Cryptography Outline Information security Encryption and keys Symmetric

  • Slides: 27
Download presentation
Cryptography

Cryptography

Outline • Information security • Encryption and keys • Symmetric encryption – DES •

Outline • Information security • Encryption and keys • Symmetric encryption – DES • Public-key cryptosystems – RSA • Digital signatures • Digital certificates

e. Commerce Problems 1. Secrecy: keep data secret from unauthorized parties 2. Authentication: Verify

e. Commerce Problems 1. Secrecy: keep data secret from unauthorized parties 2. Authentication: Verify identity of parties 3. Integrity: Verify that messages have not been altered 4. Nonrepudiation: Prove that a party engaged in a transaction All these problems can be solved through cryptography

Encryption OBJECT: HIDE A MESSAGE (PLAINTEXT, CLEARTEXT) BY MAKING IT UNREADABLE (CIPHERTEXT) REQUIREMENT: MUST

Encryption OBJECT: HIDE A MESSAGE (PLAINTEXT, CLEARTEXT) BY MAKING IT UNREADABLE (CIPHERTEXT) REQUIREMENT: MUST BE REVERSIBLE MATERIAL WE WANT TO KEEP SECRET UNREADABLE VERSION OF PLAINTEXT MIGHT BE: TEXT DATA GRAPHICS AUDIO VIDEO SPREADSHEET. . . MATHEMATICAL SCRAMBLING PROCEDURE DATA TO THE ENCRYPTION ALGORITHM KEY TYPES: 1. MESSAGES FROM THIS PERSON; OR 2. MESSAGES FROM THIS SESSION; OR 3. THIS MESSAGE SOURCE: STEIN, WEB SECURITY INTERCHANGE KEY SESSION KEY ONE-TIME KEY

Role of the Key in Cryptography • The key is a parameter to an

Role of the Key in Cryptography • The key is a parameter to an encryption procedure • Procedure stays the same, but produces different results based on a given key S P E C I A L T Y B D F G H J K M N O Q R U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C O N S U L T I N G EXAMPLE: D S R A V G H E R M NOTE: THIS METHOD IS NOT USED IN ANY REAL CRYPTOGRAPHY SYSTEM. IT IS AN EXAMPLE INTENDED ONLY TO ILLUSTRATE THE USE OF KEYS.

Symmetric Encryption SYMMETRIC = SAME KEY USED FOR BOTH ENCRYPTION AND DECRYPTION SENDER AND

Symmetric Encryption SYMMETRIC = SAME KEY USED FOR BOTH ENCRYPTION AND DECRYPTION SENDER AND RECIPIENT MUST BOTH KNOW THE KEY. THIS IS A WEAKNESS CALLED THE KEY EXCHANGE PROBLEM SOURCE: STEIN, WEB SECURITY

Diffie-Hellman Key Exchange (1976) • How can Alice and Bob exchange a secret key

Diffie-Hellman Key Exchange (1976) • How can Alice and Bob exchange a secret key remotely without a secure communication channel? • Idea: Alice and Bob each pick secret numbers x and y • The don’t exchange x and y; they exchange functions of x and y that are difficult for Eve to invert • Alice and Bob use these function values to compute the same shared secret key • Alice knows x, f (x), f (y) • Bob knows y, f (x), f (y) BOB CAN ALICE CAN EVE CAN’T COMPUTE THIS • Eve only knows f (x), f (y) • Find a function h where h(x, f (x), f (y)) = h(y, f (x), f (y))

The Multiplicative Group mod n • If n is prime, then the set of

The Multiplicative Group mod n • If n is prime, then the set of numbers 0, 1, 2, …, n-1 form a group under multiplication mod n • If x and y are in the set, so is x y • Every non-zero element has a unique inverse. For every x, there is exactly one y such that x y = 1 MULTIPLICATION MOD 7 0 1 2 3 4 5 6 0 0 0 0 1 2 3 4 5 6 0 2 4 6 1 3 5 0 3 6 2 5 1 4 0 4 1 5 2 6 3 0 5 3 1 6 4 2 0 6 5 4 3 2 1 6 • 2 = 12 WHEN DIVIDED BY 7 GIVES REMAINDER 5 EACH ROW EXCEPT THE ZERO ROW HAS EXACTLY ONE 1 EACH ELEMENT HAS A UNIQUE INVERSE

The Discrete Logarithm Problem • An element g is a “generator” of the multiplicative

The Discrete Logarithm Problem • An element g is a “generator” of the multiplicative group mod n if successive powers of g (mod n) produce all values from 1 to n-1 • Example: in the multiplicative group mod 7, 3 is a generator: 3, 32 = 2, 33 = 6, 34 = 4, 35 = 5, 36 = 1 • Given g and x, it is easy to compute gx • BUT, given g and gx it is VERY DIFFICULT to compute x • x is the DISCRETE LOGARITHM of gx in base g

Diffie-Hellman • Alice creates two numbers: a large prime number n and a generator

Diffie-Hellman • Alice creates two numbers: a large prime number n and a generator g of the multiplicative group mod n • (Easy. If n is prime, all 2 g < n are generators. ) • n and g are not secret • Alice picks a random number x. x is secret. She sends gx to Bob. gx is not secret. • Bob picks a random number y. y is secret. He sends gy to Bob. gy is not secret. • Alice computes K = (gy)x = gxy • Bob computes K = (gx)y = gxy • Alice and Bob now have a shared key K. Eve can’t compute K.

