1 / 35

Lecture 6: Key Exchange - Preserving Privacy and Digital Signatures in Electronic Mail (Potter1977)

This lecture discusses the introduction of electronic mail and the need to preserve privacy and digital signatures. It includes topics such as key distribution, Diffie-Hellman key agreement, and public-key cryptosystems.

avitia
Download Presentation

Lecture 6: Key Exchange - Preserving Privacy and Digital Signatures in Electronic Mail (Potter1977)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 6: Key Exchange The era of “electronic mail” [Potter1977] may soon be upon us; we must ensure that two important properties of the current “paper mail” system are preserved: (a) messages are private, and (b) messages can be signed. R. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, January 1978. (The original RSA paper.) David Evans http://www.cs.virginia.edu/~evans CS551: Security and Privacy University of Virginia Computer Science

  2. Menu • PS1 • RC6 Proof Challenge (Vic Ludwig) • Key Distribution (Greg Lamm) • Diffie-Hellman Key Agreement • Intro to Public-Key Cryptosystems • Return PS1 University of Virginia CS 551

  3. PS1 • Problem 2 • Process more interesting than answer • Problem 4 • Even a “provably perfect” scheme breaks in practice • Bonus question: • any 98 agents obtain no information • any 99 agents can determine message • key data O(100 * n) University of Virginia CS 551

  4. RC6 Proof Vic Ludwig University of Virginia CS 551

  5. U.S. Army Key Distribution Greg Lamm

  6. U.S. Army Distribution • Two Distribution Schemes • Physically • OTAR • Three Types of Distributions • Initial (Staging Area) • Operating Procedures • Compromise (Equipment or Keys) • A tactical network (voice/data) can have over 20 keys. • Key Types • Transmission Encryption Key (TEK)-128 bit • Key Encryption Key (KEK)-128 bit • Key Distribution is Technology + People University of Virginia CS 551

  7. DREAR Staging Area Key Distribution 2BDE 1-62 ADA BSA 45 CSB DMAIN • Close Connectivity • Static Environment • Data/Voice Network • Key Distributed • Physically • Test OTAR DTAC

  8. DREAR Tactical Network Key Distribution 2BDE 1-62 ADA BSA 45 CSB DMAIN DTAC • Dispersed Connectivity • Dynamic Environment • Data/Voice Network • Key Distributed • OTAR

  9. FM Key Distribution AVN TOC AVN FARP 1-14 TOC 2d BDE ALT NCS 1-14 SCOUTS DTAC NCS 1-27 TOC 2d BDE TOC 1-27 SCOUTS DREAR 45 CSG FWD 45 CSG MAIN • Dispersed Connectivity • NCS issues key distribution by SOP University of Virginia CS 551

  10. Key Distribution Problems NCS ALT NCS TEK 1 damaged TEK 1 TEK 2 1 2 3 4 5 6 7 • Multiple Key Distributors • Issuing a second key at the staging area • Good for compromise • Bad if it is not the same (only testing TEK 1) • Labeling Keys with name rather than code • Key Training, Handling and Protection University of Virginia CS 551

  11. Public-Key Cryptosystems University of Virginia CS 551

  12. Public-Key Cryptosystems • Distributing secret keys is hard and expensive • Can two people communicate securely without having to meet first and establish a key? University of Virginia CS 551

  13. E (“Alice” || KAB, KB) E (KAB, KB) E (KAB, KA) E (M, KAB) Trust a Third Party Keys “R” Us knows KA, KB ... Generates random KAB E(“Bob”, KA) Bob Alice University of Virginia CS 551

  14. Merkle’s Puzzles • Ralph Merkle [1974] • Alice generates 220 messages: “This is puzzle x. The secret is y.” (x and y are random numbers) • Encrypts each message using symmetric cipher with a different key. • Sends all encrypted messages to Bob University of Virginia CS 551

  15. Merkle’s Puzzles, cont. • Bob chooses random message, performs brute-force attack to recover plaintext and key k • Bob sends x (clear) to Alice • Alice and Bob use k to encrypt messages University of Virginia CS 551

  16. Is this secure? • Alice: symmetric cipher DES ~255 expected brute force work to break DES • Eve: has to break the 220 to find which one matches x. ~ 219 * 255 expected work • Alice and Bob change keys frequently enough since it is less work to agree to a new key University of Virginia CS 551

  17. Birth of Public Key Cryptosystems • 1969 – ARPANet born: 4 sites • Whitfield Diffie starts thinking about strangers sending messages securely • 1974 – Whitfield Diffie gives talk at IBM lab • Audience member mentions that Matrin Hellman (Stanford prof) had spoke about key distribution • That night – Diffie starts driving 5000km to Palo Alto • Diffie, Hellman and Ralph Merkle work on key distribution problem University of Virginia CS 551

  18. We stand today on the brink of a revolution in cryptography. Diffie and Hellman, “New Directions in Cryptography”, IEEE Transactions on Information Theory, November 1976. University of Virginia CS 551

  19. Alice’s Secret Color Bob’s Secret Color CA = Yellow + Purple CB = Yellow + Red K = Yellow + Red + Purple K = Yellow + Purple + Red Analogy due to Simon Singh, The Code Book. Secret Paint Mixing Alice Bob Yellow paint (public) Eve University of Virginia CS 551

