CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security
Cryptography Ciphers 1. Classic Substitution e.g., Caesar Cipher Transposition e.g., Route Cipher Hybrid 2. Modern Symmetric (Private Key) Stream Cipher e.g., RC4, A5/1 Block Cipher e.g., DES, AES Asymmetric (Public Key) e.g., RSA Hybrid
Asymmetric-Key Algorithms (Public Key Encryption Algorithms) a user has a pair of cryptographic keys - a public key and a private key. The private key is kept secret, while the public key may be widely distributed The keys are related mathematically, but the private key cannot be practically derived from the public key. Then, HOW? A message encrypted with the public key can be decrypted only with the corresponding private key.
Math 1. Prime The prime is a natural number which has exactly two distinct natural number divisors: 1 and itself The first 15 prime numbers are: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47.
Math 2. Coprime The integers a and b are said to be coprime or relatively prime if they have no common factor other than 1 and −1 (if their Greatest Common Divisor is 1) For example, 6 and 35 are coprime 6 and 27 are not coprime because they are both divisible by 3 A fast way to determine whether two numbers are coprime is given by the Euclidean algorithm that determine the greatest common divisor (GCD) of two elements. Euler's Totient Function of a positive integer n is the number of integers between 1 and n which are coprime to n
Math 3. Euclidean Algorithm (Euclid's Algorithm) The Euclidean algorithm is an algorithm to determine the greatest common divisor (GCD) of two elements. Using recursion, the algorithm can be expressed: function gcd(a, b) { if b = 0 return a else return gcd(b, a mod b) } For example: gcd(35,6) = gcd(6,5) = gcd(5,1) = gcd(1,0) = 1 (This means that 35 and 6 are coprime) gcd(27,6) = gcd(6,3) = gcd(3,0) = 3
Math 4. The Congruence Relation Two integers a and b are said to be “congruent modulo” n, if their difference a − b is an integer multiple of n. If this is the case, it is expressed as: a ≡ b (mod n) " a is congruent to b modulo n “ For example, 38 ≡ 14 (mod 12) 38 ≡ 2 (mod 12) -3 ≡ 2 (mod 5)
The totient φ(n) of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n. To compute Euler's function for n: with the product ranging only over the distinct primes p dividing n if n=p.q and p&q are distinct primes: φ(n) = φ(p.q) = (p-1)(q-1) For example, φ(6) = φ(3.2) = (3-1)(2-1) = 2 // 1, 5 Math 5. Euler's Totient Function Euler's Totient Function Values For n = 1 to 500, with Divisor Lists (
Asymmetric-Key Algorithms Example: RSA The algorithm was publicly described in 1977, however, was not revealed until 1997 due to its top- secret classification. Rivest, Shamir, and Adleman devised RSA independently of Cocks' work. RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key.
Asymmetric-Key Algorithms RSA – Key Algorithm 1. Choose two distinct large random prime numbers p and q 2. Compute n=p.q n is used as the modulus for both the public and private keys 3. Compute the totient: φ (n)=(p-1)(q-1) 4. Choose an integer e such that 1<e<φ(n), and e and φ(n) share no factors other than 1; (i.e. e and φ(n) are coprime) e is released as the public key exponent 5. Compute d to satisfy the congruence relation: d.e ≡ 1 (mod φ(n)) ; (i.e. d.e=1+kφ(n) for some integer k ) d is kept as the private key exponent Public Key: (n, e) Private Key: (n,d) To encrypt message: c = m e mod n To decrypt message: m = c d mod n
Asymmetric-Key Algorithms RSA – Example p = 11 q = 3 n = 11.3 = 33 φ(33) = (11-1)(3-1) = 20 e = 3 // 3 and 20 are coprime d = 7 // 3.7 ≡ 1 (mod 20) Question: Encrypt the message M=15? c = m e mod n = 15 3 mod 33 = 9 m = c d mod n = 9 7 mod 33 = 15
Uses for Public Key Crypto 1. Confidentiality The primary advantage of symmetric key cryptography is efficiency (because there is no infrastructure, such as PKI). In the realm of confidentiality, the primary advantage of public key cryptography is that no need to establish a shared key in advance. To achieve both advantage, use a hybrid cryptosystem, where public key crypto is used to establish a symmetric key.
Uses for Public Key Crypto 2. Integrity and Non-repudiation With symmetric key crypto, a MAC provides for integrity. With public key crypto, a digital signature provides for integrity and non-repudiation. Scenario? Hints: Using a MAC, anyone can repudiate a transaction because the key is shared between the two sides. However, using a digital signature, no one can repudiate a transaction because the private key can be owned by only one. Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security.
Uses for Public Key Crypto 3. Confidentiality and Non-repudiation For confidentiality only, Alice can encrypt M with Bob’s public key. For integrity and non-repudiation only, Alice can sign M with her private key. To achieve all: 1. Alice can sign the message M and encrypt the result: {[M] Alice } Bob 2. Alice can encrypt M first and then sign the result: [{M} Bob ] Alice C={M} Alice : encrypt message M with Alice’s public keyM=[C] Alice : decrypt ciphertext C with Alice’s private key
Asymmetric-Key Algorithms Ways to Use Anyone can encrypt using the public key, but only the holder of the private key can decrypt. Secrecy depends on the secrecy of the private key. Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security. By combining your own private key with the other user's public key, you can calculate a shared secret that only the two of you know. The shared secret can be used as the key for a symmetric cipher. 123
Public Key Infrastructure (PKI) PKI is showing everything required to securely use public key crypto: A digital certificate, or public key certificate, that contains a user’s name along with the user’s public key. A digital certificate needs to be signed by one of the Certificate Authorities (CAs) – trusted third party- in order to verify the public key. A digital certificate needs to be added to the Certificate Revocation Lists (CRLs) if the private key is compromised.