Data Encryption Standard (DES) • Symmetric, key-based encryption-decryption standard. No public keys • Block

Data Encryption Standard (DES) • Symmetric, key-based encryption-decryption standard. No public keys • Block cipher: operates on 64 -bit blocks • Uses 56 -bit key • 16 “rounds” -- key for each round is a 48 -bit function of the original 56 -bit key. Each key bit participates in an average of 14 rounds • Completely symmetric. Same algorithm decrypts. • Fast implementation in hardware: > 1 gigabit/second

Data Encryption Standard (DES) 64 BITS OF MESSAGE LEFT HALF OF BLOCK (32 BITS)

Data Encryption Standard (DES) 64 BITS OF MESSAGE LEFT HALF OF BLOCK (32 BITS) IS EXCLUSIVE-OR f IS A COMPLICATED FUNCTION INVOLVING VARIOUS PERMUTATIONS OUTPUT: 64 BITS OF ENCRYPTED TEXT SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY INPUT PERMUTATION SUBKEYS: EACH IS A 48 -BIT FUNCTION OF A 56 -BIT KEY INVERSE OF INPUT PERMUTATION

Information Loss with Exclusive-OR • x y = 1 if either x or y

Information Loss with Exclusive-OR • x y = 1 if either x or y is 1 but not both: y x x y 0 1 0 0 1 1 1 0 • If x y = 1 we can’t tell which one is a 1 • Can’t trace backwards to determine values

Public-Key (Asymmetric) Encryption Symmetric encryption solves only the secrecy problem Something else is needed

Public-Key (Asymmetric) Encryption Symmetric encryption solves only the secrecy problem Something else is needed for authentication, integrity and nonrepudiation 2. SENDERS USE SITE’S PUBLIC KEY FOR ENCRYPTION 1. USERS WANT TO SEND PLAINTEXT TO RECIPIENT WEBSITE 3. SITE USES ITS PRIVATE KEY FOR DECRYPTION 4. ONLY WEBSITE CAN DECRYPT THE CIPHERTEXT. NO ONE ELSE KNOWS HOW SOURCE: STEIN, WEB SECURITY

Public-Key Encryption • • Alice wants to send Bob a secure message M. Alice

Public-Key Encryption • • Alice wants to send Bob a secure message M. Alice uses Bob’s public key to encrypt M. Bob uses his private key to decrypt M. Bob is the ONLY ONE who can do this, so M is secure. • Problem: Anyone could have sent it. Was it really Alice? BOB’S PUBLIC KEY ALICE ENCRYPTS WITH BOB’S PUBLIC KEY ALICE’S CLEAR TEXT ALICE’S CODED TEXT BOB’S PRIVATE KEY TRANSM ISSION BOB DECRYPTS WITH HIS PRIVATE KEY ALICE’S CODED TEXT ALICE’S CLEAR TEXT

Digital Authentication • Alice wants to send Bob a message M so that Bob

Digital Authentication • Alice wants to send Bob a message M so that Bob is sure Alice is the sender. • Alice uses her own private key to encrypt M. • Bob uses Alice’s public key to decrypt M. • Alice is the ONLY ONE who could have sent it. • Problem 1: Anyone can read it! Problem 2: Replay attack! ALICE’S PRIVATE KEY ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE’S CLEAR TEXT ALICE’S CODED TEXT ALICE’S PUBLIC KEY TRANSM ISSION BOB DECRYPTS WITH ALICE’S PUBLIC KEY ALICE’S CODED TEXT ALICE’S CLEAR TEXT

Secure Authenticated Messages • Alice must send Bob a secret & authenticated message M

Secure Authenticated Messages • Alice must send Bob a secret & authenticated message M so Bob is sure it was sent by Alice. Use both encryption and signature. BOB’S PUBLIC 4 KEYS NEEDED: ALICE ENCRYPTS WITH BOB’S PUBLIC KEY ALICE’S CLEAR TEXT ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE’S CODED TEXT BOB DECRYPTS WITH HIS PRIVATE KEY ALICE’S CLEAR TEXT (DECRYPTED AND AUTHENTICATED) ALICE’S PRIVATE ALICE’S PUBLIC BOB’S PRIVATE ALICE’S CODED AND SIGNED TEXT BOB DECRYPTS WITH ALICE’S PUBLIC KEY ALICE’S CODED TEXT (AUTHENTICATED) T R A N S M I T ALICE’S CODED AND SIGNED TEXT

