SlideShare a Scribd company logo

Cryptography al-hamadi111

Download as PPT, PDF
S
sukhalalton
1 of 26
Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009 CS5204 – Fall 2009 1
Cryptographic Security Security Goals  Consider the following security risks that could face two communicating entities in an unprotected environment: (1) m A B C •C could view the secret message by eavesdropping on the communication. Loss of privacy/confidentiality CS 5204 – Fall 2009 2
Cryptographic Security (2) A m B C C could alter/corrupt the message, or the message could change while in transit. If B does not detect this, then we have Loss of Integrity (3) Or it could send a massage to B pretending to be A A B m C If B cannot verify the source entity of the information then we lack authentication CS 5204 – Fall 2009 3
Cryptographic Security (4) A m B A might repudiate having sent m to B Hence, some possible goals for communication: • Privacy/confidentiality - information not disclosed to unauthorized entities • Integrity - information not altered deliberately or accidentally • Authentication - validation of identity of source of information • Non-repudiation – Sender should not be able to deny sending a message CS 5204 – Fall 2009 4
Cryptographic Security What is Cryptography  Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, authentication, and non-repudiation. CS 5204 – Fall 2009 5
Cryptographic Security What is a cryptographic system composed of? Sender Receiver C P (encryption) (decryption) P (encryption key) (decryption key)  Plaintext: original message or data (also called cleartext)  Encryption: transforming the plaintext, under the control of the key  Ciphertext: encrypted plaintext  Decryption: transforming the ciphertext back to the original plaintext  Cryptographic key: used with an algorithm to determine the transformation from plaintext to ciphertext, and v.v. CS 5204 – Fall 2009 6
Cryptographic Security Attack classification Ciphertext Alone attack: The attacker has available only the intercepted cryptogram C. From C , try to find P or (even better) the key. P (encryption) C (key) CS 5204 – Fall 2009 7
Cryptographic Security Attack classification Known Plaintext attack: The attacker knows a small amount of plaintext (Pi) and its ciphertext Equivalent (Ci). Attacker tries to find key or to infer Pi+1 (next plaintext) Ci Pi (encryption) Pi+1 Ci+1 (key) CS 5204 – Fall 2009 8
Cryptographic Security Attack classification Chosen Plaintext attack: The attacker can choose plaintext (Pi) and obtain its ciphertext (Ci). A careful selection of (Pi) would give a pair of (Pi, Ci) good for analyzing Enc. Alg. + key and in finding Pi+1 (next plaintext of sender) Ci Pi (encryption) Pi+1 Ci+1 (key) CS 5204 – Fall 2009 9
Cryptographic Security Forms of Cryptosystems • Private Key (symmetric) : A single key (K) is used for both encryption and decryption and must be kept secret. Key distribution problem ­ a secure channel is needed to transmit the key before secure communication can take place over an unsecure channel. Sender Receiver C M (encryption) (decryption) M (K) (K) EK(M) = C D K(C) = M CS 5204 – Fall 2009 10
Cryptographic Security Forms of Cryptosystems • Public Key (asymmetric): • The encryption procedure (key) is public while the decryption procedure (key) is private. • Each participant has a public key and a private key. • May allow for both encryption of messages and creation of digital signatures.
Cryptographic Security Forms of Cryptosystems • Public Key (asymmetric): Requirements: 1. For every message M, encrypting with public key and then decrypting resulting ciphertext with matching private key results in M. 2. Encryption and Decryption can be efficiently applied to M 3. It is impractical to derive decryption key from encryption key. Sender Receiver C M (encryption) (decryption) M (public key (private key of Receiver) of Receiver) CS 5204 – Fall 2009 12
Cryptographic Security Combining Public/Private Key Systems Public key encryption is more expensive than symmetric key encryption For efficiency, combine the two approaches (1) A (2) B (1) Use public key encryption for authentication; once authenticated, transfer a shared secret symmetric key (2) Use symmetric key for encrypting subsequent data transmissions CS 5204 – Fall 2009 13
Cryptographic Security Rivest­Shamir­Adelman (RSA) Method  Named after the designers: Rivest, Shamir, and Adleman  Public­key cryptosystem and digital signature scheme.  Based on difficulty of factoring large integers  For large primes p & q, n = pq  Public key e and private key d calculated CS 5204 – Fall 2009 14
