Information Security Part II PublicKey Encryption and Hash
![Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information](https://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-1.jpg)
Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University YSL Information Security -- Public-Key Cryptography
![Principles of Public-Key Cryptosystems YSL Information Security -- Public-Key Cryptography 2 Principles of Public-Key Cryptosystems YSL Information Security -- Public-Key Cryptography 2](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-2.jpg)
Principles of Public-Key Cryptosystems YSL Information Security -- Public-Key Cryptography 2
![Principles of Public-Key Cryptosystems (cont’d) • Requirements for PKC – easy for B (receiver) Principles of Public-Key Cryptosystems (cont’d) • Requirements for PKC – easy for B (receiver)](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-3.jpg)
Principles of Public-Key Cryptosystems (cont’d) • Requirements for PKC – easy for B (receiver) to generate KUb and KRb – easy for A (sender) to calculate C = EKUb(M) – easy for B to calculate M = DKRb(C) = DKRb(EKUb(M)) – infeasible for an opponent to calculate KRb from KUb – infeasible for an opponent to calculate M from C and KUb – (useful but not necessary) M = DKRb(EKUb(M)) = EKUb(DKRb(M)) (true for RSA and good for authentication) YSL Information Security -- Public-Key Cryptography 3
![Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 4 Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 4](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-4.jpg)
Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 4
![Principles of Public-Key Cryptosystems (cont’d) • The idea of PKC was first proposed by Principles of Public-Key Cryptosystems (cont’d) • The idea of PKC was first proposed by](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-5.jpg)
Principles of Public-Key Cryptosystems (cont’d) • The idea of PKC was first proposed by Diffie and Hellman in 1976. • Two keys (public and private) are needed. • The difficulty of calculating f -1 is typically facilitated by – factorization of large numbers – resolution of NP-completeness – calculation of discrete logarithms • High complexity confines PKC to key management and signature applications YSL Information Security -- Public-Key Cryptography 5
![Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 6 Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 6](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-6.jpg)
Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 6
![Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 7 Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 7](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-7.jpg)
Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 7
![Principles of Public-Key Cryptosystems (cont’d) • Comparison between conventional and public-key encryption YSL Information Principles of Public-Key Cryptosystems (cont’d) • Comparison between conventional and public-key encryption YSL Information](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-8.jpg)
Principles of Public-Key Cryptosystems (cont’d) • Comparison between conventional and public-key encryption YSL Information Security -- Public-Key Cryptography 8
![Principles of Public-Key Cryptosystems (cont’d) • Applications for PKC – encryption/decryption – digital signature Principles of Public-Key Cryptosystems (cont’d) • Applications for PKC – encryption/decryption – digital signature](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-9.jpg)
Principles of Public-Key Cryptosystems (cont’d) • Applications for PKC – encryption/decryption – digital signature – key exchange YSL Information Security -- Public-Key Cryptography 9
![Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 10 Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 10](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-10.jpg)
Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 10
![Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 11 Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 11](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-11.jpg)
Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 11
![Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 12 Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 12](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-12.jpg)
Principles of Public-Key Cryptosystems (cont’d) YSL Information Security -- Public-Key Cryptography 12
![The RSA Algorithm • Developed by Rivest, Shamir, and Adleman at MIT in 1978 The RSA Algorithm • Developed by Rivest, Shamir, and Adleman at MIT in 1978](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-13.jpg)
The RSA Algorithm • Developed by Rivest, Shamir, and Adleman at MIT in 1978 • First well accepted and widely adopted PKC algorithm • Security based on the difficulty of factoring large numbers • Patent expired in 2001 YSL Information Security -- Public-Key Cryptography 13
