Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 3: Cryptography and Key Management (Contd..)

Published byCandace Copeland Modified over 7 years ago

Similar presentations

Presentation on theme: "Unit 3: Cryptography and Key Management (Contd..)"— Presentation transcript:

1 Unit 3: Cryptography and Key Management (Contd..)

2 Outline Asymmetric cryptography Applied cryptography
Public and private keys RSA Elliptic curve Hash function Digital signatures PKI Applied cryptography

3 Problems with Symmetric Encryption
Symmetric encryption, although fast, suffers from several problems in the modern digital communication environment including: The biggest problem - that of a single key that must be shared in pairs of each sender and receiver. The size of the communication space presents problems. Because of the massive potential number of individuals who can carry on communication in a many-to-one, one-to-many, and many-to-many topologies supported by the Internet for example, the secret-key cryptography, if strictly used, requires billions of secret keys pairs to be created, shared, and stored. In a distributed environment with large numbers of combination pairs involved in many-to-one communication topology, it is difficult for the one recipient to keep so many keys in order to support all communication.

4 Problems with Symmetric Encryption –II
Additional problems include: The integrity of data can be compromised because the receiver cannot verify that the message has not been altered before receipt. It is possible for the sender to repudiate the message because there are no mechanisms for the receiver to make sure that the message has been sent by the claimed sender. The method does not give a way to ensure secrecy even if the encryption process is compromised. The secret key may not be changed frequently enough to ensure confidentiality.

5 Asymmetric Encryption
Asymmetric encryption (Public key encryption), uses two different keys, a public key known by all and a private key known by only the sender and the receiver. Both the sender and the receiver own a pair of keys, one public and the other a closely guarded private one. Public-Key Cryptosystem Encryption and Decryption Process Suppose user A wants to send a private message, M, to user B. User A gets User B's public key from some public source. User A encrypts message M using B's public key. This produces a ciphertext message, C. Ciphertext message C is sent over through communication channel . Upon receipt, user B decrypts message C using its private key. This results in the original message M. As long as only B, the recipient, has access to the private key, then A, the sender, is assured that only B, the recipient, can decrypt the message.

6 Asymmetric Encryption
Public / private key Keys mathematically tied together Openly distribute public key to all parties Keep private key secret Anyone can use your public key to send you a message Fig. Asymmetric cryptography

7 Asymmetric Encryption
This ensures data confidentiality. Data integrity is also ensured because for data to be modified by an attacker it requires the attacker to have B’s, the recipient’s private key. Data confidentiality and integrity in public key encryption is also guaranteed Various algorithms exist for public key encryption including RSA, DSA, PGP, and El Gamal.

8 Algorithms Elliptic Curve RSA Diffie-Hellman key exchange
De facto public-key algorithm Variable length keys Used for key exchange and signatures Elliptic Curve Diffie-Hellman key exchange Used for key exchange only Digital signature algorithm Used for signature only

9 Asymmetric Systems - Requirements
Secrecy of the private key Must be known only to owner Key ownership = identity Availability of the public key Must be available to anyone Requires a public directory

10 Asymmetric Algorithms (continued)
Rivest, Shamir, Adelman algorithm (RSA) One of the most well-known public key cryptosystems Developed in the late 1970’s Relies on the fact that it is extremely difficult to factor large prime numbers

11 Basic Knowledge for RSA
Exponentials Prime numbers Prime factorization Greatest Common Denominator (GCD) Modular arithmetic Euler totient function

12 RSA Algorithm Steps Step 1 – Choose two large prime numbers p and q and get product of these two numbers Product(p,q) P and q should be very large prime numbers, at minimum digits long but as larger is more secure and less efficient p and q should not be the same prime number Step 2 – Find the Totient of p and q Phi = Totient(p,q)=(p-1)*(q-1) Step 3 – Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1

13 RSA Algorithm Steps Step 4 – Compute the secret exponent d, 1 < d < phi, such that ed ≡ 1 (mod phi) Step 5 – The public key is (n, e) and the private key (d, p, q). Keep all the values d, p, q and phi secret. n is known as the modulus. e is known as the public exponent or encryption exponent or just the exponent. d is known as the secret exponent or decryption exponent.

14 RSA Example Choose p = 3 and q = 11 Compute n = p * q = 3 * 11 = 33
Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 7 Compute d such that (d * e) % φ(n) = 1. One solution is d = 3, [(3 * 7) % 20 = 1] Public key is (e, n) => (7, 33) Private key is (d, n) => (3, 33) The encryption of m = 2 is c = 27 % 33 = 29 (C = Pe mod n) The decryption of c = 29 is m = 293 % 33 = 2 (P = Cd mod n) P = Cd mod n = (Pe)d mod n = (Pd)e mod n

15 How to Generate RSA Key pair
Select a value of e from {3, 5, 17, 257, 65537} repeat    p ← genprime(k/2) until (p mod e) ≠ 1    q ← genprime(k - k/2) until (q mod e) ≠ 1 N ← pq L ← (p-1)(q-1) d ← modinv(e, L) return (N, e, d)

16 Proof of RSA

17 Examples Bob chooses 7 and 11 as p and q and calculates n = 77. The value of f(n) = (7 − 1)(11 − 1) or 60. Now he chooses two exponents, e and d, from Z60∗. If he chooses e to be 13, then d is 37. Note that e × d mod 60 = 1 (they are inverses of each Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext:

18 Now assume that another person, John, wants to send a message to Bob
Now assume that another person, John, wants to send a message to Bob. John can use the same public key announced by Bob (probably on his website), 13; John’s plaintext is 63. John calculates the following: Bob receives the ciphertext 28 and uses his private key 37 to decipher the ciphertext:

19 Elliptic Curve Cryptosystems
Although RSA is secure asymmetric-key cryptosystems, their security comes with a price, their large keys. Researchers have looked for alternatives that give the same level of security with smaller key sizes. One of these promising alternatives is the elliptic curve cryptosystem (ECC).

20 Elliptic Curve Cryptography
Components Private Key Public Key Set of Operations Domain Parameters (Predefined constants) A random number Point on a curve = Private Key * G These are defined over the curve y2 = x3 + ax + b, where 4a3 + 27b2 ≠ 0 G, a, b

21 Discrete Logarithm Problem (DLP)
Let P and Q be two points on the elliptic curve Such that Q = kP, where k is a scalar value DLP: Given P and Q, find k? If k is very large, it becomes computationally infeasible The security of ECC depends on the difficulty of DLP Main operation in ECC is Point Multiplication

22 Point Multiplication Point Multiplication is achieved by two basic curve operations: 1. Point Addition, L = J + K 2. Point Doubling, L = 2J Example: If k = 23; then, kP = 23*P = 2(2(2(2P) + P) + P) + P

23 Point Addition Geometrical explanation:

24 Point Addition Analytical explanation:
Consider two distinct points J and K such that J = (xJ, yJ) and K = (xK, yK) Let L = J + K where L = (xL, yL), then xL = s2 - xJ – xK yL = -yJ + s (xJ – xL) s = (yJ – yK)/(xJ – xK), s is slope of the line through J and K

25 Finite Fields The Elliptic curve operations shown were on real numbers
Issue: operations are slow and inaccurate due to round-off errors To make operations more efficient and accurate, the curve is defined over two finite fields 1. Prime field Fp and 2. Binary field F2m The field is chosen with finitely large number of points suited for cryptographic operations

26 EC on Prime field Fp Elliptic Curve equation:
y2 mod p= x3 + ax + b mod p where 4a3 + 27b2 mod p ≠ 0. Elements of finite fields are integers between 0 and p-1 The prime number p is chosen such that there is finitely large number of points on the elliptic curve to make the cryptosystem secure specifying curves with p ranging between bits

27 EC on Binary field F2m Elliptic Curve equation:
y2 + xy = x3 + ax2 + b, where b ≠ 0 Here the elements of the finite field are integers of length at most m bits. In binary polynomial the coefficients can only be 0 or 1. The m is chosen such that there is finitely large number of points on the elliptic curve to make the cryptosystem secure specifying curves with m ranging between bits

28 Implementations ECDSA - Elliptic Curve Digital Signature Algorithm
Signature Generation: For signing a message m by sender A, using A’s private key dA and public key QA = dA * G 1. Calculate e = HASH (m), where HASH is a cryptographic hash function, such as SHA-1 2. Select a random integer k from [1,n − 1] 3. Calculate r = x1 (mod n), where (x1, y1) = k * G. If r = 0, go to step 2 4. Calculate s = k − 1(e + dAr)(mod n). If s = 0, go to step 2 5. The signature is the pair (r, s)

29 Implementations ECDSA - Elliptic Curve Digital Signature Algorithm
Signature Verification: For B to authenticate A's signature, B must have A’s public key QA 1. Verify that r and s are integers in [1,n − 1]. If not, the signature is invalid 2. Calculate e = HASH (m), where HASH is the same function used in the signature generation 3. Calculate w = s −1 (mod n) 4. Calculate u1 = ew (mod n) and u2 = rw (mod n) 5. Calculate (x1, y1) = u1G + u2QA 6. The signature is valid if x1 = r(mod n), invalid otherwise

30 Hash Function in Cryptography
a Hash Function produces a fingerprint of some file/message/data h = H(M) condenses a variable-length message M to a fixed-sized fingerprint assumed to be public Requirement for Hash Function can be applied to any sized message M produces fixed-length output h is easy to compute h=H(M) for any message M

31 MD5 designed by Ronald Rivest (the R in RSA)
latest in a series of MD2, MD4 produces a 128-bit hash value until recently was the most widely used hash algorithm in recent times have both brute-force & cryptanalytic concerns specified as Internet standard RFC1321 MD5 is the current, and very widely used, member of Rivest’s family of hash functions.

32 MD5 Overview pad message so its length is congruent 448, mod 512
append a 64-bit length value to message initialise 4-word (128-bit) MD buffer (A,B,C,D) process message in 16-word (512-bit) blocks: using 4 rounds of 16 bit operations on message block & buffer add output to buffer input to form new buffer value output hash value is the final buffer value When we talk about a number x being "congruent to 448 modulo 512", what we mean is that x modulo 512 and 448 modulo 512 is the same number; since 448 is less than 512, this is equivalent to xmod512=448. So, how the padding in MD5 works is "first you append a 1 bit (this part isn't mentioned in the above quote, but it's a necessary step), and then you keep on appending 0 bits until the total length of the message (mod 512) is exactly 448 (and then you append the 64 bit length of the unpadded message, in little endian order. As an example, if you had a file that was 1472 bits long, then you would be able to use it as an MD5 hash, because 1472 modulo 512 = 448. If the file was 1400 bits long, then you would need to pad in an extra 72 bits before you could run the rest of the MD5 algorithm.

33 MD5 Overview Stallings Fig 12-1.

34 MD5 Compression Function
each round has 16 steps of the form: a = b+((a+g(b,c,d)+X[k]+T[i])<<<s) a,b,c,d refer to the 4 words of the buffer, but used in varying permutations note this updates 1 word only of the buffer after 16 steps each word is updated 4 times where g(b,c,d) is a different nonlinear function in each round (F,G,H,I) T[i] is a constant value derived from sin Each round mixes the buffer input with the next "word" of the message in a complex, non-linear manner. A different non-linear function is used in each of the 4 rounds (but the same function for all 16 steps in a round). The 4 buffer words (a,b,c,d) are rotated from step to step so all are used and updated. g is one of the primitive functions F,G,H,I for the 4 rounds respectively. X[k] is the kth 32-bit word in the current message block. T[i] is the ith entry in the matrix of constants T. The addition of varying constants T and the use of different shifts helps ensure it is extremely difficult to compute collisions.

35 Secure Hash Algorithm (SHA-1)
SHA was designed by NIST & NSA in 1993, revised as SHA-1 US standard for use with DSA signature scheme standard is FIPS , also Internet RFC3174 note: the algorithm is SHA, the standard is SHS produces 160-bit hash values now the generally preferred hash algorithm SHA is one of the newer generation of hash functions, more resistant to cryptanalysis, and now probably preferred for new applications.

36 SHA Overview pad message so its length is congruent 448, mod 512
append a 64-bit length value to message initialise 5-word (160-bit) buffer (A,B,C,D,E) to ( ,efcdab89,98badcfe, ,c3d2e1f0) process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing & shifting use 4 rounds of 20 bit operations on message block & buffer add output to input to form new buffer value output hash value is the final buffer value Note that the SHA-1 Overview is very similar to that of MD5.

37 SHA-1 Compression Function
each round has 20 steps which replaces the 5 buffer words thus: (A,B,C,D,E) <- (E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D) a,b,c,d,e refer to the 5 words of the buffer t is the step number f(t,B,C,D) is nonlinear function for round Wt is derived from the message block Kt is a constant value derived from sin Can see SHA shares much in common with MD4/5, but with 20 instead of 16 steps in each of the 4 rounds. Note the 4 constants are based on sqrt(2,3,5,10). Note also that instead of just splitting the input block into 32-bit words and using them directly, SHA-1 shuffles and mixes them using rotates & XOR’s to form a more complex input, and greatly increases the difficulty of finding collisions.

38 SHA-1 Compression Function
One iteration within the SHA-1 compression function: A, B, C, D and E are 32-bit words of the state; F is a nonlinear function that varies; n denotes a left bit rotation by n places; n varies for each operation; Wt is the expanded message word of round t; Kt is the round constant of round t; denotes addition modulo 232.

39 SHA-1 verses MD5 brute force attack is harder (160 vs 128 bits for MD5) not vulnerable to any known attacks (compared to MD4/5) a little slower than MD5 (80 vs 64 steps) both designed as simple and compact optimised for big endian CPU's (vs MD5 which is optimised for little endian CPU’s) Compare using the design goals listed earlier. SHA-1 is probably the preferred hash function for new applications. Currently no problems are known with it.

40 Revised Secure Hash Standard
NIST has issued a revision FIPS 180-2 adds 3 additional hash algorithms SHA-256, SHA-384, SHA-512 designed for compatibility with increased security provided by the AES cipher structure & detail is similar to SHA-1 hence analysis should be similar See Stallings Tables 12.3 and 12.4 for details.

41 Digital Signature: Outline
What is a Digital Signature Digital Signature Features Digital Signature Concepts How Digital Signature Works How to Register

42 What is a Digital Signature
Digital signature means a type of electronic signature that transforms a message using an asymmetric cryptosystem ( public and private key capability ) A person having the initial message and the signer’s public key can accurately determine Whether the transformation was created using the private key that corresponds to the signer’s public key Whether the initial message has been altered since the transformation was made

43 A Digital Signature is:
Intended by the party using it to have the same force and effect as the use of a manual signature Unique to the party using it Capable of verification Under the sole control of the party using it Linked to data in such a manner that it is invalidated if the data is changed In conformity with rules adopted by Office of Controller of Certification (a Certificate Authority) pursuant to this act

44 What is a Digital Signature

45 Digital Signature Features
Signer authentication Message authentication Non-repudiation Integrity

46 Digital Signature Concepts
The first is that each user has a pair of matching virtual keys ( the private key and public key ), which have a unique mathematical relationship The second concept is that of a digital certificate

47 Public-key Cryptography
Each person’s public key is published while the private key is kept secret Communications involve only the public keys, and no private key is ever transmitted or shared. The public keys are associated with their users in a trusted manner

48 Public-key Cryptography
Anyone can send a confidential message by just using public information, but the message can only be decrypted with a private key Public-key cryptography can be used not only for privacy (encryption), but also for authentication (digital signatures)

