 Cristina Onete || 25/09/2014 || 1 TD – Cryptography 25 Sept: Public Key Encryption + RSA 02 Oct: RSA Continued 09 Oct: NO TD 16 Oct: Digital Signatures.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Public Key Encryption Algorithm
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Cryptographic Technologies
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.
Public Key Cryptography and the RSA Algorithm
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 9 5th Edition by William Stallings Lecture slides by Lawrie Brown.
ASYMMETRIC CIPHERS.
Computer Science Public Key Management Lecture 5.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Rennes, 15/10/2014 Cristina Onete Message authenticity: Digital Signatures.
Prime Numbers Prime numbers only have divisors of 1 and self
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Network Security Lecture 17 Presented by: Dr. Munam Ali Shah.
Midterm Review Cryptography & Network Security
Cryptography and Network Security (CS435) Part Eight (Key Management)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer and Network Security Rabie A. Ramadan Lecture 6.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Rennes, 02/10/2014 Cristina Onete Attacks on RSA. Safe modes.
Overview of Cryptography & Its Applications
Cryptography and Network Security Public Key Cryptography and RSA.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively as the true name and the good name, or the.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
INCS 741: Cryptography Overview and Basic Concepts.
CPIS 312 Chapter Four: PUBLIC KEY CRYPTO. Index 2 A.Introduction A.1 Asymmetric Key Cryptography- Introduction A.2 General ideas about the Public Key.
Cryptography and Network Security Chapter 13
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Key management issues in PGP
Cryptography Lecture 26.
Cryptography Lecture 22.
Cryptography Lecture 25.
Presentation transcript:

 Cristina Onete || 25/09/2014 || 1 TD – Cryptography 25 Sept: Public Key Encryption + RSA 02 Oct: RSA Continued 09 Oct: NO TD 16 Oct: Digital Signatures 23 Oct: Key Exchange 30 Oct: NO TD 06 Nov: Multi-party key Exchange 13 Nov: Secure channels: TLS/SSL 20 Nov: Secure channels: TLS/SSL 27 Nov: Privacy-preserving Signatures

 Cristina Onete || 25/09/2014 || 2 Graded Assignment (TD Noté)  Travail individuel À envoyer au plus tard le 21 octobre à 15H  2 TD’s Notés  À envoyer: par courriel à:  TD noté numéro 1: À envoyer au plus tard le 25 novembre à 15H  TD noté numéro 2:

Rennes, 25/09/2014 Cristina Onete Public-Key Encryption. RSA Basics

 Cristina Onete || 25/09/2014 || 4 Why Cryptography Amelie Baptiste Jean Secret The enemy is all around us Goal: Secure communication over insecure channels Message confidentiality

 What is Encryption? Amelie Baptiste B Jean C Secret Cristina Onete || 25/09/2014 || 5

 What is Encryption? (II)  Symmetric Encryption  Public-Key Encryption B Used to encryptNeeded to decrypt B Key shared between parties Key must remain secret! B Public key Secret key Public key known to everyone Secret key must be secret! Block ciphers, AES Cristina Onete || 25/09/2014 || 6

 What is Encryption? (III)  Some uses for Public Key Encryption: Confidential exchange of messages Key Exchange  Establishing secure channels (TLS/SSL, see TD, lectures 3,4) ftp Onion routing (Tor networks) Digital signatures Authenticating messages or transactions Secure transmission: PGP, Outlook Cristina Onete || 25/09/2014 || 7

 Contents  Basics of Public-Key Encryption  RSA Encryption Syntax – general algorithms Plaintext security notions Certification and PKI Basics: number theory Textbook RSA Cristina Onete || 25/09/2014 || 8 Security of Textbook RSA & Fixes Bleichenbacher’s attack  Next lecture: attacks, safe modes, applications

 PKE Algorithms & Syntax  PKE = (KGen, Enc, Dec) B Security parameter: determines key size Everyone pksk Secret m ciphertext Secret Cristina Onete || 25/09/2014 || 9

 Security of PKE  Assume: sk only known to Baptiste (as it should)  When do we call PKE secure? When attacker can’t learn m from c Can know one bit of m? When can’t learn anything about m from c Cristina Onete || 25/09/2014 || 10 Indistinguishability IND-CPA/IND-CCA ? ? ?