Cryptographic Security RSA Key Generation Every participant must generate a Public and Private key: 1. Let p and q be large prime numbers, randomly chosen from the set of all large prime numbers. 2. Compute n = pq. 3. Choose any large integer, d, so that: GCD( d, ϕ(n)) = 1 (where ϕ(n) = (p­1)(q­1) ) 4. Compute e = d­1 (mod ϕ(n)). 5. Publish n and e. Keep p, q and d secret. Note: •Step 4 can be written as: Find e so that: e x d = 1 (modulo ϕ(n)) •If we can obtain p and q, and we have (n, e), we can find d CS 5204 – Fall 2009 15
Cryptographic Security Rivest­Shamir­Adelman (RSA) Method Assume A wants to send something confidentially to B: • A takes M, computes C = Me mod n, where (e, n) is B’s public key. Sends C to B • B takes C, finds M = Cd mod n, where (d, n) is B’s private key + Confidentiality A B M Me mod n C Cd mod n M (e, n) (d, n) Encryption Key for user B Decryption Key for user B (B’s Public Key) (B’s PrivateKey) CS 5204 – Fall 2009 16
Cryptographic Security RSA Method Example: 1. p = 5, q = 11 and n = 55. (p­1)x(q­1) = 4 x 10 = 40 2. A valid d is 23 since GCD(40, 23) = 1 3. Then e = 7 since: 23 x 7 = 161 modulo 40 = 1 in other words e = 23-1 (mod 40) = 7 CS 5204 – Fall 2009 17
Cryptographic Security Digital Signatures Based on RSA In RSA algorithm the encryption and decryption operations are commutative: ( me ) d = ( md ) e = m We can use this property to create a digital signature with RSA. CS 5204 – Fall 2009 18
Cryptographic Security Digital Signatures (Public Key) Public Key System: sender, A: (EA : public, DA : private) receiver, B: (EB : public, DB : private) A signs the message m using its private key, the result is then encrypted with B’s public key, and the resulting ciphertext is sent to B: C= EB (DA (M)) B receives ciphertext C decrypts it using its private key The result is then encrypted with the senders public key (A’s public key) and the message m is retreived M = EA (DB (C)) CS 5204 – Fall 2009 19
Cryptographic Security Hashing A one­way hash function h is a public function h (which should be simple and fast to compute) that satisfies three properties: 1.A message m of arbitrary length must be able to be converted into a message digest h(m) of fixed length. 2.It must be one­way, that is given y = h(m) it must be computationally infeasible to find m. 3.It must be collision free, that is it should be computationally infeasible to find m1 and m2 such that h(m1) = h(m2). Examples: MD5 , SHA-1 CS 5204 – Fall 2009 20
Cryptographic Security Hash Function Hash Function …M… H (M) H Message of arbitrary length Fixed length output CS 5204 – Fall 2009 21
Cryptographic Security Producing Digital Signatures Step 1: A produces a one-way hash of the message. Step 2: A encrypts the hash value with its private key, forming the signature. Step 3: A sends the message and the signature to B. A’s private key Hash Encryption Function H(M) Algorithm Sig A M message Digital Message digest Signature CS 5204 – Fall 2009 22
Cryptographic Security Verifying Digital Signature Step 4: B forms a one-way hash of the message. Step 5: B uses A’s public key to decrypt the signature and obtain the sent hash. Step 6: compare the computed and sent hashes Hash Function H(M’) M’ message digest H(M’) Message received Decryption Compare Sig A Algorithm H(M) Digital Signature received sender’s (A’s) public key CS 5204 – Fall 2009 23
Cryptographic Security Security of Digital Signatures If the hashes match then we have guaranteed the following: • Integrity: if m changed then the hashes would be different • Authenticity & Non-repudiation: A is who sent the hash, as we used A’s public key to reveal the contents of the signature A cannot deny signing this, nobody else has the private key. Satisfies the requirements of a Digital Signature If we wanted to further add confidentiality, then we would encrypt the sent m + signature such that only B could reveal the contents (encrypt with B’s public key) Possible problem: If signing modulus > encrypting modulus -> Reblocking Problem CS 5204 – Fall 2009 24
Cryptographic Security Secure Communication (Public Key) Handshaking IA, IB are “nonces” nonces can be included in each subsequent message PKB: public key of B; PKA: public key of A; EPKB, (IA, A) EPKA (IA, IB) A B EPKB (IB) If B sees the same nonce at EPKB (IB) a later time, then it should C suspect a replay attack. CS 5204 – Fall 2009 25
Cryptographic Security Questions? CS 5204 – Fall 2009 26

