Public Key Encryption Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Public.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Cryptography, Authentication and Digital Signatures
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Cryptographic Hash Functions and Protocol Analysis
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Intro to Cryptography Lesson Introduction
Key Management Network Systems Security Mort Anvari.
Lecture 5 Page 1 CS 236 Online Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E,P) P = D(K D,C) Often, works the.
Network Security Celia Li Computer Science and Engineering York University.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Key Exchange References: Applied Cryptography, Bruce Schneier
Public Key Encryption Systems
Public Key Encryption and Digital Signatures
Public-key Cryptography
Cryptography: Basics (2)
Key Management Network Systems Security
Public-Key, Digital Signatures, Management, Security
Public Key Encryption Systems
Secure Diffie-Hellman Algorithm
Presentation transcript:

Public Key Encryption Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Public Key Encryption 1111

Public Key Encryption In 1976, Whitfield Diffie and Martin Hellman proposed public key encryption (asymmetric encryption) in which different keys are used for encryption and decryption. In 1997, it was disclosed that asymmetric key algorithms had been developed in the early 1970’s by the British Government’s Communication Headquarters (GCHQ). They referred to the technique as non-secret encryption. Coming up: Public Key Encryption 2222

Public Key Encryption Use a publicly disclosed key to encrypt and a secret key to decrypt. The requisite relationship is: We’ll denote the public key for principal A by K a and the private key will be denoted K a −1 Coming up: Public Key Systems 3333

Public Key Systems Also, for some public key systems, RSA in particular, encryption and decryption commute and either key can be used in either function. That is: This is crucial in some uses of RSA. But is not true for most public key cryptosystems. Coming up: Public Key Systems 4444

Public Key Systems The basis of any public key system is the identification of a one- way function: easily computed, but difficult to invert without additional information. Example: It is easy to multiply two large primes p 1 and p 2. However, it is very difficult to factor p 1 p 2 to recover p 1 and p 2. But, given p 1 p 2 and either of p 1 or p 2, it is straightforward to recover the other, simply by dividing. Coming up: Efficiency of Encryption 5555

Efficiency of Encryption Public key systems largely solve the key distribution problem. Why? A public key encryption may take 10,000 times as long to perform as a symmetric encryption; the computation depends on more complex operations, not on simple bit-wise operations. Symmetric encryption remains the work horse of commercial cryptography, with asymmetric encryption playing some important special functions. Coming up: Lessons 6666

Lessons Devising an asymmetric encryption algorithm depends on identifying a one-way function, easy to compute but hard to invert. Public key systems largely solve the key distribution problem. Asymmetric algorithms are generally much less efficient than symmetric algorithms. Coming up: RSA Algorithm 7777

RSA Algorithm The Rivest-Shamir-Adelman (RSA) algorithm relies on the difficulty of factoring large numbers. Two keys, e and d, are used for encryption and decryption. The algorithm is such that: A plaintext block P is encrypted as (P e mod n). d is chosen so that: An interceptor would have to factor P e to recover the plaintext. The legitimate receiver knows d and merely computes, which is much easier. Coming up: Other Public Key Algorithms 8888

Other Public Key Algorithms A public key system can be based on any one-way function. A rich source is the set of NP-complete problems. These are infeasible to solve, but a solution can be checked in polynomial time. Merkle and Hellman proposed a public key system based on the knapsack problem: given a set of integers and a target sum, find a subset of the integers that sum to the target. The algorithm is theoretically very secure, but has practical weaknesses. Coming up: Elliptic Curve Cryptography 9999

Elliptic Curve Cryptography Elliptical Curve Cryptography (ECC) is a newer public key encryption system (1985) using elliptic curves instead of prime numbers Some say 164 bit key is equivalent to other systems 1024 bit key (another say 256 bit = 3076 RSA bits) 112-bit key ECC broken using 200 Playstation 3s running continuously for 3.5 months. G=start point per curve k=random private key, public key=kG Source: Coming up: Authentication with Public Keys 10

Authentication with Public Keys Assume K a is A’s public key. Suppose B sends the following message to A: {M} Ka. What assurances does A have? 1.No-one intercepting the message could read it. Why? 2.He can’t be sure it actually came from B. Why not? Thus, encryption with the public key is a privacy transformation, but not an authenticity transformation. Coming up: Authentication with Public Keys 10 11

Authentication with Public Keys Using RSA, B send to A. If A can decrypt it using K b, what assurance is gained? 1.A is sure it originated with B. Why? 2.But someone intercepting the message might read it. Why? Thus, encryption with private key is an authenticity transformation, not a privacy transformation. Note this only works in RSA, because: In other public key systems, you typically need two pairs of keys: one pair for privacy and the other pair for “signing” (authenticity). Coming up: Lessons 11 12

Lessons RSA is the most widely used public key cryptosystem. RSA is symmetric in the use of keys; most public key schemes are not. A public key encryption can be used for authenticity or for privacy but not both at once. Coming up: Cryptographic Hash Functions 12 13

Cryptographic Hash Functions Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Hash Functions 13 14

Hash Functions A hash function is a function that converts variable-sized text into a small datum, usually a fixed size integer. A cryptographic hash function has the additional qualities: it is difficult to construct a text that has a given hash, it is difficult to modify a given text without changing its hash, it is unlikely that two different messages will have the same hash. The hash value is sometimes called a message digest. Cryptographic hash functions are used to protect integrity. Coming up: Vocabulary 14 15

Vocabulary A function f is preimage resistant if, given h, it is hard to find any m such that h = f (m). A function f is second preimage resistant if, given an input m 1, it is hard to find m 2 ≠ m 1 such that f (m 1 ) = f (m 2 ). This is sometimes called weak collision resistance. A function f is (strong) collision resistant if it is hard to find two messages m 1 and m 2 such that f (m 1 ) = f (m 2 ). Coming up: Birthday Attacks 15 16

