Csce 715 network systems security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

CSCE 715: Network Systems Security PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

CSCE 715: Network Systems Security. Chin-Tser Huang [email protected] University of South Carolina. Distribute Secret Keys Using Asymmetric Encryption. Can use previous methods to obtain public key of other party

Download Presentation

CSCE 715: Network Systems Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

CSCE 715:Network Systems Security

Chin-Tser Huang

[email protected]

University of South Carolina

Distribute Secret KeysUsing Asymmetric Encryption

  • Can use previous methods to obtain public key of other party

  • Although public key can be used for confidentiality or authentication, asymmetric encryption algorithms are too slow

  • So usually want to use symmetric encryption to protect message contents

  • Can use asymmetric encryption to set up a session key

Simple Secret Key Distribution

  • Proposed by Merkle in 1979

    • A generates a new temporary public key pair

    • A sends B the public key and A’s identity

    • B generates a session key Ks and sends encrypted Ks (using A’s public key) to A

    • A decrypts message to recover Ks and both use

Problem with Simple Secret Key Distribution

  • An adversary can intercept and impersonate both parties of protocol

    • A generates a new temporary public key pair {KUa, KRa} and sends KUa || IDa to B

    • Adversary E intercepts this message and sends KUe || IDa to B

    • B generates a session key Ks and sends encrypted Ks (using E’s public key)

    • E intercepts message, recovers Ks and sends encrypted Ks (using A’s public key) to A

    • A decrypts message to recover Ks and both A and B unaware of existence of E

Distribute Secret KeysUsing Asymmetric Encryption

  • if A and B have securely exchanged public-keys


Problem with Previous Scenario

  • Message (4) is not protected by N2

    • An adversary can intercept message (4) and replay an old message or insert a fabricated message

Order of Encryption Matters

  • What can be wrong with the following protocol?



  • An adversary sitting between A and B can get a copy of secret key Ks without being caught by A and B!

Diffie-Hellman Key Exchange

  • First publicly proposed public-key type scheme

  • By Diffie and Hellman in 1976 along with advent of public key concepts

  • A practical method for public exchange of secret key

  • Used in a number of commercial products

Diffie-Hellman Key Exchange

  • Use to set up a secret key that can be used for symmetric encryption

    • cannot be used to exchange an arbitrary message

  • Value of key depends on the participants (and their private and public key information)

  • Based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) – easy

  • Security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard

Primitive Roots

  • From Euler’s theorem: aø(n) mod n=1

  • Consider am mod n=1, GCD(a,n)=1

    • must exist for m= ø(n) but may be smaller

    • once powers reach m, cycle will repeat

  • If smallest is m= ø(n) then a is called a primitive root

  • if p is prime and a is a primitive root of p, then successive powers of a “generate” the group mod p

  • Not every integer has primitive roots

Primitive Root Example: Power of Integers Modulo 19

Discrete Logarithms

  • Inverse problem to exponentiation is to find the discrete logarithm of a number modulo p

  • Namely find x where ax = b mod p

  • Written as x=loga b mod p or x=dloga,p(b)

  • If a is a primitive root of p then discrete logarithm always exists, otherwise may not

    • 3x = 4 mod 13 has no answer

    • 2x = 3 mod 13 has an answer 4

  • While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem

Diffie-Hellman Setup

  • All users agree on global parameters

    • large prime integer or polynomial q

    • α which is a primitive root mod q

  • Each user (e.g. A) generates its key

    • choose a private key (number): xA < q

    • compute its public key: yA = αxA mod q

  • Each user publishes its public key

Diffie-Hellman Key Exchange

  • Shared session key for users A and B is KAB:

    KAB = αxA.xB mod q

    = yAxB mod q (which B can compute)

    = yBxA mod q (which A can compute)

  • KAB is used as session key in symmetric encryption scheme between A and B

  • Attacker needs xA or xB, which requires solving discrete log

Diffie-Hellman Example

  • Given Alice and Bob who wish to swap keys

  • Agree on prime q=353 and α=3

  • Select random secret keys:

    • A chooses xA=97, B chooses xB=233

  • Compute public keys:

    • yA=397 mod 353 = 40(Alice)

    • yB=3233 mod 353 = 248(Bob)

  • Compute shared session key as:

    KAB= yBxA mod 353 = 24897 = 160(Alice)

    KAB= yAxB mod 353 = 40233 = 160(Bob)

Elliptic Curve Cryptography

  • Majority of public-key crypto (RSA, D-H) use either integer or polynomial arithmetic with very large numbers/polynomials

  • Imposes a significant load in storing and processing keys and messages

  • An alternative is to use elliptic curves

  • Offers same security with smaller bit sizes

Real Elliptic Curves

  • An elliptic curve is defined by an equation in two variables x and y, with coefficients

  • Consider a cubic elliptic curve of form

    • y2 = x3 + ax + b

    • where x, y, a, b are all real numbers

    • also define zero point O

  • Have addition operation for elliptic curve

    • geometrically, sum of P+Q is reflection of intersection R

Real Elliptic Curve Example

Finite Elliptic Curves

  • Elliptic curve cryptography uses curves whose variables and coefficients are finite

  • Two families are commonly used

    • prime curves Ep(a,b) defined over Zp

      • use integers modulo a prime

      • best in software

    • binary curves E2m(a,b) defined over GF(2m)

      • use polynomials with binary coefficients

      • best in hardware

Elliptic Curve Cryptography

  • ECC addition is analog of modulo multiply

  • ECC repeated addition is analog of modulo exponentiation

  • Need a “hard” problem equivalent to discrete logarithm

    • Q=kP, where Q, P belong to a prime curve

    • is “easy” to compute Q given k, P

    • but “hard” to find k given Q, P

    • known as the elliptic curve logarithm problem

  • Certicom example: E23(9,17)

ECC Diffie-Hellman

  • Can do key exchange analogous to D-H

  • Users select a suitable curve Ep(a,b)

  • Select base point G=(x1, y1) with large order n s.t. nG=O

  • A and B select private keys nA<n, nB<n

  • Compute public keys: PA=nA×G, PB=nB×G

  • Compute shared key: K=nA×PB,K=nB×PA

    • same since K=nA×nB×G

ECC Encryption/Decryption

  • Must first encode any message M as a point on the elliptic curve Pm

  • Select suitable curve and point G as in D-H

  • Each user chooses private key nA<n and computes public key PA=nA×G

  • To encrypt Pm:

    Cm={kG, Pm+kPB}, k random

  • To decrypt Cm:

    Pm+kPB–nB(kG) = Pm+k(nBG)–nB(kG) = Pm

ECC Security

  • Relies on elliptic curve logarithm problem

  • Fastest method is “Pollard rho method”

  • Compared to factoring, ECC can use much smaller key sizes than with RSA

  • For equivalent key lengths computations are roughly equivalent

  • Hence for similar security ECC offers significant computational advantages

Comparable Key Sizes


Next Class

  • Message authentication

  • Hashing functions

  • Message digests

  • Read Chapters 11 and 12

  • Login