Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Slides:



Advertisements
Similar presentations
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Advertisements

Asymmetric-Key Cryptography
Public Key Algorithms …….. RAIT M. Chatterjee.
OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Public Encryption: RSA
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Chapter3 Public-Key Cryptography and Message Authentication.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Lecture 6: Public Key Cryptography
Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Rachana Y. Patil 1 1.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
COEN 351 E-Commerce Security Essentials of Cryptography.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Public-Key Cryptography CS110 Fall Conventional Encryption.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
RSA Public Key Crypto System. About RSA Announced in 1977 by Ronald Rivest, Adi Shamir, and Leonard Adleman Relies on the relative ease of finding large.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively as the true name and the good name, or the.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Presentation transcript:

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.

Page 2 Alice Symmetric cryptography Both parties must agree on a secret key, K message is encrypted, sent, decrypted at other side Key distribution must be secret –otherwise messages can be decrypted –users can be impersonated E K (P) D K (C ) Bob

Page 3 Key explosion Each pair of users needs a separate key for secure communication Alice Bob K AB 2 users: 1 key BobAlice K AB Charles K BC KACKAC 3 users: 3 keys 6 users: 15 keys 4 users: 6 keys 100 users: 4950 keys 1000 users: keys n users: keys

Page 4 Key distribution Secure key distribution is the biggest problem with symmetric cryptography

Page 5 Key exchange How can you communicate securely with someone you’ve never met? Whit Diffie: idea for a public key algorithm Challenge: can this be done securely? Knowledge of public key should not allow derivation of private key

Page 6 Diffie-Hellman exponential key exchange Key distribution algorithm –first algorithm to use public/private keys –not public key encryption –based on difficulty of computing discrete logarithms in a finite field compared with ease of calculating exponentiation Allows us to negotiate a secret session key without fear of eavesdroppers

Page 7 Diffie-Hellman exponential key exchange All arithmetic performed in field of integers modulo some large number Both parties agree on –a large prime number p –and a number  < p Each party generates a public/private key pair private key for user i: X i public key for user i: Y i =

Page 8 Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes Bob has secret key X B Bob has public key Y B K = (Bob’s public key) (Alice’s private key) mod p

Page 9 Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes Bob has secret key X B Bob has public key Y B Bob computes K’ = (Alice’s public key) (Bob’s private key) mod p

Page 10 Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes expanding: Bob has secret key X B Bob has public key Y B Bob computes expanding: K is a common key, known only to Bob and Alice K = K’

Page 11 Diffie-Hellman example Alice picks X A = 18 Alice’s public key is: Y A = 7 18 mod = 6780 K = mod K = Bob picks X B = 27 Bob’s public key is: Y B = 7 27 mod = K = mod K = Suppose p = 31667,  = 7

Page 12 Key distribution problem is solved! User maintains private key Publishes public key in database (“phonebook”) Communication begins with key exchange to establish a common key Common key can be used to encrypt a session key –increase difficulty of breaking common key by reducing the amount of data we encrypt with it –session key is valid only for one communication session

Page 13 RSA: Public Key Cryptography Ron Rivest, Adi Shamir, Leonard Adleman created a true public key encryption algorithm in 1977 Each user generates two keys –private key (kept secret) –public key difficulty of algorithm based on the difficulty of factoring large numbers –keys are functions of a pair of large (~200 digits) prime numbers

Page 14 RSA algorithm Generate keys: –choose two random large prime numbers p, q –Compute the product n = pq –randomly choose the encryption key, e, such that: e and (p - 1)(q - 1) are relatively prime –use the extended Euclidean algorithm to compute the decryption key, d: ed = 1 mod ((p - 1) (q - 1)) d = e -1 mod ((p - 1) (q - 1)) –discard p, q

Page 15 RSA algorithm Encrypt: –divide data into numerical blocks < n –encrypt each block: c = m e mod n Decrypt: m = c d mod n

Page 16 Communication with public key algorithms Different keys for encrypting and decrypting –no need to worry about key distribution

Page 17 Communication with public key algorithms AliceBob Alice’s public key: K A Bob’s public key: K B exchange public keys (or look up in a directory/DB)

