Presentation is loading. Please wait.

Presentation is loading. Please wait.

254542 Networks Management and Security Lecture 3.

Published byVeronica Quinn Modified over 9 years ago

Similar presentations

Presentation on theme: "254542 Networks Management and Security Lecture 3."— Presentation transcript:

1 254542 Networks Management and Security Lecture 3

2 Public-Key Cryptography Each party will have a public key for encryption and a private key for decryption No key transmission High scalability Either key can be used first (for encryption)! m E p (m) M = D s (E p (m)) Public key, p Private key, s

3 Symmetric vs. Asymmetric Fast (In software, DES is 100 times as fast as RSA) L(c) usually ≤ L(m) Key management is difficult No. of keys is approximately = (No. of participants)2 Slower L(c) ≥ L(m) No problem in managing keys No. of keys = No. of participants Non-repudiation check

4 RSA: basic ideas Ron Rivest, Adi Shamir, and Len Adleman from MIT developed RSA in 1978 Keys are based on large prime numbers –easy to find –extremely hard to factor their products Selection and generation of public and private keys?

5 RSA: algorithm Use 2 large prime numbers, P and Q N = P x Q Find small E (public exponent) such that it is relatively prime to (P-1) x (Q-1) Find D (private exponent) such that (DxE) mod (P-1)(Q-1) = 1 For encryption C = M E mod N For decryption M = C D mod N

6 RSA: example Let’s P = 7 and Q = 17 N = P x Q = 119 and (P-1)(Q-1) = 96 96 = 2 x 2 x 2 x 2 x 2 x 3, therefore E can be 5 (no 2 and 3 as a factor) D = 77 since (5x77) mod 96 = 1 Set M = 6, therefore C = 6 5 mode 119 = 41 Decrypting C, M = 41 77 mod 119 = 6

7 Cracking RSA Factoring N to find P, Q (and finally D) –complex and time-consuming if N is sufficiently large Find E th root mod N (since C=M E mod N) –No general methods are known –Related messages encrypted with the same E may give away some clues M can be guessed if it is sent to multiple parties –Prevented by random padding

8 RSA Key Size Larger N, higher security, slower process P and Q should be roughly of equal length In 1999, 512-bit RSA keys was factored in 7 months Recommended 1024 bits for corporate use (2048 bits for extremely valuable keys)

9 RSA in Practice Built into current OS by Microsoft, Apple, SUN, Novell On Ethernet cards, smart cards, secure telephones In protocols such as S/MIME, SSL, and S/WAN It’s the most widely used cryptosystem in the world

10 Elliptic Curve Algorithm Let’s E be an elliptic curve P is a point in E A random number d is generated Let’s Q = d x P Then E, P, Q are public values And d is a private key If the curve is big enough, it’s almost impossible to find d

11 Hybrid Scheme: Digital Envelope A encrypts m using K1, a one-time secret key A encrypts K1 with B’s public key, K2 (Key wrapping) A puts c and encrypted symmetric key in a digital envelope, which is then sent to B B uses its private key, K3, to decrypt and get K1 B uses K1 to decrypt m E k1 (m) + E k2 (K1) A B 1.D k3 (E k2 (K1)) = K1 2.D k1 (E k1 (m) = m

12 Advantages of Digital Envelope Using a symmetric key to encrypt a long m is fast c is of the same size of m Using a public key for K1 encryption is relatively fast (since K1 is smaller than m) No problem in key exchange

13 Digital Signature For authentication and non-repudiation purpose A encrypts h(m) with its private key –E SA (h(m)) = digital signature (DS) of A B decrypts A’s DS with A’s public key B computes h(m) and compares with the hash value from A’s message. If matched, … –The sender is really A –Message is not altered in transit

14 Well-known Hashing Functions MD5, designed by Ron Rivest –128-bit output –No known attacks have been proved to break MD5 (yet) SHA-1 (Secure Hash Algorithm) –A modified version of MD5 by NIST and NSA –160-bit output –Slower but more secure

15 Problem in Public-key Exchange: Man-in-the-middle Attack A B M my E=3 Intercepted and send ‘my E=5’ instead my E=7 my E=5 How to know the DS is really from A (or B)? How to know the DS is really from A (or B)? Timestamp to bind DS to a particular time Timestamp to bind DS to a particular time Need someone who is trusted by everyone Need someone who is trusted by everyone

16 RSA-based Digital Signature in Practice If a third party is needed to check m’s integrity, MD can be computed from c Since E is much smaller than D, signature verification is faster than signing Certificate(s) may accompany DS to prevent impersonation

17 Digital Certificate A signed document that binds the public key to the identity of a party The certifier’s public key is widely trusted Contains the user name, the user’s public key, and The validity date range Issuer name and its digital signature X.509 defines the structure of a digital certificate

18 Certification Authority (CA) A trusted agency that issues digital certificates Can issue digital certificates to individuals or organizations May be assisted by RA (registration authority) in interaction activities between CA and users

19 Certificate Creation Key generation (by users or by RA) Registration by using Certificate Signing Request (CSR) or PKCS #10 (Public key Cryptography Standard) User’s credential verification –Checks paper-based evidence (e.g. passport) –Checks Proof of Possession (POP) of D CA signs certificates with its private key

20 CA’s certificate verification Alice cannot verify B4’s nor A2’s certificates Both Alice and Bob can verify root CA Who signs root CA’s certificate? Root CA 2 nd level CA 3 rd level CA Alice Bob B1 B4 A2A1

21 Cross-certification Alice and Bob live in different countries = different root CAs Bob’s root CA is certified by Alice’s root CA Alice’s root CA can also be certified by Bob’s root CA

22 Certificate Revocation In case a private key is compromised or lost The user must immediately notify CA The public key is then added to Certificate Revocation List (CRL) The user may need to use a new private key to re-sign documents

23 Well-known CAs Baltimore (http://www.baltimore.com/)http://www.baltimore.com/ Entrust Technologies (http://www.entrust.com/)http://www.entrust.com/ RSA Security (http://www.rsasecurity.com/)http://www.rsasecurity.com/ VeriSign (http://www.verisign.com/)http://www.verisign.com/

24 Attacks on CAs Cryptanalytic attack on CA’s key pair –CAs use long keys that change regularly –Top-level CAs must use specially long keys What if a CA’s key is broken after it expires? –E.g. Forged will or other legal documents etc Impersonated CSR by –Forged evidence –Bribery

25 Key Agreement Protocol A.k.a. Key exchange protocol Used by multiple parties to agree on a secret key Allows a secure key sharing over a insecure medium e.g. Diffie-Hellman algorithm Public-key cryptography or digital envelope can also be used for key exchange

26 Diffie-Hellman Key Exchange: initial setup A.k.a. exponential key exchange Public values p and g (generator) where –p is prime and g ≤ p –For every n between 1 and p-1, there are g and k such that n = g k mod p

27 Diffie-Hellman Key Exchange: Algorithm Alice and Bob generate random private values a and b (both are integers) A’s public value = g a mod p B’s public value = g b mod p Public values exchanged A computes g ab = (g b ) a mod p = k B computes g ab = (g a ) b mod p = k

28 Attacks on Diffie-Hellman Algorithm Man-in-the-middle !! Solution: –digital signature –authenticated Diffie-Hellman (STS: Station to Station protocol)

Download ppt "254542 Networks Management and Security Lecture 3."

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao

EEC-484/584 Computer Networks Lecture 16 Wenbing Zhao
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Similar presentations

Ads by Google