1 / 46
Download Presentation

Principles of Public Key Cryptography and RSA Algorithm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Subject Name: NETWORK SECURITY Subject Code: 10EC832 Prepared By: SHAIK KAREEMULLA & BENJAMIN I Department: ELECTRONICS AND COMMUNICATION ENGINEERING Engineered for Tomorrow Prepared by : Kareemulla & Benjamin Department : Electronics and Communication Engg Date : 16.02.2015

  2. UNIT-3 Principles of public key Cryptasystem, The RSA algorithms, Key management, Diffie – Hellman key exchange, Elliptic Curve Arithmetic, Authentication functions, Hash functions (6 Hrs) 06/4/2015

  3. Private-Key Cryptography • Traditional private/secret/single key cryptography uses one key • shared by both sender and receiver • if this key is disclosed communications are compromised • also is symmetric, parties are equal • hence does not protect sender from receiver forging a message & claiming is sent by sender 06/4/2015

  4. Public-Key Cryptography • probably most significant advance in the 3000 year history of cryptography • uses two keys – a public & a private key • asymmetric since parties are not equal • uses clever application of number theoretic concepts to function • complements rather than replaces private key crypto 06/4/2015

  5. Why Public-Key Cryptography? • Developed to address two key issues: • key distribution – how to have secure communications in general without having to trust a KDC with your key • digital signatures – how to verify a message comes intact from the claimed sender • Public invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in 1976 • known earlier in classified community 06/4/2015

  6. Public-Key Cryptography • public-key/two-key/asymmetric cryptography involves the use of two keys: • a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures • a related private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures • infeasible to determine private key from public • is asymmetric because • those who encrypt messages or verify signatures cannot decrypt messages or create signatures 06/4/2015

  7. Public-Key Cryptography 06/4/2015

  8. Symmetric vs Public-Key 06/4/2015

  9. Public-Key Cryptosystems 06/4/2015

  10. Public-Key Applications • can classify uses into 3 categories: • encryption/decryption (provide secrecy) • digital signatures (provide authentication) • key exchange (of session keys) • some algorithms are suitable for all uses, others are specific to one 06/4/2015

  11. Public-Key Requirements • Public-Key algorithms rely on two keys where: • it is computationally infeasible to find decryption key knowing only algorithm & encryption key • it is computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known • either of the two related keys can be used for encryption, with the other used for decryption (for some algorithms) • these are formidable requirements which only a few algorithms have satisfied 06/4/2015

  12. Public-Key Requirements • need a trapdoor one-way function • one-way function has • Y = f(X) easy • X = f–1(Y) infeasible • a trap-door one-way function has • Y = fk(X) easy, if k and X are known • X = fk–1(Y) easy, if k and Y are known • X = fk–1(Y) infeasible, if Y known but k not known • a practical public-key scheme depends on a suitable trap-door one-way function 06/4/2015

  13. Security of Public Key Schemes • like private key schemes brute force exhaustive search attack is always theoretically possible • but keys used are too large (>512bits) • security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalyse) problems • more generally the hard problem is known, but is made hard enough to be impractical to break • requires the use of very large numbers • hence is slow compared to private key schemes 06/4/2015

  14. RSA • by Rivest, Shamir & Adleman of MIT in 1977 • best known & widely used public-key scheme • based on exponentiation in a finite (Galois) field over integers modulo a prime • nb. exponentiation takes O((log n)3) operations (easy) • uses large integers (eg. 1024 bits) • security due to cost of factoring large numbers • nb. factorization takes O(e log n log log n) operations (hard) 06/4/2015

  15. RSA En/decryption • to encrypt a message M the sender: • obtains public key of recipient PU={e,n} • computes: C = Me mod n, where 0≤M<n • to decrypt the ciphertext C the owner: • uses their private key PR={d,n} • computes: M = Cd mod n • note that the message M must be smaller than the modulus n (block if needed) 06/4/2015

  16. RSA Key Setup • each user generates a public/private key pair by: • selecting two large primes at random: p, q • computing their system modulus n=p.q • note ø(n)=(p-1)(q-1) • selecting at random the encryption key e • where 1<e<ø(n), gcd(e,ø(n))=1 • solve following equation to find decryption key d • e.d=1 mod ø(n) and 0≤d≤n • publish their public encryption key: PU={e,n} • keep secret private decryption key: PR={d,n} 06/4/2015

