Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Published byEileen Robinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation."— Presentation transcript:

1 Page 1 Secure Communication Paul Krzyzanowski pxk@cs.rutgers.edu ds@pk.org Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.

2 Page 2 Alice Symmetric cryptography Both parties must agree on a secret key, K message is encrypted, sent, decrypted at other side Key distribution must be secret –otherwise messages can be decrypted –users can be impersonated E K (P) D K (C ) Bob

3 Page 3 Key explosion Each pair of users needs a separate key for secure communication Alice Bob K AB 2 users: 1 key BobAlice K AB Charles K BC KACKAC 3 users: 3 keys 6 users: 15 keys 4 users: 6 keys 100 users: 4950 keys 1000 users: 399500 keys n users: keys

4 Page 4 Key distribution Secure key distribution is the biggest problem with symmetric cryptography

5 Page 5 Key exchange How can you communicate securely with someone you’ve never met? Whit Diffie: idea for a public key algorithm Challenge: can this be done securely? Knowledge of public key should not allow derivation of private key

6 Page 6 Diffie-Hellman exponential key exchange Key distribution algorithm –first algorithm to use public/private keys –not public key encryption –based on difficulty of computing discrete logarithms in a finite field compared with ease of calculating exponentiation Allows us to negotiate a secret session key without fear of eavesdroppers

7 Page 7 Diffie-Hellman exponential key exchange All arithmetic performed in field of integers modulo some large number Both parties agree on –a large prime number p –and a number  < p Each party generates a public/private key pair private key for user i: X i public key for user i: Y i =

8 Page 8 Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes Bob has secret key X B Bob has public key Y B K = (Bob’s public key) (Alice’s private key) mod p

9 Page 9 Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes Bob has secret key X B Bob has public key Y B Bob computes K’ = (Alice’s public key) (Bob’s private key) mod p

10 Page 10 Diffie-Hellman exponential key exchange Alice has secret key X A Alice has public key Y A Alice computes expanding: Bob has secret key X B Bob has public key Y B Bob computes expanding: K is a common key, known only to Bob and Alice K = K’

11 Page 11 Diffie-Hellman example Alice picks X A = 18 Alice’s public key is: Y A = 7 18 mod 31667 = 6780 K = 22184 18 mod 31667 K = 14265 Bob picks X B = 27 Bob’s public key is: Y B = 7 27 mod 31667 = 22184 K = 6780 27 mod 31667 K = 14265 Suppose p = 31667,  = 7

12 Page 12 Key distribution problem is solved! User maintains private key Publishes public key in database (“phonebook”) Communication begins with key exchange to establish a common key Common key can be used to encrypt a session key –increase difficulty of breaking common key by reducing the amount of data we encrypt with it –session key is valid only for one communication session

13 Page 13 RSA: Public Key Cryptography Ron Rivest, Adi Shamir, Leonard Adleman created a true public key encryption algorithm in 1977 Each user generates two keys –private key (kept secret) –public key difficulty of algorithm based on the difficulty of factoring large numbers –keys are functions of a pair of large (~200 digits) prime numbers

14 Page 14 RSA algorithm Generate keys: –choose two random large prime numbers p, q –Compute the product n = pq –randomly choose the encryption key, e, such that: e and (p - 1)(q - 1) are relatively prime –use the extended Euclidean algorithm to compute the decryption key, d: ed = 1 mod ((p - 1) (q - 1)) d = e -1 mod ((p - 1) (q - 1)) –discard p, q

15 Page 15 RSA algorithm Encrypt: –divide data into numerical blocks < n –encrypt each block: c = m e mod n Decrypt: m = c d mod n

16 Page 16 Communication with public key algorithms Different keys for encrypting and decrypting –no need to worry about key distribution

17 Page 17 Communication with public key algorithms AliceBob Alice’s public key: K A Bob’s public key: K B exchange public keys (or look up in a directory/DB)

18 Page 18 E B (P) D b (C) AliceBob Alice’s public key: K A Bob’s public key: K B encrypt message with Bob’s public key decrypt message with Bob’s private key Communication with public key algorithms

19 Page 19 E B (P) D b (C) AliceBob Alice’s public key: K A Bob’s public key: K B D a (C) E A (P) decrypt message with Alice’s private key encrypt message with Alice’s public key encrypt message with Bob’s public key decrypt message with Bob’s private key Communication with public key algorithms

