Presentation is loading. Please wait.

Presentation is loading. Please wait.

Q: How do Ole and Lena get a shared private key? 1) Lena  LockmasterE keyLena ( ID Lena || ID Ole ) Example (Suppose Lena wants a key to shared with Ole.)

Published byJonathan Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "Q: How do Ole and Lena get a shared private key? 1) Lena  LockmasterE keyLena ( ID Lena || ID Ole ) Example (Suppose Lena wants a key to shared with Ole.)"— Presentation transcript:

1 Q: How do Ole and Lena get a shared private key? 1) Lena  LockmasterE keyLena ( ID Lena || ID Ole ) Example (Suppose Lena wants a key to shared with Ole.) Needham-Schroeder Protocol (1978) A: Generally, they need a trusted third party and a secure protocol. 2) Lockmaster  LenaE keyLena ( newkey || E keyOle (newkey) ) 3) Lena  OleE keyOle (newkey) 1) Lena  LockmasterID Lena || ID Ole || nonce 1 2) Lockmaster  LenaE keyLena (ID Lena || ID Ole || nonce 1 || newkey || E keyOle (ID Lena || newkey)) 3) Lena  OleE keyOle (ID Lena || newkey) 4) Ole  LenaE newkey ( nonce 2 ) 5) Lena  OleE newkey ( nonce 2 - 1 )

2 Assume that a hacker has managed to crack an old key and replays Step 3. This protocol uses time stamps to avoid the problem. Denning-Sacco Protocal Otway-Rees Protocol (a solution without time stamps) 1) Lena  Ole num || ID Lena || ID Ole || E keyLena (nonce 1 || num || ID Lena || ID Ole ) 2) Ole  Lockmasternum || ID Lena || ID Ole || E keyLena (nonce 1 || num || ID Lena || ID Ole ) || E keyOle (nonce 2 || num || ID Lena || ID Ole ) 3) Lockmaster  Olenum || E keyLena (nonce 1 || newkey) || E keyOle (nonce 2 || newkey) 4) Ole  Lenanum || E keyLena (nonce 1 || newkey) However, time stamps depend upon clock synchronization. Simple Public Key Protocol 1) Lena  Ole E keyOlePub ( E keyLenaPriv (newkey) )

3 This algorithm was first published in 1976 in the same paper as public-key encryption. To select key Select a prime number q. Select integer  so that  is a primitive root of q.. (Note to be a primitive root means that (  1 mod q), (  2 mod q),... (  q-1 mod q) form some permutation of the integers 1, 2,..., (q-1) Select Publicly-known q &  User A selects a secret integer XA such that 1 ≤ XA < q User A calculates a public value Y A =  XA mod q User B calculates a public value Y B =  XB mod q User B selects a secret integer XB such that 1 ≤ XB < q The key is (Y A ) XB mod q = (Y B ) XA mod q

4 Select passwords Select a prime number q = 7 Select  = 3.. (Note the primitive root property from (  k mod q) for 1 ≤ k ≤ q-1 3 1 = 3, 3 2 = 9, 3 3 = 27, 3 4 = 81, 3 5 = 243, 3 6 = 729 mod 7... Example (with artificially small numbers) Ole selects a secret integer X Ole = 5 Ole calculates a public value Y Ole = 3 5 mod 7 = ______ Lena calculates a public value Y Lena = 3 3 mod 7 = _______ Lena selects a secret integer X Lena = 3 Ole calculates the key (Y Lena ) XOle mod q = (6) 5 mod 7 = 7776 mod 7 = ______ Lena calculates the key (Y Ole ) XLena mod q = (5) 3 mod 7 = 125 mod 7 = ______

5 In order to provide non-repudiation it is common to include a digital signature in public key transmission. RSA approach plaintext ciphertext encryption keyOlePub plaintext sig encryption keyLenaPriv ciphertext plaintext sig decryption keyOlePriv compare from Lena to Ole

6 The DSS/A approach uses the El Gamal algorithm. This algorithm provides keys and generates/checks signatures. Generate Digital Signature Select a prime number p. Select g and d so that 1 ≤ g, d < p. Calculate y = g d mod p public key: (y, g, p) private key: (d) Verify the Digital Signature The signature is checked as follows: (y a a b ) mod p = g Hash(message) mod p Select Key Select k that is relatively prime to (p - 1). Calculate a = g k mod p digital signature: (a, b) Find b so that Hash(message) = (da + kb) mod (p - 1)

Download ppt "Q: How do Ole and Lena get a shared private key? 1) Lena  LockmasterE keyLena ( ID Lena || ID Ole ) Example (Suppose Lena wants a key to shared with Ole.)"

Similar presentations

Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu.

Asymmetric Digital Signatures And Key Exchange Prof. Ravi Sandhu.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.

1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Chapter 3 Encryption Algorithms & Systems (Part C)

Chapter 3 Encryption Algorithms & Systems (Part C)
Chapter 3 Encryption Algorithms & Systems (Part B)

Chapter 3 Encryption Algorithms & Systems (Part B)
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Similar presentations

Ads by Google