Recommended

Ao318992
Ao318992Ao318992
Ao318992
IJMER
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem
Gyanmanjari Institute Of Technology
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writing
tahirilyas92
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
Duy Do Phan
 
Cryptology - Antônio Lacerda
Cryptology - Antônio LacerdaCryptology - Antônio Lacerda
Cryptology - Antônio Lacerda
Rodrigo Almeida
 
Presentation on Cryptography
Presentation on CryptographyPresentation on Cryptography
Presentation on Cryptography
Karan Jaiswal
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
harpoo123143
 

Recommended

Ao318992
Ao318992Ao318992
Ao318992
IJMER
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem
Gyanmanjari Institute Of Technology
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writing
tahirilyas92
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
Duy Do Phan
 
Cryptology - Antônio Lacerda
Cryptology - Antônio LacerdaCryptology - Antônio Lacerda
Cryptology - Antônio Lacerda
Rodrigo Almeida
 
Presentation on Cryptography
Presentation on CryptographyPresentation on Cryptography
Presentation on Cryptography
Karan Jaiswal
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
harpoo123143
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
lakshmansoft7
 
Cryptography
Cryptography Cryptography
Cryptography
أحلام انصارى
 
Basic techniques in cryptography
Basic techniques in cryptographyBasic techniques in cryptography
Basic techniques in cryptography
Shraddha Gupta
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
Saif Kassim
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
Dr.Florence Dayana
 
Cryptography
CryptographyCryptography
Cryptography
Sagar Janagonda
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementation
Akash Jadhav
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
Arun ACE
 
Cryptography
CryptographyCryptography
Cryptography
Abhi Prithi
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric key
Rajat Tripathi
 
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEYMETHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
IJNSA Journal
 
SIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURE
SIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURESIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURE
SIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURE
ijp2p
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
OECLIB Odisha Electronics Control Library
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
shraddha mane
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
Ali Habeeb
 
My cryptography
My cryptographyMy cryptography
My cryptography
NAVYA RAO
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
CAS
 
Deniable Encryption Key
Deniable Encryption KeyDeniable Encryption Key
Deniable Encryption Key
IOSR Journals
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
Rutvik Mehta
 
Cryptography
CryptographyCryptography
Cryptography
LaibaRehman3
 
Secure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted SignaturesSecure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted Signatures
Satoshi Hada
 

More Related Content

What's hot

METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEYMETHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
IJNSA Journal
 

What's hot (20)

computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
 
Cryptography
Cryptography Cryptography
Cryptography
 
Basic techniques in cryptography
Basic techniques in cryptographyBasic techniques in cryptography
Basic techniques in cryptography
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
Cryptography
CryptographyCryptography
Cryptography
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementation
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric key
 
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEYMETHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
METHODS TOWARD ENHANCING RSA ALGORITHM : A SURVEY
 
SIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURE
SIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURESIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURE
SIGNCRYPTION SCHEME BASED ON SCHNORR DIGITAL SIGNATURE
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Iss lecture 2
Iss lecture 2Iss lecture 2
Iss lecture 2
 
My cryptography
My cryptographyMy cryptography
My cryptography
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
Deniable Encryption Key
Deniable Encryption KeyDeniable Encryption Key
Deniable Encryption Key
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 

