1 Introduction to Information Security 0368-3065, Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.

Slides:



Advertisements
Similar presentations
Public Key Cryptosystem
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Public Key Algorithms …….. RAIT M. Chatterjee.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Cryptography Basic (cont)
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
The RSA Cryptosystem Dan Boneh Stanford University.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
ASYMMETRIC CIPHERS.
Lecture 6: Public Key Cryptography
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
8. Data Integrity Techniques
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
The RSA Algorithm Rocky K. C. Chang, March
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
10.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Symmetric-Key Cryptography.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
Networks Management and Security Lecture 3.
Midterm Review Cryptography & Network Security
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Dan Boneh Public Key Encryption from trapdoor permutations PKCS 1 Online Cryptography Course Dan Boneh.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
1 Introduction to Information Security , Spring 2016 Lecture 4: Applied cryptography: asymmetric Zvi Ostfeld Slides credit: Eran Tromer.
Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.
Network security Cryptographic Principles
Basics of Cryptography
Public Key Encryption Systems
Public Key Encryption and Digital Signatures
Basic Network Encryption
Keys Campbell R. Harvey Duke University, NBER and
Campbell R. Harvey Duke University and NBER
Cryptography Lecture 27.
Campbell R. Harvey Duke University and NBER
Basic Network Encryption
Public Key Encryption Systems
Cryptography Lecture 26.
Presentation transcript:

1 Introduction to Information Security , Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford

2 Public-Key Encryption

3 Public-key encryption

4 Example: RSA

5 Why RSA works

6 Textbook RSA is insecure  What if message is from a small set (yes/no)? Can build table (Deterministic)  What if there’s some protocol in which I can learn other message decryptions? (Chosen ciphertext attack)  What if I want to outbid you in secret auction? I take your encrypted bid c and submit c (101/100) e mod n (Malleability)

7 RSA Padding: OAEP Preprocess message for RSA  H and G are cryptographic hash functions (e.g., SHA-1) If RSA is trapdoor permutation, then this is chosen-ciphertext secure (if H,G “behave like random oracles”) H + G + Plaintext to encryptwith RSA rand.Message Decryption: Apply plain RSA decryption. Check pad, reject if invalid.  {0,1} n-1 [Bellare Rogaway ’94] [Shoup ‘01] [PKCS#1 v2] [RFC 2437]

8 Security of (properly-padded) RSA  If factoring is easy, RSA is broken. Converse conjectured but unproven.  Best factoring algorithm: Number Field Sieve (subexponential complexity)  Key size: Record: 768 bits, in 2009, using ∼ 2000 core-years. Popular until recently: 1024-bit. Estimated to be breakable by a large botnet or special-purpose hardware (<1M$ marginal cost). NIST recommendation:  3072 bits (equivalent to 128 bit symmetric).  2048 bits (equiv. to 112 bit symmetric) “acceptable until 2030”.  Quantum computers can factor in polynomial time (Shor’s algorithm). Appears possible in theory, but many believe it will take decades to solve the ngineering/technological challenges. Record: factoring 15 and 21.

9 RSA discussion

10 Other public-key encryption schemes

11 Digital Signatures

12 Digital Signatures  Alice publishes key for verifying signatures  Anyone can check a message signed by Alice  Only Alice can send signed messages

13 Properties of signatures (for case of deterministic signatures)

14 RSA Signature Scheme Hybrid signature: sign hash of message instead of full plaintext

15 Other digital signature schemes  DSA (Digital Signature Algorithm) Relies on hardness of discrete logarithms  Schemes based on elliptic curves Popular in modern systems due to faster operations and smaller key size  Signatures based just on hash functions (Lamport), with stateful signing algorithm and limited #messages.  Lattice-based schemes Generalization: succinct noninteractive proofs of knowledge (SNARK) allowing verifying the correctness not just of data, but also of computation. [whiteboard discussion]

16 Public-key infrastructure

17 Public-Key Infrastructure (PKI)  Anyone can send Bob a secret message Provided they know Bob’s public key  How do we know a key belongs to Bob? If imposter substitutes another key, can read Bob’s mail  One solution: PKI Trusted root authority (VeriSign, IBM, United Nations)  Everyone must know the verification key of root authority  Check your browser; there are hundreds! Root authority can sign certificates Certificates identify others, by linking their ID (e.g., domain name or legal name) to a verification key they own Certifiicates can also delegate trust to other certificate authorities  Leads to certificate chains Most common standard “X.509”

18 Public-Key Infrastructure Client (browser)

19 CA

20 Certificate authorities – practical problems Certification policy – when to sign server’s certificates? Inclusion in database of trusted Cas –Default database in browsers, OSs –Updates Transitive trusts, sub-CAs Practically: –Lax verification (attacks known) –Lax security (attacks known) –National/commercial bodies with diverse interests

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.