMerchant (server) I want to make a different purchase. Here is my RSA public key E and a cert. My Credit Card is E(6543 2345 6789 8765).

25 November 26, 200225 Transfer of Confidential Data You (client)Merchant (server) I want to make a purchase. Here is my RSA public key E and a cert and a “nonce”. My Credit Card and your nonce are E(“6543 2345 6789 8765”, nonce).

26 November 26, 200226 SSL/PCT/TLS History  1994: Secure Sockets Layer (SSL) V2.0  1995: Private Communication Technology (PCT) V1.0  1996: Secure Sockets Layer (SSL) V3.0  1997: Private Communication Technology (PCT) V4.0  1999: Transport Layer Security (TLS) V1.0

27 November 26, 200227 SSL/PCT/TLS You (client)Merchant (server) Let’s talk securely. Here are the protocols and ciphers I understand. I choose this protocol and these ciphers. Here is my public key, a cert, a nonce, etc. Using your public key, I’ve encrypted a random symmetric key (and your nonce).

28 November 26, 200228 SSL/TLS All subsequent secure messages are sent using the symmetric key and a keyed hash for message authentication.

29 November 26, 200229 Symmetric Ciphers Private-key (symmetric) ciphers are usually divided into two classes.  Block ciphers  Stream ciphers

30 November 26, 200230 Block Ciphers Block Cipher Plaintext DataCiphertext Key Usually 8 or 16 bytes. DES, AES, RC2, RC5, etc.

31 November 26, 200231 Block Cipher Modes Electronic Code Book (ECB) Encryption: Block Cipher Block Cipher Block Cipher Block Cipher Plaintext Ciphertext

32 November 26, 200232 Block Cipher Modes Electronic Code Book (ECB) Decryption: Inverse Cipher Inverse Cipher Inverse Cipher Inverse Cipher Plaintext Ciphertext

33 November 26, 200233 Block Cipher Modes Cipher Block Chaining (CBC) Encryption: Block Cipher Block Cipher Block Cipher Block Cipher Plaintext Ciphertext IV

34 November 26, 200234 Block Cipher Modes Cipher Block Chaining (CBC) Decryption: Inverse Cipher Inverse Cipher Inverse Cipher Inverse Cipher Plaintext Ciphertext IV

35 November 26, 200235 Stream Ciphers RC4, SEAL, etc.  Use the key as a seed to a pseudo-random number-generator.  Take the stream of output bits from the PRNG and XOR it with the plaintext to form the ciphertext.

36 November 26, 200236 Stream Cipher Encryption Plaintext: PRNG(seed): Ciphertext:

37 November 26, 200237 Stream Cipher Integrity  It is easy for an adversary (even one who can’t decrypt the ciphertext) to alter the plaintext in a known way. Bob to Bob’s Bank: Please transfer $0,000,002.00 to the account of my good friend Alice.

38 November 26, 200238 One-Way Hash Functions The idea of a check sum is great, but it is designed to prevent accidental changes in a message. For cryptographic integrity, we need an integrity check that is resilient against a smart and determined adversary.

39 November 26, 200239 One-Way Hash Functions Generally, a one-way hash function is a function H : {0,1}*  {0,1} k (typically k is 128 or 160) such that given an input value x, one cannot find a value x  x such H(x) = H(x ).

40 November 26, 200240 One-Way Hash Functions There are many measures for one-way hashes.  Non-invertability: given y, it’s difficult to find any x such that H(x) = y.  Collision-intractability: one cannot find a pair of values x  x such that H(x) = H(x ).

41 November 26, 200241 One-Way Hash Functions  When using a stream cipher, a hash of the message can be appended to ensure integrity. [Message Authentication Code]  When forming a digital signature, the signature need only be applied to a hash of the message. [Message Digest]

Download ppt "How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.

Similar presentations

Ads by Google