20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

Slides:



Advertisements
Similar presentations
Public Key Cryptosystem
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and applications Math 7290CryptographySu07.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part II.
Lecture 6: Public Key Cryptography
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
By Abhijith Chandrashekar and Dushyant Maheshwary.
The RSA Algorithm Rocky K. C. Chang, March
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
10.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Symmetric-Key Cryptography.
Application of Elliptic Curves to Cryptography
Great Theoretical Ideas in Computer Science.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Public-Key Cryptography CS110 Fall Conventional Encryption.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Cryptography and Network Security Key Management and Other Public Key Cryptosystems.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Key Management Network Systems Security Mort Anvari.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Great Theoretical Ideas in Computer Science.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.
Asymmetric-Key Cryptography
Elliptic Curve Cryptography (ECC)
El Gamal and Diffie Hellman
Presentation transcript:

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Digital Signature Message digest encrypted with signer’s private key MESSAGE (LONG)SIG APPEND SIGNATURE TO MESSAGE; SEND BOTH MESSAGE (LONG) HASH SIG USE SHA TO PRODUCE HASH (MESSAGE DIGEST) ENCRYPT HASH WITH SIGNER’S PRIVATE KEY Recipient decrypts SIG with signer’s public key. Recipient computes the message digest. If it matches the SIG, the SIG is genuine AND the message has not been altered! PRIVATE KEY

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Cryptographic Notation { A, B, C, D } means strings A, B, C and D concatenated together SK SENDER ( A ) means string A encrypted with SENDER’s secret key PK BANK ( B ) means string B encrypted with BANK’s public key H(A) means one-way hash of string A

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Dual Signatures Links two messages securely but allows only one party to read each. Used in SET. MESSAGE 1 DIGEST 1 NEW DIGEST HASH 1 & 2 WITH SHA MESSAGE 2 DIGEST 2 CONCATENATE DIGESTS TOGETHER HASH WITH SHA TO CREATE NEW DIGEST DUAL SIGNATURE PRIVATE KEY ENCRYPT NEW DIGEST WITH SIGNER’S PRIVATE KEY

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Using Dual Signatures Alice wants to send Message 1 to Bob and Message 2 to Carol Message 1 is order info; Message 2 is payment info Alice encrypts Message 1 with Bob’s public key; Message 2 with Carol’s public key Both Bob and Carol must be convinced that the messages are linked and unaltered Alice sends { PK BOB (Message 1), PK CAROL (Message 2), DualSig} to both Bob and Carol Bob hashes PK BOB (Message 1), concatenates with PK CAROL (Message 2), and hashes again to give the dual hash Bob decrypts the dual signature with Alice’s public key If the new hash and the decrypted signature match, all is OK

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Dual Signatures on Plaintext Alice wants to send Message 1 to Bob and Message 2 to Carol in plaintext Bob can’t see Message 2; Carol can’t see Message 1 Both Bob and Carol must be convinced that the messages are linked and unaltered Alice sends Bob { Message 1, Digest 2, Dual Signature} Bob hashes Message 1, concatenates with Digest2 and hashes Bob decrypts the dual signature with Alice’s public key If the new hash and the decrypted signature match, all is OK Now Bob can send Carol Digest 2 and ask if she got the message corresponding to it! (Carol got { Message 2, Digest 1, Dual Signature} )

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Blind Signatures Alice wants Bob to sign message M without being able to read it. Bob’s public key is (e, n). Alice chooses a random number k between 1 and n Alice computes b = (M k e ) mod n (the “blinded” message) and sends it to Bob to sign Bob can’t read it since he doesn’t know k or k e Bob signs with his private key (d, n) by computing b d mod n = (M k e ) d mod n = M d k ed mod n = M d k mod n Now Alice divides the signed message by k to get M d mod n, just as if Bob had signed M in the first place

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Protocol Failure A “secure” cryptosystem is not secure if used carelessly Protocols must be followed carefully or a “protocol failure” occurs Example: “common modulus” failure Bob and Carol have the same public-key modulus n with encryption exponents e BOB and e CAROL having no common factor Alice sends the same plaintext M to both Bob and Carol Bob gets y BOB = M e BOB mod n Carol gets y CAROL = M e CAROL mod n If Eve intercepts both, she can read the message SOLUTION: NEVER SEND THE SAME MESSAGE TWICE

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Protocol Failure Eve computes c 1 = e BOB -1 mod e CAROL c 2 = (c 1 e BOB - 1 )/ e CAROL M = y BOB c 1 ( y CAROL c 2 ) -1 mod n = (M e BOB ) c 1 ((M e CAROL ) c 2 ) -1 mod n = (M e BOB ) c 1 ((M e CAROL ) ( c 1 e BOB-1)/ e CAROL ) -1 mod n = (M e BOB ) c 1 (M ( c 1 e BOB-1) ) -1 mod n = M (M c 1 e BOB -1 ) (M ( c 1 e BOB-1) ) -1 mod n = M mod n So Eve recovers the original message!

