- 49 Views
- Uploaded on
- Presentation posted in: General

Information Security

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Information Security

CS 483 – SD Section

By Dr. DaniyalAlghazzawi

(4)

- a user has a pair of cryptographic keys - a public key and a private key.
- The private key is kept secret, while the public key may be widely distributed
- The keys are related mathematically, but the private key cannot be practically derived from the public key. Then, HOW?
- A message encrypted with the public key can be decrypted only with the corresponding private key.

The prime is a natural number which has exactly two distinct natural number divisors: 1 and itself

The first 15 prime numbers are:2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47.

The integers a and b are said to be coprime or relatively prime if they have no common factor other than 1 and −1 (if their Greatest Common Divisor is 1)

For example,

- 6 and 35 are coprime
- 6 and 27 are not coprime because they are both divisible by 3
- A fast way to determine whether two numbers are coprime is given by the Euclidean algorithm that determine the greatest common divisor (GCD) of two elements.
- Euler's Totient Function of a positive integer n is the number of integers between 1 and n which are coprime to n

The Euclidean algorithm is an algorithm to determine the greatest common divisor (GCD) of two elements.

Using recursion, the algorithm can be expressed:

function gcd(a, b) {

if b = 0 return a

else return gcd(b, a mod b)

}

For example:

- gcd(35,6) = gcd(6,5) = gcd(5,1) = gcd(1,0) = 1(This means that 35 and 6 are coprime)
- gcd(27,6) = gcd(6,3) = gcd(3,0) = 3

Two integers a and b are said to be “congruent modulo” n, if their difference a − b is an integer multiple of n. If this is the case, it is expressed as:

a ≡ b (mod n)"a is congruent to b modulo n“

For example,

38 ≡ 14 (mod 12)

38 ≡ 2 (mod 12)

-3 ≡ 2 (mod 5)

The totientφ(n)of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n.

To compute Euler's function for n:

with the product ranging only over the distinct primes p dividing n

if n=p.q and p&q are distinct primes:

φ(n) = φ(p.q) = (p-1)(q-1)

For example,

φ(6) = φ(3.2) = (3-1)(2-1) = 2 // 1, 5

Euler's Totient Function Values For n = 1 to 500, with Divisor Lists (http://www.geocities.com/primefan/Phi500.html)

- The algorithm was publicly described in 1977 , however, was not revealed until 1997 due to its top-secret classification.
- Rivest, Shamir, and Adleman devised RSA independently of Cocks' work.
- RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key.

- Choose two distinct large random prime numbers p and q
- Compute n=p.q
- n is used as the modulus for both the public and private keys

- Compute the totient: φ(n)=(p-1)(q-1)
- Choose an integer e such that 1<e<φ(n), and e and φ(n) share no factors other than 1;(i.e. e and φ(n) are coprime)
- e is released as the public key exponent

- Compute d to satisfy the congruence relation:d.e≡ 1 (mod φ(n)); (i.e. d.e=1+kφ(n) for some integer k )
- d is kept as the private key exponent

Public Key: (n, e)

Private Key: (n,d)

To encrypt message:

c = me mod n

To decrypt message:

m = cd mod n

p= 11

q = 3

n = 11.3 = 33

φ(33) = (11-1)(3-1) = 20

e = 3// 3 and 20 are coprime

d = 7// 3.7 ≡ 1 (mod 20)

Question: Encrypt the message M=15?

c = me mod n = 153 mod 33 = 9

m = cd mod n = 97 mod 33 = 15

- The primary advantage of symmetric key cryptography is efficiency (because there is no infrastructure, such as PKI).
- In the realm of confidentiality, the primary advantage of public key cryptography is that no need to establish a shared key in advance.
- To achieve both advantage, use a hybrid cryptosystem, where public key crypto is used to establish a symmetric key.

- With symmetric key crypto, a MAC provides for integrity.
- With public key crypto, a digital signature provides for integrity and non-repudiation. Scenario?
Hints: Using a MAC, anyone can repudiate a transaction because the key is shared between the two sides. However, using a digital signature, no one can repudiate a transaction because the private key can be owned by only one.

Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security.

- For confidentiality only, Alice can encrypt M with Bob’s public key.
- For integrity and non-repudiation only, Alice can sign M with her private key. To achieve all:
- Alice can sign the message M and encrypt the result:{[M]Alice}Bob
- Alice can encrypt M first and then sign the result: [{M}Bob]Alice

C={M}Alice: encrypt message M with Alice’s public key

M=[C]Alice: decrypt ciphertext C with Alice’s private key

1

2

3

Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security.

Anyone can encrypt using the public key, but only the holder of the private key can decrypt. Secrecy depends on the secrecy of the private key.

By combining your own private key with the other user's public key, you can calculate a shared secret that only the two of you know. The shared secret can be used as the key for a symmetric cipher.

- PKI is showing everything required to securely use public key crypto:
- A digital certificate, or public key certificate, that contains a user’s name along with the user’s public key.
- A digital certificate needs to be signed by one of the Certificate Authorities (CAs) – trusted third party- in order to verify the public key.
- A digital certificate needs to be added to the Certificate Revocation Lists (CRLs) if the private key is compromised.