Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Published byWendy Stephanie Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms."— Presentation transcript:

1 Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms

2 Computer Science CSC 474Dr. Peng Ning2 Public Key Algorithms Public key algorithms covered in this class –RSA: encryption and digital signature –Diffie-Hellman: key exchange –DSA: digital signature Number theory underlies most of public key algorithms.

3 Computer Science CSC 474Dr. Peng Ning3 Use of Public-Key Cryptosystems Encryption/decryption –The sender encrypts a message with the receiver’s public key –Only the receiver can decrypt the message. Digital signature –The sender signs a message with its private key. –Authentication and non-repudiation Key exchange –Two sides cooperate to exchange a session key. –Secret key cryptosystems are often used with the session key.

4 Computer Science CSC 474Dr. Peng Ning4 Requirements for Public-Key Algorithms It is computationally easy to generate a pair of public key and private key. It is computationally easy to generate a ciphertext using the public key. It is computationally easy to decrypt the ciphertext using the private key. It is computationally infeasible to determine the private key from the public key. It is computationally infeasible to recover the message from the ciphertext and the public key.

5 Computer Science CSC 474Dr. Peng Ning5 Trapdoor One-Way Function Essential requirement: Trapdoor one-way function. One-way function f –One-to-one mapping –Y=f(X): easy –X=f  1 (Y): infeasible Trapdoor one-way function –One-to-one mapping –Y=f k (X): easy if k and X are known –X=f  1 k (Y): easy if k and Y are known – X=f  1 k (Y): infeasible if Y is known but k is unknown. Designing public-key algorithm is to find appropriate trapdoor one-way function.

6 Computer Science CSC 474Dr. Peng Ning6 Public-Key Cryptanalysis Brute-force attack –Try all possible keys Derivation of private key from public key –Try to find the relationship between the public key and the private key and compute the private key from the public one. Probable-message attack –The public key is known. –Encrypt all possible messages –Try to find a match between the ciphertext and one of the above encrypted messages.

7 Computer Science CSC 474Dr. Peng Ning7 RSA (Rivest, Shamir, Adleman) The most popular one. Support both public key encryption and digital signature. Assumption/theoretical basis: –Factorization of large primes is hard. Variable key length (usually 1024 bits). Variable plaintext block size. –Plaintext must be “smaller” than the key. –Ciphertext block size is the same as the key length.

8 Computer Science CSC 474Dr. Peng Ning8 RSA Algorithm To generate key pair: –Pick large primes p and q –Let n = p*q, keep p and q to yourself! –For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = –For private key, find d that is the multiplicative inverse of e mod ø(n), i.e., e*d = 1 mod ø(n), let pri =.

9 Computer Science CSC 474Dr. Peng Ning9 How Does RSA Work? Given pub = and priv = –encryption: c = m e mod n, m < n –decryption: m = c d mod n –signature: s = m d mod n, m < n –verification: m = s e mod n

10 Computer Science CSC 474Dr. Peng Ning10 An Example Choose p = 7 and q = 17. Compute n = p*q=____. Compute  (n)=(p-1)(q-1)=____. Select e = 5, which is relatively prime to  (n). Compute d = _77_such that e*d=1 mod  (n). Public key: Private key: Encryption: 19 5 mod 119 = 66 Decryption: 66 77 mod 119 = 19.

11 Computer Science CSC 474Dr. Peng Ning11 Why Does RSA Work? Given pub = and priv = –n =p*q, ø(n) =(p-1)(q-1) –E*d = 1 mod ø(n) –x e*d = x mod n –encryption: c = m e mod n –decryption: m = c d mod n = m e*d mod n = m mod n = m (since m < n) –digital signature (similar)

12 Computer Science CSC 474Dr. Peng Ning12 The Security of RSA Attacks against RSA –Brute force: Try all possible private keys Can be defeated by using a large key space –Mathematical attacks Factor n into n=p*q. Determine ø(n) directly: equivalent to factoring n. Determine d directly: at least as difficult as factoring n. –Timing attacks Recover the private key according to the running time of the decryption algorithm.

13 Computer Science CSC 474Dr. Peng Ning13 The Security of RSA (Cont’d) Factoring large integer is very hard! But if you can factor big number n then given public key, you can find d, and hence the private key by: –Knowing factors p, q, such that, n = p*q –Then ø(n) =(p-1)(q-1) –Then d such that e*d = 1 mod ø(n) Ways to make n difficult to factor –p and q should differ in length by only a few digits –Both (p-1) and (q-1) should contain a large prime factor –gcd(p-1, q-1) should be small. –d > n 1/4.

14 Computer Science CSC 474Dr. Peng Ning14 The Security of RSA (Cont’d) Timing attacks –Determine the private key by observing how long a computer takes to decipher messages. –The attack proceeds bit by bit. –The attacker is able to determine bit j because for some d and a, the marked step is extremely slow Algorithm for computing a b mod n. d  1 For i  k downto 0 d  d*d mod n If b i = 1 Then d  d*a mod n Return d.