Rivest-Shamir-Adelman (RSA) • It is easy to multiply two numbers but apparently hard to

Rivest-Shamir-Adelman (RSA) • It is easy to multiply two numbers but apparently hard to factor a number into a product of two others. • Given p, q, it is easy to compute n = p • q • Example: p = 5453089; q = 3918067 • Easy to find n = 21365568058963 • Given n, hard to find two numbers p, q with p • q = n • Now suppose n = 7859112349338149 What are p and q such that p • q = n ? • Multiplication is a one-way function • RSA exploits this fact in public-key encryption

RSA Encryption • Select two large prime numbers p, q (> 100 digits) •

RSA Encryption • Select two large prime numbers p, q (> 100 digits) • Let n = p • q • Choose a small odd integer e that does not divide m = (p - 1)(q - 1). Then x(p-1)(q-1) = 1 (mod n) • Compute d = e-1(mod m) – That is, d • e gives remainder 1 when divided by m • Public key is the pair (e, n) • Private key is the pair (d, n) • Knowing (e, n) is of no help in finding d. Still need p and q, which involves factoring n • DEMO

RSA Encryption • Message M is a number • To encrypt message M using

RSA Encryption • Message M is a number • To encrypt message M using key (e, n): • Compute C(M) = M e (mod n) • To decrypt message C using key (d, n): • Compute P(C) = C d (mod n) • Note that P(C(M)) = C(P(M)) = (M e)d (mod n) = M e • d (mod n) = M because e • d = 1 and m = (p-1)(q-1)

Message Digest (Hash) • • • A message digest is a “fingerprint” of a

Message Digest (Hash) • • • A message digest is a “fingerprint” of a message Much shorter than the original message (e. g. 160 bits) Easy to compute Can’t recover the message from the digest Changing the message changes the digest MESSAGE (VERY LONG) DIGEST CAN BE USED TO VERIFY THAT THE MESSAGE HAS NOT BEEN ALTERED

Single Step of SHA-1 80 WORDS INPUT HERE, 1 EACH STEP Operates on 16

Single Step of SHA-1 80 WORDS INPUT HERE, 1 EACH STEP Operates on 16 -word (512 -bit) blocks Expands 16 words to 80 words Wt Performs 80 operations as shown for t = 0. . 79 a, b, c, d, e are special constants Kt are special constants MAGIC CONSTANTS + + REVISED CONSTANTS FOR NEXT STEP INITIALLY CONSTANTS “<<< 5” means “cyclic left shift 5 bits” SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY

Digital Signature • A function of both the message AND the signer’s private key

Digital Signature • A function of both the message AND the signer’s private key (different for every message) MESSAGE (LONG) USE SECURE HASH ALGORITHM (SHA) TO PRODUCE HASH (MESSAGE DIGEST) HASH ENCRYPT HASH USING SIGNER’S PRIVATE KEY SIG APPEND SIGNATURE TO MESSAGE; SEND BOTH SIG MESSAGE (LONG) DIGITALLY SIGNED MESSAGE

Authentication by Digital Signature RECIPIENT RECEIVES SIG + MESSAGE SIG MESSAGE (LONG) RECIPIENT USES

Authentication by Digital Signature RECIPIENT RECEIVES SIG + MESSAGE SIG MESSAGE (LONG) RECIPIENT USES SHA TO COMPUTE HASH RECIPIENT DECRYPTS SIG WITH SIGNER’S PUBLIC KEY HASH =? HASH IF HASHES ARE EQUAL, MESSAGE IS AUTHENTIC. WHY? IF ANY BIT OF M OR SIG IS ALTERED, HASH CHANGES.

X. 509 Version 2 Certificate VERSION # OF X. 509 UNIQUE # ASSIGNED BY

X. 509 Version 2 Certificate VERSION # OF X. 509 UNIQUE # ASSIGNED BY CA EXAMPLES: MD 5 RSA, sha 1 RSA USUALLY A DOMAIN NAME EXAMPLES: RSA SOURCE: FORD & BAUM, SECURE ELECTRON IC COMMERCE 20 -751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS

Cryptography Applications 1. 2. 3. 4. Secrecy: encryption Authentication: digital certificates Integrity: hash functions,

Cryptography Applications 1. 2. 3. 4. Secrecy: encryption Authentication: digital certificates Integrity: hash functions, message digests Nonrepudiation: digital signatures

Q&A 20 -751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS

Q&A 20 -751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS