Presentation is loading. Please wait.

Presentation is loading. Please wait.

@Yuan Xue CS 285 Network Security Public-Key Cryptography Yuan Xue Fall 2012.

Published byEric Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "@Yuan Xue CS 285 Network Security Public-Key Cryptography Yuan Xue Fall 2012."— Presentation transcript:

1 @Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Public-Key Cryptography Yuan Xue Fall 2012

2 @Yuan Xue (yuan.xue@vanderbilt.edu) Motivation Two difficult problem associated with the secret- key crytosystem Key distribution Non-repudiation

3 @Yuan Xue (yuan.xue@vanderbilt.edu) Public-Key Cryptography Diffie and Hellman achieved an important breakthrough in 1976. The proposed scheme was radically different from all previous approaches to cryptography It uses a pair of different keys in contrast to one shared key in symmetric encryption. It is based on mathematical functions instead of substitution and permutation. The proposed scheme is called pubic-key (asymmetric) cryptography

4 @Yuan Xue (yuan.xue@vanderbilt.edu) History The scheme proposed by Diffie and Hellman is not a general-purpose encryption algorithm. It can only provide secure secret key exchange. Thus it presents a challenge for the cryptologists to design a general-purpose encryption algorithm that satisfies the public-key encryption requirements. One of the first responses to the challenge was developed in 1977 by Rivest, Shamir, Adleman at MIT, so called RSA.

5 @Yuan Xue (yuan.xue@vanderbilt.edu) Public-Key Cryptosystem Model Public-key cryptosystem uses a pair of different but related keys one is placed in a pubic register (public key) + the other is kept secret (private key). It is computationally infeasible for an opponent, knowing the public key KU, and the encryption and decryption algorithms E, D, to determine the companion private key KR. It is computationally infeasible for an opponent, knowing the public key KU and the ciphertext C which is encrypted via this key C = E(KU, P), to determine the plaintext P.

6 @Yuan Xue (yuan.xue@vanderbilt.edu) Essential Steps Generate a pair of keys A generates the public key K UA, and the private key K RA. Publish the public key, while keeping the private key secret. Users have the access to a collection of public keys from their communication parties. Use one of the above models to encrypt the message to achieve different security goals and deliver the message.

7 @Yuan Xue (yuan.xue@vanderbilt.edu) For practical use, the following features are also preferred in a public-key encryption algorithm. It is computationally easy to generate a pair of keys (public key and private key). It is computationally easy to encrypt a message using either public or private key, and decrypt it via the companion key.

8 @Yuan Xue (yuan.xue@vanderbilt.edu) Confidentiality

9 @Yuan Xue (yuan.xue@vanderbilt.edu) Source Authentication

10 @Yuan Xue (yuan.xue@vanderbilt.edu) Confidentiality + Authentication

11 @Yuan Xue (yuan.xue@vanderbilt.edu) Outline Mathematical Preliminary RSA algorithm description Why RSA works Why RSA is secure

12 @Yuan Xue (yuan.xue@vanderbilt.edu) Mathematical Preliminary -- Modular Addition

13 @Yuan Xue (yuan.xue@vanderbilt.edu) Mathematical Preliminary -- Modular Multiplication

14 @Yuan Xue (yuan.xue@vanderbilt.edu) Mathematical Preliminary -- Modular Exponentiation What is exponentiative inverse? Given K, whether K’’ can be efficiently found? Euler’s Theorem and totient function

15 @Yuan Xue (yuan.xue@vanderbilt.edu) RSA Algorithm

16 @Yuan Xue (yuan.xue@vanderbilt.edu) Implementing RSA Algorithm Generating RSA keys -- Finding big primes p and q  There is no known practical way for absolutely determining that a number of large size is prime.  There is test for determining that a number is probably prime (using Miller and Rabin)  Procedure for picking a prime number p 1. Pick an odd random integer p 2. Perform the probabilistic primality test, if p fails the test, reject p and go to step 1 3. If p has passed a sufficient number of tests, accept p

17 @Yuan Xue (yuan.xue@vanderbilt.edu) Implementing RSA Algorithm Generating RSA keys -- Finding d and e Having a small constant e  RSA is no less secure if e is always chosen to be the same number  If e is chosen to be small, then the operation of encryption and signature verification is much more efficient. Popular values of e are 3 and 65537 Issues with value of 3  If message P is too small (smaller than n^(1/3)), then decrypting the message simply takes a cube root  P needs to be large  And more.. 65537 is a good choice  65537 = 2^(16) + 1

18 @Yuan Xue (yuan.xue@vanderbilt.edu) Using RSA Algorithm RSA is a block cipher The plaintext and ciphertext are represented as integers between 0 and n -1 for some n. i.e., the block size must be less than or equal to log 2 (n) When you create an RSA key pair, you specify a key length in bits. The key length of an RSA key specifies the number of bits in n. Typical choice of RSA key length 1024 bits, sufficient for many medium-security purposes such as web site logins; 2048 bits, high security applications

19 @Yuan Xue (yuan.xue@vanderbilt.edu) Attacks on RSA (I) If the message encrypted by the public key in RSA is guessable, then the attacker can encrypt all the possible messages with the public key and match the results with the ciphertext to derive the correct plaintext Solution: the plaintext messages in RSA needs to be padded with random bits

20 @Yuan Xue (yuan.xue@vanderbilt.edu) Public Key Cryptography Standard PKCS defines a set of standards for the information encoding in the usage of RSA so that various pitfalls with RSA can be avoided For example, PKCS #1 Defines a standard for formatting messages encrypted with RSA 02 At least 8 random nonzero octets 0data

21 @Yuan Xue (yuan.xue@vanderbilt.edu) Attacks on RSA (II) chosen-ciphertext attack To decrypt a ciphertext c = p e (mod n) 1) ask the holder of the private key to decrypt a ciphertext c' = cr e (mod n) for some value r chosen by the attacker. 2) c' is the encryption of pr (mod n). If the attacker is successful with the attack, he will learn pr (mod n) 3) derive the message p by multiplying pr with the modular inverse of r modulo n.

22 @Yuan Xue (yuan.xue@vanderbilt.edu) More attacks Timing attacks 1995: if the attacker Eve knows Alice's hardware in sufficient detail and is able to measure the decryption times for several known ciphertexts, she can deduce the decryption key d quickly. One way to thwart these attacks is to ensure that the decryption operation takes a constant amount of time for every ciphertext. However, this approach can significantly reduce performance. Instead, most RSA implementations use an alternate technique known as cryptographic blinding.cryptographic blinding Adaptive chosen ciphertext attacks 1998: against RSA-encrypted messages using the PKCS #1 v1 padding schemepadding scheme able to mount a practical attack against RSA implementations of the Secure Socket Layer protocol, and to recover session keys.Secure Socket Layer recommend the use of provably secure padding schemes such as Optimal Asymmetric Encryption Padding, and RSA Laboratories has released new versions of PKCS #1 that are not vulnerable to these attacks.Optimal Asymmetric Encryption Padding

23 @Yuan Xue (yuan.xue@vanderbilt.edu) Put RSA into practice -how to use RSA Using security tools (GnuPG; OpenSSL) Programming in Java Sample code: http://jexp.ru/index.php/Java_Tutorial/Security/RSA_alg orithm http://jexp.ru/index.php/Java_Tutorial/Security/RSA_alg orithm http://www.javamex.com/tutorials/cryptography/rsa_en cryption.shtml http://www.javamex.com/tutorials/cryptography/rsa_en cryption.shtml

24 @Yuan Xue (yuan.xue@vanderbilt.edu) Put RSA into practice -When to use RSA RSA seldom used in encrypting data Much slower than symmetric key encryption Typical use RSA  encrypt secret keys (key distribution)  AES  encrypt data

25 @Yuan Xue (yuan.xue@vanderbilt.edu) Other Public-Key Algorithms Encryption/ Decryption Digital Signature Key Exchange RSA ECC (Elliptic Curve Cryptography) YYY Diffie-Hellman (will be discussed in key management) NNY DSA (will be discussed in digital signature) NYN

26 @Yuan Xue (yuan.xue@vanderbilt.edu) Readings Required Reading [WS] 9.1-9.2 Recommended Reading [KPS] 6.1-6.3 Further Reading RSA: http://en.wikipedia.org/wiki/Rsahttp://en.wikipedia.org/wiki/Rsa Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1: http://tools.ietf.org/html/rfc3447#section-3.1 http://tools.ietf.org/html/rfc3447#section-3.1 PKCS: http://www.rsa.com/rsalabs/node.asp?id=2124http://www.rsa.com/rsalabs/node.asp?id=2124 ECC: [WS] 10.3-10.4; [KPS] 6.7

Download ppt "@Yuan Xue CS 285 Network Security Public-Key Cryptography Yuan Xue Fall 2012."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Prime Numbers Prime numbers only have divisors of 1 and self

Prime Numbers Prime numbers only have divisors of 1 and self
Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.

Network and Communications Network Security Department of Computer Science Virginia Commonwealth University.
Problems with symmetric (private-key) encryption 1) secure distribution of keys 2) large number of keys Solution to both problems: Public-key (asymmetric)

Problems with symmetric (private-key) encryption 1) secure distribution of keys 2) large number of keys Solution to both problems: Public-key (asymmetric)
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS 4362 - CIS 5357 Network Security.

1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.

Similar presentations

Ads by Google