49 Certificate Authority
The Certificate Authority is an individual organization that acts as a notary to authenticate the identity of users of a public-key encryption A Certificate Authority is used to: ) Associate a pair of keys with a person ) Publishing the public keys in a directory ) Maintain functions associated with the keys

50 Digital Certificate The digital certificate acts like an electronic envelope in which the public key travels This electronic ID file verifies the connection between the public key and the owner The digital certificate is issued by a Certificate Authority and signed with that Certificate Authority’s private key, authenticating the public key

51 Digital Certificate Typically includes: Public key and owner’s name
Certificate Authority issuing the key Serial number Digital signature of Certificate Authority, signed using the Certificate Authority’s private key Other optional identifying information

52 Digital Signature Creation
Message Hash Function Digest Signature Digital Signature Private Key

53 Digital Signature Creation
A process known as hash function must occur ) A hash function is a mathematical algorithm which creates a digital representation or fingerprint in the form of a hash result or message digest 2) The hash function generally consists of a standard length that is usually much smaller than the message but nevertheless substantially unique to it

54 Digital Signature Creation
The sender’s digital signature software transforms the hash result into a digital signature using the sender’s private key Seal The message is encrypted with a fast symmetric key Then the symmetric key is encrypted with the receiver’s public key

55 Digital Signature Verification
If the message digest are identical, the signature is valid. If they are different, the signature is not valid. Hash Function Message Digest Message Digest Signature Signature Function Message Digest Signer’s Public Key

56 Digital Signature Verification
Accept Open The receiver decrypts the symmetric key by using the receiver’s private key The message is decrypted using the symmetric key Verify Accomplished by computing a new hash result of the original message

57 Digital Signature Verification
Verify Then, using the sender’s public key and the new hash result, the verifier checks whether: ) the digital signature was created using the corresponding private key 2) the newly computed hash result matches the original hash result The software will confirm the digital signature as: 1) verified ) failed

58 How to register

59 How to register A LRA (Local Registration Authority) uploads information about an authorized user The LRA verifies the user’s identity and provides them with their user number and password The user connects to the CA, the key pair is generated automatically in the user’s browser, and the private key is stored to their hard drive

60 How to register The user’s public key is automatically sent to the CA, and the CA generates the certificate after verifying the user number and password The CA passes a copy of the certificate back to the user The CA automatically posts a copy of the certificate in the directory server to make the public key available to others

61 Summary Digital signature is based on asymmetric cryptography
Every user has a unique pair of private and public key certified by a trusted Certification Authority When the sender signs a transaction, a unique mathematical code is created with their private key and the actual content of the transaction Digital signature can identify the signer’s identity by its relationship to the digital certificate Digital signature provides more value than any other electronic signature method

62 Comparison

63 Summary Goals of cryptography are confidentiality, integrity, nonrepudiation, and authentication General steps in cryptography are to Create a plaintext message Use a cryptographic key and algorithm to produce a ciphertext message Apply the same or a related key and algorithm to the ciphertext message Recreate the original plaintext message There are two types of cryptographic algorithms Symmetric (uses a shared secret key) Asymmetric (uses a public and private key pair)

64 Summary Digital signatures are used to add integrity and non-repudiation functionality to cryptosystems Digital signatures are created using hash functions applied to the message to create a message digest that is then encrypted Digital certificates allow a third party Certificate Authority to verify the identity of a sender who may not be well known to the recipient A digital certificate is a copy of a user’s public key that has been digitally signed by a Certificate Authority.

65 Assignment - 2 Analyze the policy/law adopted by Nepal Government regarding the implementation of Digital Signature on behalf of developed policy: “Electronic Transaction Act ” or any latest policy adopted. And its implementation with pros and cons if any.

66 Thank You ! References 1.

Download ppt "Unit 3: Cryptography and Key Management (Contd..)"

Similar presentations

Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)

Similar presentations

Ads by Google