Download presentation
Presentation is loading. Please wait.
1
Network Security (contd.)
Bijendra Jain 1/1/2019 Tutorial on Network Security: Sep 2003
2
Lecture 3: Public-key cryptography
1/1/2019 Tutorial on Network Security: Sep 2003
3
Public-key cryptography
Public-key cryptography is not necessarily more secure than private-key cryptography Private-key cryptography is not obsolete—it still is exceptionally useful Distribution of keys in public-key cryptography is not trivial-- Public-key cryptography has attempted to address this issue head-on 1/1/2019 Tutorial on Network Security: Sep 2003
4
Public-key cryptography
Public-key cryptography requires the use of two keys: One for encryption A related one for decryption One key is kept private, while the other is made public Can either key be used for encryption, and the other for decryption: YES, for RSA 1/1/2019 Tutorial on Network Security: Sep 2003
5
Public-key cryptography: confidentiality
Used for Confidentiality: 1/1/2019 Tutorial on Network Security: Sep 2003
6
Public-key cryptography: confidentiality
Used for confidentiality: 1/1/2019 Tutorial on Network Security: Sep 2003
7
Public-key cryptography: authentication
Used for authentication: 1/1/2019 Tutorial on Network Security: Sep 2003
8
Public-key cryptography: authentication
Used for authentication: 1/1/2019 Tutorial on Network Security: Sep 2003
9
Confidentiality and authentication
Used for : 1/1/2019 Tutorial on Network Security: Sep 2003
10
Public-key cryptography
Easy for B to generate keys, (private) KRB and (public) KUB Easy for sender A to encrypt C = EKUB (M), given M and KUB Easy for receiver B to decrypt M = DKRB (C), given C and KRB Given KUB it is infeasible for others to determine KRB Given KUB and ciphertext C it is infeasible for others to decipher M (optionally) encryption and decryption can be applied in any order Function E (or D) is “one-way function with trap-door” The inverse of E (or D) is infeasible, unless additional information (trap-door) is available 1/1/2019 Tutorial on Network Security: Sep 2003
11
Tutorial on Network Security: Sep 2003
RSA algorithm Approach first suggested by Diffie and Hellman Invented by Rivest, Shamir, Adleman at MIT, first published in 1978 Algorithms are patented Block cipher, where plaintext is < n Permits any key length typically 128 through 1014 is common 1/1/2019 Tutorial on Network Security: Sep 2003
12
Tutorial on Network Security: Sep 2003
RSA algorithm Consider n, and blocks of size k bits s.t. 2k < n 2k+1. Encryption and decryption algorithms: C = Me mod n M = Cd mod n = Med mod n where sender knows public key KU = {e, n} receiver knows private key KR = {d, n} For this to be a public-key crypto system: M = Med mod n for some e, d, n for all M < n Easy to calculate Me mod n, and Cd mod n Infeasible to determine d, given e and n 1/1/2019 Tutorial on Network Security: Sep 2003
13
Tutorial on Network Security: Sep 2003
RSA algorithm Key generation Select any prime numbers p, q Compute n = p*q Compute phi = (p-1)*(q-1) Select e, such that 1< e < phi, and gcd(phi, e) = 1 Find d such that ed = 1 mod phi Public key KU = {e, n} Private key KR = {d, n} Encryption, decryption algorithms: for any plaintext M < n C = Me (mod n) M = Cd (mod n) Can be shown that M = Cd mod n = Med mod n 1/1/2019 Tutorial on Network Security: Sep 2003
14
Tutorial on Network Security: Sep 2003
RSA: example Let p = 7, q = 17 N = p*q = 119 Phi = (p-1)*(q-1) = 96 Select e = 5 (note e is relatively prime to 96, and < 96) Find d =77 (note d*e = 1 mod 96, and d < 96) KU = {5, 119}, KR = {77, 119} Let M = 19 (note M < 119) Encryption step: C = 19**5 = mod 119 = 66 Decryption step: M = 66**77 = 127………. mod 119 = 19 1/1/2019 Tutorial on Network Security: Sep 2003
15
RSA: computational aspects
Computing C = Me (mod n) use the following two properties: 1. A * B mod n = (A mod n)*(B mod n) mod n Or, e.g., 195 mod 119 = (192 mod 119) * (193 mod 119) mod 119 2. A**8 = (A**4)**2 = ((A**2)**2)**2 Or, 19**9 = (19**8)*(19**1) = (((19**2)**2)**2)*(19**1) 1/1/2019 Tutorial on Network Security: Sep 2003
16
Tutorial on Network Security: Sep 2003