 Security of PKE (II)  Deterministic vs. probabilistic encryption Deterministic encryption: Plaintext m always encrypts to same ciphertext What if message space is tiny? (“yes”/”no”)? Yes No Find plaintext Can never get IND- CCA security Cristina Onete || 25/09/2014 || 11 Remember: A knows pk; she can encrypt!

 Security of PKE (III)  Deterministic vs. probabilistic encryption Probabilistic encryption Plaintext m encrypts to different ciphertexts Yes No ? ? ? Cristina Onete || 25/09/2014 || 12

 Security of PKE (IV)  Probabilistic Encryption: How do we get probabilistic behaviour? Use different randomness at each encryption Yes Can two messages encrypt to same ciphertext? No ? ? ? No, that would confuse decryption Cristina Onete || 25/09/2014 || 13

 Security of PKE (V)  How do we get IND-CCA/IND-CPA security? Keep the keys safe Keep the message safe B B B Secret Cristina Onete || 25/09/2014 || 14

 Secret and Public Keys B pk sk connected HOW? Can sk be short (20-50 bits)? Wait until you get a ciphertext, try out all the keys, see which decryption make sense. Sufficient key-space principle: Any secure encryption scheme must have a key space that is not vulnerable to exhaustive search. Cristina Onete || 25/09/2014 || 15

 Secret and Public Keys (II) B pk sk connected HOW? If Jean needs to read some of Baptiste’s messages, does Baptiste give him the key? Once Jean has a secret key, he can decrypt ALL the messages encrypted for Baptiste Cristina Onete || 25/09/2014 || 16

 Secret and Public Keys (III) B pk sk connected HOW? Should users share one sk? If sk corresponds to many pks given to many users, is this good? Insecure: easier to make one give it away Either they share sk, which is not good BB Or only one has the sk, which means none of the others can decrypt. One sk should correspond to one pk Cristina Onete || 25/09/2014 || 17

 Secret and Public Keys (IV) B pksk connected HOW? Can one pk correspond to many sks, given to many users? One-to-one relationship between sk and pk Anything one decrypts, the others can decrypt too; easier to corrupt one of them One pk should correspond to one sk Cristina Onete || 25/09/2014 || 18

 Secret and Public Keys (V) B pk sk Easy Hard pk should be easily computable from sk sk must be hard to compute from pk! Usually rely on some “hard” problem QC: you physically can’t invert Cristina Onete || 25/09/2014 || 19

 Secret and Public Keys (VI) B pk sk Easy Hard Computable  If c constant: generate keys, learn c  If c unique (per user), and chosen at random out of big space, it could be ok Cristina Onete || 25/09/2014 || 20

 Secret and Public Keys (VII)  Assume keys are “well” chosen: pk easy to compute from sk sk large enough; hard to find from pk  How does Amelie know which pk is Baptiste’s? Baptiste could give it to Amelie in person cumbersome Get someone to check and attest that a specific key is Baptiste’s certification! Cristina Onete || 25/09/2014 || 21

 B Certification  Centralized certification – hierarchical  Decentralized – PGP B Baptiste Certification Authority (CA) Certificate Baptiste public key pk used for:  PKE  signatures Expires on… CA Cristina Onete || 25/09/2014 || 22

 Cristina Onete || 25/09/2014 || 23 Aside: Digital Signatures  Digital Signature (will come back in TDs 3 and 4) Baptiste Signer M Goal: message authenticity Yes, M came from Signer No, M is not from Signer NOT a Goal: message confidentiality Signatures usually do not hide the message In fact, M is often sent in clear, before the signature