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 14 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 14](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-14.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 14
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 15 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 15](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-15.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 15
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 16 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 16](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-16.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 16
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 17 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 17](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-17.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 17
![The RSA Algorithm (cont’d) Primes under 2000 YSL Information Security -- Public-Key Cryptography 18 The RSA Algorithm (cont’d) Primes under 2000 YSL Information Security -- Public-Key Cryptography 18](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-18.jpg)
The RSA Algorithm (cont’d) Primes under 2000 YSL Information Security -- Public-Key Cryptography 18
![The RSA Algorithm (cont’d) • The above statement is referred to as the prime The RSA Algorithm (cont’d) • The above statement is referred to as the prime](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-19.jpg)
The RSA Algorithm (cont’d) • The above statement is referred to as the prime number theorem, which was proven in 1896 by Hadaward and Poussin. YSL Information Security -- Public-Key Cryptography 19
![The RSA Algorithm (cont’d) • Whethere exists a simple formula to generate prime numbers? The RSA Algorithm (cont’d) • Whethere exists a simple formula to generate prime numbers?](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-20.jpg)
The RSA Algorithm (cont’d) • Whethere exists a simple formula to generate prime numbers? • An ancient Chinese mathematician conjectured that if n divides 2 n - 2 then n is prime. For n = 3, 3 divides 6 and n is prime. However, For n = 341 = 11 31, n dives 2341 - 2. • Mersenne suggested that if p is prime then Mp = 2 p - 1 is prime. This type of primes are referred to as Mersenne primes. Unfortunately, for p = 11, M 11 = 211 -1 = 2047 = 23 89. YSL Information Security -- Public-Key Cryptography 20
![The RSA Algorithm (cont’d) n • Fermat conjectured that if Fn = + 1, The RSA Algorithm (cont’d) n • Fermat conjectured that if Fn = + 1,](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-21.jpg)
The RSA Algorithm (cont’d) n • Fermat conjectured that if Fn = + 1, where n is a non-negative integer, then Fn is prime. When n is less than or equal to 4, F 0 = 3, F 1 = 5, F 2 = 17, F 3 = 257 and F 4 = 65537 are all primes. However, F 5 = 4294967297 = 641 6700417 is not a prime number. • n 2 - 79 n + 1601 is valid only for n < 80. • There an infinite number of primes of the form 4 n + 1 or 4 n + 3. • There is no simple way so far to gererate prime numbers. 22 YSL Information Security -- Public-Key Cryptography 21
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 22 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 22](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-22.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 22
![The RSA Algorithm (cont’d) • Prime gap: displacement between two consecutive prime numbers – The RSA Algorithm (cont’d) • Prime gap: displacement between two consecutive prime numbers –](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-23.jpg)
The RSA Algorithm (cont’d) • Prime gap: displacement between two consecutive prime numbers – unbounded – n!+2, n!+3, n!+4, …, n!+n are not prime YSL Information Security -- Public-Key Cryptography 23
![The RSA Algorithm (cont’d) • Format’s Little Theorem (to be proven later): If p The RSA Algorithm (cont’d) • Format’s Little Theorem (to be proven later): If p](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-24.jpg)
The RSA Algorithm (cont’d) • Format’s Little Theorem (to be proven later): If p is prime and a is a positive integer not divisible by p, then a p-1 1 mod p. Example: a = 7, p = 19 72 = 49 11 mod 19 74 = 121 7 mod 19 78 = 49 11 mod 19 716 = 121 7 mod 19 a p-1 = 718 = 716+2 7 11 1 mod 19 YSL Information Security -- Public-Key Cryptography 24
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 25 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 25](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-25.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 25
![The RSA Algorithm (cont’d) • • • YSL A = M+ip for a non-negative The RSA Algorithm (cont’d) • • • YSL A = M+ip for a non-negative](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-26.jpg)
The RSA Algorithm (cont’d) • • • YSL A = M+ip for a non-negative integer i. A = M+jq for a non-negative integer j. From the above two equations, ip = jq. Then, i = kq. Consequently, A = M+ip = M+kpq. Q. E. D. (quod erat demonstrandum) Information Security -- Public-Key Cryptography 26
