Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption and Integrity

Published byVincent Allen Modified over 6 years ago

Similar presentations

Presentation on theme: "Encryption and Integrity"— Presentation transcript:

1 Encryption and Integrity

2 Example-IPSec(ESP) Packet
Encrypted IP ESP TCP / UDP Payload HMAC Authenticated

3 Example - continued HMAC computed over ciphertext (advantages…)
HMAC doesn’t cover IP header (unlike AH). Can’t cover mutable fields. ESP header and IP header can’t be encrypted Encrypting TCP/UDP/ICMP… headers has advantages and disadvantages. HMAC is not encrypted

4 Example 2 - CBC MAC IV P1 Pn Ek Ek Ek C1 Cn MAC

5 CTR Mode Encryption Stream cipher mode (like OFB)
IV is a pair <nonce, counter> The nonce should be random Counter is incremented for each block encrypted Encryption of block number j, Pj by: Ek(nonce, counter+i)  , Pj

6 CCM Mode Encryption and authentication together with block cipher
Authentication by CBC MAC Encryption of message and of MAC by CTR mode Used in WiMAX communication

7 Public-Key Cryptography

8 Quadratic Residues Definition: An element x is a quadratic residue modulo n if there exists y such that y2x mod n If x is a quadratic residue and y is one of its roots, then so is –y mod n Claim: if p is a prime there are exactly (p-1)/2 quadratic residues in Zp Claim: if p is a prime, and g is a generator of the multiplicative group, the quadratic residues are even powers of g.

9 Quadratic Residues Claim: an element x in Zp is a quadratic residue if and only if x(p-1)/21 mod p

10 Generic Discrete Log Let G be a group and g a set element.
g is called the base. Let y=gx x is called the discrete log of y Example: y=gx mod p in Zp Example: y=gx mod p in the multiplicative group of Zp

11 Giant Step-Baby Step Goal: recover the discrete log in O(|G|1/2) steps
Input: y, g Output: x such that gx=y Let k |G|1/2 Compute and store gik for i=0,…,k-1 For every j=0,…,k-1 test if yg-j is one of the stored elements

12 Standard Discrete Log y=gx mod p in the multiplicative group of Zp
Computation takes O(log3p) steps Standard discrete log is believed to be a one-way function Can it be used as a hash function?

13 Key Exchange Idea was first presented by Diffie and Hellman
Goal: two parties who do not share a secret perform a protocol and derive the same key Eve who is listening in cannot obtain the new shared key if she has limited computational resources.

14 Classic Scheme Each party generates a key pair: a private key and a public key. The public keys are exchanged. Both parties derive the same shared key from two public keys and a single private key.

15 Properties of Key Exchange
Necessary security condition: the public key is a one way function of the private key. Necessary “algebraic” condition: an appropriate combination of public and private keys to form a shared key is required Key exchange by itself is effective only against a passive adversary. Man-in-the-middle attack is lethal

16 Security Requirements
Is the one-way relationship between public key and private key sufficient? A one-way function may leak some bits of its arguments. Example: gx mod p Shared key may be compromised Example: gx+y mod p

17 Security Requirements (cont.)
The full requirement is: given all the communication recorded throughout the protocol, computing any bit of the shared key is hard Note that the “any bit” requirement is especially important

18 Diffie-Hellman Algorithm
Public parameters: a prime p, and an element g (possibly a generator of the multiplicative group of Zp) Alice chooses x at random from the multiplicative group and sends gx mod p Bob chooses y at random from the multiplicative group and sends gy mod p Alice and Bob compute the shared key gxy mod p

19 Computing DH Computation time O(log3p)
1-10 key exchanges a second in real-world SW Up to 10 times that in HW. Beyond that- a heavy penalty in gate count Useful as key exchange, but not as block encryption

20 Other DH Systems The DH idea can be used with any group structure
Limitation: groups in which the discrete log can be easily computed are not useful Example: additive group of Zp Currently useful DH systems: the multiplicative group of Zp and elliptic curve systems

21 Quantum Key Exchange

22 Some Properties of Photons
Photons may be polarized, e.g: Rectilinear basis: Diagonal basis: Assume a single photon is transmitted with a certain polarization The act of measuring its polarization may change it A filter with the same polarization will receive the photon

23 Properties (cont.) A filter with the orthogonal polarization will receive nothing A filter in a different basis will receive the photon with 0.5 probability

24 Qubits Each photon represents one bit. The value of the bit is determined by polarization In each basis, one filter direction represents 1 and the other represents 0 If both sides choose the same basis a qubit (bit passed by photon) is passed correctly If both sides choose different bases there is a 50% chance that it is passed correctly and 50% that it is passed incorrectly

25 Eavesdropping If Eve chooses correctly the basis by which a qubit is sent she obtains the bit If she chooses incorrectly, she obtains the correct bit with 0.5 probability Eve must retransmit the qubit to Bob By obtaining the qubit, she may have changed it. If the qubit is changed, Bob gets the wrong bit

26 Brassard-Bennett Key Exchange
Alice chooses random n-bit key k Alice chooses n random bases Alice sends k as n qubits. The i-th qubit is transmitted using the i-th base Bob chooses n random bases and measures the qubits Bob tells Alice what bases he chose Alice tells Bob which of these bases is correct Shared key – bits for which Bob chose correctly Bob’s message to Alice has to be authenticated. Does not have to be encrypted.

Download ppt "Encryption and Integrity"

Similar presentations

L8. Reviews Rocky K. C. Chang, May 2011. Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.

L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
Network Security David Lazăr.

Network Security David Lazăr.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.

CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.

CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
Page 1 COMPSCI 290.2: Computer Security “Quantum Cryptography” including Quantum Communication Quantum Computing.

Page 1 COMPSCI 290.2: Computer Security “Quantum Cryptography” including Quantum Communication Quantum Computing.
1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.

1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

Similar presentations

Ads by Google