 Cristina Onete || 25/09/2014 || 24 Aside: Digital Signatures  Digital Signature (will come back in TDs 3 and 4) Baptiste Signer M How signatures work:  Signer has a secret key, known only to him  He signs M with the secret key  Everyone can check the signature given M and the public key Security: nobody can forge the signature without the secret key

 Certification (II)  General structure of X.509 certificates: “Header”: version, serial number, algorithm (goal) Signer info: Issuer ID Validity: start date end date Content: who the certificate goes to Algorithm for PK Actual PK  Certificate  Signing Algorithm  Signature Extensions Cristina Onete || 25/09/2014 || 25

 Certification (III)  Certificate Issuers and Receivers Issuer is either CA or has a valid certificate to sign certificates Verify Issuer Signature Check Issuer certificate validity Receiver is who he claims to be Alternative identification PK issued to name in DN style (unique), to address, or DNS entry Blacklisting Cristina Onete || 25/09/2014 || 26

 Up to now  Secure communication over insecure channels Use encryption  Symmetric vs. Public-Key Encryption SE: sk used for encryption and decryption PKE: pk for encryption; sk for decryption  PKE Security pk easy to compute from sk and certified sk hard to retrieve from pk and long enough Goal: attacker can’t learn anything about plaintext: IND-CPA/IND-CCA Cristina Onete || 25/09/2014 || 27

 Contents  Basics of Public-Key Encryption  RSA Encryption Syntax – general algorithms Plaintext security notions Certification and PKI Basics: number theory Textbook RSA Security of Textbook RSA & Fixes Bleichenbacher’s attack  Next lecture: attacks, safe modes, applications Cristina Onete || 25/09/2014 || 28

 Secret and Public Keys (IV) B pk sk Easy Hard pk should be easily computable from sk sk must be hard to compute from pk! Usually rely on some “hard” problem QC: you physically can’t invert Cristina Onete || 25/09/2014 || 29

 Number Theory: Prime fields  Prime numbers, finite fields p is prime if its divisible only by 1 and p 2; 3; 17; 91; 293; 1777; 2,147,483,647 Z p = {0, 1, … p-1} is a finite field; p = 0 Z p is a group under addition Cristina Onete || 25/09/2014 || 30

 Number Theory: Prime Fields (II) Cristina Onete || 25/09/2014 || 31  Example: p = 17.

 Number Theory: Prime Fields (III)  Generators: Z p = {0, 1, … p-1} is a finite field; p = 0 Cristina Onete || 25/09/2014 ||

 Cristina Onete || 25/09/2014 || 33 Number Theory: Prime Fields (IV)

 Number Theory: Factoring  Greatest common divisor (GCD) of t and n: Largest d such that d divides both t and n  t and n are co-prime iff. GCD(t, n) = 1 Cristina Onete || 25/09/2014 || 34

 Number Theory: Factoring (II) Number of integers <n co-prime with n  Factoring (finding p, q) is hard given n Cristina Onete || 25/09/2014 || 35

 To Remember Cristina Onete || 25/09/2014 || 36

 RSA Encryption  RSA = Rivest, Shamir, Adelman Scientific American, 1977  Currently the backbone of Internet security Most of Public-Key Infrastructure (Certificates) SSL/TLS ( – main mode for Key Exchange Secure ing: PGP, Outlook… Cristina Onete || 25/09/2014 || 37

 Textbook RSA  Secret and public keys: B Cristina Onete || 25/09/2014 || 38

 Textbook RSA (II) p, q, n:=pq B Secret Cristina Onete || 25/09/2014 || 39

 Textbook RSA (III)  Why it works: Encryption: Decryption: Also works though if m = p or q Cristina Onete || 25/09/2014 || 40 We show this = 1

 Textbook RSA (IV)  Parameter size: For “securer” RSA, choose parameters of around 2048 bits Cristina Onete || 25/09/2014 || 41

Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.