Cryptography Outline Information security Encryption and keys Symmetric
- Slides: 27
Cryptography
Outline • Information security • Encryption and keys • Symmetric encryption – DES • Public-key cryptosystems – RSA • Digital signatures • Digital certificates
e. Commerce Problems 1. Secrecy: keep data secret from unauthorized parties 2. Authentication: Verify identity of parties 3. Integrity: Verify that messages have not been altered 4. Nonrepudiation: Prove that a party engaged in a transaction All these problems can be solved through cryptography
Encryption OBJECT: HIDE A MESSAGE (PLAINTEXT, CLEARTEXT) BY MAKING IT UNREADABLE (CIPHERTEXT) REQUIREMENT: MUST BE REVERSIBLE MATERIAL WE WANT TO KEEP SECRET UNREADABLE VERSION OF PLAINTEXT MIGHT BE: TEXT DATA GRAPHICS AUDIO VIDEO SPREADSHEET. . . MATHEMATICAL SCRAMBLING PROCEDURE DATA TO THE ENCRYPTION ALGORITHM KEY TYPES: 1. MESSAGES FROM THIS PERSON; OR 2. MESSAGES FROM THIS SESSION; OR 3. THIS MESSAGE SOURCE: STEIN, WEB SECURITY INTERCHANGE KEY SESSION KEY ONE-TIME KEY
Role of the Key in Cryptography • The key is a parameter to an encryption procedure • Procedure stays the same, but produces different results based on a given key S P E C I A L T Y B D F G H J K M N O Q R U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C O N S U L T I N G EXAMPLE: D S R A V G H E R M NOTE: THIS METHOD IS NOT USED IN ANY REAL CRYPTOGRAPHY SYSTEM. IT IS AN EXAMPLE INTENDED ONLY TO ILLUSTRATE THE USE OF KEYS.
Symmetric Encryption SYMMETRIC = SAME KEY USED FOR BOTH ENCRYPTION AND DECRYPTION SENDER AND RECIPIENT MUST BOTH KNOW THE KEY. THIS IS A WEAKNESS CALLED THE KEY EXCHANGE PROBLEM SOURCE: STEIN, WEB SECURITY
Diffie-Hellman Key Exchange (1976) • How can Alice and Bob exchange a secret key remotely without a secure communication channel? • Idea: Alice and Bob each pick secret numbers x and y • The don’t exchange x and y; they exchange functions of x and y that are difficult for Eve to invert • Alice and Bob use these function values to compute the same shared secret key • Alice knows x, f (x), f (y) • Bob knows y, f (x), f (y) BOB CAN ALICE CAN EVE CAN’T COMPUTE THIS • Eve only knows f (x), f (y) • Find a function h where h(x, f (x), f (y)) = h(y, f (x), f (y))
The Multiplicative Group mod n • If n is prime, then the set of numbers 0, 1, 2, …, n-1 form a group under multiplication mod n • If x and y are in the set, so is x y • Every non-zero element has a unique inverse. For every x, there is exactly one y such that x y = 1 MULTIPLICATION MOD 7 0 1 2 3 4 5 6 0 0 0 0 1 2 3 4 5 6 0 2 4 6 1 3 5 0 3 6 2 5 1 4 0 4 1 5 2 6 3 0 5 3 1 6 4 2 0 6 5 4 3 2 1 6 • 2 = 12 WHEN DIVIDED BY 7 GIVES REMAINDER 5 EACH ROW EXCEPT THE ZERO ROW HAS EXACTLY ONE 1 EACH ELEMENT HAS A UNIQUE INVERSE
The Discrete Logarithm Problem • An element g is a “generator” of the multiplicative group mod n if successive powers of g (mod n) produce all values from 1 to n-1 • Example: in the multiplicative group mod 7, 3 is a generator: 3, 32 = 2, 33 = 6, 34 = 4, 35 = 5, 36 = 1 • Given g and x, it is easy to compute gx • BUT, given g and gx it is VERY DIFFICULT to compute x • x is the DISCRETE LOGARITHM of gx in base g
Diffie-Hellman • Alice creates two numbers: a large prime number n and a generator g of the multiplicative group mod n • (Easy. If n is prime, all 2 g < n are generators. ) • n and g are not secret • Alice picks a random number x. x is secret. She sends gx to Bob. gx is not secret. • Bob picks a random number y. y is secret. He sends gy to Bob. gy is not secret. • Alice computes K = (gy)x = gxy • Bob computes K = (gx)y = gxy • Alice and Bob now have a shared key K. Eve can’t compute K.