Similar to Cryptography al-hamadi111

Cryptography
CryptographyCryptography
Cryptography
LaibaRehman3
 
CSE CRYPTOGRAPHY ppt - Copy.pptx
CSE CRYPTOGRAPHY ppt - Copy.pptxCSE CRYPTOGRAPHY ppt - Copy.pptx
CSE CRYPTOGRAPHY ppt - Copy.pptx
KuntalSasmal1
 
CNS 3RD UNIT PPT.pptx
CNS 3RD UNIT PPT.pptxCNS 3RD UNIT PPT.pptx
CNS 3RD UNIT PPT.pptx
pjeraids
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
vinitajain703
 

Similar to Cryptography al-hamadi111 (20)

Cryptography
CryptographyCryptography
Cryptography
 
Secure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted SignaturesSecure Obfuscation for Encrypted Signatures
Secure Obfuscation for Encrypted Signatures
 
encryption and decryption
encryption and decryptionencryption and decryption
encryption and decryption
 
Encryption and Key Distribution Methods
Encryption and Key Distribution MethodsEncryption and Key Distribution Methods
Encryption and Key Distribution Methods
 
cyber security-2.pptx
cyber security-2.pptxcyber security-2.pptx
cyber security-2.pptx
 
Securing Text Messages Application Using MED
Securing Text Messages Application Using MEDSecuring Text Messages Application Using MED
Securing Text Messages Application Using MED
 
CSE CRYPTOGRAPHY ppt - Copy.pptx
CSE CRYPTOGRAPHY ppt - Copy.pptxCSE CRYPTOGRAPHY ppt - Copy.pptx
CSE CRYPTOGRAPHY ppt - Copy.pptx
 
CRYPTOGRAPHY-PAYAL CHOPRA.ppt
CRYPTOGRAPHY-PAYAL CHOPRA.pptCRYPTOGRAPHY-PAYAL CHOPRA.ppt
CRYPTOGRAPHY-PAYAL CHOPRA.ppt
 
Ch7 2ed
Ch7 2edCh7 2ed
Ch7 2ed
 
Cryptography by gaurav singh
Cryptography by gaurav singhCryptography by gaurav singh
Cryptography by gaurav singh
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Network security
Network securityNetwork security
Network security
 
CNS 3RD UNIT PPT.pptx
CNS 3RD UNIT PPT.pptxCNS 3RD UNIT PPT.pptx
CNS 3RD UNIT PPT.pptx
 
Number Theory 5 Sem.pptx
Number Theory 5 Sem.pptxNumber Theory 5 Sem.pptx
Number Theory 5 Sem.pptx
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
 
Presentationon ON THE TOPIC CRYPTOGRAPHY
Presentationon ON THE TOPIC CRYPTOGRAPHYPresentationon ON THE TOPIC CRYPTOGRAPHY
Presentationon ON THE TOPIC CRYPTOGRAPHY
 
cryptography
cryptographycryptography
cryptography
 
Group 6
Group 6Group 6
Group 6
 
Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]
 

