200 likes | 368 Views
IT 221: Introduction to Information Security Principles. Lecture 4: Public-Key Cryptography For Educational Purposes Only Revised: September 15, 2002. Context and Questions. Context:
E N D
IT 221:Introduction to Information Security Principles Lecture 4: Public-Key Cryptography For Educational Purposes Only Revised: September 15, 2002
Context and Questions • Context: • “Tokyo at Rush hour, circa 2012: your automated car whisks you off to Narita airport, steering itself through bustling traffic. You’re free to work. Push a button on your watch, and an image of your firm’s mining operation in Indonesia springs to life in 3-D. You ask the digital assistant in your watch how current fluctuations might affect the mining investment, and a female voice reads the results out load.…As you arrive Narita, your car announces that the flight is delayed. Care to rebook?” [3] • Questions: • What some of the security and privacy implications with the potential ubiquity of (and access to) personalized data?
Chapter 6 Outline • Chapter 6: • Context and Overview • History • Misconceptions • High-Level Principles • Categories of Public-keys • Encryption with Public-keys • Authentication with Public-keys • Ensuring Both Encryption and Authentication • RSA History • RSA Key Generation Algorithm • RSA Key Generation Example • RSA versus DES • Diffie-Hellman History • Diffie-Hellman Key Exchange • Key Management • Resources
Context and Overview • Context: • The cryptographic systems and algorithms covered in Chapters 1-5 are fundamentally based on substitution and permutation. [2] • Inherent key distribution problem with Secret Key systems: • Necessary to share the secret key between Sender and Receiver • Comm. with n different parties requires n different keys • Public-key Cryptography Overview: • Public-key cryptography represents a radical departure from substitution and permutation based methods. [2] • Given a reliable transmission channel, Public-key systems solve the key distribution problem of using secret-key.
History • History [4]: • Concept conceived by Diffie and Hellman in 1976 • Rivest, Shamir and Adleman (RSA) were first to describe a Public-key cryptosystem in 1978. • Merkle and Hellman published an alternative solution in 1978. • Serious contenders today available in the public domain: • RSA • El Gamal
Misconceptions • Misconceptions [2]: • More secure from cryptanalysis than is conventional encryption. • General purpose technique that has made conventional encryption obsolete. • Key distribution is trivial compared to ‘handshaking’ involved with the Key Distribution of conventional encryption methods.
High-Level Principles • High-Level Principles: • Based on the infeasibility to determine the decryption key (i.e. the Receiver’s Private Key), given knowledge of the following: [2] • Receiver’s Public Key • Chosen Plaintext • Possibly chosen ciphertext • Some algorithms, such as RSA, exhibit the following attribute: [2] - Either of the two related keys can be used for encryption, with the other used for decryption.
Categories of Public-keys • Three Categories: • Encryption/Decryption: Sender encrypts a message with the recipient’s public key. • Digital Signature: Sender ”signs” a message with its private key. • Key Exchange: Two sides cooperate two exhange a session key.
Encryption with Public-keys • Encryption Process [2]: • (1)Each end system in a network generates a pair of keys to be used for encryption and decryption of messages that it will receive. • (2)Each system publishes its encryption key by placing it in a public register or file. This is the Public-key. The companion key is kept private. • (3)If Bob wishes to send Alice, he encrypts the message using Alice’s Public-key. • (4)When Alice receives the message, she decrypts it using her Private-key. No other receiver can decrypt the message.
Authentication with Public-keys • Authentication Process [2]: • (1)Bob prepares a message to Alice and encrypts the message using his private key. • (2)Alice decrypts Bob’s message by using his Public-key. • (3)Since the message was encrypted using the sender’s private key, only the sender could have sent this message.
Ensuring Both Encryption and Authentication • Question: • Given the two preceding processes, how are you able to ensure for both Encryption and Authentication? • Solution: • Encrypt first, followed by the signature. Signature first has the advantage that the signature can be verified by parties other than the Recipient.
RSA History • RSA History [2]: • Scheme developed by Rivest, Shamir, and Adleman • Block cipher in which the Plaintext and Ciphertext are integers between 0 and n –1 for some n. • Plaintext is encrypted in blocks, with each block having a binary value less than some number n, i.e. The block size must be less than or equal to log2(n).
RSA Key Generation Algorithm • RSA Algorithm [2/4]: • Chose 2 large prime numbers p,q • Compute n = p x q • Select integer e relatively prime to (p –1) * (q –1) • Calculate d such that e*d = 1mod(p-1)*(q-1) • Publish Public Key {e,n} • Keep Private Key {d,n}
RSA Key Generation Example • RSA Algorithm [4]: • Chose 2 large prime numbers p,q p = 47, q = 71 • Compute n = p x q n = p*q = 3337 • Select integer e relatively prime to (p –1) * (q –1) (47-1) * (71-1) = 46*70 = 3220 • Calculate d such that e*d = 1mod(p-1)*(q-1) 79^-1mod3220 = 1019 • Publish Public Key {e,n} (3337, 79) • Keep Private Key {d,n} • (3337, 1019)
RSA versus DES • RSA versus DES [4]: • Speed of Implementation: • - RSA: Encypts in kilobits/second • DES: Encypts in megabits/second • Key Size: • - RSA: Selected by user • - DES: 64 bits (56 bits plus 8 parity bits) • Often proposed that RSA be used for secure exchange of DES keys.
Diffie-Hellman History • RSA History [4]: • Proposed in 1976, and is the first public key algorithm (predates RSA) • Purpose of the algorithm is to enable two users to exchange a key securely over a potentially insecure channel. • Limited to the exchange of keys, I.e. can not be used for en-/de-cryption.
Diffie-Hellman Key Exchange • Diffie-Hellman [4]: • Alice and Bob want to agree upon a key • They agree on 2 large integers n and g such that 1 < g < n • Alice chooses random x, computes X = g^xmod n and sends it to Bob. • Bob chooses random y, computes Y = g^y mod n, and sends it to Alice. • Alice computes k = Y^x mod n • Bob computes k’ = X^y mod n • If someone is eavesdropping, the intrudder knows n, g, X and Y but not x and y.
Key Management • Several Schemes for Distributing Keys [2]: • Public Announcement of Public Keys • Publicly Available Directory • Public-Key Authority • Public-Key Certificates
Resources • [1] Pfleeger, Charles. Security In Computing, Prentice Hall, 1997. Chapter 4. • [2] Stallings, William. Cryptography and Network Security, Prentice Hall, 1999. Chapter 4-5 • [3] Foroohar, Rana. “A New Way to Compute”. Time Magazine, September 16, 2002. Pp 34J-O. • [4] Jajodia, Dr. Sushil. “Cryptography and Its Applications”. Lecture, 1999.