  20. Diffie-Hellman Key Agreement • Choose public numbers: q (large prime number),  (generator mod q) • A generates random XAand sends B: YA =XA mod q. • B generates random XBand sends A: YB = XB mod q. • A calculates secret key: K = (YB) XA mod q. • B calculates secret key: K = (YA) XB mod q. University of Virginia CS 551

  21. What’s a generator? •  is a generator mod q if for all 0  n < q, there is some 1 m< q such that m = n mod q • Is m unique? • Yes: Proof by counting. • Discrete logarithm: given , n, and q find 0 m< q such that m = n mod q. University of Virginia CS 551

  22. Example • What is a generator for q = 11? 2111 2 26 = 64 11 9 2211 4 27 = 128 11 7 2311 8 28 = 256 11 3 24 = 16 11 5 29 = 512 11 6 25 = 32 11 10 210 = 1024 11 1 If q is prime, there must be a generator. University of Virginia CS 551

  23. Diffie-Hellman Example • Choose public numbers: q (large prime number),  (generator mod q): q = 11,  = 2 • A generates random XAand sends B: YA =XA mod q. XA = 4, YA =24mod 11 = 16 mod 11 = 5 • B generates random XBand sends A: YB = XB mod q. XB = 6, YB =26mod 11 = 64 mod 11 = 9 Example from Tom Dunigan’s notes: http://www.cs.utk.edu/~dunigan/cs594-cns00/class14.html University of Virginia CS 551

  24. Diffie-Hellman Example, cont. q = 11,  = 2 XA = 4, YA =5 XB = 6, YB =9 • A calculates secret key: K = (YB) XA mod q. K = 94mod 11 = 6561 mod 11 = 5. • B calculates secret key: K = (YA) XB mod q. K = 56mod 11 = 15625 mod 11 = 5. University of Virginia CS 551

  25. Is it magic? Things to Prove: • They generate the same keys: K = (YB) XA mod q = (YA) XB mod q • An eavesdropper cannot find K from any transmitted value: q, ,YA, YB University of Virginia CS 551

  26. Stallings: “by the rules of modular arithmetic” 1. Keys Agree • Prove K = (YB)XA mod q = (YA)XB mod q. (YB)XA mod q (YA)XB mod q = (XB mod q)XA mod q = (XA mod q)XB mod q = (XB)XA mod q = (XA)XB mod q = XBXA mod q = XAXB mod q QED. University of Virginia CS 551

  27. Modular Exponentiation (a mod q)b mod q= ab mod q (7 mod 6)2 mod 6= 72 mod 6 12 mod 6 = 49mod 6 Proof by example? University of Virginia CS 551

  28. Modular Exponentiation • First prove: (a * b) mod q = (a mod q) * (b mod q) mod q • Then, by induction, (a mod q)b mod q= ab mod q since ab = a * ab-1and a1 = a. University of Virginia CS 551

  29. Modular Arithmetic (a * b) mod n = x x + (n * d0) = a * b x = a * b – (n * d0) a mod n = y  y = a – (n * d1) b mod n = z  z = b – (n * d2) (a mod n) * (b mod n) mod n = (a – (n * d1)) * (b – (n * d2)) mod n = (a * b + (a * (n * d2) – b * (n * d1) + (n * d1)(n * d2)) mod n = a * b mod n (all terms with n * are 0 mod n) University of Virginia CS 551

  30. 2. Secure from Eavesdropper • An eavesdropper cannot find K from any transmitted value: q, ,YA, YB K = (YB)XA mod q = (YA)XB mod q • To find K without XA or XB we need to find x and y such that (YB)xmod q = (YA)ymod q • Finding discrete logarithms is (probably) hard! (More on this later...) University of Virginia CS 551

  31. Diffie-Hellman Use • SSL • Cisco encrypting routers • Sun secure RPC • etc... University of Virginia CS 551

  32. Public-Key Cryptography • Same paper introduced concept of Public-Key Cryptography • Private algorithm: E • Public algorithm: D • Identity: E (D(m)) = D (E(m)) = m • Secure: cannot determine E from D • But didn’t know how to find suitable E and D University of Virginia CS 551

  33. Who really invented public-key cryptography? • General Communications Headquarters, Cheltenham (formed from Bletchley Park after WWII) • 1969 – James Ellis asked to work on key distribution problem • Secure telephone conversations by adding “noise” to line • Late 1969 – idea for PK, but function University of Virginia CS 551

  34. RSA & Diffie-Hellman • Asks Clifford Cocks, Cambridge mathematics graduate, for help • He discovers RSA (four years early) • Then (with Malcolm Williamson) discovered Diffie-Hellman • Kept secret until 1997! • NSA claims they had it even earlier University of Virginia CS 551

  35. Charge • Next time: • Rivest, Shamir, Adelman: First solution to finding suitable E and D • Identity: E (D(m)) = D (E(m)) = m • Secure: cannot determine E from D • Read the paper! • Go somewhere appropriate • Identify 2 questionable statements in the paper University of Virginia CS 551

More Related