  17. Why RSA Works • because of Euler's Theorem: • aø(n)mod n = 1 where gcd(a,n)=1 • in RSA have: • n=p.q • ø(n)=(p-1)(q-1) • carefully chose e & d to be inverses mod ø(n) • hence e.d=1+k.ø(n) for some k • hence :Cd = Me.d = M1+k.ø(n) = M1.(Mø(n))k = M1.(1)k = M1 = M mod n 06/4/2015

  18. RSA Example - Key Setup • Select primes: p=17 & q=11 • Calculate n = pq =17 x 11=187 • Calculate ø(n)=(p–1)(q-1)=16x10=160 • Select e:gcd(e,160)=1; choose e=7 • Determine d:de=1 mod 160 and d < 160 Value is d=23 since 23x7=161= 10x160+1 • Publish public key PU={7,187} • Keep secret private key PR={23,187} 06/4/2015

  19. RSA Example - En/Decryption • sample RSA encryption/decryption is: • given message M = 88 (nb. 88<187) • encryption: C = 887 mod 187 = 11 • decryption: M = 1123 mod 187 = 88 06/4/2015

  20. Exponentiation • can use the Square and Multiply Algorithm • a fast, efficient algorithm for exponentiation • concept is based on repeatedly squaring base • and multiplying in the ones that are needed to compute the result • look at binary representation of exponent • only takes O(log2 n) multiples for number n • eg. 75 = 74.71 = 3.7 = 10 mod 11 • eg. 3129 = 3128.31 = 5.3 = 4 mod 11 06/4/2015

  21. Exponentiation c = 0; f = 1 for i = k downto 0 do c = 2 x c f = (f x f) mod n if bi == 1then c = c + 1 f = (f x a) mod n return f 06/4/2015

  22. Efficient Encryption • encryption uses exponentiation to power e • hence if e small, this will be faster • often choose e=65537 (216-1) • also see choices of e=3 or e=17 • but if e too small (eg e=3) can attack • using Chinese remainder theorem & 3 messages with different modulii • if e fixed must ensure gcd(e,ø(n))=1 • ie reject any p or q not relatively prime to e 06/4/2015

  23. Efficient Decryption • decryption uses exponentiation to power d • this is likely large, insecure if not • can use the Chinese Remainder Theorem (CRT) to compute mod p & q separately. then combine to get desired answer • approx 4 times faster than doing directly • only owner of private key who knows values of p & q can use this technique 06/4/2015

  24. RSA Key Generation • users of RSA must: • determine two primes at random - p, q • select either e or d and compute the other • primes p,qmust not be easily derived from modulus n=p.q • means must be sufficiently large • typically guess and use probabilistic test • exponents e, d are inverses, so use Inverse algorithm to compute the other 06/4/2015

  25. RSA Security • possible approaches to attacking RSA are: • brute force key search - infeasible given size of numbers • mathematical attacks - based on difficulty of computing ø(n), by factoring modulus n • timing attacks - on running of decryption • chosen ciphertext attacks - given properties of RSA 06/4/2015

  26. Factoring Problem • mathematical approach takes 3 forms: • factor n=p.q, hence compute ø(n) and then d • determine ø(n) directly and compute d • find d directly • currently believe all equivalent to factoring • have seen slow improvements over the years • as of May-05 best is 200 decimal digits (663) bit with LS • biggest improvement comes from improved algorithm • cf QS to GHFS to LS • currently assume 1024-2048 bit RSA is secure • ensure p, q of similar size and matching other constraints 06/4/2015

  27. Progress in Factoring 06/4/2015

  28. What is Authentication? • A procedure to verify that received messages come from the alleged sourced and have not been altered. • Digital Signature is one of the techniques including countermeasure of repudiation by either source or destination. 06/4/2015

  29. Authentication Requirements • Possible attacks • Disclosure • Traffic Analysis • Masquerade • Content Modification • Sequence Modification • Timing Modification • Repudiation: source and destination repudiation • Attacks#1-2-> Confidentiality • Attacks#3-7 -> Authentication • Especially #7 is related to Digital Signature 06/4/2015

  30. Authentication Functions • 3 Types of cryptographic operations related to authentication: • Message Encryption • Message Authentication Code (MAC) • Hash Function 06/4/2015