20 Page 20 Public key woes Public key cryptography is great but: –RSA about 100 times slower than DES in software, 1000 times slower in HW –Vulnerable to chosen plaintext attack if you know the data is one of n messages, just encrypt each message with the recipient’s public key and compare –It’s a good idea to reduce the amount of data encrypted with any given key but generating RSA keys is computationally very time consuming

21 Page 21 Hybrid cryptosystems Use public key cryptography to encrypt a randomly generated symmetric key session key

22 Page 22 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B Get recipient’s public key (or fetch from directory/database)

23 Page 23 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B Pick random session key, K EB(K)EB(K) EB(K)EB(K) Encrypt session key with Bob’s public key Bob decrypts K with his private key K = D b (E B (K))

24 Page 24 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B EB(K)EB(K) EB(K)EB(K) K = D b (E B (K)) E K (P) D K (C) encrypt message using a symmetric algorithm and key K decrypt message using a symmetric algorithm and key K

25 Page 25 Communication with a hybrid cryptosystem AliceBob Bob’s public key: K B EB(K)EB(K) EB(K)EB(K) K = D b (E B (K)) E K (P) D K (C) decrypt message using a symmetric algorithm and key K encrypt message using a symmetric algorithm and key K D K (C’) E K (P’)

26 Page 26 Digital Signatures

27 Page 27 Signatures We use signatures because a signature is: AuthenticUnforgeable Not reusable Non repudiatable Renders document unalterable Source: http://www.archives.gov/exhibits/charters/declaration.html

28 Page 28 Signatures We use signatures because a signature is AuthenticUnforgeable Not reusable Non repudiatable Renders document unalterable ALL UNTRUE! Can we do better with digital signatures?

29 Page 29 Digital signatures - arbitrated protocol Arbitrated protocol using symmetric encryption –turn to trusted third party (arbiter) to authenticate messages Alice Bob Trent C=E A (P) Alice encrypts message for herself and sends it to Trent Trent is trusted and has everyone’s keys

30 Page 30 Digital signatures - arbitrated protocol Alice Bob Trent P= D A (C) Trent receives Alice’s message and decrypts it with Alice’s key - this authenticates that it came from Alice - he may choose to log a hash of the message to create a record of the transmission

31 Page 31 Digital signatures - arbitrated protocol Alice Bob Trent Trent now encrypts the message for Bob and sends it to Bob C’= E B (P)

32 Page 32 Digital signatures - arbitrated protocol Alice Bob Trent Bob receives the message and decrypts it - it must have come from Trent since only Trent and Bob have Bob’s key - if the message says it’s from Alice, it must be - we trust Trent P’= D B (C’)

33 Page 33 Digital signatures with multiple parties Bob can forward the message to Charles in the same manner. Trent can validate stored hash to ensure that Bob did not alter the message Alice Bob Trent Bob encrypts message with his key and sends it to Trent P’= D B (C’) Charles C’’= E B (P’)

34 Page 34 Digital signatures with multiple parties Alice Bob Trent Trent decrypts the message - knows it must be from Bob - looks up ID to match original hash from Alice’s message - validates that the message has not been modified - adds a “signed by Bob” indicator to the message Charles P’’= D B (C’’)

35 Page 35 Digital signatures with multiple parties Alice Bob Trent Trent encrypts the new message for Charles Charles C’’’= E C (P’’)

36 Page 36 Digital signatures with multiple parties Alice Bob Trent Charles decrypts the message - knows the message must have come from Trent - trusts Trent’s assertion that the message originated with Alice and was forwarded through Bob Charles P’’’= D C (C’’’)

37 Page 37 Digital signatures - public key cryptography E a (P) D A (C) AliceBob encrypt message with Alice’s private key decrypt message with Alice’s public key Encrypting a message with a private key is the same as signing!

38 Page 38 Digital signatures - public key cryptography What if Alice was sending Bob binary data? –Bob might have a hard time knowing whether the decryption was successful or not Public key encryption is considerably slower than symmetric encryption –what if the message is very large? What if we don’t want to hide the message, yet want a valid signature?