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 27 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 27](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-27.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 27
![The RSA Algorithm (cont’d) • Example 1 – – Select two prime numbers, p The RSA Algorithm (cont’d) • Example 1 – – Select two prime numbers, p](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-28.jpg)
The RSA Algorithm (cont’d) • Example 1 – – Select two prime numbers, p = 7 and q = 17. Calculate n = p q = 7 17 = 119. Calculate Φ(n) = (p-1)(q-1) = 96. Select e such that e is relatively prime to Φ(n) = 96 and less than Φ(n); in this case, e = 5. – Determine d such that d e 1 mod 96 and d < 96. The correct value is d = 77, because 77 5 = 385 = 4 96+1. YSL Information Security -- Public-Key Cryptography 28
![The RSA Algorithm (cont’d) • YSL Information Security -- Public-Key Cryptography 29 The RSA Algorithm (cont’d) • YSL Information Security -- Public-Key Cryptography 29](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-29.jpg)
The RSA Algorithm (cont’d) • YSL Information Security -- Public-Key Cryptography 29
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 30 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 30](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-30.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 30
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 31 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 31](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-31.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 31
![The RSA Algorithm (cont’d) • Key generation – determining two large prime numbers, p The RSA Algorithm (cont’d) • Key generation – determining two large prime numbers, p](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-32.jpg)
The RSA Algorithm (cont’d) • Key generation – determining two large prime numbers, p and q – selecting either e or d and calculating the other • Probabilistic algorithm to generate primes – [1] Pick an odd integer n at random. – [2] Pick an integer a < n at random. – [3] Perform the probabilistic primality test, such as Miller-Rabin. If n fails the test, reject the value n and go to [1]. – [4] If n has passed a sufficient number of tests, accept n; otherwise, go to [2]. YSL Information Security -- Public-Key Cryptography 32
![The RSA Algorithm (cont’d) • How may trials on the average are required to The RSA Algorithm (cont’d) • How may trials on the average are required to](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-33.jpg)
The RSA Algorithm (cont’d) • How may trials on the average are required to find a prime? – from the prime number theory, primes near n are spaced on the average one every (ln n) integers – even numbers can be immediately rejected – for a prime on the order of 2200, about (ln 2200)/2 = 70 trials are required • To calculate e, what is the probability that a random number is relatively prime to Φ(n)? About 0. 6. YSL Information Security -- Public-Key Cryptography 33
![The RSA Algorithm (cont’d) • For fixed length keys, how many primes can be The RSA Algorithm (cont’d) • For fixed length keys, how many primes can be](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-34.jpg)
The RSA Algorithm (cont’d) • For fixed length keys, how many primes can be chosen? – for 64 -bit keys, 264/ln 264 - 263/ln 263 2. 05 1017 – for 128 - and 256 -bit keys, 1. 9 1036 and 3. 25 1074, respectively, are available • For fixed length keys, what is the probability that a randomly selected odd number a is prime? – for 64 -bit keys, 2. 05 1017/(0. 5 (264 - 263)) 0. 044 (expectation value: 1/0. 044 23) – for 128 - and 256 -bit keys, 0. 022 and 0. 011, respectively YSL Information Security -- Public-Key Cryptography 34
![The RSA Algorithm (cont’d) • The security of RSA – brute force: This involves The RSA Algorithm (cont’d) • The security of RSA – brute force: This involves](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-35.jpg)
The RSA Algorithm (cont’d) • The security of RSA – brute force: This involves trying all possible private keys. – mathematical attacks: There are several approaches, all equivalent in effect to factoring the product of two primes. – timing attacks: These depend on the running time of the decryption algorithm. YSL Information Security -- Public-Key Cryptography 35
![The RSA Algorithm (cont’d) • To avoid brute force attacks, a large key space The RSA Algorithm (cont’d) • To avoid brute force attacks, a large key space](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-36.jpg)
The RSA Algorithm (cont’d) • To avoid brute force attacks, a large key space is required. • To make n difficult to factor – p and q should differ in length by only a few digits (both in the range of 1075 to 10100) – both (p-1) and (q-1) should contain a large prime factor – gcd(p-1, q-1) should be small – should avoid e << n and d < n 1/4 YSL Information Security -- Public-Key Cryptography 36
