Private Key Algorithms RSA SSL

Slides:



Advertisements
Similar presentations
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Advertisements

15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
Chapter 5 Cryptography Protecting principals communication in systems.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Chapter 8 Web Security.
15-853:Algorithms in the Real World
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Encryption Schemes Second Pass Brice Toth 21 November 2001.
CSE 651: Introduction to Network Security
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
CSCI 6962: Server-side Design and Programming
Copyright © 2003 T. Trappenberg Overview E 1 E1. Security Module 1 Technology: GR01E - Electronic Commerce Overview.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
296.3:Algorithms in the Real World
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
15-499Page :Algorithms and Applications Cryptography III and IV – Private Key Cryptosystems – Public Key Cryptosystems.
Cryptography Lecture 4 Stefan Dziembowski
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Feistel Model Last Updated: Aug 27, Feistel Cipher Structure Described by Horst Feistel (IBM) in 1973 Many symmetric encryption algorithms use this.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Introduction to Information Security Lect. 6: Block Ciphers.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
15-853Page :Algorithms in the Real World Cryptography.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Cryptography in the Real World Diffie-Hellman Key Exchange RSA Analysis RSA Performance SSH Protocol Page 1.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.
Cryptography Page Page 2 Cryptography Outline Introduction: terminology, cryptanalysis, security Primitives: one-way functions, trapdoors, …
Virtual Private Network (VPN)
Chapter 8 Network Security.
Basic Network Encryption
Private Key Algorithms Key Exchange Protocols SSL
The Secure Sockets Layer (SSL) Protocol
Private Key Algorithms Feistel Networks AES
Basic Network Encryption
Modular Arithmetic RSA Analysis SSL/TLS
Private Key Algorithms Feistel Networks AES
Private Key Algorithms Feistel Networks AES
Presentation transcript:

Private Key Algorithms RSA SSL CPS 512 Computer Security Private Key Algorithms RSA SSL CPS 290

Private Key Exchange Private Key method Trent Eka(k) Ekb(k) Generates k Alice Bob Trusted third party Trent has already exchanged private keys ka and kb with Alice and Bob, respectively. Public Key method Ek1(k) Alice Bob Generates k k1 = Bob’s public key Or we can use a direct protocol, such as Diffie-Hellman (discussed later) CPS 290

Private Key Algorithms Encryption Decryption Key1 Cyphertext Ek(M) = C Dk(C) = M Original Plaintext Plaintext What granularity of the message does Ek encrypt? CPS 290

Private Key Algorithms Block Ciphers: blocks of bits at a time DES (Data Encryption Standard) Banks, linux passwords (almost), SSL, kerberos, … Blowfish (SSL as option) IDEA (used in PGP, SSL as option) Rijndael (AES) – the new standard Stream Ciphers: one bit (or a few bits) at a time RC4 (SSL as option) PKZip Sober, Leviathan, Panama, … CPS 290

Private Key: Block Ciphers Encrypt one block at a time (e.g. 64 bits) ci = f(k,mi) mi = f’(k,ci) Keys and blocks are often about the same size. Equal message blocks will encrypt to equal codeblocks Why is this a problem? Various ways to avoid this: E.g. ci = f(k,ci-1  mi) “Cipher block chaining” (CBC) Why could this still be a problem? Solution: attach random block to the front of the message CPS 290

Iterated Block Ciphers m key Consists of n rounds R = the “round” function si = state after round i ki = the ith round key k1 R s1 k2 R s2 . . kn R c CPS 290

Iterated Block Ciphers: Decryption m key Run the rounds in reverse. Requires that R has an inverse. k1 R-1 s1 k2 R-1 s2 . . kn R-1 c CPS 290

Feistel Networks If function is not invertible rounds can still be made invertible. Requires 2 rounds to mix all bits. high bits low bits R R-1 ki ki F F XOR XOR Forwards Backwards Used by DES (the Data Encryption Standard) CPS 290

Product Ciphers Each round has two components: Substitution on smaller blocks Decorrelate input and output: “confusion” Permutation across the smaller blocks Mix the bits: “diffusion” Substitution-Permutation Product Cipher Avalanche Effect: 1 bit of input should affect all output bits, ideally evenly, and for all settings of other in bits CPS 290

Rijndael Selected by AES (Advanced Encryption Standard, part of NIST) as the new private-key encryption standard. Based on an open “competition”. Competition started Sept. 1997. Narrowed to 5 Sept. 1999 MARS by IBM, RC6 by RSA, Twofish by Counterplane, Serpent, and Rijndael Rijndael selected Oct. 2000. Official Oct. 2001? (AES page on Rijndael) Designed by Rijmen and Daemen (Dutch) The competition of 5 included an RSA entry. CPS 290

Public Key Cryptosystems Introduced by Diffie and Hellman in 1976. Plaintext Public Key systems K1 = public key K2 = private key K1 Encryption Ek(M) = C Cyphertext Digital signatures K1 = private key K2 = public key K2 Decryption Dk(C) = M Original Plaintext Typically used as part of a more complicated protocol. CPS 290

Example of SSL (3.0) SSL (Secure Socket Layer) is the standard for the web (https). Protocol (somewhat simplified): B (Bob) -> A (amazon.com) B->A: client hello: protocol version, acceptable ciphers A->B: server hello: cipher, session ID, |amazon.com|verisign B->A: key exchange, {masterkey}amazon’s public key A->B: server finish: ([amazon,prev-messages,masterkey])key1 B->A: client finish: ([bob,prev-messages,masterkey])key2 A->B: server message: (message1,[message1])key1 B->A: client message: (message2,[message2])key2 |h|issuer = Certificate = Issuer, <h,h’s public key, time stamp>issuer’s private key <…>private key = Digital signature {…}public key = Public-key encryption [..] = Secure Hash (…)key = Private-key encryption key1 and key2 are derived from masterkey and session ID hand- shake data CPS 290

Server Name Issue The client expects the server to send a certificate matching the domain of the requested Web site. But the client doesn’t tell the server which Web site it is requesting -- not a problem if server hosts only one site. For servers hosting multiple secure Web sites, the “solution” is to assign multiple IP addresses to the network interface, one for each certificate. Akamai uses approximately 10M IP addresses for this purpose. Better solution: “server name” extension in successor to SSL, TLS CPS 290

TLS Client Hello – TLS Version 1.0 (SSL 3.1) CPS 290

TLS Client Hello Message – Cipher Suite CPS 290

TLS Client Hello – Server Name Extension CPS 290

TLS Server Hello -- Cypher CPS 290

TLS Server Hello – Certificate CPS 290

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.