Birthday Attacks If a function f(x) yields any of H different outputs with equal probability and H is sufficiently large, then we expect to obtain a pair of different arguments x 1 and x 2 with f (x 1 ) = f (x 2 ) after evaluating the function for about different arguments on average. What does this mean for a hash value of 128 bits? for 160 bits? Coming up: Cryptographic Hash Functions 16 17

Cryptographic Hash Functions Hash functions usually are used for integrity, not confidentiality. In a document retrieval system containing legal records, it may be important to know that the copy retrieved is identical to that stored. In a secure communications system, the correct transmission of messages may override confidentiality concerns. A cryptographic hash function “binds” the bytes of a file together in a way that makes seal any alterations to the file apparent. We say that we the file to make it tamper-proof (actually tamper-resistant). Coming up: Using a Hash Function 17 18

Using a Hash Function The process is as follows: Given a sensitive file f, compute the hash function h(f ) and store the result securely. Each time the file is used or accessed, recompute the hash. Compare it to the stored value. If the two values match, it is likely that no changes have occurred to the file. Coming up: Common Hash Algorithms 18 19

Common Hash Algorithms Two widely used cryptographic hash functions are: MD5: (Message Digest 5) invented by Ron Rivest and RSA Labs; SHA-1/SHA-2/SHS: (Secure Hash Algorithm or Standard) similar to MD5. MD5 hashes a message of any size to a 128-bit digest. SHA/SHS produce a 160-bit digest. Coming up: Lessons 19 20

Lessons A cryptographic hash function takes an arbitrary text and produces a fixed size bit string that depends on each value of the text. It should be difficult to find collisions—values that hash to the same result. A hash can be used to show with high probability that a text has not changed. Coming up: Key Exchange 20 21

Key Exchange Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: The Key Exchange Problem 21 22

The Key Exchange Problem Suppose you want to establish a secure communication channel with someone you don’t know. We call this a situation of mutual suspicion. This is extremely common. You submit your income tax on-line. You send your credit card information to a shopping website. You wish to exchange encrypted with another party. Once you agree on a shared secret (key) the communication can proceed. But how do you exchange the key? This is the key exchange problem. Coming up: Key Exchange: Attempt

Key Exchange: Attempt 1 Suppose both parties S and R have a public / private RSA key pair for asymmetric communication. Say S chooses a new symmetric key K and sends to R the following message: R can decrypt the message using S’s public key to retrieve K. What is wrong with this scheme? Answer: Any eavesdropper can intercept the message and decrypt it using S’s public key to retrieve K. Coming up: Key Exchange: Attempt

Key Exchange: Attempt 2 Instead, suppose S sends to R the following message: Since only R can decrypt this message, confidentiality is assured. What’s wrong this time? Now R doesn’t have any assurance that the message actually came from S. An intruder may be “spoofing” (pretending to be S) to obtain information that R intends only for S. Can we preserve both confidentiality and authentication with one transaction? Coming up: Key Exchange (Cont.) 26 25

Key Exchange (Cont.) A third attempt is for S to send R the following: How does R extract K? What assurances does this provide? 1.Since, no one but R can decrypt the message, confidentiality is assured. 2.No one but S could have performed the inner encryption, so authentication is accomplished. This notion of nested encryptions is very useful in a variety of cryptographic protocols. Could you have done the encryptions in the other order? Coming up: Lessons 24 26

Lessons Public key cryptosystems can be used for key exchange, but you have to do it carefully. Key exchange requires both confidentiality and authentication. Coming up: Diffie-Hellman Key Exchange 25 27

Diffie-Hellman Key Exchange Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Diffie-Hellman Key Exchange 27 28

Diffie-Hellman Key Exchange The question of key exchange was one of the first problems addressed by a cryptographic protocol. This was prior to the invention of public key cryptography. The Diffie-Hellman key agreement protocol (1976) was the first practical method for establishing a shared secret over an unsecured communication channel. The point is to agree on a key that two parties can use for a symmetric encryption, in such a way that an eavesdropper cannot obtain the key. Coming up: Diffie-Hellman Algorithm 28 29

Diffie-Hellman Algorithm Steps in the algorithm: 1.Alice and Bob agree on a prime number p and a base g. 2.Alice chooses a secret number a, and sends Bob (g a mod p). 3.Bob chooses a secret number b, and sends Alice (g b mod p). 4.Alice computes ((g b mod p) a mod p). 5.Bob computes ((g a mod p) b mod p). Both Alice and Bob can use this number as their key. Notice that p and g need not be protected. Coming up: Diffie-Hellman Example 29 30

Diffie-Hellman Example 1.Alice and Bob agree on p = 23 and g = 5. 2.Alice chooses a = 6 and sends 5 6 mod 23 = 8. 3.Bob chooses b = 15 and sends 5 15 mod 23 = Alice computes 19 6 mod 23 = 2. 5.Bob computes 8 15 mod 23 = 2. Then 2 is the shared secret Clearly, much larger values of a, b, and p are required. An eavesdropper cannot discover this value even if she knows p and g and can obtain each of the messages. Coming up: Diffie-Hellman Security 30 31

Diffie-Hellman Security Suppose p is a prime of around 300 digits, and a and b at least 100 digits each. Discovering the shared secret given g, p, g a mod p and g b mod p would take longer than the lifetime of the universe, using the best known algorithm. This is called the discrete logarithm problem. Coming up: Lessons 31 32

Lessons How can two parties agree on a secret value when all of their messages might be overheard by an eavesdropper? The Diffie-Hellman algorithm accomplishes this, and is still widely used. With sufficiently large inputs, Diffie-Hellman is very secure. End of presentation 32 33

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.