Cryptography al-hamadi111

  • 1. Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009 CS5204 – Fall 2009 1
  • 2. Cryptographic Security Security Goals  Consider the following security risks that could face two communicating entities in an unprotected environment: (1) m A B C •C could view the secret message by eavesdropping on the communication. Loss of privacy/confidentiality CS 5204 – Fall 2009 2
  • 3. Cryptographic Security (2) A m B C C could alter/corrupt the message, or the message could change while in transit. If B does not detect this, then we have Loss of Integrity (3) Or it could send a massage to B pretending to be A A B m C If B cannot verify the source entity of the information then we lack authentication CS 5204 – Fall 2009 3
  • 4. Cryptographic Security (4) A m B A might repudiate having sent m to B Hence, some possible goals for communication: • Privacy/confidentiality - information not disclosed to unauthorized entities • Integrity - information not altered deliberately or accidentally • Authentication - validation of identity of source of information • Non-repudiation – Sender should not be able to deny sending a message CS 5204 – Fall 2009 4
  • 5. Cryptographic Security What is Cryptography  Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, authentication, and non-repudiation. CS 5204 – Fall 2009 5
  • 6. Cryptographic Security What is a cryptographic system composed of? Sender Receiver C P (encryption) (decryption) P (encryption key) (decryption key)  Plaintext: original message or data (also called cleartext)  Encryption: transforming the plaintext, under the control of the key  Ciphertext: encrypted plaintext  Decryption: transforming the ciphertext back to the original plaintext  Cryptographic key: used with an algorithm to determine the transformation from plaintext to ciphertext, and v.v. CS 5204 – Fall 2009 6
  • 7. Cryptographic Security Attack classification Ciphertext Alone attack: The attacker has available only the intercepted cryptogram C. From C , try to find P or (even better) the key. P (encryption) C (key) CS 5204 – Fall 2009 7
  • 8. Cryptographic Security Attack classification Known Plaintext attack: The attacker knows a small amount of plaintext (Pi) and its ciphertext Equivalent (Ci). Attacker tries to find key or to infer Pi+1 (next plaintext) Ci Pi (encryption) Pi+1 Ci+1 (key) CS 5204 – Fall 2009 8
  • 9. Cryptographic Security Attack classification Chosen Plaintext attack: The attacker can choose plaintext (Pi) and obtain its ciphertext (Ci). A careful selection of (Pi) would give a pair of (Pi, Ci) good for analyzing Enc. Alg. + key and in finding Pi+1 (next plaintext of sender) Ci Pi (encryption) Pi+1 Ci+1 (key) CS 5204 – Fall 2009 9
  • 10. Cryptographic Security Forms of Cryptosystems • Private Key (symmetric) : A single key (K) is used for both encryption and decryption and must be kept secret. Key distribution problem ­ a secure channel is needed to transmit the key before secure communication can take place over an unsecure channel. Sender Receiver C M (encryption) (decryption) M (K) (K) EK(M) = C D K(C) = M CS 5204 – Fall 2009 10
  • 11. Cryptographic Security Forms of Cryptosystems • Public Key (asymmetric): • The encryption procedure (key) is public while the decryption procedure (key) is private. • Each participant has a public key and a private key. • May allow for both encryption of messages and creation of digital signatures.
  • 12. Cryptographic Security Forms of Cryptosystems • Public Key (asymmetric): Requirements: 1. For every message M, encrypting with public key and then decrypting resulting ciphertext with matching private key results in M. 2. Encryption and Decryption can be efficiently applied to M 3. It is impractical to derive decryption key from encryption key. Sender Receiver C M (encryption) (decryption) M (public key (private key of Receiver) of Receiver) CS 5204 – Fall 2009 12
  • 13. Cryptographic Security Combining Public/Private Key Systems Public key encryption is more expensive than symmetric key encryption For efficiency, combine the two approaches (1) A (2) B (1) Use public key encryption for authentication; once authenticated, transfer a shared secret symmetric key (2) Use symmetric key for encrypting subsequent data transmissions CS 5204 – Fall 2009 13
  • 14. Cryptographic Security Rivest­Shamir­Adelman (RSA) Method  Named after the designers: Rivest, Shamir, and Adleman  Public­key cryptosystem and digital signature scheme.  Based on difficulty of factoring large integers  For large primes p & q, n = pq  Public key e and private key d calculated CS 5204 – Fall 2009 14
