Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 6: Key Exchange The era of “electronic.

Published bySara Cole Modified over 9 years ago

Similar presentations

Presentation on theme: "David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 6: Key Exchange The era of “electronic."— Presentation transcript:

1 David Evans http://www.cs.virginia.edu/~evans CS551: Security and Privacy University of Virginia Computer Science Lecture 6: Key Exchange The era of “electronic mail” [Potter1977] may soon be upon us; we must ensure that two important properties of the current “paper mail” system are preserved: (a) messages are private, and (b) messages can be signed. R. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, January 1978. (The original RSA paper.)

2 30 Aug 2000University of Virginia CS 5512 Menu PS1 RC6 Proof Challenge (Vic Ludwig) Key Distribution (Greg Lamm) Diffie-Hellman Key Agreement Intro to Public-Key Cryptosystems Return PS1

3 30 Aug 2000University of Virginia CS 5513 PS1 Problem 2 –Process more interesting than answer Problem 4 –Even a “provably perfect” scheme breaks in practice –Bonus question: any 98 agents obtain no information any 99 agents can determine message key data O(100 * n)

4 30 Aug 2000University of Virginia CS 5514 RC6 Proof Vic Ludwig

5 U.S. Army Key Distribution Greg Lamm

6 30 Aug 2000University of Virginia CS 5516 Two Distribution Schemes –Physically –OTAR Three Types of Distributions –Initial (Staging Area) –Operating Procedures –Compromise (Equipment or Keys) A tactical network (voice/data) can have over 20 keys. – Key Types Transmission Encryption Key (TEK)-128 bit Key Encryption Key (KEK)-128 bit Key Distribution is Technology + People U.S. Army Distribution

7 DTAC 2BDE BSA 45 CSB DREAR DMAIN 1-62 ADA Staging Area Key Distribution Close Connectivity Static Environment Data/Voice Network Key Distributed – Physically Test OTAR

8 DTAC 2BDE BSA 45 CSB DREAR DMAIN 1-62 ADA Tactical Network Key Distribution Dispersed Connectivity Dynamic Environment Data/Voice Network Key Distributed – OTAR

9 30 Aug 2000University of Virginia CS 5519 DTAC NCS 1-27 SCOUTS 1-27 TOC 1-14 SCOUTS 1-14 TOC AVN TOC 2d BDE ALT NCS 2d BDE TOC 45 CSG MAIN DREAR 45 CSG FWD AVN FARP FM Key Distribution Dispersed Connectivity NCS issues key distribution by SOP

10 30 Aug 2000University of Virginia CS 55110 Key Distribution Problems NCS 1234567 ALT NCS TEK 1 damaged TEK 2 TEK 1 Multiple Key Distributors Issuing a second key at the staging area Good for compromise Bad if it is not the same (only testing TEK 1) Labeling Keys with name rather than code Key Training, Handling and Protection

11 30 Aug 2000University of Virginia CS 55111 Public-Key Cryptosystems

12 30 Aug 2000University of Virginia CS 55112 Public-Key Cryptosystems Distributing secret keys is hard and expensive Can two people communicate securely without having to meet first and establish a key?

13 30 Aug 2000University of Virginia CS 55113 Trust a Third Party Keys “R” Us knows K A, K B... Alice Bob E (“Bob”, K A ) E (K AB, K A ) E (K AB, K B ) E (M, K AB ) Generates random K AB E (“Alice” || K AB, K B )

14 30 Aug 2000University of Virginia CS 55114 Merkle’s Puzzles Ralph Merkle [1974] Alice generates 2 20 messages: “This is puzzle x. The secret is y.” ( x and y are random numbers) Encrypts each message using symmetric cipher with a different key. Sends all encrypted messages to Bob

15 30 Aug 2000University of Virginia CS 55115 Merkle’s Puzzles, cont. Bob chooses random message, performs brute-force attack to recover plaintext and key k Bob sends x (clear) to Alice Alice and Bob use k to encrypt messages

16 30 Aug 2000University of Virginia CS 55116 Is this secure? Alice: symmetric cipher DES ~2 55 expected brute force work to break DES Eve: has to break the 2 20 to find which one matches x. ~ 2 19 * 2 55 expected work Alice and Bob change keys frequently enough since it is less work to agree to a new key

17 30 Aug 2000University of Virginia CS 55117 Birth of Public Key Cryptosystems 1969 – ARPANet born: 4 sites –Whitfield Diffie starts thinking about strangers sending messages securely 1974 – Whitfield Diffie gives talk at IBM lab –Audience member mentions that Matrin Hellman (Stanford prof) had spoke about key distribution That night – Diffie starts driving 5000km to Palo Alto Diffie, Hellman and Ralph Merkle work on key distribution problem

18 30 Aug 2000University of Virginia CS 55118 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, “New Directions in Cryptography”, IEEE Transactions on Information Theory, November 1976.

19 30 Aug 2000University of Virginia CS 55119 Secret Paint Mixing Analogy due to Simon Singh, The Code Book. AliceBob Yellow paint (public) Alice’s Secret Color Bob’s Secret Color C A = Yellow + Purple C B = Yellow + Red K = Yellow + Red + Purple K = Yellow + Purple + Red Eve

20 30 Aug 2000University of Virginia CS 55120 Diffie-Hellman Key Agreement 1.Choose public numbers: q (large prime number),  (generator mod q ) 2.A generates random X A and sends B: Y A =  X A mod q. 3.B generates random X B and sends A: Y B =  X B mod q. 4.A calculates secret key: K = (Y B ) X A mod q. 5.B calculates secret key: K = (Y A ) X B mod q.

