1 / 24

IS 302: Information Security and Trust Week 4: Asymmetric Encryption

IS 302: Information Security and Trust Week 4: Asymmetric Encryption. 2012. Review. Symmetric block ciphers DES 3-DES AES ECB, CBC. key distribution and key management. Asymmetric Cryptosystem. Bob. private key d public key e Encryption: C=E(e , P )

shadow
Download Presentation

IS 302: Information Security and Trust Week 4: Asymmetric Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS 302: Information Security and TrustWeek 4: Asymmetric Encryption 2012

  2. Review • Symmetric block ciphers • DES • 3-DES • AES • ECB, CBC

  3. key distribution and key management

  4. Asymmetric Cryptosystem Bob • private key d public key e • Encryption: C=E(e, P) • Decryption: P=D(d, C) Alice e d private public Plaintext Ciphertext Plaintext Encryption Algorithm E Decryption Algorithm D P C P Computationally infeasible

  5. Asymmetric Encryption Plaintext Public key e Encrypt Private key d Decrypt Plaintext

  6. RSA • RSA cryptosystem • Rivest-Shamir-Adelman in 1978 • Turing award in 2002

  7. RSA Keys • Public keys (n,e), private keys d • n: a composite. n=pq, where p and q are large primes • d: an integer, 2<d<n • e: an integer, 2<e<n, s.t. forany number x, x=(xe mod n) d mod n

  8. RSA Encryption/Decryption • Encryption of P: C=Pe mod n • Decryption of C: P=Cd mod n • PKCS:P =plaintext+ random padding < n • Why need random padding? C=Pe mod n d n,e n,e Bob insecure channel Alice d: Bob’s private key n,e: Bob’s public key

  9. How to Choose Keys in RSA • Choose 2 large prime numbers p, q • Computen=pqandφ=(p-1)(q-1) • Chooseerelatively prime to φ • Compute d from φ and e such that e*d mod φ =1 • Public: n, e • Private: p, q, φ, d • A Toy Example: • Let p = 47, q = 71, then n = pq = 3337, φ=(p-1)(q-1) = 3220 • Let e =79, Note φ = 3220 = 22  5  7  23 • Solve d from d*79 mod 3220 =1, which gives d = 1019 (using extended Euclidean algorithm) • Let P = 688, then C =Pe mod n = 688^79 mod 3337 = 1570 • P = Cd mod n = 1570^1019 mod 3337

  10. RSA Demo • Cryptool  indiv. Procedures  RSA • Generate prime numbers • Factorization of a number • Cryptool  Encrypt/decrypt  • RSA encryption (in blocks) • RSA decryption

  11. RSA Key Size and Security • key size  size of n • n: 1024 bits (309 digits); 2048 bits (618 digits); 4096 bits • Security  difficulty of • Factorizing n=p*q p, q,φ, d • A 512 bits (154 digits) n could be factored in several months

  12. RSA Key Size and Security • http://www.rsasecurity.com/rsalabs/node.asp?id=2007 • By the year 2009, a machine that could break a 1024-bit RSA key in about a day would cost at least $250 million • For data that needs to be protected no later than the year 2015, the table indicates that the RSA key size should be at least 1024 bits. For data that needs to be protected longer, the key size should be at least 2048 bits.

  13. Asymmetric Key exchange over public channel Scalable for multi-party communication Long keys (e.g., 1024 bits) Slow implementation RSA software can encrypt 7.4~21.6 Kb/sec Fastest RSA hardware can encrypt 1 Mb/sec Symmetric Key exchange must be done over secure channel Non-scalable for multi-party communication Relative short keys (e.g., 128 bits) Fast implementation In software, DES is generally 100 times faster than RSA In hardware, DES is between 1000 to 10,000 times faster Asymmetric vs Symmetric

  14. Scenario • RSA is too slow, not suitable for large P

  15. Question • Can we have a fast (as AES) and scalable crypto-system without secure channel (as RSA)? • Envelop encryption: combine AES and RSA • Es: AES encryption • Ds: AES decryption • k: AES key • Ea: RSA encryption • Da: RSA decryption • (e,n): RSA public key; d: RSA private key

  16. Envelop Encryption (1) • Alice selects a random session key (AES key) k, and gets C1=Es(k,P) (using AES) Mallory C1= Es(k,P) Bob Alice

  17. Envelop Encryption (2) • Alice uses Bob’s public key e,n to encrypt k (using RSA), and gets C2=Ea(e,n,k) Mallory C2=Ea(e,n,k) C1= Es(k,P) Bob Alice

  18. Communication • Alice sends C1 and C2 together to Bob Mallory C2=Ea(e,n,k) C1= Es(k,P) Bob Alice

  19. Envelop Decryption (1) • Bob uses his private key d to decrypt C2 (using RSA) and gets k = Da(d,C2) Mallory C2=Ea(e,n,k) C1= Es(k,P) Bob Alice k=Da(d,C2)

  20. Envelop Decryption (2) • Bob uses k to decrypt C1 (using AES) and gets P=Ds(k,C1) Mallory C2=Ea(e,n,k) C1= Es(k,P) Bob Alice k=Da(d,C2) P=Ds(k,C1)

  21. Demo • Cryptool  Encrypt/Decrypt  Hybrid  • RSA-AES encryption • RSA-AES decryption

  22. Hands-on Exercise • Download Lab.doc • Generate RSA key pairs of 1024 and 2048 bits • Instruction 2.1 • RSA encryption and decryption for small file and large file • Instruction 2.2

  23. Review • When we say the key length of RSA is 1024 bits, we mean • n 2) p,q 3) e,d • Alice encrypts her message for Bob in RSA, which key should she use in encryption? • Alice’s private key • Alice’s public key • Bob’s public key • Alice encrypts her message for Bob in envelop encryption, which of the following is true? • Alice uses her private key to encrypt a session key, and uses the session key to encrypt her message • Alice uses her public key to encrypt a session key, and uses the session key to encrypt her message • Alice uses Bob’s public key to encrypt a session key, and uses the session key to encrypt her message

  24. Assignment 1 • Submit hardcopy today

More Related