1 / 41

Asymmetric cryptography (aka Public key cryptography)

Asymmetric cryptography (aka Public key cryptography). (Slides by Jaap-Henk Hoepman & Jeroen Doumen). Contents. Why public key cryptography Some systems Diffie-Helman RSA Applications Authentication Key-management Certificates / PKI. Many symmetric keys needed. Bob. Carol. Zeke.

cailin-burch
Download Presentation

Asymmetric cryptography (aka Public key cryptography)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Asymmetric cryptography(aka Public key cryptography) (Slides by Jaap-Henk Hoepman & Jeroen Doumen)

  2. Contents • Why public key cryptography • Some systems • Diffie-Helman • RSA • Applications • Authentication • Key-management • Certificates / PKI

  3. Many symmetric keys needed Bob Carol Zeke To send to Alice, everyone needs a different key To receive, Alice needs all these keys Alice

  4. Diversified keys • Reducing Alice’s keyring: • Alice keeps only a master key K • Alice gives every other person i a derived key • So Bob’s key is • Still a key distribution problem

  5. Asymmetric keys • Private key k (lower case!) • Held privately by the user • Used to decrypt • Public key K (upper case!) • Distributed to all • Used to encrypt • Requirement • Private key not derivable from public key • Public key not useful to decrypt

  6. Encryption • Alice • generates random symmetric key s • encrypts s with the public key KB of Bob: RSA_E(KB,s) • encrypts the message with s: AES_E(s,m) • Sends Bob RSA_E(KB,s), AES_E(s,m) • Bob • Decrypts RSA(KB,s) using private key kB to get s • Decrypts AES(s,m) using s to get m

  7. Digital signatures • Alice • Generates a hash h=h(m) of the message • Signs h using her private key kA: s=RSA_D(kA,h) • Same as decrypting h… • Sends m and s to Bob • Bob • Computes h=h(m) from m • Decrypts s=RSA_D(kA,h) to h’ using Alice’s public key KA • Checks that h and h’ are the same

  8. History • NSA (US): 1960’s (?) • CESG (UK): 1970 • James Ellis, classified report • Diffie & Hellman: 1976

  9. Definitions of security • Two definitions • Information theoretical (aka unconditional) • Impractical • Computational • Breaking the cipher is a mathematically hard problem

  10. What is a `break’ • Weak definition • Hard to derive plaintext from ciphertext without the key • Strong definition • Hard to guess a single plaintext bit from a ciphertext without the key

  11. One time pad • Vernam’s one time pad is information theoretically secure Why? plaintext bits key bits Bitwise xor ciphertext bits Note: random key equally long as message

  12. What is a hard problem (1) • Algorithm can run on short or long instances • The running time depends on the length of the instance • Example: Sorting 10 numbers takes less time than sorting 10000 numbers • For some problems we know how many steps any algorithm will have to take to solve an instance of size n • Sorting n numbers always takes n log n steps • Very hard to prove

  13. What is a hard problem (2) • A hard problem is a problem that requires at least an exponential number of steps to solve • I.e. more than a polynomial number of steps • No hard problems known!! • But for some problems all known solutions take (sub)exponential time • Factoring a product of two primes • Computing the discrete logarithm

  14. Math • Computing modulo n • Groups • Generator g (e.g. 2 in the multiplicative group Z*13 below) • (Probably…) hard problems • Factoring an integer • Computing the discrete logarithm

  15. Diffie Helman key exchange • Invented by Diffie & Helman in 1976 • First publication on public key crypto • Key exchange only • No encryption/signatures • Key sizes: ~1024 bits • Based on the difficulty of finding a discrete logarithm • Given prime p and a,b compute i

  16. Diffie Helman • Public values • Prime p • Generator a < p • Alice • Randomly picks x < p • Sends • Receives r and sets • Bob • Randomly picks y < p • Sends • Receives r and sets

  17. About the keys • Alice key equals • Bobs key equals • Eavesdropper sees • Vulnerable to man-in-the-middle attack

  18. RSA • Invented by Rivest, Shamir and Adleman in 1978 • First “public” public key system, • Most popular • Patent expired September 2000 • Large keys (1024 bits or more)

