CS 5323 Asymmetric Cryptography Prof Ravi Sandhu Executive

CS 5323 Asymmetric Cryptography Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 8 ravi. utsa@gmail. com www. profsandhu. com © Ravi Sandhu World-Leading Research with Real-World Impact! 1

Asymmetric Encryption © Ravi Sandhu World-Leading Research with Real-World Impact! 2

Public-Key Encryption INSECURE CHANNEL Plaintext Ciphertext Encryption Algorithm E Decryption Algorithm D A Plaintext B B's Public Key B's Private Key SECURE CHANNEL Confidentiality Integrity © Ravi Sandhu World-Leading Research with Real-World Impact! 3

Secret-Key Encryption INSECURE CHANNEL Plaintext Ciphertext Encryption Algorithm E Decryption Algorithm D A Secret Key shared by A and B B K K SECURE CHANNEL Confidentiality Integrity © Ravi Sandhu World-Leading Research with Real-World Impact! 4

Public-Key Encryption Ø reduces the key distribution problem to a secure channel for authentic communication of public keys Ø requires authentic dissemination of 1 public key/party Ø scales well for large-scale systems Ø with N parties we need to generate and distribute N public keys © Ravi Sandhu World-Leading Research with Real-World Impact! 5

Known Public-Key Attack Ø confidentiality based on infeasibility of computing B's private key from B's public key Ø key sizes are large (2048 bits and above) to make this computation infeasible © Ravi Sandhu World-Leading Research with Real-World Impact! 6

Speed Ø public key runs 1000 times slower than secret key v think 2 g versus 4 g on smartphone Ø This large difference in speed is likely to remain v Maybe reduce to 100 times Ø Use public keys to distribute secret keys, use secret keys to protect data © Ravi Sandhu World-Leading Research with Real-World Impact! 7

RSA Cryptosystem Ø Ø public key is (n, e) private key is d encrypt: C = Me mod n decrypt: M = Cd mod n © Ravi Sandhu World-Leading Research with Real-World Impact! 8

RSA Cryptosystem Ø Ø public key is (n, e) private key is d encrypt: C = Me mod n decrypt: M = Cd mod n This naïve use of RSA is not secure but will suffice for our purposes © Ravi Sandhu World-Leading Research with Real-World Impact! 9

RSA Key Generation Ø Ø Ø choose 2 large prime numbers p and q compute n = p * q pick e relatively prime to (p-1)*(q-1) compute d, e*d = 1 mod (p-1)*(q-1) publish (n, e) keep d private (and discard p, q) © Ravi Sandhu World-Leading Research with Real-World Impact! 10

RSA Key Protection Ø compute d, e*d = 1 mod (p-1)*(q-1) Ø if factorization of n into p*q is known, this is easy to do Ø security of RSA is no better than the difficulty of factoring n into p, q © Ravi Sandhu World-Leading Research with Real-World Impact! 11

Asymmetric Digital Signatures © Ravi Sandhu World-Leading Research with Real-World Impact! 12

Public-Key Digital Signature INSECURE CHANNEL Plaintext + Signature Algorithm S Yes/No Verification Algorithm V A B A's Private Key A's Public Key SECURE CHANNEL Confidentiality Integrity © Ravi Sandhu World-Leading Research with Real-World Impact! 13

Compare Public-Key Encryption INSECURE CHANNEL Plaintext Ciphertext Encryption Algorithm E Decryption Algorithm D A Plaintext B B's Public Key B's Private Key SECURE CHANNEL Confidentiality Integrity © Ravi Sandhu World-Leading Research with Real-World Impact! 14

Compare Symmetric Key MAC INSECURE CHANNEL Plaintext + MAC Plaintext MAC Algorithm M Yes/No Verification Algorithm V A B K © Ravi Sandhu K World-Leading Research with Real-World Impact! 15

Digital Signatures in RSA Ø RSA has a unique property, not shared by other public key systems Ø Encryption and decryption commute Ø (Me mod n)d mod n = M encryption Ø (Md mod n)e mod n = M signature Ø Same public key can be use for encryption and signature v But not recommended © Ravi Sandhu World-Leading Research with Real-World Impact! 16

Message Digest © Ravi Sandhu World-Leading Research with Real-World Impact! 17

Encryption Speed Revisited Ø public key runs 1000 times slower than secret key v think 2 g versus 4 g on smartphone Ø This large difference in speed is likely to remain v Maybe reduce to 100 times Ø Use public keys to distribute secret keys, use secret keys to protect data © Ravi Sandhu World-Leading Research with Real-World Impact! 18

Digital Signature Speed Ø public key runs 1000 times slower than secret key v think 2 g versus 4 g on smartphone Ø This large difference in speed is likely to remain v Maybe reduce to 100 times Ø Sign the message digest (or hash) not the message © Ravi Sandhu World-Leading Research with Real-World Impact! 19

Message Digest (Hash) original message no practical limit to size M M=H-1(m) message digest algorithm H easy m=H(M) © Ravi Sandhu message digest 256 bit m World-Leading Research with Real-World Impact! hard 20

Desired Characteristics Ø weak hash function v difficult to find M' such that H(M')=H(M) Ø given M, m=H(M) try messages at random to find M’ with H(M’)=m v 2 k trials on average, k=128 to be safe © Ravi Sandhu World-Leading Research with Real-World Impact! 21

