Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University.

Published byAllyson Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University."— Presentation transcript:

1 Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University

2 YSLInformation Security -- Public-Key Cryptography2 Principles of Public-Key Cryptosystems

3 YSLInformation Security -- Public-Key Cryptography3 Principles of Public-Key Cryptosystems (cont’d) Requirements for PKC –easy for B (receiver) to generate KU b and KR b –easy for A (sender) to calculate C = E KUb (M) –easy for B to calculate M = D KRb (C) = D KRb (E KUb (M)) –infeasible for an opponent to calculate KR b from KU b –infeasible for an opponent to calculate M from C and KU b –(useful but not necessary) M = D KRb (E KUb (M)) = E KUb (D KRb (M)) (true for RSA and good for authentication)

4 YSLInformation Security -- Public-Key Cryptography4 Principles of Public-Key Cryptosystems (cont’d)

5 YSLInformation Security -- Public-Key Cryptography5 Principles of Public-Key Cryptosystems (cont’d) The idea of PKC was first proposed by Diffie and Hellman in 1976. Two keys (public and private) are needed. The difficulty of calculating f -1 is typically facilitated by –factorization of large numbers –resolution of NP-completeness –calculation of discrete logarithms High complexity confines PKC to key management and signature applications

6 YSLInformation Security -- Public-Key Cryptography6 Principles of Public-Key Cryptosystems (cont’d)

7 YSLInformation Security -- Public-Key Cryptography7 Principles of Public-Key Cryptosystems (cont’d)

8 YSLInformation Security -- Public-Key Cryptography8 Principles of Public-Key Cryptosystems (cont’d) Comparison between conventional and public-key encryption

9 YSLInformation Security -- Public-Key Cryptography9 Principles of Public-Key Cryptosystems (cont’d) Applications for PKC –encryption/decryption –digital signature –key exchange

10 YSLInformation Security -- Public-Key Cryptography10 Principles of Public-Key Cryptosystems (cont’d)

11 YSLInformation Security -- Public-Key Cryptography11 Principles of Public-Key Cryptosystems (cont’d)

12 YSLInformation Security -- Public-Key Cryptography12 Principles of Public-Key Cryptosystems (cont’d)

13 YSLInformation Security -- Public-Key Cryptography13 The RSA Algorithm Developed by Rivest, Shamir, and Adleman at MIT in 1978 First well accepted and widely adopted PKC algorithm Security based on the difficulty of factoring large numbers Patent expired in 2001

14 YSLInformation Security -- Public-Key Cryptography14 The RSA Algorithm (cont’d)

15 YSLInformation Security -- Public-Key Cryptography15 The RSA Algorithm (cont’d)

16 YSLInformation Security -- Public-Key Cryptography16 The RSA Algorithm (cont’d)

17 YSLInformation Security -- Public-Key Cryptography17 The RSA Algorithm (cont’d)

18 YSLInformation Security -- Public-Key Cryptography18 The RSA Algorithm (cont’d) The above statement is referred to as the prime number theorem, which was proven in 1896 by Hadaward and Poussin.

19 YSLInformation Security -- Public-Key Cryptography19 The RSA Algorithm (cont’d)

20 YSLInformation Security -- Public-Key Cryptography20 The RSA Algorithm (cont’d) Format’s Little Theorem (to be proven in the next chapter): If p is prime and a is a positive integer not divisible by p, then a p-1  1 mod p. Example: a = 7, p = 19 7 2 = 49  11 mod 19 7 4 = 121  7 mod 19 7 8 = 49  11 mod 19 7 16 = 121  7 mod 19 a p-1 = 7 18 = 7 16+2  7  11  1 mod 19

21 YSLInformation Security -- Public-Key Cryptography21 The RSA Algorithm (cont’d)

22 YSLInformation Security -- Public-Key Cryptography22 The RSA Algorithm (cont’d)

23 YSLInformation Security -- Public-Key Cryptography23 The RSA Algorithm (cont’d) Example 1 –Select two prime numbers, p = 7 and q = 17. –Calculate n = p  q = 7  17 = 119. –Calculate Φ(n) = (p-1)(q-1) = 96. –Select e such that e is relatively prime to Φ(n) = 96 and less than Φ ( n); in this case, e = 5. –Determine d such that d  e = 1 mod 96 and d < 96.The correct value is d = 77, because 77  5 = 385 = 4  96+1.

24 YSLInformation Security -- Public-Key Cryptography24 The RSA Algorithm (cont’d)

25 YSLInformation Security -- Public-Key Cryptography25 The RSA Algorithm (cont’d)

26 YSLInformation Security -- Public-Key Cryptography26 The RSA Algorithm (cont’d)

27 YSLInformation Security -- Public-Key Cryptography27 The RSA Algorithm (cont’d) Key generation –determining two large prime numbers, p and q –selecting either e or d and calculating the other Probabilistic algorithm to generate primes –[1] Pick an odd integer n at random. –[2] Pick an integer a < n at random. –[3] Perform the probabilistic primality test, such as Miller-Rabin (Chapter 7). If n fails the test, reject the value n and go to [1]. –[4] If n has passed a sufficient number of tests, accept n; otherwise, go to [2].

