Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.

Published byShannon Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems."— Presentation transcript:

1 Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems

2 Cryptographic Security Diffie-Hellman Key Exchange How can two parties come to possess a shared secret using only insecure channels of communication? Assumes passive eavesdropping only (i.e. susceptible to active (wo)man-in-the-middle attack) Relies on prime number groups (more later) Same/similar techniques underlie more recent cryptographic methods Dennis Kafura – CS5204 – Operating Systems2

3 Cryptographic Security Diffie-Hellman Key Exchange Some mathematics  If p is prime number, then the numbers 1..p-1 form a group of order p-1 with multiplication modulo p as its operator.  A generator, g, is any number 1..p-1 such that for all n in 1..p-1 there is a power k such that n=g k mod p.  Example: 3 is a generator for the group with p=7  Notation:  Operations:  Security based on computational infeasibility of solving the discrete logarithm problem (i.e., finding x if y = g x mod p given y, g, and p). Dennis Kafura – CS5204 – Operating Systems3

4 Cryptographic Security Key Exchange Protocol Public information  A prime number, p  A generator, g Steps  Alice chooses a random number a and computes u=g a mod p and sends u to Bob.  Bob chooses a random number b and computes v=g b mod p and sends v to Alice.  Bob computes the key k = u b = (g a ) b mod p.  Alice computes the key k = v a = (g b ) a mod p.  (note: both Bob and Alice have k = (g ab ) mod p) Dennis Kafura – CS5204 – Operating Systems4

5 Cryptographic Security Identity-based encryption Public-key encryption  Identity is conveyed in a certificate from a certificate authority that binds the public key to the identity  Certificate must be obtained in advance  Certificate authority is trusted to validate claim of identity Identity-based encryption  Identity itself serves as the public key (e.g, bob@company.com)  No advance preparation needed  Trusted service validates claim of identity  Key escrow issue (trusted service can recreate secret key associated with an identity) Dennis Kafura – CS5204 – Operating Systems5

6 Cryptographic Security Identity-based encryption Dennis Kafura – CS5204 – Operating Systems6 Private Key Generator Encrypted with bob@company.com as public key authenticate bob@company.com send private key Alice Bob

7 Cryptographic Security Identity-based Encryption Dennis Kafura – CS5204 – Operating Systems7 SetupkExtract master-key Private Key Generator (PKG) Receiver Decrypt params Sender Encrypt M C M d ID ID

8 Cryptographic Security Bilinear Maps Some mathematics  Fortunately, groups with these properties can be generated algorithmically using a positive integer seed value (security parameter) k. Dennis Kafura – CS5204 – Operating Systems8

9 Cryptographic Security Identity-based encryption BasicIdent algorithms Setup Dennis Kafura – CS5204 – Operating Systems9

10 Cryptographic Security Identity-based Encryption Extract Encrypt Decrypt Dennis Kafura – CS5204 – Operating Systems10

11 Cryptographic Security Why does this work? Encryption bitwise exclusive-ors M with: Decryption bitwise exclusive-ors V with: These masks are the same since: Dennis Kafura – CS5204 – Operating Systems11

12 Cryptographic Security Extensions Dennis Kafura – CS5204 – Operating Systems12 bilinear groups threshold secret sharing access tree ID-based attribute/fuzzy IDkey/policy-based

Download ppt "Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
7. Asymmetric encryption-

7. Asymmetric encryption-
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Identity Based Encryption

Identity Based Encryption
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.

Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Key Distribution CS 470 Introduction to Applied Cryptography

Key Distribution CS 470 Introduction to Applied Cryptography
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Similar presentations

Ads by Google