15 Computer Science CSC 474Dr. Peng Ning15 The Security of RSA (Cont’d) Countermeasures against the timing attack –Constant exponentiation time Don’t return the result if the computation is too fast. Hurt the performance. –Random delay Confuse the timing attack by adding a random delay. The attacker may be able to defeat random delay if the delay is not added carefully. –Blinding Multiply the ciphertext by a random number before performing exponentiation.

16 Computer Science CSC 474Dr. Peng Ning16 The Security of RSA (Cont’d) RSA Data Security’s blinding algorithm –Generate a random number r between 0 and n–1 such that gcd(r, n) = 1. –Compute C’=C * r e mod n –Compute M’ = (C’) d mod n –Compute M=M’*r –1 mod n. –Performance penalty: 2 – 10%.

17 Computer Science CSC 474Dr. Peng Ning17 Diffie-Hellman Key Exchange Shared key, public communication No authentication of partners What’s involved? –p is a large prime number (about 512 bits), g < p and g is a primitive root of p. –p and g are publicly known

18 Computer Science CSC 474Dr. Peng Ning18 Diffie-Hellman Key Exchange Procedure AliceBob pick secret S a randomly pick secret S b randomly compute T A =g Sa mod p compute T B =g Sb mod p send T A to Bob send T B to Alice compute T B Sa mod p compute T A Sb mod p Alice and Bob reached the same secret g SaSb mod p, which is then used as the shared key.

19 Computer Science CSC 474Dr. Peng Ning19 DH Security - Discrete Logarithm Is Hard T = g s mod p Given T, g, p, it is computationally infeasible to compute the value of s (discrete logarithm)

20 Computer Science CSC 474Dr. Peng Ning20 Diffie-Hellman Scheme Security factors –Discrete logarithm is very difficult. –Shared key (the secret) itself never transmitted. Disadvantages: –Expensive exponential operation DoS possible. –Cannot be used to encrypt anything. –No authentication, so you can not sign anything…

21 Computer Science CSC 474Dr. Peng Ning21 Man-In-The-Middle Attack AliceMr. XBob g Sa =123 g Sx =654 g Sb =255 123  654   654  255 654 Sa =123 Sx 255 Sx =654 Sb Mr. X plays Bob to Alice and Alice to Bob

22 Computer Science CSC 474Dr. Peng Ning22 Diffie-Hellman in Phone Book Mode DH is subject to active man-in-the-middle attack because their public key-component may be intercepted and substituted Phone book mode allows everyone to generate the public key-component in advance and publish them through other reliable means, e.g. for Bob All communicating parties agree on their common Essential requirement: authenticity of the public key.

23 Computer Science CSC 474Dr. Peng Ning23 Encryption With Diffie-Hellman Everyone computes and publishes –T=g S mod p Alice communicates with Bob: –Alice Picks a random secret S a Computes g b Sa mod p b Use K ab = T b Sa mod p b to encrypt message Send encrypted message along with g b Sa mod p b –Bob (g b Sa ) Sb mod p b = (g b Sb ) Sa mod p b = T b Sa mod p b = K ab Use K ab to decrypt Essentially key distribution + encryption

24 Computer Science CSC 474Dr. Peng Ning24 Digital Signature Standard (DSS) By NIST Related to El Gamal Use SHA (SHA-1) to generate the hash value and Digital Signature Algorithm (DSA) to generate the digital signature. Speeded up for signer rather than verifier: smart cards

25 Computer Science CSC 474Dr. Peng Ning25 Digital Signature Algorithm (DSA) Generate public parameters –p (512 to 1024 bit prime) –q (160 bit prime): q|p  1 –g = h (p  1)/q mod p, where 1 1. –g is of order q mod p. User’s private key x –Random integer with 0 < x < q User’s public key y –y = g x mod p User’s per message secret number –k = random integer with 0 < k < q.

26 Computer Science CSC 474Dr. Peng Ning26 DSA (Cont’d) Signing –r = (g k mod p) mod q –s = [k  1 (H(M)+xr)] mod q –Signature = (r, s) Verifying –M’, r’, s’ = received versions of M, r, s. –w = (s’)  1 mod q –u 1 = [H(M’)w] mod q –u 2 = (r’)w mod q –v = [(g u1 y u2 ) mod p] mod q –if v = r’ then the signature is verified

27 Computer Science CSC 474Dr. Peng Ning27 Why Is DSA Secure No revealing of private key x Can’t forge a signature without x No duplicate messages with matched signature Need a per-message secret number k –If k is known, the private key x can be computed –Two messages sharing the same k can reveal the private key x

Download ppt "Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms."

Similar presentations

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Computer Science CSC 405By Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)

Computer Science CSC 405By Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 2. Basic Cryptography (Part II)
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.

Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.

Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.

Similar presentations

Ads by Google