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Trapdoor Functions for Cryptogrpahy Any one-way trapdoor function f(x) can be used for public-key cryptography Alice wants to send message m to Bob Bob’s public key e is a parameter to the trapdoor function f e (x) (the inverse f e -1 (x) is easy to compute knowing Bob’s private key d but difficult without d) Alice computes f e (m), sends it to Bob Bob computes f e -1 (f e (m)) = m (easy if d is known) Eavesdropper Eve can’t compute m = f e -1 (f e (m)) without the trapdoor d to find the inverse f e -1

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Discrete Logarithms If a b = c, we say that log a c = b Example: 2 32 = so log 2 ( ) = 32 Computing a b and log a c are both easy for real numbers In a finite field, it is easy to calculate c = a b mod p but given c, a and p it is very difficult to find b This is the “discrete logarithm” problem Analogy: Given x it is easy to find two real numbers y, z such that x = y z Given an integer n it is hard to find two integers p, q such that n = p q

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Diffie-Hellman Key Exchange Object: allow Alice and Bob to exchange a secret key Protocol has two public parameters: a prime p and a number g < p such that given 0 < n < p there is some k such that g k = n (g is called a generator) Alice and Bob generate random private values a, b between 1 and p-2 Alice’s public value is g a (mod p); Bob’s is g b (mod p) Alice and Bob share their public values Alice computes (g b ) a (mod p) = g ba Bob computes (g a ) b (mod p) = g ab = g ba Let key = g ab. Now both Alice and Bob have it. No one else can compute it -- they don’t know a or b

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS El Gamal Encryption Based on the discrete logarithm Bob’s public key is (p, q, r) Bob’s private key is s such that r = q s mod p Alice sends Bob the message m by picking a random secret number k and sending (a, b) = (q k mod p, mr k mod p) Bob computes b (a s ) -1 mod p = mr k (q ks ) -1 = mq ks (q ks ) -1 = m (Bob knows s; nobody else can do this)

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Elliptic Curve Cryptography (ECC) An elliptic curve is the set of points (x, y) satisfying y 2 + axy + by = x 3 + cx 2 + dx + e x y An elliptic curve has the property that a line drawn between two points of the curve intersects the curve at a single point. (Warning: need to include the point at infinity.) This allows us to define P + Q so that the sum is always another point on the curve. If the sum P + Q is always on the curve, so are the points P, P + P, P + P + P,... = P, 2P, 3P, 4P,... ONLINE TUTORIAL

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Elliptic Curve Operations SOURCE: INTEGRITY SCIENCESINTEGRITY SCIENCES The point at infinity O is an identity element for addition

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Elliptic Curves Over Finite Fields Select a large prime number p Choose two non-negative integers a and b with 4a b 2  0 (mod p) The pairs (x, y) with x, y < p that satisfy y 2 = x 3 + ax + b (mod p) are the elliptic group mod p –addition is closed and associative (x + y) + z = x + (y + z) –there is an identity element O such that x + O = x –every element x has an inverse x - 1 such that x + x - 1 = O If y = k x (mod p), then given k and x it is easy to find y but given x and y it is computationally hard to find k So elliptic curves can be used for cryptography

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Elliptic Curves for El Gamal Multiplication in the elliptic group corresponds to exponentiation of real numbers Solving y = k x (mod p) for k in the elliptic group is similar to solving c = a b ( mod p) for b in El Gamal (discrete logarithm) Choose a special point g of the group (called a generator) Bob’s private key is s; Bob’s public key is (g, s g) A plaintext message m is transformed to a point x in the group Alice encrypts x by picking a random value k and sending (k g, x + k s g) Bob decrypts by computing (x + k s g) - (k g) s = x Alice sent him these Bob knows s (his private key) g and sg are public; Alice knows x and k Can’t find s from g and sg

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Security of ECC versus RSA GRAPHIC: RICHARD SOUTHERNRICHARD SOUTHERN ECC Advantages 1. The elliptic curve logarithm problem is harder than the discrete logarithm problem. 2. Key size in ECC is much smaller for a given security level. 3. ECC is complicated; fewer people understand it. 4. ECC is not patented.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Major Ideas Digital signature = message digest encrypted with signer’s private key Dual signature: two people sign a document without being able to read the other person’s content Blind signature: one person signs a document without being able to read it Any trapdoor function can be used for public-key cryptography Great care must be used with public-key systems to avoid protocol failure (allowing cracking through mistakes) Elliptic-curve cryptography (ECC) is replacing RSA –Shorter keys for the same level of security

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Q A &

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.