Data Encryption Standard (DES) • Symmetric, key-based encryption-decryption standard. No public keys • Block cipher: operates on 64 -bit blocks • Uses 56 -bit key • 16 “rounds” -- key for each round is a 48 -bit function of the original 56 -bit key. Each key bit participates in an average of 14 rounds • Completely symmetric. Same algorithm decrypts. • Fast implementation in hardware: > 1 gigabit/second
Data Encryption Standard (DES) 64 BITS OF MESSAGE LEFT HALF OF BLOCK (32 BITS) IS EXCLUSIVE-OR f IS A COMPLICATED FUNCTION INVOLVING VARIOUS PERMUTATIONS OUTPUT: 64 BITS OF ENCRYPTED TEXT SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY INPUT PERMUTATION SUBKEYS: EACH IS A 48 -BIT FUNCTION OF A 56 -BIT KEY INVERSE OF INPUT PERMUTATION
Information Loss with Exclusive-OR • x y = 1 if either x or y is 1 but not both: y x x y 0 1 0 0 1 1 1 0 • If x y = 1 we can’t tell which one is a 1 • Can’t trace backwards to determine values
Public-Key (Asymmetric) Encryption Symmetric encryption solves only the secrecy problem Something else is needed for authentication, integrity and nonrepudiation 2. SENDERS USE SITE’S PUBLIC KEY FOR ENCRYPTION 1. USERS WANT TO SEND PLAINTEXT TO RECIPIENT WEBSITE 3. SITE USES ITS PRIVATE KEY FOR DECRYPTION 4. ONLY WEBSITE CAN DECRYPT THE CIPHERTEXT. NO ONE ELSE KNOWS HOW SOURCE: STEIN, WEB SECURITY
Public-Key Encryption • • Alice wants to send Bob a secure message M. Alice uses Bob’s public key to encrypt M. Bob uses his private key to decrypt M. Bob is the ONLY ONE who can do this, so M is secure. • Problem: Anyone could have sent it. Was it really Alice? BOB’S PUBLIC KEY ALICE ENCRYPTS WITH BOB’S PUBLIC KEY ALICE’S CLEAR TEXT ALICE’S CODED TEXT BOB’S PRIVATE KEY TRANSM ISSION BOB DECRYPTS WITH HIS PRIVATE KEY ALICE’S CODED TEXT ALICE’S CLEAR TEXT
Digital Authentication • Alice wants to send Bob a message M so that Bob is sure Alice is the sender. • Alice uses her own private key to encrypt M. • Bob uses Alice’s public key to decrypt M. • Alice is the ONLY ONE who could have sent it. • Problem 1: Anyone can read it! Problem 2: Replay attack! ALICE’S PRIVATE KEY ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE’S CLEAR TEXT ALICE’S CODED TEXT ALICE’S PUBLIC KEY TRANSM ISSION BOB DECRYPTS WITH ALICE’S PUBLIC KEY ALICE’S CODED TEXT ALICE’S CLEAR TEXT
Secure Authenticated Messages • Alice must send Bob a secret & authenticated message M so Bob is sure it was sent by Alice. Use both encryption and signature. BOB’S PUBLIC 4 KEYS NEEDED: ALICE ENCRYPTS WITH BOB’S PUBLIC KEY ALICE’S CLEAR TEXT ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE’S CODED TEXT BOB DECRYPTS WITH HIS PRIVATE KEY ALICE’S CLEAR TEXT (DECRYPTED AND AUTHENTICATED) ALICE’S PRIVATE ALICE’S PUBLIC BOB’S PRIVATE ALICE’S CODED AND SIGNED TEXT BOB DECRYPTS WITH ALICE’S PUBLIC KEY ALICE’S CODED TEXT (AUTHENTICATED) T R A N S M I T ALICE’S CODED AND SIGNED TEXT
Rivest-Shamir-Adelman (RSA) • It is easy to multiply two numbers but apparently hard to factor a number into a product of two others. • Given p, q, it is easy to compute n = p • q • Example: p = 5453089; q = 3918067 • Easy to find n = 21365568058963 • Given n, hard to find two numbers p, q with p • q = n • Now suppose n = 7859112349338149 What are p and q such that p • q = n ? • Multiplication is a one-way function • RSA exploits this fact in public-key encryption