![The RSA Algorithm (cont’d) • To make n difficult to factor (cont’d) – p The RSA Algorithm (cont’d) • To make n difficult to factor (cont’d) – p](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-37.jpg)
The RSA Algorithm (cont’d) • To make n difficult to factor (cont’d) – p and q should best be strong primes, where p is a strong prime if • there exist two large primes p 1 and p 2 such that p 1|p-1 and p 2|p+1 • there exist four large primes r 1, s 1, r 2 and s 2 such that r 1|p 1 -1, s 1|p 1+1, r 2|p 2 -1 and s 2|p 2+1 – e should not be too small, e. g. for e = 3 and C = M 3 mod n, if M 3 < n then M can be easily calculated YSL Information Security -- Public-Key Cryptography 37
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 38 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 38](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-38.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 38
![The RSA Algorithm (cont’d) • Major threats – the continuing increase in computing power The RSA Algorithm (cont’d) • Major threats – the continuing increase in computing power](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-39.jpg)
The RSA Algorithm (cont’d) • Major threats – the continuing increase in computing power (100 or even 1000 MIPS machines are easily available) – continuing refinement of factoring algorithms (from QS to GNFS and to SNFS) YSL Information Security -- Public-Key Cryptography 39
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 40 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 40](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-40.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 40
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 41 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 41](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-41.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 41
![The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 42 The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 42](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-42.jpg)
The RSA Algorithm (cont’d) YSL Information Security -- Public-Key Cryptography 42
![Key Management • The distribution of public keys – public announcement – publicly available Key Management • The distribution of public keys – public announcement – publicly available](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-43.jpg)
Key Management • The distribution of public keys – public announcement – publicly available directory – public-key authority – public-key certificates • The use of public-key encryption to distribute secret keys – simple secret key distribution – secret key distribution with confidentiality and authentication YSL Information Security -- Public-Key Cryptography 43
![Key Management (cont’d) • Public announcement YSL Information Security -- Public-Key Cryptography 44 Key Management (cont’d) • Public announcement YSL Information Security -- Public-Key Cryptography 44](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-44.jpg)
Key Management (cont’d) • Public announcement YSL Information Security -- Public-Key Cryptography 44
![Key Management (cont’d) • Public announcement (cont’d) – advantages: convenience – disadvantages: forgery of Key Management (cont’d) • Public announcement (cont’d) – advantages: convenience – disadvantages: forgery of](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-45.jpg)
Key Management (cont’d) • Public announcement (cont’d) – advantages: convenience – disadvantages: forgery of such a public announcement by anyone YSL Information Security -- Public-Key Cryptography 45
![Key Management (cont’d) • Publicly available directory YSL Information Security -- Public-Key Cryptography 46 Key Management (cont’d) • Publicly available directory YSL Information Security -- Public-Key Cryptography 46](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-46.jpg)
Key Management (cont’d) • Publicly available directory YSL Information Security -- Public-Key Cryptography 46
![Key Management (cont’d) • Publicly available directory (cont’d) – elements of the scheme • Key Management (cont’d) • Publicly available directory (cont’d) – elements of the scheme •](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-47.jpg)
Key Management (cont’d) • Publicly available directory (cont’d) – elements of the scheme • {name, public key} entry for each participant in the directory • in-person or secure registration • on-demand entry update • periodic publication of the directory • availability of secure electronic access from the directory to participants – advantages: greater degree of security YSL Information Security -- Public-Key Cryptography 47
![Key Management (cont’d) • Publicly available directory (cont’d) – disadvantages • need of a Key Management (cont’d) • Publicly available directory (cont’d) – disadvantages • need of a](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-48.jpg)