28 YSLInformation Security -- Public-Key Cryptography28 The RSA Algorithm (cont’d) How may trials on the average are required to find a prime? –from the prime number theory, primes near n are spaced on the average one every (ln n) integers –even numbers can be immediately rejected –for a prime on the order of 2 200, about (ln 2 200 )/2 = 70 trials are required To calculate e, what is the probability that a random number is relatively prime to Φ(n)? About 0.6 (see Problem 7.1).

29 YSLInformation Security -- Public-Key Cryptography29 The RSA Algorithm (cont’d) For fixed length keys, how many primes can be chosen? –for 64-bit keys, 2 64 /ln 2 64 - 2 63 /ln 2 63  2.05  10 17 –for 128- and 256-bit keys, 1.9  10 36 and 3.25  10 74, respectively, are available For fixed length keys, what is the probability that a randomly selected odd number a is prime? –for 64-bit keys, 2.05  10 17 /(0.5  (2 64 - 2 63 ))  0.044 (expectation value: 1/0.044  23) –for 128- and 256-bit keys, 0.022 and 0.011, respectively

30 YSLInformation Security -- Public-Key Cryptography30 The RSA Algorithm (cont’d) The security of RSA –brute force: This involves trying all possible private keys. –mathematical attacks: There are several approaches, all equivalent in effect to factoring the product of two primes. –timing attacks: These depend on the running time of the decryption algorithm.

31 YSLInformation Security -- Public-Key Cryptography31 The RSA Algorithm (cont’d) To avoid brute force attacks, a large key space is required. To make n difficult to factor –p and q should differ in length by only a few digits (both in the range of 10 75 to 10 100 ) –both (p-1) and (q-1) should contain a large prime factor –gcd(p-1,q-1) should be small –should avoid e < n and d < n 1/4

32 YSLInformation Security -- Public-Key Cryptography32 The RSA Algorithm (cont’d) To make n difficult to factor (cont’d) –p and q should best be strong primes, where p is a strong prime if there exist two large primes p 1 and p 2 such that p 1 |p-1 and p 2 |p+1 there exist four large primes r 1, s 1, r 2 and s 2 such that r 1 |p 1 -1, s 1 |p 1 +1, r 2 |p 2 -1 and s 2 |p 2 +1 –e should not be too small, e.g. for e = 3 and C = M 3 mod n, if M 3 < n then M can be easily calculated

33 YSLInformation Security -- Public-Key Cryptography33 The RSA Algorithm (cont’d)

34 YSLInformation Security -- Public-Key Cryptography34 The RSA Algorithm (cont’d) Major threats –the continuing increase in computing power (100 or even 1000 MIPS machines are easily available) –continuing refinement of factoring algorithms (from QS to GNFS and to SNFS)

35 YSLInformation Security -- Public-Key Cryptography35 The RSA Algorithm (cont’d)

36 YSLInformation Security -- Public-Key Cryptography36 The RSA Algorithm (cont’d)

37 YSLInformation Security -- Public-Key Cryptography37 The RSA Algorithm (cont’d)

38 YSLInformation Security -- Public-Key Cryptography38 Key Management The distribution of public keys –public announcement –publicly available directory –public-key authority –public-key certificates The use of public-key encryption to distribute secret keys –simple secret key distribution –secret key distribution with confidentiality and authentication

39 YSLInformation Security -- Public-Key Cryptography39 Key Management (cont’d) Public announcement

40 YSLInformation Security -- Public-Key Cryptography40 Key Management (cont’d) Public announcement (cont’d) –advantages: convenience –disadvantages: forgery of such a public announcement by anyone

41 YSLInformation Security -- Public-Key Cryptography41 Key Management (cont’d) Publicly available directory

42 YSLInformation Security -- Public-Key Cryptography42 Key Management (cont’d) Publicly available directory (cont’d) –elements of the scheme {name, public key} entry for each participant in the directory in-person or secure registration on-demand entry update periodic publication of the directory availability of secure electronic access from the directory to participants –advantages: greater degree of security

43 YSLInformation Security -- Public-Key Cryptography43 Key Management (cont’d) Publicly available directory (cont’d) –disadvantages need of a trusted entity or organization need of additional security mechanism from the directory authority to participants vulnerability of the private key of the directory authority (global-scaled disaster if the private key of the directory authority is compromised) vulnerability of the directory records

44 YSLInformation Security -- Public-Key Cryptography44 Key Management (cont’d) Public-key authority

45 YSLInformation Security -- Public-Key Cryptography45 Key Management (cont’d) Public-key authority (cont’d) –stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory –each participant can verify the identity of the authority –participants can verify identities of each other –disadvantages bottleneck effect of the public-key authority vulnerability of the directory records

46 YSLInformation Security -- Public-Key Cryptography46 Key Management (cont’d) Public-key certificates

47 YSLInformation Security -- Public-Key Cryptography47 Key Management (cont’d) Public-key certificates (cont’d) –to use certificates that can be used by participants to exchange keys without contacting a public-key authority –requirements on the scheme any participant can read a certificate to determine the name and public key of the certificate’s owner any participant can verify that the certificate originated from the certificate authority and is not counterfeit only the certificate authority can create & update certificates any participant can verify the currency of the certificate

48 YSLInformation Security -- Public-Key Cryptography48 Key Management (cont’d) Public-key certificates (cont’d) –advantages to use certificates that can be used by participants to exchange keys without contacting a public-key authority in a way that is as reliable as if the key were obtained directly from a public-key authority no on-line bottleneck effect –disadvantages: need of a certificate authority

49 YSLInformation Security -- Public-Key Cryptography49 Key Management (cont’d) Simple secret key distribution

50 YSLInformation Security -- Public-Key Cryptography50 Key Management (cont’d) Simple secret key distribution (cont’d) –advantages simplicity no keys stored before and after the communication security against eavesdropping –disadvantages lack of authentication mechanism between participants vulnerability to an active attack (opponent active only in the process of obtaining K s ) leak of the secret key upon such active attacks

51 YSLInformation Security -- Public-Key Cryptography51 Key Management (cont’d) Secret key distribution with confidentiality and authentication

52 YSLInformation Security -- Public-Key Cryptography52 Key Management (cont’d) Secret key distribution with confidentiality and authentication (cont’d) –provides protection against both active and passive attacks –ensures both confidentiality and authentication in the exchange of a secret key –public keys should be obtained a priori –more complicated

53 YSLInformation Security -- Public-Key Cryptography53 Diffie-Hellman Key Exchange First public-key algorithm published Limited to key exchange Dependent for its effectiveness on the difficulty of computing discrete logarithm

54 YSLInformation Security -- Public-Key Cryptography54 Diffie-Hellman Key Exchange (cont’d) Define a primitive root of of a prime number p as one whose powers generate all the integers from 1 to p-1. If a is a primitive root of the prime number p, then the numbers a mod p, a 2 mod p, …, a p-1 mod p are distinct and consists of the integers from 1 to p-1 in some permutation. Not every number has a primitive root.

55 YSLInformation Security -- Public-Key Cryptography55 Diffie-Hellman Key Exchange (cont’d) For any integer b and a primitive root a of prime number p, one can find a unique exponent i such that b = a i mod p, where 0  i  (p-1). The exponent is referred to as the discrete algorithm, or index, of b for the base a, mod p. This value is denoted as ind a,p (b).

56 YSLInformation Security -- Public-Key Cryptography56 Diffie-Hellman Key Exchange (cont’d)

57 YSLInformation Security -- Public-Key Cryptography57 Diffie-Hellman Key Exchange (cont’d) Example: q = 97 and a primitive root a = 5 is selected. X A = 36 and X B = 58 (both  97). Y A = 5 36 = 50 mod 97 and Y B = 5 58 = 44 mod 97. K = (Y B ) X A mod 97 = 44 36 mod 97 = 75 mod 97. K = (Y A ) X B mod 97 = 50 58 mod 97 = 75 mod 97. 75 cannot easily be computed by the opponent.

58 YSLInformation Security -- Public-Key Cryptography58 Diffie-Hellman Key Exchange (cont’d) How the algorithm works

59 YSLInformation Security -- Public-Key Cryptography59 Diffie-Hellman Key Exchange (cont’d)

60 YSLInformation Security -- Public-Key Cryptography60 Diffie-Hellman Key Exchange (cont’d) q, a, Y A and Y B are public. To attack the secrete key of user B, the opponent must compute X B = ind a,q (Y B ). [Y B = a X B mod q.] The effectiveness of this algorithm therefore depends on the difficulty of solving discrete logarithm.

61 YSLInformation Security -- Public-Key Cryptography61 Diffie-Hellman Key Exchange (cont’d) Bucket brigade attack Alice Trudy 3 1  z mod q q, ,  x mod q –(  xz mod q) becomes the secret key between Alice and Trudy, while (  yz mod q) becomes the secret key between Trudy and Bob Bob 4 2  y mod q q, ,  z mod q Alice picks x Trudy picks z Bob picks y

Download ppt "Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Information Security -- Part II Asymmetric Ciphers Frank Yeong-Sung Lin Information Management Department National Taiwan University.

Information Security -- Part II Asymmetric Ciphers Frank Yeong-Sung Lin Information Management Department National Taiwan University.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Similar presentations

Ads by Google