RSA Encryption • Select two large prime numbers p, q (> 100 digits) • Let n = p • q • Choose a small odd integer e that does not divide m = (p - 1)(q - 1). Then x(p-1)(q-1) = 1 (mod n) • Compute d = e-1(mod m) – That is, d • e gives remainder 1 when divided by m • Public key is the pair (e, n) • Private key is the pair (d, n) • Knowing (e, n) is of no help in finding d. Still need p and q, which involves factoring n • DEMO
RSA Encryption • Message M is a number • To encrypt message M using key (e, n): • Compute C(M) = M e (mod n) • To decrypt message C using key (d, n): • Compute P(C) = C d (mod n) • Note that P(C(M)) = C(P(M)) = (M e)d (mod n) = M e • d (mod n) = M because e • d = 1 and m = (p-1)(q-1)
Message Digest (Hash) • • • A message digest is a “fingerprint” of a message Much shorter than the original message (e. g. 160 bits) Easy to compute Can’t recover the message from the digest Changing the message changes the digest MESSAGE (VERY LONG) DIGEST CAN BE USED TO VERIFY THAT THE MESSAGE HAS NOT BEEN ALTERED
Single Step of SHA-1 80 WORDS INPUT HERE, 1 EACH STEP Operates on 16 -word (512 -bit) blocks Expands 16 words to 80 words Wt Performs 80 operations as shown for t = 0. . 79 a, b, c, d, e are special constants Kt are special constants MAGIC CONSTANTS + + REVISED CONSTANTS FOR NEXT STEP INITIALLY CONSTANTS “<<< 5” means “cyclic left shift 5 bits” SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY
Digital Signature • A function of both the message AND the signer’s private key (different for every message) MESSAGE (LONG) USE SECURE HASH ALGORITHM (SHA) TO PRODUCE HASH (MESSAGE DIGEST) HASH ENCRYPT HASH USING SIGNER’S PRIVATE KEY SIG APPEND SIGNATURE TO MESSAGE; SEND BOTH SIG MESSAGE (LONG) DIGITALLY SIGNED MESSAGE
Authentication by Digital Signature RECIPIENT RECEIVES SIG + MESSAGE SIG MESSAGE (LONG) RECIPIENT USES SHA TO COMPUTE HASH RECIPIENT DECRYPTS SIG WITH SIGNER’S PUBLIC KEY HASH =? HASH IF HASHES ARE EQUAL, MESSAGE IS AUTHENTIC. WHY? IF ANY BIT OF M OR SIG IS ALTERED, HASH CHANGES.
X. 509 Version 2 Certificate VERSION # OF X. 509 UNIQUE # ASSIGNED BY CA EXAMPLES: MD 5 RSA, sha 1 RSA USUALLY A DOMAIN NAME EXAMPLES: RSA SOURCE: FORD & BAUM, SECURE ELECTRON IC COMMERCE 20 -751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS
Cryptography Applications 1. 2. 3. 4. Secrecy: encryption Authentication: digital certificates Integrity: hash functions, message digests Nonrepudiation: digital signatures
Q&A 20 -751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS
- Wireless security in cryptography
- Advantages of symmetric encryption
- Engmae
- Confidentiality using symmetric encryption
- Symmetric encryption java
- Pkix
- Searchable symmetric encryption
- Symmetric vs asymmetric encryption performance
- Searchable symmetric encryption
- Lest we remember: cold boot attacks on encryption keys
- Explain about the placement of encryption function.
- Classical encryption techniques in cryptography
- Placement of encryption function in cryptography
- Elijah kirtland temple
- Joan sedita keys to content writing
- Privat security
- Modulo table
- Security mechanisms in cryptography
- Number theory in network security
- Firewall in cryptography and network security
- Authentication in cryptography and network security
- Intruders in network security
- Security services in cryptography
- Primitive root in cryptography and network security
- Cryptography and network security 6th edition pdf
- Cryptography and network security pearson
- Euler's theorem in cryptography and network security
- Cryptography and network security 4th edition