Lecture 5 Page 1 CS 236 Online Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E,P) P = D(K D,C) Often, works the.

Slides:



Advertisements
Similar presentations
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Chapter 31 Network Security
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Cryptography, Authentication and Digital Signatures
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Lecture 4 Page 1 CS 136, Fall 2014 More on Cryptography CS 136 Computer Security Peter Reiher October 14, 2014.
Lecture 4 Page 1 CS 136, Fall 2012 More on Cryptography CS 136 Computer Security Peter Reiher October 9, 2012.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Cryptographic Hash Functions and Protocol Analysis
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
COMP 424 Lecture 04 Advanced Encryption Techniques (DES, AES, RSA)
Private key
Lecture 2 Page 1 CS 236, Spring 2008 More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Outline Desirable characteristics of ciphers Stream and block ciphers
Outline Desirable characteristics of ciphers Stream and block ciphers
Cryptography Much of computer security is about keeping secrets
Public Key Encryption Systems
Outline Desirable characteristics of ciphers Uses of cryptography
Outline Desirable characteristics of ciphers Uses of cryptography
Outline Desirable characteristics of ciphers Stream and block ciphers
Outline Desirable characteristics of ciphers Stream and block ciphers
Security through Encryption
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
Outline Desirable characteristics of ciphers Stream and block ciphers
CDK: Chapter 7 TvS: Chapter 9
Public Key Encryption Systems
Public Key Encryption Systems
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Presentation transcript:

Lecture 5 Page 1 CS 236 Online Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E,P) P = D(K D,C) Often, works the other way, too

Lecture 5 Page 2 CS 236 Online History of Public Key Cryptography Invented by Diffie and Hellman in 1976 Merkle and Hellman developed Knapsack algorithm in 1978 Rivest-Shamir-Adelman developed RSA in 1978 –Most popular public key algorithm Many public key cryptography advances secretly developed by British and US government cryptographers earlier

Lecture 5 Page 3 CS 236 Online Practical Use of Public Key Cryptography Keys are created in pairs One key is kept secret by the owner The other is made public to the world If you want to send an encrypted message to someone, encrypt with his public key –Only he has private key to decrypt

Lecture 5 Page 4 CS 236 Online Authentication With Shared Keys If only two people know the key, and I didn’t create a properly encrypted message - –The other guy must have But what if he claims he didn’t? Or what if there are more than two? Requires authentication servers

Lecture 5 Page 5 CS 236 Online Authentication With Public Keys If I want to “sign” a message, encrypt it with my private key Only I know private key, so no one else could create that message Everyone knows my public key, so everyone can check my claim directly

Lecture 5 Page 6 CS 236 Online Scaling of Public Key Cryptography KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd KeKe KdKd Nice scaling properties

Lecture 5 Page 7 CS 236 Online Key Management Issues To communicate via shared key cryptography, key must be distributed –In trusted fashion To communicate via public key cryptography, need to find out each other’s public key –“Simply publish public keys”

Lecture 5 Page 8 CS 236 Online Issues of Key Publication Security of public key cryptography depends on using the right public key If I am fooled into using the wrong one, that key’s owner reads my message Need high assurance that a given key belongs to a particular person Which requires a key distribution infrastructure

Lecture 5 Page 9 CS 236 Online RSA Algorithm Most popular public key cryptographic algorithm In wide use Has withstood much cryptanalysis Based on hard problem of factoring large numbers

Lecture 5 Page 10 CS 236 Online RSA Keys Keys are functions of a pair of digit prime numbers Relationship between public and private key is complex Recovering plaintext without private key (even knowing public key) is supposedly equivalent to factoring product of the prime numbers

Lecture 5 Page 11 CS 236 Online Comparison of DES and RSA DES is much more complex However, DES uses only simple arithmetic, logic, and table lookup RSA uses exponentiation to large powers –Computationally 1000 times more expensive in hardware, 100 times in software Key selection also more expensive

Lecture 5 Page 12 CS 236 Online Security of RSA Conjectured that security depends on factoring large numbers –But never proven –Some variants proven equivalent to factoring problem Probably the conjecture is correct

Lecture 5 Page 13 CS 236 Online Attacks on Factoring RSA Keys In 2005, a 640 bit RSA key was successfully factored –Took 30 CPU years of 2.2 GHz machines –5 months calendar time A 768 bit key factored in 2009 Research on integer factorization suggests keys up to 2048 bits may be insecure Size will keep increasing The longer the key, the more expensive the encryption and decryption

Lecture 5 Page 14 CS 236 Online Combined Use of Symmetric and Asymmetric Cryptography Very common to use both in a single session Asymmetric cryptography essentially used to “bootstrap” symmetric crypto Use RSA (or another PK algorithm) to authenticate and establish a session key Use DES/Triple DES/AES using session key for the rest of the transmission

Lecture 5 Page 15 CS 236 Online Combining Symmetric and Asymmetric Crypto AliceBob K EA K DA K EB K DB K EA K EB KSKS Alice wants to share the key only with Bob Bob wants to be sure it’s Alice’s key C=E(K S,K EB ) Only Bob can decrypt it M=E(C,K DA ) Only Alice could have created it MC=D(M,K EA )K S =D(C,K DB )

Lecture 5 Page 16 CS 236 Online Digital Signature Algorithms In some cases, secrecy isn’t required But authentication is The data must be guaranteed to be that which was originally sent Especially important for data that is long-lived

Lecture 5 Page 17 CS 236 Online Desirable Properties of Digital Signatures Unforgeable Verifiable Non-repudiable Cheap to compute and verify Non-reusable No reliance on trusted authority Signed document is unchangeable

Lecture 5 Page 18 CS 236 Online Encryption and Digital Signatures Digital signature methods are based on encryption The basic act of having performed encryption can be used as a signature –If only I know K, then C=E(P,K) is a signature by me –But how to check it?