Key Management (cont’d) • Publicly available directory (cont’d) – disadvantages • need of a trusted entity or organization • need of additional security mechanism from the directory authority to participants • vulnerability of the private key of the directory authority (global-scaled disaster if the private key of the directory authority is compromised) • vulnerability of the directory records YSL Information Security -- Public-Key Cryptography 48
![Key Management (cont’d) • Public-key authority YSL Information Security -- Public-Key Cryptography 49 Key Management (cont’d) • Public-key authority YSL Information Security -- Public-Key Cryptography 49](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-49.jpg)
Key Management (cont’d) • Public-key authority YSL Information Security -- Public-Key Cryptography 49
![Key Management (cont’d) • Public-key authority (cont’d) – stronger security for public-key distribution can Key Management (cont’d) • Public-key authority (cont’d) – stronger security for public-key distribution can](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-50.jpg)
Key Management (cont’d) • Public-key authority (cont’d) – stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory – each participant can verify the identity of the authority – participants can verify identities of each other – disadvantages • bottleneck effect of the public-key authority • vulnerability of the directory records YSL Information Security -- Public-Key Cryptography 50
![Key Management (cont’d) • Public-key certificates YSL Information Security -- Public-Key Cryptography 51 Key Management (cont’d) • Public-key certificates YSL Information Security -- Public-Key Cryptography 51](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-51.jpg)
Key Management (cont’d) • Public-key certificates YSL Information Security -- Public-Key Cryptography 51
![Key Management (cont’d) • Public-key certificates (cont’d) – to use certificates that can be Key Management (cont’d) • Public-key certificates (cont’d) – to use certificates that can be](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-52.jpg)
Key Management (cont’d) • Public-key certificates (cont’d) – to use certificates that can be used by participants to exchange keys without contacting a public-key authority – requirements on the scheme • any participant can read a certificate to determine the name and public key of the certificate’s owner • any participant can verify that the certificate originated from the certificate authority and is not counterfeit • only the certificate authority can create & update certificates • any participant can verify the currency of the certificate YSL Information Security -- Public-Key Cryptography 52
![Key Management (cont’d) • Public-key certificates (cont’d) – advantages • to use certificates that Key Management (cont’d) • Public-key certificates (cont’d) – advantages • to use certificates that](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-53.jpg)
Key Management (cont’d) • Public-key certificates (cont’d) – advantages • to use certificates that can be used by participants to exchange keys without contacting a public-key authority • in a way that is as reliable as if the key were obtained directly from a public-key authority • no on-line bottleneck effect – disadvantages: need of a certificate authority YSL Information Security -- Public-Key Cryptography 53
![Key Management (cont’d) • Simple secret key distribution YSL Information Security -- Public-Key Cryptography Key Management (cont’d) • Simple secret key distribution YSL Information Security -- Public-Key Cryptography](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-54.jpg)
Key Management (cont’d) • Simple secret key distribution YSL Information Security -- Public-Key Cryptography 54
![Key Management (cont’d) • Simple secret key distribution (cont’d) – advantages • simplicity • Key Management (cont’d) • Simple secret key distribution (cont’d) – advantages • simplicity •](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-55.jpg)
Key Management (cont’d) • Simple secret key distribution (cont’d) – advantages • simplicity • no keys stored before and after the communication • security against eavesdropping – disadvantages • lack of authentication mechanism between participants • vulnerability to an active attack (opponent active only in the process of obtaining Ks) • leak of the secret key upon such active attacks YSL Information Security -- Public-Key Cryptography 55
![Key Management (cont’d) • Secret key distribution with confidentiality and authentication YSL Information Security Key Management (cont’d) • Secret key distribution with confidentiality and authentication YSL Information Security](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-56.jpg)
Key Management (cont’d) • Secret key distribution with confidentiality and authentication YSL Information Security -- Public-Key Cryptography 56
![Key Management (cont’d) • Secret key distribution with confidentiality and authentication (cont’d) – provides Key Management (cont’d) • Secret key distribution with confidentiality and authentication (cont’d) – provides](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-57.jpg)