  31. Message Encryption • Conventional Encryption 06/4/2015

  32. Conventional Encryption (cont.) • Conventional encryption provides a weak form of authentication • If Bob can recover a message encrypted with a shared key between Alice and Bob, Bob knows that Alice sent this message. • If the message has been altered, Bob would not be able to read it. 06/4/2015

  33. Message Authentication Code • MAC is irreversible, but encryption isn’t. 1. Alice and Bob share the secret K1. 2. Alice calculates MAC1 = CK1(M) AliceBob: {M, MAC1} 3. Bob calculates MAC2 = CK1(M) If MAC2 = MAC1, M is sent from Alice and not altered • Confidentiality can be provided by encryption with another shared key. AliceBob: {M, MAC1}K2 06/4/2015

  34. Requirements for MACs • If an opponent observes M and CK(M), it should be computationally infeasible to construct M’ such that CK(M’) = CK(M). • CK(M) should be uniformly distributed in the sense that for randomly chosen messages, M and M’, the probability that CK(M) = CK(M’) is 2-n, where n is the number of bits in the MAC. • Let M’ be equal to some known transformation on M. That is, M’ = f(M). E.g. f may involve inverting one or more specific bits. In that case, Pr[CK(M) = CK(M’)] = 2-n. 06/4/2015

  35. Using Symmetric Ciphers for MACs • can use any block cipher chaining mode and use final block as a MAC • Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC • using IV=0 and zero-pad of final block • encrypt message using DES in CBC mode • and send just the final block as the MAC • or the leftmost M bits (16≤M≤64) of final block • but final MAC is now too small for security 06/4/2015

  36. Data Authentication Algorithm 06/4/2015

  37. Hash Functions • A (one-way) hash function accepts a variable-size message M as input and produces a fixed-size hash code H(M) as output (called Message Digest) • Hash code provides error detection -> a change in one bit of message results in a change to the hash code. 06/4/2015

  38. Requirements for a Hash Functions • H can be applied to a block of data of any size. • H produces a fixed-length output. • It is easy to compute H(x) from any given x. • For any given h, computationally infeasible to find x, where H(x) = h (“one-way property”) • For any x, computationally infeasible to find y, y≠x, H(y) = H(x) (“weak collision resistance”) • Computationally infeasible to find any pair of (x, y) such than H(x) = H(y) (“strong collision resistance”) 06/4/2015

  39. Simple Hash Function • Bit-by-bit exclusive-OR (XOR) Ci = bi1 bi2  …  bim where Ci = ith bit of the hash code, 1 ≤ i ≤ n m = no. of n-bit blocks in the input bij = ith bit in jth block  = XOR operation 06/4/2015

  40. Basic Uses of Hash Functions Digital Signature 06/4/2015

  41. Basic Uses of Hash Functions (cont.) S is shared btw sender and receiver 06/4/2015

  42. Hash and MAC Algorithms • Hash Functions • condense arbitrary size message to fixed size • by processing message in blocks • through some compression function • either custom or block cipher based • Message Authentication Code (MAC) • fixed sized authenticator for some message • to provide authentication for message • by using block cipher mode or hash function 06/4/2015

  43. HMAC Algorithm H = hash function M = Message Yi = ith block of M, 0 ≤ i ≤ L-1 L = no. of blocks in M b = no. of bits in a block (based on chosen hash fn) n = length of hash code K = secret key K+ = K padded with zeros on the left so that the length is b bits ipad = 00110110 repeated b/8 times opad = 01011010 repeated b/8 times HMACK = H[(K+ opad)||H[(K+  ipad)||M]] 06/4/2015

  44. Advantages of HMAC • Existing hash function can be implemented in HMAC • Easy to replace with more secure or updated hash algorithm • HMAC is proven more secure than hash algorithms 06/4/2015

  45. HMAC Security • proved security of HMAC relates to that of the underlying hash algorithm • attacking HMAC requires either: • brute force attack on key used • birthday attack (but since keyed would need to observe a very large number of messages) • choose hash function used based on speed verses security constraints 06/4/2015

  46. Exercise 1.What are the principles of public key cryptasystem? 2. Describe the RSA algorithm and explain the RSA encryption and decryption. 3. Write a note on key management. 4. Explain diffie-hell man key exchange algorithm 5. What is elliptic curve arithmetic? Explain briefly. 6. What are Hash functions? Explain. 7. With a neat diagram, describe the ways in which Hash functions can be used. 06/4/2015

More Related