RSA: key generation Selecting two primes: p, q Should be very large Since M < n = p*q Infeasible to calculate factors p, q of n by exhaustive search Finding large primes Pick a large number randomly, and then test Selecting e, relative prime to phi = (p-1)*(q-1) Pick an e, and test for relative primality Extended Euclid’s algorithm computes gcd, and inverse, d 1/1/2019 Tutorial on Network Security: Sep 2003
17
Tutorial on Network Security: Sep 2003
RSA: its strength Brute force Factor n to obtain p and q Then calculate phi = (p-1)*(q-1), and then invert e to obtain d “Factor” n to obtain phi Then invert e to obtain d Progress towards meeting challenges Ciphers using RSA with keys of size up to 431 bits have been deciphered Effort involved was only 500 MIPS-years (1 MIPS machine working for 1 year – a 200 MHz Pentium is 50 MIPS) A 2048 bit RSA is expected to require 1014 MIPS-years Today, and for the near future, consider RSA key size of 1024 to 2048 Additionally consider selecting p and q appropriately, such as p and q are of approx. same length, etc. 1/1/2019 Tutorial on Network Security: Sep 2003
18
RSA: distribution of public keys
Public announcements Directory on the web, where data is secured Public-key authority Certificates 1/1/2019 Tutorial on Network Security: Sep 2003
19
RSA: distribution of public keys
Public announcements Public key is “public” User can share his/her public with others Popular with PGP However, one may even send “false” keys 1/1/2019 Tutorial on Network Security: Sep 2003
20
RSA: distribution of public keys
Publicly accessible directory By a trusted and well known “authority” Individual users “register” their public key using some other means Public keys are secure For instance on the web, or printed directory Individual users control, update their public keys, and do so in a secure manner Weaknesses: Break into the authority’s database Alter the key during communication 1/1/2019 Tutorial on Network Security: Sep 2003
21
RSA: distribution of public keys
Public-key authority Very similar to publicly accessible directory Different: user can request/obtain public key in secure manner Initiator A X, PK authority 1. REQ (KUB, T1) 2. ENCKUX(KUB, REQ (KUB, T1)) Initiator B 4. REQ (KUA, T2) 5. ENCKUX(KUA, REQ (KUA, T2)) 3. ENCKUB(IDA, N1) 6. ENCKUA(IDB, N1, N2) 7. ENCKUB(N2) 1/1/2019 Tutorial on Network Security: Sep 2003
22
RSA: distribution of public keys
Public-key certificates Certificates need not be issued each time Sender provides public key with a certificate Receiver checks the certificate, thereby confirms public key A certificate: Anyone can read, determine the owner’s public key Anyone can verify that certificate is signed by authority Only certificate can create certificate Anyone can check “currency” of certificate 1/1/2019 Tutorial on Network Security: Sep 2003
23
Tutorial on Network Security: Sep 2003
RSA: Certificates CERTA = ENCPUX (IDA, KUA, TA, DURA) where PUX is public key of certification authority IDA is user ID KUA is public key of A TA is time of issuance of certificate DURA is the duration for which the certificate is valid 1/1/2019 Tutorial on Network Security: Sep 2003
24
Lecture 4: Message Authentication
1/1/2019 Tutorial on Network Security: Sep 2003
25
Message authentication
Source of Message Protection against masquerading Integrity of message Protection against modification Integrity of sequence of messages Protection against deletion, addition and re-ordering Integrity of timing Protection against delay and replay 1/1/2019 Tutorial on Network Security: Sep 2003
26
Using private-key encryption
Encrypt message using private-key encryption system Basically provides confidentiality Authentication and Integrity check are difficult, but possible Particularly if it is some bit sequence Use an FCS (frame check sequence), as in TCP Integrity of a sequence of TCP messages can also be ensured Does not provide for non-repudiation 1/1/2019 Tutorial on Network Security: Sep 2003
27
Using public-key encryption
Similar, except that it only provides for authentication Again, the transmitted message must have some structure (FCS, for example) 1/1/2019 Tutorial on Network Security: Sep 2003
28
Message Authentication Codes
