Security: Public Key Cryptography

Slides:



Advertisements
Similar presentations
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Advertisements

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Public Key Cryptography
Public Key Algorithms 4/17/2017 M. Chatterjee.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Public Key Model 8. Cryptography part 2.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Lecture 17 Network Security CPE 401/601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross All material copyright J.F.
Network Security Lecture 17 Presented by: Dr. Munam Ali Shah.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network security Cryptographic Principles
Public Key Cryptography
Reviews Rocky K. C. Chang 20 April 2007.
Public Key Encryption.
Chapter 8: Network Security
Advanced Computer Networks
Public Key Cryptography
Public Key Encryption Systems
What is network security?
Public Key Encryption and Digital Signatures
Chapter 7 Network Security
CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point
Public-key Cryptography
ECE/CS 372 – introduction to computer networks Lecture 16
Basic Network Encryption
Chapter 8: Network Security
Chapter 8: Network Security
Network Security Basics
Asymmetric Cryptography
Security through Encryption
PART VII Security.
Cryptography: Basics (2)
Intro to Cryptography Some slides have been taken from:
Encryption INST 346, Section 0201 April 3, 2018.
CS2911 Week 9, Class 1 Today Discussion on RSA Video Eavesdropping
Chapter 3 - Public-Key Cryptography & Authentication
Basic Network Encryption
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9
Introduction to Cryptography
Security: Principles & Symmetric Key Cryptography
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Security: Integrity, Authentication, Non-repudiation
CS2911 Week 8, Class 1 Today Week 8, Lab period Muddiest Point
Chapter 8: Network Security
Public Key Encryption Systems
The RSA Public-Key Encryption Algorithm
Chapter 8: Network Security
Presentation transcript:

Security: Public Key Cryptography CS 352, Lecture 19 http://www.cs.rutgers.edu/~sn624/352-S19 Srinivas Narayana (heavily adapted from slides by Prof. Badri Nath and the textbook authors)

Review: Security Key properties: Confidentiality, integrity, authenticity Cryptography: prevents adversaries from reading our data Terminology: Encryption, decryption, plain text, cipher text, keys, ciphers Symmetric key cryptography: shared secret among communicating parties Key building blocks: substitution and permutation Stream and block ciphers Block ciphers that use substitution: use a mathematical function instead of a lookup table

Encryption using symmetric keys Same key for encryption and decryption Efficient to implement: Often the same or very similar algorithm for encryption and decryption Achieves confidentiality No integrity: message vulnerable to tampering No authentication by itself Vulnerable to replay attacks Bad guy can steal the encrypted message and later present it on behalf of a legitimate user How to agree on keys?

Problems with Block Ciphers Hence, also problems with symmetric key cryptography

An example: Login system Bob runs a login server to provide access to protected resources Alice must present a password to login Exchange of password implemented using symmetric key cryptography on top of block ciphers

Replay attack Alice’s password is encrypted “Login: Alice” Password please EK(Alice’s password) Alice Bob Alice’s password is encrypted From both Bob and attackers If Bob is trusted, he can decrypt using the shared secret key But subject to replay attack

Replay attack “Login: Alice” Password please EK(Alice’s password) Bob Store: EK(Alice’s password) Trudy

Replay attack This is a replay attack How can we prevent a replay? Login: Alice Password please EK(Alice’s password) Trudy Bob This is a replay attack How can we prevent a replay? By adding a NONCE value; Number used once only Use a temporary random number

Challenge-Response Nonce is a challenge that is changed every time Login: Alice “Password please” + Nonce EK(Alice’s password, Nonce) Alice Bob Nonce is a challenge that is changed every time The encrypted message is the response Critically, the ciphertext depends on the nonce

How do nonces help? What if Trudy steals the ciphertext? Nonce changed every time  ciphertext is fresh for each login Even if Trudy steals the authenticating ciphertext, she can’t reuse it Does the nonce need to be confidential?

General problems with repeated ciphertext Block ciphers take chunks of info (ex: 64-bit) to other chunks Previous example: Repeated passwords can be replayed But more generally, easy to guess parts of the payload with repeated plaintext Example: “HTTP/1.1” often occurs on HTTP messages Trudy could guess which ciphertext payloads contain that plaintext Then use those parts of a message to guess other parts of the payload … and so on

Can we use nonces for all messages? Yes! Remember, nonces can be sent as plain text Example: Use ciphertext Ek(message  nonce) to respond to the challenge Here,  is the bitwise XOR operation But very inefficient: For the example above, send double # bits for every message Use a method to generate nonces automatically Cipher block chaining: use the previous ciphertext as a nonce for the next plain text block First block “randomized” using Initialization Vector (IV)

Cipher block chaining: Encryption Exercise: how would decryption work?