39 Page 39 Digital signatures - public key cryptography Create a hash of the message Encrypt the hash and send it with the message Validate the hash by decrypting it and comparing it with the hash of the received message The signature is now a distinct entity from the message

40 Page 40 Digital signatures - public key cryptography AliceBob H(P) Alice generates a hash of the message

41 Page 41 Digital signatures - public key cryptography AliceBob H(P) Alice encrypts the hash with her private key E a (H(P))

42 Page 42 Digital signatures - public key cryptography AliceBob H(P) Alice sends Bob the message and the encrypted hash E a (H(P))

43 Page 43 Digital signatures - public key cryptography AliceBob H(P) 1. Bob decrypts the has using Alice’s public key 2. Bob computes the hash of the message sent by Alice C = E a (H(P))H(P) H’ = D A (C)

44 Page 44 Digital signatures - public key cryptography AliceBob H(P) If the hashes match - the encrypted hash must have been generated by Alice - the signature is valid C = E a (H(P))H(P) H’ = D A (C)

45 Page 45 Digital signatures - multiple signers Bob Bob generates a hash (same as Alice’s) and encrypts it with his private key - sends Charles: {message, Alice’s encrypted hash, Bob’s encrypted hash} Alice H(P) C = E a (H(P)) C 2 = E b (H(P)) Charles

46 Page 46 Digital signatures - multiple signers Bob Charles: - generates a hash of the message: H(P) - decrypts Alice’s encrypted hash with Alice’s public key - validates Alice’s signature - decrypts Bob’s encrypted hash with Bob’s public key - validates Bob’s signature Alice H(P) C = E a (H(P)) C 2 = E b (H(P)) Charles H 2 = D A (C 2 ) H 1 = D A (C)

47 Page 47 Secure and authenticated messaging If we want secrecy of the message –combine encryption with a digital signature –use a session key: pick a random key, K, to encrypt the message with a symmetric algorithm –encrypt K with the public key of each recipient –for signing, encrypt the hash of the message with sender’s private key

48 Page 48 Secure and authenticated messaging Alice H(P) Alice generates a digital signature by encrypting the message digest with her private key. C 1 = E a (H(P))

49 Page 49 Secure and authenticated messaging Alice H(P) Alice picks a random key, K, and encrypts the message (P) with it using a symmetric algorithm. C 1 = E a (H(P)) C = E K (P)

50 Page 50 Secure and authenticated messaging Alice H(P) Alice encrypts the session key for each recipient of this message: Bob and Charles using their public keys. C 1 = E a (H(P)) C = E K (P) K K K K C 2 = E B (K) K K C 3 = E C (K)

51 Page 51 Secure and authenticated messaging Alice H(P) The aggregate message is sent to Bob and Charles C 1 = E a (H(P)) C = E K (P) K K K K C 2 = E B (K) K K C 3 = E C (K) Message: Signature: Key for Bob: K K K K Key for Charles: Bob Charles Message from Alice

52 Page 52 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob receives the message: - extracts key by decrypting it with his private key K = E b (C 2 )

53 Page 53 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob decrypts the message using K K = E b (C 2 ) P = D K (C)

54 Page 54 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob computes the hash of the message K = E b (C 2 ) P = D K (C)H(P)

55 Page 55 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob looks up Alice’s public key K = E b (C 2 ) P = D K (C)H(P) KAKA

56 Page 56 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob decrypts Alice’s signature using Alice’s public key K = E b (C 2 ) P = D K (C)H(P) H 1 = D A (C 1 )

57 Page 57 Message: Signature: Key for Bob: K K K K Key for Charles: Message from Alice Secure and authenticated messaging Bob validates Alice’s signature K = E b (C 2 ) P = D K (C)H(P) H 1 = D A (C 1 ) H 1 = H(P) ?

58 Page 58 Cryptographic toolbox Symmetric encryption Public key encryption One-way hash functions Random number generators –Nonces, session keys

59 Page 59 Examples Key exchange –Public key cryptography Key exchange + secure communication –Public key + symmetric cryptography Authentication –Nonce + encryption Message authentication codes –Hashes Digital signature –Hash + encryption

60 Page 60 The end.

Download ppt "Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Public Encryption: RSA

Public Encryption: RSA
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google