Key Management (cont’d) • Secret key distribution with confidentiality and authentication (cont’d) – provides protection against both active and passive attacks – ensures both confidentiality and authentication in the exchange of a secret key – public keys should be obtained a priori – more complicated YSL Information Security -- Public-Key Cryptography 57
![Diffie-Hellman Key Exchange • First public-key algorithm published • Limited to key exchange • Diffie-Hellman Key Exchange • First public-key algorithm published • Limited to key exchange •](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-58.jpg)
Diffie-Hellman Key Exchange • First public-key algorithm published • Limited to key exchange • Dependent for its effectiveness on the difficulty of computing discrete logarithm YSL Information Security -- Public-Key Cryptography 58
![Diffie-Hellman Key Exchange (cont’d) • Define a primitive root of of a prime number Diffie-Hellman Key Exchange (cont’d) • Define a primitive root of of a prime number](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-59.jpg)
Diffie-Hellman Key Exchange (cont’d) • Define a primitive root of of a prime number p as one whose powers generate all the integers from 1 to p-1. • If a is a primitive root of the prime number p, then the numbers a mod p, a 2 mod p, …, ap-1 mod p are distinct and consist of the integers from 1 to p-1 in some permutation. • Not every number has a primitive root. YSL Information Security -- Public-Key Cryptography 59
![Diffie-Hellman Key Exchange (cont’d) • For any integer b and a primitive root a Diffie-Hellman Key Exchange (cont’d) • For any integer b and a primitive root a](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-60.jpg)
Diffie-Hellman Key Exchange (cont’d) • For any integer b and a primitive root a of prime number p, one can find a unique exponent i such that b = ai mod p, where 0 i (p-1). • The exponent i is referred to as the discrete logarithm, or index, of b for the base a, mod p. • This value is denoted as inda, p(b) (dloga, p(b)). YSL Information Security -- Public-Key Cryptography 60
![Diffie-Hellman Key Exchange (cont’d) YSL Information Security -- Public-Key Cryptography 61 Diffie-Hellman Key Exchange (cont’d) YSL Information Security -- Public-Key Cryptography 61](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-61.jpg)
Diffie-Hellman Key Exchange (cont’d) YSL Information Security -- Public-Key Cryptography 61
![Diffie-Hellman Key Exchange (cont’d) • Example: q = 97 and a primitive root a Diffie-Hellman Key Exchange (cont’d) • Example: q = 97 and a primitive root a](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-62.jpg)
Diffie-Hellman Key Exchange (cont’d) • Example: q = 97 and a primitive root a = 5 is selected. XA = 36 and XB = 58 (both < 97). YA = 536 = 50 mod 97 and YB = 558 = 44 mod 97. K = (YB) X mod 97 = 4436 mod 97 = 75 mod 97. K = (YA) X mod 97 = 5058 mod 97 = 75 mod 97. 75 cannot easily be computed by the opponent. A B YSL Information Security -- Public-Key Cryptography 62
![Diffie-Hellman Key Exchange (cont’d) • How the algorithm works YSL Information Security -- Public-Key Diffie-Hellman Key Exchange (cont’d) • How the algorithm works YSL Information Security -- Public-Key](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-63.jpg)
Diffie-Hellman Key Exchange (cont’d) • How the algorithm works YSL Information Security -- Public-Key Cryptography 63
![Diffie-Hellman Key Exchange (cont’d) YSL Information Security -- Public-Key Cryptography 64 Diffie-Hellman Key Exchange (cont’d) YSL Information Security -- Public-Key Cryptography 64](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-64.jpg)
Diffie-Hellman Key Exchange (cont’d) YSL Information Security -- Public-Key Cryptography 64
![Diffie-Hellman Key Exchange (cont’d) • q, a, YA and YB are public. • To Diffie-Hellman Key Exchange (cont’d) • q, a, YA and YB are public. • To](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-65.jpg)
Diffie-Hellman Key Exchange (cont’d) • q, a, YA and YB are public. • To attack the secrete key of user B, the opponent must compute XB = inda, q(YB). [YB = a. X mod q. ] • The effectiveness of this algorithm therefore depends on the difficulty of solving discrete logarithm. B YSL Information Security -- Public-Key Cryptography 65
![Diffie-Hellman Key Exchange (cont’d) • Bucket brigade (Man-in-the-middle) attack Alice picks x Trudy picks Diffie-Hellman Key Exchange (cont’d) • Bucket brigade (Man-in-the-middle) attack Alice picks x Trudy picks](http://slidetodoc.com/presentation_image_h/ecf3e349e5d492a4c343b6b50e82d0d0/image-66.jpg)
Diffie-Hellman Key Exchange (cont’d) • Bucket brigade (Man-in-the-middle) attack Alice picks x Trudy picks z z mod q 2 q, , z mod q 4 y mod q Bob 3 q, , x mod q Trudy Alice 1 Bob picks y – ( xz mod q) becomes the secret key between Alice and Trudy, while ( yz mod q) becomes the secret key between Trudy and Bob. YSL Information Security -- Public-Key Cryptography 66
- Slides: 66