21 30 Aug 2000University of Virginia CS 55121 What’s a generator?  is a generator mod q if for all 0  n < q, there is some 1  m < q such that  m = n mod q Is m unique? –Yes: Proof by counting. Discrete logarithm: given , n, and q find 0  m < q such that  m = n mod q.

22 30 Aug 2000University of Virginia CS 55122 Example What is a generator for q = 11 ? 2 1  11 2 2 6 = 64  11 9 2 2  11 4 2 7 = 128  11 7 2 3  11 8 2 8 = 256  11 3 2 4 = 16  11 5 2 9 = 512  11 6 2 5 = 32  11 10 2 10 = 1024  11 1 If q is prime, there must be a generator.

23 30 Aug 2000University of Virginia CS 55123 Diffie-Hellman Example 1.Choose public numbers: q (large prime number),  (generator mod q ): q = 11,  = 2 2.A generates random X A and sends B: Y A =  X A mod q. X A = 4, Y A = 2 4 mod 11 = 16 mod 11 = 5 3.B generates random X B and sends A: Y B =  X B mod q. X B = 6, Y B = 2 6 mod 11 = 64 mod 11 = 9 Example from Tom Dunigan’s notes: http://www.cs.utk.edu/~dunigan/cs594-cns00/class14.html

24 30 Aug 2000University of Virginia CS 55124 Diffie-Hellman Example, cont. q = 11,  = 2 X A = 4, Y A = 5 X B = 6, Y B = 9 4.A calculates secret key: K = (Y B ) X A mod q. K = 9 4 mod 11 = 6561 mod 11 = 5. 5.B calculates secret key: K = (Y A ) X B mod q. K = 5 6 mod 11 = 15625 mod 11 = 5.

25 30 Aug 2000University of Virginia CS 55125 Is it magic? Things to Prove: 1.They generate the same keys: K = (Y B ) X A mod q = (Y A ) X B mod q 2.An eavesdropper cannot find K from any transmitted value: q, , Y A, Y B

26 30 Aug 2000University of Virginia CS 55126 1. Keys Agree Prove K = (Y B ) X A mod q = (Y A ) X B mod q. (Y B ) X A mod q(Y A ) X B mod q = (  X B mod q) X A mod q = (  X A mod q) X B mod q = (  X B ) X A mod q = (  X A ) X B mod q =  X B X A mod q =  X A X B mod q QED. Stallings: “by the rules of modular arithmetic”

27 30 Aug 2000University of Virginia CS 55127 Modular Exponentiation (a mod q) b mod q = a b mod q (7 mod 6) 2 mod 6 = 7 2 mod 6 1 2 mod 6 = 49 mod 6 Proof by example?

28 30 Aug 2000University of Virginia CS 55128 Modular Exponentiation First prove: (a * b) mod q = (a mod q) * (b mod q) mod q Then, by induction, (a mod q) b mod q = a b mod q since a b = a * a b-1 and a 1 = a.

29 30 Aug 2000University of Virginia CS 55129 Modular Arithmetic (a * b) mod n = x x + (n * d0) = a * b x = a * b – (n * d0) a mod n = y  y = a – (n * d1) b mod n = z  z = b – (n * d2) (a mod n) * (b mod n) mod n = (a – (n * d1)) * (b – (n * d2)) mod n = (a * b + (a * (n * d2) – b * (n * d1) + (n * d1)(n * d2)) mod n = a * b mod n (all terms with n * are 0 mod n )

30 30 Aug 2000University of Virginia CS 55130 2. Secure from Eavesdropper An eavesdropper cannot find K from any transmitted value: q, , Y A, Y B K = (Y B ) X A mod q = (Y A ) X B mod q To find K without X A or X B we need to find x and y such that (Y B ) x mod q = (Y A ) y mod q Finding discrete logarithms is (probably) hard! (More on this later...)

31 30 Aug 2000University of Virginia CS 55131 Diffie-Hellman Use SSL Cisco encrypting routers Sun secure RPC etc...

32 30 Aug 2000University of Virginia CS 55132 Public-Key Cryptography Same paper introduced concept of Public-Key Cryptography Private algorithm: E Public algorithm: D Identity: E (D (m)) = D (E (m)) = m Secure: cannot determine E from D But didn’t know how to find suitable E and D

33 30 Aug 2000University of Virginia CS 55133 Who really invented public-key cryptography? General Communications Headquarters, Cheltenham (formed from Bletchley Park after WWII) 1969 – James Ellis asked to work on key distribution problem Secure telephone conversations by adding “noise” to line Late 1969 – idea for PK, but function

34 30 Aug 2000University of Virginia CS 55134 RSA & Diffie-Hellman Asks Clifford Cocks, Cambridge mathematics graduate, for help He discovers RSA (four years early) Then (with Malcolm Williamson) discovered Diffie-Hellman Kept secret until 1997! NSA claims they had it even earlier

35 30 Aug 2000University of Virginia CS 55135 Charge Next time: –Rivest, Shamir, Adelman: First solution to finding suitable E and D Identity: E (D (m)) = D (E (m)) = m Secure: cannot determine E from D Read the paper! –Go somewhere appropriate –Identify 2 questionable statements in the paper

Download ppt "David Evans CS551: Security and Privacy University of Virginia Computer Science Lecture 6: Key Exchange The era of “electronic."

Similar presentations

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
[[ NET-CENTRIC CAPABILITIES TURBULENCE TECHNICAL OVERVIEW : AUGUST 2007 ]] MATH CAREERS AT NATIONAL SECURITY AGENCY Jill Calhoun May 2010.

[[ NET-CENTRIC CAPABILITIES TURBULENCE TECHNICAL OVERVIEW : AUGUST 2007 ]] MATH CAREERS AT NATIONAL SECURITY AGENCY Jill Calhoun May 2010.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Similar presentations

Ads by Google