Desired Characteristics Ø strong hash function v difficult to find any two M and M' such that H(M')=H(M) Ø try pairs of messages at random to find M and M’ such that H(M’)=H(M) v 2 k/2 trials on average, k=256 to be safe Birthday paradox © Ravi Sandhu World-Leading Research with Real-World Impact! 22

Message Authentication Code Symmetric Encryption Based Message-Digest Based CBC-MAC HMAC has same size as block size of underlying cryptosystem Hash the message and a secret key CCM mode Provides confidentiality and integrity MAC has same size as underlying hash function or can truncate Revisiting after discussing message digests © Ravi Sandhu World-Leading Research with Real-World Impact! 23

Asymmetric Key Exchange © Ravi Sandhu World-Leading Research with Real-World Impact! 24

Diffie-Hellman Key Agreement A y. A=ax. A mod p public key y. B=ax. B mod p public key private key x. A B private key x. B k = y. Bx. A mod p = y. Ax. B mod p = ax. A*x. B mod p system constants: p: prime number, a: integer © Ravi Sandhu World-Leading Research with Real-World Impact! 25

Diffie-Hellman Key Agreement Ø security depends on difficulty of computing x given y=ax mod p Ø called the discrete logarithm problem © Ravi Sandhu World-Leading Research with Real-World Impact! 26

Diffie-Hellman Man-in-the-Middle Attack A C B Public keys need to be authenticated © Ravi Sandhu World-Leading Research with Real-World Impact! 27

Public-Key Certificates © Ravi Sandhu World-Leading Research with Real-World Impact! 28

Public-Key Certificates Ø authenticated distribution of public-keys Ø public-key encryption v sender needs public key of receiver Ø public-key digital signatures v receiver needs public key of sender Ø public-key agreement v both need each other’s public keys © Ravi Sandhu World-Leading Research with Real-World Impact! 29

X. 509 v 1 Certificate VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER (Certificate Authority) VALIDITY SUBJECT PUBLIC KEY INFO SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 30

X. 509 v 1 Certificate 1 1234567891011121314 RSA+SHA-3, 2048 C=US, S=TX, O=UTSA, OU=CS 1/1/17 -12/31/18 C=US, S=TX, O=UTSA, OU=CS, CN=Ravi Sandhu RSA, 2048, xxxxxxxxxxxxx SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 31

Certificate Trust Ø how to acquire public key of the issuer to verify signature Ø whether or not to trust certificates signed by the issuer for this subject v prefix rule is not universally applicable © Ravi Sandhu World-Leading Research with Real-World Impact! 32

X. 509 v 1 Certificate 1 1234567891011121314 RSA+SHA-3, 2048 C=US, S=VA, O=GMU, OU=ISE 1/1/17 -12/31/18 C=US, S=TX, O=UTSA, OU=CS, CN=Ravi Sandhu RSA, 2048, xxxxxxxxxxxxx SIGNATURE © Ravi Sandhu World-Leading Research with Real-World Impact! 33

SET CA Hierarchy Root Brand Geo-Political © Ravi Sandhu Bank Acquirer Customer Merchant World-Leading Research with Real-World Impact! 34

Certificate Revocation Lists (CRLs) SIGNATURE ALGORITHM ISSUER LAST UPDATE NEXT UPDATE REVOKED CERTIFICATES SIGNATURE SERIAL NUMBER REVOCATION DATE © Ravi Sandhu World-Leading Research with Real-World Impact! 35

X. 509 Certificates Ø X. 509 v 1 v very basic Ø X. 509 v 2 v adds unique identifiers to prevent against reuse of X. 500 names Ø X. 509 v 3 v adds many extensions v can be further extended © Ravi Sandhu World-Leading Research with Real-World Impact! 36

X. 509 v 3 Innovations Ø distinguish various certificates v signature, encryption, key-agreement Ø identification info in addition to X. 500 name v internet names: email addresses, host names, URLs Ø issuer can state policy and usage v ok for casual email but not for signing checks Ø extensible v proprietary extensions can be defined and registered Ø attribute certificates v to enable attribute-based authorization © Ravi Sandhu World-Leading Research with Real-World Impact! 37

X. 509 v 2 CRL Innovations Ø Ø Ø © Ravi Sandhu CRL distribution points indirect CRLs delta CRLs revocation reason push CRLs World-Leading Research with Real-World Impact! 38

General Hierarchical Structure Z X Y Q R A a C b © Ravi Sandhu c S E d e G f g T I h i K j k M l World-Leading Research with Real-World Impact! m O n o p 39

General Hierarchical Structure with Added Links Z X Y Q R A a C b © Ravi Sandhu c S E d e G f g T I h i K j k M l World-Leading Research with Real-World Impact! m O n o p 40

Top-Down Hierarchical Structure Z X Y Q R A a C b © Ravi Sandhu c S E d e G f g T I h i K j k M l World-Leading Research with Real-World Impact! m O n o p 41

Forest of Hierarchies © Ravi Sandhu World-Leading Research with Real-World Impact! 42

Multiple Root CA’s Plus Intermediate CA’s X S Q R A a C b T c E d e G f g I h i K j k M l m O n o p Model on the web today © Ravi Sandhu World-Leading Research with Real-World Impact! 43

Certificate Triangle User (Identity) Attributes Public-keys + Secured secrets Revisit from L 5 on ABAC © Ravi Sandhu World-Leading Research with Real-World Impact! 44