Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

Published byLindsey Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption."— Presentation transcript:

1 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption

2 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 2 Cryptography Bob Alice Intruder untrusted network encrypt decrypt  Types  Symmetric key  Asymmetric key  Attacks  Ciphertext only  Known plaintext  Chosen plaintext message ciphertext

3 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  (e,n) is Alice’s public key  (d,n) is Alice’s secret key 3 RSA Encryption Rivest, Shamir, Adelman Alice untrusted network encryptdecrypt Bob (e,n) (d,n) M e mod nC d mod n Intruder M C C M

4 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 4 RSA Algorithm 1. Choose two large (100 digit) prime numbers, p and q, and set n = p x q 2. Choose any large integer, d, so that: GCD( d, ((p­1)x(q­1)) = 1 3. Find e so that: e x d = 1 (modulo (p­1)x(q­1)) Example: 1. p = 5, q = 11 and n = 55. (p­1)x(q­1) = 4 x 10 = 40 2. A valid d is 23 since GCD(40, 23) = 1 3. Then e = 7 since: 23 x 7 = 161 modulo 40 = 1

5 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Certification Authority (CA) Trusted (by Bob) entity Authenticates identity of individual (Alice) creates (public key, private key) pair Certificate contains an (identity, public key) pair is signed with the private key of the CA Repository need not be trusted is read-only to relying parties may be duplicated for performance Certificate can be “pushed” to the relying party 5 Public Key Infrastructure (PKI) issues stored in retrieved Alice proves identity Bob (relying party)

6 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 6 Certificate/Trust Chain identity signed by presented identity certificate trusted CA (root CA, trust anchor) identity

7 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Diffie-Hellman Key Exchange  How can two parties come to possess a shared secret using only insecure channels of communication?  Assumes passive eavesdropping only (i.e. susceptible to active (wo)man-in-the-middle attack)  Relies on prime number groups (more later)  Same/similar techniques underlie more recent cryptographic methods 7

8 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Diffie-Hellman Key Exchange  Some mathematics  If p is prime number, then the numbers 1..p-1 form a group of order p-1 with multiplication modulo p as its operator.  A generator, g, is any number 1..p-1 such that for all n in 1..p-1 there is a power k such that n=g k mod p.  Example: 3 is a generator for the group with p=7  Notation:  Operations:  Security based on computational infeasibility of solving the discrete logarithm problem (i.e., finding x if y = g x mod p given y, g, and p). 8

9 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Key Exchange Protocol  Public information  A prime number, p  A generator, g  Steps  Alice chooses a random number a and computes u=g a mod p and sends u to Bob.  Bob chooses a random number b and computes v=g b mod p and sends v to Alice.  Bob computes the key k = u b mod p = (g a ) b mod p.  Alice computes the key k = v a mod p = (g b ) a mod p.  (note: both Bob and Alice have k = (g ab ) mod p) 9

10 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Identity-based encryption  Public-key encryption  Identity is conveyed in a certificate from a certificate authority that binds the public key to the identity  Certificate must be obtained in advance  Certificate authority is trusted to validate claim of identity  Identity-based encryption  Identity itself serves as the public key (e.g, bob@company.com)  No advance preparation needed  Trusted service validates claim of identity  Key escrow issue (trusted service can recreate secret key associated with an identity) 10

11 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Identity-based encryption 11 Private Key Generator Encrypted with bob@company.com as public key authenticate bob@company.com send private key Alice Bob

12 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Identity-based Encryption 12 SetupkExtract master-key Private Key Generator (PKG) Receiver Decrypt params Sender Encrypt M C M d ID ID

13 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Bilinear Maps  Some mathematics   Fortunately, groups with these properties can be generated algorithmically using a positive integer seed value (security parameter) k. 13

14 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Identity-based encryption  BasicIdent algorithm  Setup 14

15 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Identity-based Encryption  Extract  Encrypt  Decrypt 15

16 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Why does this work?  Encryption bitwise exclusive-ors M with:  Decryption bitwise exclusive-ors V with:  These masks are the same since: 16

17 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Extensions 17 bilinear groups threshold secret sharing access tree ID-based attribute/fuzzy IDkey/policy-based

Download ppt "Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption."

Similar presentations

Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Public Key Cryptography

Public Key Cryptography
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Similar presentations

Ads by Google