  • 15. Cryptographic Security RSA Key Generation Every participant must generate a Public and Private key: 1. Let p and q be large prime numbers, randomly chosen from the set of all large prime numbers. 2. Compute n = pq. 3. Choose any large integer, d, so that: GCD( d, ϕ(n)) = 1 (where ϕ(n) = (p­1)(q­1) ) 4. Compute e = d­1 (mod ϕ(n)). 5. Publish n and e. Keep p, q and d secret. Note: •Step 4 can be written as: Find e so that: e x d = 1 (modulo ϕ(n)) •If we can obtain p and q, and we have (n, e), we can find d CS 5204 – Fall 2009 15
  • 16. Cryptographic Security Rivest­Shamir­Adelman (RSA) Method Assume A wants to send something confidentially to B: • A takes M, computes C = Me mod n, where (e, n) is B’s public key. Sends C to B • B takes C, finds M = Cd mod n, where (d, n) is B’s private key + Confidentiality A B M Me mod n C Cd mod n M (e, n) (d, n) Encryption Key for user B Decryption Key for user B (B’s Public Key) (B’s PrivateKey) CS 5204 – Fall 2009 16
  • 17. Cryptographic Security RSA Method Example: 1. p = 5, q = 11 and n = 55. (p­1)x(q­1) = 4 x 10 = 40 2. A valid d is 23 since GCD(40, 23) = 1 3. Then e = 7 since: 23 x 7 = 161 modulo 40 = 1 in other words e = 23-1 (mod 40) = 7 CS 5204 – Fall 2009 17
  • 18. Cryptographic Security Digital Signatures Based on RSA In RSA algorithm the encryption and decryption operations are commutative: ( me ) d = ( md ) e = m We can use this property to create a digital signature with RSA. CS 5204 – Fall 2009 18
  • 19. Cryptographic Security Digital Signatures (Public Key) Public Key System: sender, A: (EA : public, DA : private) receiver, B: (EB : public, DB : private) A signs the message m using its private key, the result is then encrypted with B’s public key, and the resulting ciphertext is sent to B: C= EB (DA (M)) B receives ciphertext C decrypts it using its private key The result is then encrypted with the senders public key (A’s public key) and the message m is retreived M = EA (DB (C)) CS 5204 – Fall 2009 19
  • 20. Cryptographic Security Hashing A one­way hash function h is a public function h (which should be simple and fast to compute) that satisfies three properties: 1.A message m of arbitrary length must be able to be converted into a message digest h(m) of fixed length. 2.It must be one­way, that is given y = h(m) it must be computationally infeasible to find m. 3.It must be collision free, that is it should be computationally infeasible to find m1 and m2 such that h(m1) = h(m2). Examples: MD5 , SHA-1 CS 5204 – Fall 2009 20
  • 21. Cryptographic Security Hash Function Hash Function …M… H (M) H Message of arbitrary length Fixed length output CS 5204 – Fall 2009 21
  • 22. Cryptographic Security Producing Digital Signatures Step 1: A produces a one-way hash of the message. Step 2: A encrypts the hash value with its private key, forming the signature. Step 3: A sends the message and the signature to B. A’s private key Hash Encryption Function H(M) Algorithm Sig A M message Digital Message digest Signature CS 5204 – Fall 2009 22
  • 23. Cryptographic Security Verifying Digital Signature Step 4: B forms a one-way hash of the message. Step 5: B uses A’s public key to decrypt the signature and obtain the sent hash. Step 6: compare the computed and sent hashes Hash Function H(M’) M’ message digest H(M’) Message received Decryption Compare Sig A Algorithm H(M) Digital Signature received sender’s (A’s) public key CS 5204 – Fall 2009 23
  • 24. Cryptographic Security Security of Digital Signatures If the hashes match then we have guaranteed the following: • Integrity: if m changed then the hashes would be different • Authenticity & Non-repudiation: A is who sent the hash, as we used A’s public key to reveal the contents of the signature A cannot deny signing this, nobody else has the private key. Satisfies the requirements of a Digital Signature If we wanted to further add confidentiality, then we would encrypt the sent m + signature such that only B could reveal the contents (encrypt with B’s public key) Possible problem: If signing modulus > encrypting modulus -> Reblocking Problem CS 5204 – Fall 2009 24
  • 25. Cryptographic Security Secure Communication (Public Key) Handshaking IA, IB are “nonces” nonces can be included in each subsequent message PKB: public key of B; PKA: public key of A; EPKB, (IA, A) EPKA (IA, IB) A B EPKB (IB) If B sees the same nonce at EPKB (IB) a later time, then it should C suspect a replay attack. CS 5204 – Fall 2009 25
  • 26. Cryptographic Security Questions? CS 5204 – Fall 2009 26