Page 18 E B (P) D b (C) AliceBob Alice’s public key: K A Bob’s public key: K B encrypt message with Bob’s public key decrypt message with Bob’s private key Communication with public key algorithms

Page 19 E B (P) D b (C) AliceBob Alice’s public key: K A Bob’s public key: K B D a (C) E A (P) decrypt message with Alice’s private key encrypt message with Alice’s public key encrypt message with Bob’s public key decrypt message with Bob’s private key Communication with public key algorithms

Page 20 Public key woes Public key cryptography is great but: –RSA about 100 times slower than DES in software, 1000 times slower in HW –Vulnerable to chosen plaintext attack if you know the data is one of n messages, just encrypt each message with the recipient’s public key and compare –It’s a good idea to reduce the amount of data encrypted with any given key but generating RSA keys is computationally very time consuming

Page 21 Hybrid cryptosystems Use public key cryptography to encrypt a randomly generated symmetric key session key

Page 22 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B Get recipient’s public key (or fetch from directory/database)

Page 23 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B Pick random session key, K EB(K)EB(K) EB(K)EB(K) Encrypt session key with Bob’s public key Bob decrypts K with his private key K = D b (E B (K))

Page 24 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B EB(K)EB(K) EB(K)EB(K) K = D b (E B (K)) E K (P) D K (C) encrypt message using a symmetric algorithm and key K decrypt message using a symmetric algorithm and key K

Page 25 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B EB(K)EB(K) EB(K)EB(K) K = D b (E B (K)) E K (P) D K (C) decrypt message using a symmetric algorithm and key K encrypt message using a symmetric algorithm and key K D K (C’) E K (P’)

Page 26 Digital Signatures

Page 27 Signatures We use signatures because a signature is: AuthenticUnforgeable Not reusable Non repudiatable Renders document unalterable Source:

Page 28 Signatures We use signatures because a signature is AuthenticUnforgeable Not reusable Non repudiatable Renders document unalterable ALL UNTRUE! Can we do better with digital signatures?

Page 29 Digital signatures - arbitrated protocol Arbitrated protocol using symmetric encryption –turn to trusted third party (arbiter) to authenticate messages Alice Bob Trent C=E A (P) Alice encrypts message for herself and sends it to Trent Trent is trusted and has everyone’s keys

Page 30 Digital signatures - arbitrated protocol Alice Bob Trent P= D A (C) Trent receives Alice’s message and decrypts it with Alice’s key - this authenticates that it came from Alice - he may choose to log a hash of the message to create a record of the transmission

Page 31 Digital signatures - arbitrated protocol Alice Bob Trent Trent now encrypts the message for Bob and sends it to Bob C’= E B (P)

Page 32 Digital signatures - arbitrated protocol Alice Bob Trent Bob receives the message and decrypts it - it must have come from Trent since only Trent and Bob have Bob’s key - if the message says it’s from Alice, it must be - we trust Trent P’= D B (C’)

Page 33 Digital signatures with multiple parties Bob can forward the message to Charles in the same manner. Trent can validate stored hash to ensure that Bob did not alter the message Alice Bob Trent Bob encrypts message with his key and sends it to Trent P’= D B (C’) Charles C’’= E B (P’)

Page 34 Digital signatures with multiple parties Alice Bob Trent Trent decrypts the message - knows it must be from Bob - looks up ID to match original hash from Alice’s message - validates that the message has not been modified - adds a “signed by Bob” indicator to the message Charles P’’= D B (C’’)

Page 35 Digital signatures with multiple parties Alice Bob Trent Trent encrypts the new message for Charles Charles C’’’= E C (P’’)

Page 36 Digital signatures with multiple parties Alice Bob Trent Charles decrypts the message - knows the message must have come from Trent - trusts Trent’s assertion that the message originated with Alice and was forwarded through Bob Charles P’’’= D C (C’’’)

Page 37 Digital signatures - public key cryptography E a (P) D A (C) AliceBob encrypt message with Alice’s private key decrypt message with Alice’s public key Encrypting a message with a private key is the same as signing!