  19. Primes and such • Gcd(a,b): greatest common divisor • Euler’s totient function • the number of integers x < n for which gcd(x,n)=1 • For primes p, • Euler’s theorem • If gcd(a,n)=1 then • Holds even if n=pq (and gcd(a,n) <> 1)

  20. RSA Algorithm • Pick two large primes p,q and set n = p,q • Pick e,d such that • Destroy p,q • Public key: (e, n) • Private key: (d, n) • Encrypt P: • Decrypt C:

  21. RSA Example • p=7 and q=17, so n=119 and • Pick e with gcd(e, 96)=1, e.g. e=5 • Compute d with ed = 1 mod 96. Then d=77 • Verify: 77*5=385=4*96+1 • Encrypting M=19: • Ciphertext is 66 • Decrypting 66 • Yields 19

  22. RSA: Why it works Euler:

  23. RSA: why it is secure • If you know p,q, it is easy to find e,d such that • If you don’t know p,q but only n, then finding d given e (or vice versa) is as hard as finding p,q given n (I.e. factoring) • Because computing is hard

  24. RSA: common settings • p,q must be roughly the same size • Or else factoring n=pq is easier • On the other hand p-q must be sufficiently large • Or else for a small constant c, and hence factoring n is easy by trying all c

  25. Special properties • E(m*m’)=E(m)*E(m’) mod n • Add redundancy to sign messages • Blinding with a random r • Hide message to be signed from signer • Anonymous money

  26. RSA: Sign vs encrypt • RSA can be used to sign messages or to encrypt messages • Always use separate keypairs for signing and encryption • Otherwise decrypting a message is equivalent to signing this message

  27. Authentication: goals • Prevent spoofing attacks • know where messages come from • know who you are sending messages to • Control access to systems • Many users have access to your machine remotely

  28. On-line authentication • Challenge response • Verifier V sends random challenge • Prover P signs the challenge and returns it to the verifier • Works • With symmetric keys • Provided only P,V have knowledge of this key • And this key is only used to authenticate P to V (and not vice versa) • With asymmetric keys • Provided only P knows private key and V knows P’s public key

  29. Key management • Difficult to get right • Two key classes • Short-term session keys • Long-term keys • Long term keys used for • Authentication • Confidentiality • Establish session keys • Protect stored data

  30. Problems • Distributing keys • Get public keys • Distribute your public key • Establish a shared key • Confidentiality • Authenticity • Key storage • Tampering • Key revocation • Killing keys • Checking key status

  31. Distributing keys Alice Bob Private key Public key

  32. (Wo)man-in-the-middle attack Eve Alice Bob

  33. Certification Authority • Signs public keys • This is a certificate • Prevents man in the middle attack • Protocol • Alice requests key for Bob from CA • CA sends Bob’s certificate • Alice verifies CA certificate • Uses key in certificate to encrypt message to Bob

  34. Certificate • “A statement signed by a principal which the principal believes to be true at the time of signing” • And for which it assumes responsibility, liability,…. • Several types • Identity • Attribute • Limited validity period

  35. Identity certificate • CA binds key to ‘end entity’ (or principal) • A person • A role • An organisation • A pseudonym • A bank account • … • Depends on the CA policy

  36. Properties • Nobody can forge a certificate • Requires private key CA • Everybody can verify certificate • Requires public key CA • Problem: • How to obtain/verify CA public key • Out-of-band verification

  37. Obtaining a certificate (1) • How to obtain a certificate for your key pair • Alice signs public key and her identity with her private key • Proves possession of private key • Protects information in transit • CA verifies signature and identity information • Verisign: email adres

  38. Obtaining a certificate (2) • CA creates certificate by signing Alice’s public key and identity • Alice verifies certificate • Check that CA did not alter key or ID • Alice or CA publish certificate

  39. Key length • Length of key determines security • The time and cost required by adversary to break the system • Required key length depends on level of security needed • Specify security as the number of years confidentiality/integrity must be maintained

  40. Hypotheses • 56 bit DES key was strong enough in 1982 • Breaking it requires 500,000 Mips Years • 1 Mips Year = 20 hours on 450Mhz Pentium II • Computing power per $ doubles every 18 months • Variant of Moore’s law • Every 10 years, 100 times more computing power for the same amount of money • Budget of organisations doubles every 10 years • Computing power required to breaking an asymmetric algorithm halves every 18 months

  41. Overview

More Related