Download presentation
Presentation is loading. Please wait.
1
NET 311 Information Security
Networks and Communication Department Lecture 4: Asymmetric Ciphers
2
lecture contents: Public-Key Cryptography Why Public-Key Cryptography?
RSA Cryptography 4-Dec-18 Networks and Communication Department
3
Private-Key Cryptography
traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications are compromised also is symmetric, parties are equal hence does not protect sender from receiver forging a message & claiming is sent by sender 4-Dec-18 Networks and Communication Department
4
Public-Key Cryptography
probably most significant advance in the 3000 year history of cryptography uses two keys – a public & a private key asymmetric since parties are not equal uses clever application of number theoretic concepts to function 4-Dec-18 Networks and Communication Department
5
Why Public-Key Cryptography?
Developed to address two key issues: key distribution – how to have secure communications in general without having to trust a KDC with your key digital signatures – how to verify a message comes intact from the claimed sender The concept of public-key cryptography evolved from an attempt to attack two of the most difficult problems associated with symmetric encryption: key distribution and digital signatures. The first problem is that of key distribution, which under symmetric encryption requires either (1) that two communicants already share a key, which somehow has been distributed to them; or (2) the use of a key distribution center. This seemed to negated the very essence of cryptography: the ability to maintain total secrecy over your own communication. The second was that of "digital signatures." If the use of cryptography was to become widespread, not just in military situations but for commercial and private purposes, then electronic messages and documents would need the equivalent of signatures used in paper documents. The idea of public key schemes, and the first practical scheme, which was for key distribution only, was published in 1976 by Diffie & Hellman. The concept had been previously described in a classified report in 1970 by James Ellis (UK CESG) - and subsequently declassified [ELLI99]. Its interesting to note that they discovered RSA first, then Diffie-Hellman, opposite to the order of public discovery! There is also a claim that the NSA knew of the concept in the mid-60’s [SIMM93]. 4-Dec-18 Networks and Communication Department
6
Public-Key Cryptography
public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a related private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures Is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures Asymmetric algorithms rely on one key for encryption and a different but related key for decryption. These algorithms have the following important characteristic: • It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key. In addition, some algorithms, such as RSA, also exhibit the following characteristic: • Either of the two related keys can be used for encryption, with the other used for decryption. Anyone knowing the public key can encrypt messages or verify signatures, but cannot decrypt messages or create signatures, thanks to some clever use of number theory. 6
7
Public-Key Cryptography
Stallings Figure 9.1a “Public-Key Cryptography”, shows that a public-key encryption scheme has six ingredients: • Plaintext: the readable message /data fed into the algorithm as input. • Encryption algorithm: performs various transformations on the plaintext. • Public and private keys: a pair of keys selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the algorithm depend on the public or private key that is provided as input. • Ciphertext: the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: accepts the ciphertext and matching key and produces the original plaintext. Consider the following analogy using padlocked boxes: traditional schemes involve the sender putting a message in a box and locking it, sending that to the receiver, and somehow securely also sending them the key to unlock the box. The radical advance in public key schemes was to turn this around, the receiver sends an unlocked box (their public key) to the sender, who puts the message in the box and locks it (easy - and having locked it cannot get at the message), and sends the locked box to the receiver who can unlock it (also easy), having the (private) key. An attacker would have to pick the lock on the box (hard). 7
8
Asymmetric-Key Cryptography
Asymmetric-key (public key cryptography) uses two keys: one private and one public. There are two algorithms: RSA ELGAMAL
9
Public-Key Applications
can classify uses into 3 categories: encryption/decryption (provide secrecy) digital signatures (provide authentication) key exchange (of session keys) some algorithms are suitable for all uses, others are specific to one Public-key systems are characterized by the use of a cryptographic type of algorithm with two keys. Depending on the application, the sender uses either the sender’s private key or the receiver’s public key, or both, to perform some type of cryptographic function. In broad terms, we can classify the use of public-key cryptosystems into the three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender “signs” a message with its private key, either to the whole message or to a small block of data that is a function of the message. • Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties. Some algorithms are suitable for all three applications, whereas others can be used only for one or two of these applications. Stallings Table 9.3 (shown here) indicates the applications supported by the algorithms discussed in this book. 9
10
Modular arithmetic This example is modulo 7
The numbers allowed are 0 to 6 After 6, numbers “wrap around” 7 (mod 7) = 0 3+3 (mod 7)= (mod 7)= 1 5 6 1 2 3 4
11
RSA The most common public key algorithm is RSA, named for its inventors Rivest, Shamir, and Adelman. It uses two numbers: e public key d private The two keys, e and d, have a special relationship to each other.