How to agree on a shared secret key? In reality: two parties may meet in person or communicate “out of band” to exchange shared key But communicating parties may never meet in person Example: An online retailer and customer It’s very common not to meet someone you talk to over a network What if the shared secret is stolen? Must exchange keys securely again Is there a way to communicate securely without worrying about secure key exchange? Next topic: Public key cryptography

Public key cryptography

Public Key Cryptography A radically different approach [Diffie-Hellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to the receiver 16

Public key cryptography + K Bob’s public key B - Bob’s private key K B plaintext message, m encryption algorithm ciphertext decryption algorithm plaintext message K (m) B + m = K (K (m)) B + - 17

Public Key Cryptography An Example Sally Jeff Two keys: Kpub,sally Kpriv,sally Two keys: Kpub,jeff Kpriv,jeff

Public Key Cryptography An Example Kpub,sally Sally Jeff Kpub,jeff Two keys: Kpub,sally Kpriv,sally Two keys: Kpub,jeff Kpriv,jeff Sally and Jeff exchange public keys (As we’ll see later, this may happen through a trusted third authority)

Public Key Cryptography An Example Sally Jeff C = EKpub,sally(P) Two keys: Kpub,sally Kpriv,sally Two keys: Kpub,jeff Kpriv,jeff If Jeff wants to send an encrypted plaintext message P to Sally, he uses Sally’s public key to encrypt the message to form ciphertext C

Public Key Cryptography An Example P = DKpriv,sally(C) Sally Jeff Two keys: Kpub,sally Kpriv,sally Two keys: Kpub,jeff Kpriv,jeff Sally uses her private key to decrypt the message C from Jeff. Only Sally can decrypt messages that are encrypted using her public key. A message to Sally cannot be decrypted using Sally’s public key.

Public key ciphers RSA

Public key encryption algorithms requirements: . . + - 1 need K ( ) and K ( ) such that B B K (K (m)) = m B - + + 2 given public key K , it should be impossible to compute private key K B - B RSA: Rivest, Shamir, Adelson algorithm 23

Prerequisite: modular arithmetic x mod n = remainder of x when divide by n facts: [(a mod n) + (b mod n)] mod n = (a+b) mod n [(a mod n) - (b mod n)] mod n = (a-b) mod n [(a mod n) * (b mod n)] mod n = (a*b) mod n thus (a mod n)d mod n = ad mod n example: x=14, n=10, d=2: (x mod n)d mod n = 42 mod 10 = 6 xd = 142 = 196 xd mod 10 = 6 24

RSA: getting ready message: just a bit pattern bit pattern can be uniquely represented by an integer number thus, encrypting a message is equivalent to encrypting a number example: m= 10010001 . This message is uniquely represented by the decimal number 145. to encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext). 25

RSA step 1: Creating public/private key pair 1. choose two large prime numbers p, q. (e.g., 1024 bits each) 2. compute n = pq, z = (p-1)(q-1) 3. choose e (with e<n) that has no common factors with z (e, z are “relatively prime”). 4. choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. public key is (n,e). private key is (n,d). K B + K B - 26

RSA step 2: encryption and decryption 0. given (n,e) and (n,d) as computed above 1. to encrypt message m (<n), compute c = m mod n e 2. to decrypt received bit pattern, c, compute m = c mod n d magic happens! m = (m mod n) e mod n d c 27

Bob chooses p=5, q=7. Then n=35, z=24. RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). encrypting 8-bit messages. e c = m mod n e bit pattern m m encrypt: 0000l000 12 24832 17 c m = c mod n d 17 481968572106750915091411825223071697 12 decrypt: 28

Why does RSA work? must show that cd mod n = m where c = me mod n fact: for any x and y: xy mod n = x(y mod z) mod n where n= pq and z = (p-1)(q-1) thus, cd mod n = (me mod n)d mod n = med mod n = m(ed mod z) mod n = m1 mod n = m 29

RSA: another important property The following property will be very useful later (for authentication and integrity): K (K (m)) = m B - + K (K (m)) = use public key first, followed by private key use private key first, followed by public key result is the same! 30

K (K (m)) = m B - + K (K (m)) = Why ? follows directly from modular arithmetic: (me mod n)d mod n = med mod n = mde mod n = (md mod n)e mod n 31

Why is RSA secure? Suppose you know Bob’s public key (n,e). How hard is it to determine d? Essentially need to find factors of n without knowing the two factors p and q Turns out that no one knows efficient algorithms to factor big numbers, especially a product of two large primes 32

RSA in practice: session keys exponentiation in RSA is computationally intensive DES is at least 100 times faster than RSA use public key crypto to establish secure connection, then establish second key – symmetric session key – for encrypting data session key, KS Bob and Alice use RSA to exchange a symmetric key KS once both have KS, they use symmetric key cryptography 33

RSA in practice: session keys EKpub,Jeff(Sally,RSally) EKpub,Sally(RSally, RJeff, KS) Sally Jeff EKS(RJeff)

Public Key Cryptography: Summary Why public key cryptography is so powerful: No need to exchange secret keys securely Only the receiver of encrypted information holds the secret key Public keys are exactly that: public! Examples of public key algorithms: Merkle-Helman knapsack Rivest-Shamir-Adleman (RSA) Pretty Good Privacy (PGP)

Cryptography: the big picture Algorithms underlying secure communication over the Internet Pervades almost everything we use Example: HTTPS? (we’ll see more about that soon…) Specific algorithms like AES and RSA are widely implemented on host and server systems So far: mainly confidential communication Next lectures: We’ll see how cryptography is a building block for integrity and authenticity of communication as well