Lecture 5 Page 19 CS 236 Online Signatures With Shared Key Encryption Requires a trusted third party Signer encrypts document with secret key shared with third party Receiver checks validity of signature by consulting with trusted third party Third party required so receiver can’t forge the signature

Lecture 5 Page 20 CS 236 Online For Example, When in the Course of human events it becomes necessary for one KsKs KsKs Elas7pa 1o’gw0mega 30’sswp. 1f43’-s 4 32.doas3 Dsp5.a#l ^o,a 02 When in the Course of human events it becomes necessary for one

Lecture 5 Page 21 CS 236 Online Signatures With Public Key Cryptography Signer encrypts document with his private key Receiver checks validity by decrypting with signer’s public key Only signer has the private key –So no trusted third party required But receiver must be certain that he has the right public key

Lecture 5 Page 22 CS 236 Online For Example, When in the Course of human events it becomes necessary for one KeKe KdKd Elas7pa 1o’gw0mega 30’sswp. 1f43’-s 4 32.doas3 Dsp5.a#l ^o,a 02 When in the Course of human events it becomes necessary for one R[ds7 5 1sapG5(2l 1l>wcwom #0swlts a( GOwW03, Whyoec4;s *3;d0swe

Lecture 5 Page 23 CS 236 Online Problems With Simple Encryption Approach Computationally expensive –Especially with public key approach Document is encrypted –Must be decrypted for use –If in regular use, must store encrypted and decrypted versions

Lecture 5 Page 24 CS 236 Online Secure Hash Algorithms A method of protecting data from modification Doesn’t actually prevent modification But gives strong evidence that modification did or didn’t occur Typically used with digital signatures

Lecture 5 Page 25 CS 236 Online Idea Behind Secure Hashes Apply a one-way cryptographic function to data in question Producing a much shorter result Attach the cryptographic hash to the data before sending When necessary, repeat the function on the data and compare to the hash value

Lecture 5 Page 26 CS 236 Online Secure Hash Algorithm (SHA) Endorsed by NIST Reduces input data of up to 2 64 bits to 160 bit digest Doesn’t require secret key Broken in 2005

Lecture 5 Page 27 CS 236 Online What Does “Broken” Mean for SHA-1? A crypto hash matches a digest to a document It’s bad if two documents match the same digest It’s very bad if you can easily find a second document with a matching hash The crypto break finds matching hashes in 2 63 operations

Lecture 5 Page 28 CS 236 Online How Bad Is That? We can do things in 2 63 operations –Though it’s not trivial But the second “document” might be junk So is this a reasonable attack? NIST isn’t panicking –But is recommending phasing out SHA-1 by 2010 –NIST just announced a competition for a new secure hash standard

Lecture 5 Page 29 CS 236 Online Use of Cryptographic Hashes Must assume opponent also has hashing function And it doesn’t use secret key So opponent can substitute a different message with a different hash How to prevent this? And what (if anything) would secure hashes actually be useful for?

Lecture 5 Page 30 CS 236 Online Hashing and Signatures Use a digital signature algorithm to sign the hash But why not just sign the whole message, instead? Computing the hash and signing it may be faster than signing the document Receiver need only store document plus hash

Lecture 5 Page 31 CS 236 Online Checking a Document With a Signed Hash 1.The party of the first part will hereafter be referred to as the party of the first part. 2.The party of the second part will hereafter be referred to as the party of the second part The sanity clause KsKs Hash Encrypt 1.The party of the first part will hereafter be referred to as the party of the first part. 2.The party of the second part will hereafter be referred to as the party of the second part The sanity clause Hash Decrypt KpKp MATCH!

Lecture 5 Page 32 CS 236 Online The Birthday Attack How many people must be in a room for the chances to be greater than even that two of them share a birthday? Answer is 23 The same principle can be used to attack hash algorithms

Lecture 5 Page 33 CS 236 Online Using the Birthday Attack on Hashes For a given document, find a different document that has the effect you want Trivially alter the second document so that it hashes to the same value as the target document –Using an exhaustive attack

Lecture 5 Page 34 CS 236 Online How Hard Is the Birthday Attack? Depends on the length of the hash –And the quality of the hashing algorithm Essentially, looking for hashing collisions So long hashes are good –SHA produces 2 80 random hashes –But 2005 attack finds collisions in 2 63 operations –Not for chosen plaintext, however

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.