Page 38 Digital signatures - public key cryptography What if Alice was sending Bob binary data? –Bob might have a hard time knowing whether the decryption was successful or not Public key encryption is considerably slower than symmetric encryption –what if the message is very large? What if we don’t want to hide the message, yet want a valid signature?

Page 39 Digital signatures - public key cryptography Create a hash of the message Encrypt the hash and send it with the message Validate the hash by decrypting it and comparing it with the hash of the received message The signature is now a distinct entity from the message

Page 40 Digital signatures - public key cryptography AliceBob H(P) Alice generates a hash of the message

Page 41 Digital signatures - public key cryptography AliceBob H(P) Alice encrypts the hash with her private key E a (H(P))

Page 42 Digital signatures - public key cryptography AliceBob H(P) Alice sends Bob the message and the encrypted hash E a (H(P))

Page 43 Digital signatures - public key cryptography AliceBob H(P) 1. Bob decrypts the has using Alice’s public key 2. Bob computes the hash of the message sent by Alice C = E a (H(P))H(P) H’ = D A (C)

Page 44 Digital signatures - public key cryptography AliceBob H(P) If the hashes match - the encrypted hash must have been generated by Alice - the signature is valid C = E a (H(P))H(P) H’ = D A (C)

Page 45 Digital signatures - multiple signers Bob Bob generates a hash (same as Alice’s) and encrypts it with his private key - sends Charles: {message, Alice’s encrypted hash, Bob’s encrypted hash} Alice H(P) C = E a (H(P)) C 2 = E b (H(P)) Charles

Page 46 Digital signatures - multiple signers Bob Charles: - generates a hash of the message: H(P) - decrypts Alice’s encrypted hash with Alice’s public key - validates Alice’s signature - decrypts Bob’s encrypted hash with Bob’s public key - validates Bob’s signature Alice H(P) C = E a (H(P)) C 2 = E b (H(P)) Charles H 2 = D A (C 2 ) H 1 = D A (C)

Page 47 Secure and authenticated messaging If we want secrecy of the message –combine encryption with a digital signature –use a session key: pick a random key, K, to encrypt the message with a symmetric algorithm –encrypt K with the public key of each recipient –for signing, encrypt the hash of the message with sender’s private key

Page 48 Secure and authenticated messaging Alice H(P) Alice generates a digital signature by encrypting the message digest with her private key. C 1 = E a (H(P))

Page 49 Secure and authenticated messaging Alice H(P) Alice picks a random key, K, and encrypts the message (P) with it using a symmetric algorithm. C 1 = E a (H(P)) C = E K (P)

Page 50 Secure and authenticated messaging Alice H(P) Alice encrypts the session key for each recipient of this message: Bob and Charles using their public keys. C 1 = E a (H(P)) C = E K (P) K K K K C 2 = E B (K) K K C 3 = E C (K)

Page 51 Secure and authenticated messaging Alice H(P) The aggregate message is sent to Bob and Charles C 1 = E a (H(P)) C = E K (P) K K K K C 2 = E B (K) K K C 3 = E C (K) Message: Signature: Key for Bob: K K K K Key for Charles: Bob Charles Message from Alice

Page 52 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob receives the message: - extracts key by decrypting it with his private key K = E b (C 2 )

Page 53 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob decrypts the message using K K = E b (C 2 ) P = D K (C)

Page 54 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob computes the hash of the message K = E b (C 2 ) P = D K (C)H(P)

Page 55 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob looks up Alice’s public key K = E b (C 2 ) P = D K (C)H(P) KAKA

Page 56 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob decrypts Alice’s signature using Alice’s public key K = E b (C 2 ) P = D K (C)H(P) H 1 = D A (C 1 )

Page 57 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob validates Alice’s signature K = E b (C 2 ) P = D K (C)H(P) H 1 = D A (C 1 ) H 1 = H(P) ?

Page 58 Cryptographic toolbox Symmetric encryption Public key encryption One-way hash functions Random number generators –Nonces, session keys

Page 59 Examples Key exchange –Public key cryptography Key exchange + secure communication –Public key + symmetric cryptography Authentication –Nonce + encryption Message authentication codes –Hashes Digital signature –Hash + encryption

Page 60 The end.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.