Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives."— Presentation transcript:

1 1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives

2 2 Outline Motivation Symmetric-key encryption Public-key encryption Digital signature Certificates Cryptographic hash functions

3 3 Motivation Cryptographic primitives are basic building blocks of Internet security, including some popular browser-based security and privacy tools. http://zoo.cs.yale.edu/classes/cs156/lectures/ lecture22.ppt http://crypto.stanford.edu/antiphishing

4 4 Symmetric-key Encryption (1) ‏ x: plaintexty: ciphertext E: encryption functionD: decryption function k AB : Alice’s and Bob’s shared secret key

5 5 Symmetric-key Encryption (2) ‏ For all messages x and all keys k, D(E(x, k), k) = x. That is, decryption “undoes” encryption perfectly, as long as the right key is used. If she does not know the secret key k AB, the eavesdropper Eve cannot deduce the plaintext x from the ciphertext y, even if she knows the encryption and decryption functions E and D. Alice and Bob must keep k AB secret and must run E and D in a private environment. Examples of widely used symmetric-key encryption schemes: AES (Advanced Encryption Standard) and DES (Data Encryption Standard) ‏

6 6 Symmetric-key Encryption (3) ‏ Problem: Alice and Bob must meet to create a shared key k AB before they can communicate privately over a public network (or they must belong to a group with a common “key manager”). Won’t work for global-scale Internet commerce. Solution: Public-key encryption

7 7 Public-key Encryption (1) ‏ Alice runs the key generator to obtain a public-key, secret-key pair (pk A, sk A ). She publishes “Alice: pk A ” and keeps sk A secret. To communicate securely, Bob first looks up pk A.

8 8 Public-key Encryption (2) ‏ With overwhelming probability, the key generator produces a different key pair each time it is run. For each pk, there is a unique sk, and vice versa. Given pk, it is computationally infeasible to find the corresponding sk. For all messages x and all key pairs (pk, sk), D(E(x, pk), sk) = x. Decryption “undoes” encryption perfectly if the corresponding key is used. If she does not know sk, the eavesdropper Eve cannot deduce the plaintext x from the ciphertext y, even if she knows pk, E, and D.

9 9 Public-key Encryption (3) ‏ This solves the scalability problem by enabling anyone who wants to receive secure communication to “sign up” unilaterally. The possibility of public-key cryptography was a radical conceptual breakthrough put forth by W. Diffie and M. Hellman in 1976. A well known and widely used public-key encryption system is the RSA system, named for its inventors R. Rivest, A. Shamir, and L. Adleman. Roughly speaking, the difficulty of computing sk from the corresponding pk stems from the fact that integer factoring is far harder than multiplication.

10 10 Digital Signatures (1) ‏ Alice runs the key generator to obtain a verification- key, signing-key pair (vk A, gk A ). She publishes “Alice: vk A ” and keeps gk A secret. To verify her signature, Bob first looks up vk A.

11 11 Digital Signatures (2) ‏ With overwhelming probability, the key generator produces a different key pair each time it is run. For each vk, there is a unique gk, and vice versa. Given vk, it is computationally infeasible to find the corresponding gk. For all documents M and all key pairs (vk, gk), Verify(M, Sign(M, gk), vk) = ACCEPT. If he does not know gk, a forger cannot produce a valid signature (i.e., one that would cause the Verify procedure to accept), even if he knows vk, Sign, and Verify.

12 12 Discussion Point Note that Alice’s digital signature on digital document M 1 will be different from her digital signature on digital document M 2. Thus, digital signatures are not analogous to handwritten signatures. Why is this necessary?

13 13 On “publishing” name-key pairs Problem: An impersonator could generate a key pair (pk I, sk I ) [resp., (vk I, gk I )] and then publish “Alice: pk I ” [resp., “Alice: vk I ”]. This would enable him to read Alice’s private communication [resp., forge Alice’s signature]. Solution: Certified keys

14 14 Certificates We can leverage our confidence in the integrity of a single verification key. Let CA (for “certifying authority”) be an entity with a valid, highly available verification key vk CA. Verisign is an example of a CA. The CA can verify that Alice, Bob, Eve, etc., have appropriate IDs and have not presented keys that are already owned by someone else. It can then publish “certified” name-key pairs: (Alice, pk A, Sign((Alice, pk A ), gk CA )), (Bob, pk B, Sign((Bob, pk B ), gk CA )), (Eve, pk E, Sign((Eve, pk E ), gk CA )), …

15 15 Cryptographic Hash Functions A “hash function” h maps an arbitrary-length input to a fixed-length (e.g., 256-bit) output. Note that, of necessity, there are many inputs x 1, x 2, x 3, … that are mapped to the same hash value y. h is a (keyed) “cryptographic hash function” if - each user has a secret key k that he uses to compute y = h k (x); - it is computationally infeasible for someone who does not know k to find any x* such that h k (x*) = y, even if he knows h and y. Note that this is different from encryption, in which each ciphertext produced with a given key corresponds to a unique plaintext that must be recoverable.

Download ppt "1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives."

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Network Security understand principles of network security:

Network Security understand principles of network security:
Public Encryption: RSA

Public Encryption: RSA
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Similar presentations

Ads by Google