12
RSA
13
RSA – selecting keys Bob uses the following steps to select the private and public keys: Bob chooses two very large prime numbers p and q Bob multiplies p and q to find n n=p x q Bob calculates another number ф = (p -1) X (q -1) Bob chooses a random encryption number e, where 1< e< ф and gcd(e, ф)=1 He then calculates d so that d X e mod ф = 1 Bob announces e and n to the public; he keeps ф and d secret. where φ(n) is the Euler totient function.
14
RSA – Encryption and Decryption
Restriction P < n , if not, the plaintext needs to be divided into blocks to make P less than n.
15
RSA Exercise Encrypt the following message “NO” By Using RSA algorithm. Assume that p=17, q =11, and e= 7 Hint, each character will be encoded according to this algorithm (A - Z) (00 – 25) Find d , then encrypt each character individually .
16
The solution Step1: calculate n, where n= p x q = 17 x 11 = 187
Step2: calculate ɸ where ɸ = (p-1) x (q-1) = 16 X 10 =160 Step3: calculate d, where e is given e . d mod ɸ=1 7d mod 160 =1 d=23 This is because 23 X 7 = 161 = ( 1 X 160) + 1
17
The solution Step5: encode the plaintext. P=“NO”= 13 14
Step6: C= pe mod n C(N)= (13 ) 7 mod 187 = 106 C(O)=(14) 7 mod 187= 108 Step7: P= Cd mod n P(106)= (106) 23 mod 187 =13 P(108)= (108) 23 mod 187 =14
18
Example 2 Using e=13 ,d=37, n=77 in the RSA algorithm encrypt the message "IF" using the value of 00 to 25 for letters A to Z, do the encryption character by character. I = 8 C=p^e 8^13 mod 77= 50 F=5 5^13 mod77 = 26 4-Dec-18 Networks and Communication Department
19
Example 3 Using e=7 ,d=23, n=187 in the RSA algorithm encrypt the message M = 88. C= 88 7 88 7 mod 187 = [(88 4 mod 187) × (88 2mod 187) × (881 mod 187)] mod 187 881 mod 187 = 88 882 mod 187 = 7744 mod 187 = 77 884 mod 187 = 59,969,536 mod 187 = 132 88 7 mod 187 = (88 × 77 × 132) mod 187 = 894,432 mod 187 = 11 OR 88 7 mod 187 = [(88 2mod 187) x (88 2mod 187) × (88 2mod 187) × (881 mod 187)] mod 187 88 7 = (88*77*77*77) mod 187 =11 4-Dec-18 Networks and Communication Department
20
RSA- Application RSA is useful for short messages but not for long messages. RSA is used in digital signature , and authentication algorithms.
21
Diffie-Hellman Procedure
Step 1: Alice chooses a large random number a and calculates R1 = ga mod p Step 2: Bob chooses another large random number b and calculates R2 = gb mod p Step 3: Alice sends R1 to Bob Step 4: Bob sends R2 to Alice Step 5: Alice calculates K = (R2) a mod p Step 6: Bob also calculates K = (R1) b mod p
22
Diffie-Hellman Example
By giving g and p the following values g = 7 and p = 23, calculate the key. The steps are as follows: Alice chooses a = 3 and calculates R1 = 73 mod 23 = 21. 2. Bob chooses b = 6 and calculates R2 = 76 mod 23 = 4. 3. Alice sends the number 21 to Bob. 4. Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 43 mod 23 = 18. 6. Bob calculates the symmetric key K = 216 mod 23 = 18.
23
Diffie-Hellman Example
The value of K is the same for both Alice and Bob; gab mod p = 718 mod 23 = 18. Therefore, we can say that symmetric (shared) key in the Diffie-Hellman protocol is K = gab mod p.
24
Diffie-Hellman characteristics
In the Diffie-Hellman cryptosystem, two parties create a symmetric session key to exchange data without having to remember or store the key for future use. They do not have to meet to agree on the key; it can be done through the Internet. The two parties need to choose two numbers p and g, both number announced to the public. P large prime number g random number
25
Diffie-Hellman Cont. Diffie-Hellman is a very sophisticated symmetric-key creation algorithm. If a and b are very large numbers, it is extremely difficult for Eve to find the key, knowing only p and g. An intruder needs to determine a and b if R1 and R2 are intercepted. The key will be changed each time the two parities need to communicate.
26
Diffie-Hellman
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.