Integrity check is not difficult any more Based on private-key encryption Transmitted message in (M, MAC) MAC = CK(M) where: C is MAC algorithm, K is the shared key Provides for message integrity, user authentication, but not non-repudiation 1/1/2019 Tutorial on Network Security: Sep 2003
29
Message Authentication Codes
Algorithm C differs: from encryption in that it is NOT reversible From FCS, etc. in that it is not easy to design a new message with same FCS From use of hash functions, in that encryption and “hashing” is simultaneous Algorithm C is more difficult to crack 1/1/2019 Tutorial on Network Security: Sep 2003
30
Message authentication codes
Authentication based on MAC-- superior since it is efficient Authentication based on appending an FCS, then encrypting FCS is a bad idea, anyway Data sent Message || MAC() K Data sent Message E() K || fcs() 1/1/2019 Tutorial on Network Security: Sep 2003
31
Message authentication: alternatives
Data sent Message || H() E() K Data sent Message || H() E() K 1/1/2019 Tutorial on Network Security: Sep 2003
32
Tutorial on Network Security: Sep 2003
Digital Signature Data sent Message || H() E() KR 1/1/2019 Tutorial on Network Security: Sep 2003
33
Message authentication: alternatives
Data sent Message || H() Secret K This approach completely does away with encryption Efficient Strength depends completely on how good is the hashing function 1/1/2019 Tutorial on Network Security: Sep 2003
34
Tutorial on Network Security: Sep 2003
MAC codes MAC is also known as cryptographic checksum Transmitted message in (M, MAC) MAC = CK(M) where: C is MAC algorithm, MAC is n bit long M is variable length message K is k-bit shared key MAC requirements: Given M, CK(M) it should be computationally infeasible to obtain M’ s.t. MAC = CK(M) = CK(M’) MAC = CK(M) should be uniformly distributed, or for random M, M’ Prob (CK(M) = CK(M’) = 2-n Similarly if M’ is obtained by carrying out simple transformations 1/1/2019 Tutorial on Network Security: Sep 2003
35
Tutorial on Network Security: Sep 2003
MAC Codes 64 bit DAA (Data Authentication Algorithm) is based on DES: O1 = EK(D1) O2 = EK(O1 D2) O3 = EK(O2 D3) … ON = EK(ON-1 DN) 1/1/2019 Tutorial on Network Security: Sep 2003
36
Tutorial on Network Security: Sep 2003
Hash functions Data sent Message || H() E() KR Requirements of a hash function: Can be applied to block of data of any size Produces a fixed length digest Easy to compute h = H(M) One-way function: given h, it must be computationally infeasible to compute M such that h = H(M) Weak collision: Given M, it must be computationally infeasible to compute M’ such that H(M’) = H(M) Strong collision: computationally infeasible to find M, M’ such that H(M’) = H(M) 1/1/2019 Tutorial on Network Security: Sep 2003
37
Tutorial on Network Security: Sep 2003
Hash functions Simple hash function: O1 = D1 O2 = O1 D2 O3 = O2 D3 … ON = ON-1 DN MD4, MD5 1/1/2019 Tutorial on Network Security: Sep 2003
38
Tutorial on Network Security: Sep 2003
MD5 Y0 Y1 … YL IV CV1 HMD5 CV2 CVL-1 CVL Develop in 1992, by Ron Rivest 128 bit hash code Processes 512 bits at a time (add padding bits if necessary) 4 rounds of 16 steps each, involving gcd, and + mod 232 operations 1/1/2019 Tutorial on Network Security: Sep 2003
39
Tutorial on Network Security: Sep 2003
MD4 Similar to MD5, developed earlier in 1990 by Ron Rivest 128 bit hash code, processes 512 bits at a time 3 rounds of 16 steps each, involving gcd, and + mod 232 operations faster 1/1/2019 Tutorial on Network Security: Sep 2003
40
Tutorial on Network Security: Sep 2003
SHA-1 hash function Developed by NIST in 1995 Based on MD4 160 bit hash Operates on blocks of length 512 bit More secure against brute force attacks Appears to be secure against cryptanalysis MD5 and SHA-1 are equally fast, simple 1/1/2019 Tutorial on Network Security: Sep 2003
41
Tutorial on Network Security: Sep 2003
HMAC Truly a MAC Required for IPSec Based on hash functions Any “good” hash function can be used The “IV” can be kept secret (becomes the key) MD5 or SHA-1 can be used 1/1/2019 Tutorial on Network Security: Sep 2003
42
Tutorial on Network Security: Sep 2003
Thanks 1/1/2019 Tutorial on Network Security: Sep 2003
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.