1 / 146

Computer and Information Security

Computer and Information Security. Chapter 4 Public Key Cryptography . Chapter 4: Public Key Cryptography. You should not live one way in private, another in public.  Publilius Syrus. Three may keep a secret, if two of them are dead.  Ben Franklin. Overview. Message Authentication

marci
Télécharger la présentation

Computer and Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer and Information Security Chapter 4 Public Key Cryptography Modified by SJF with slides from Stallings

  2. Chapter 4:Public Key Cryptography You should not live one way in private, another in public.  Publilius Syrus Three may keep a secret, if two of them are dead.  Ben Franklin Part 1  Cryptography 2

  3. Overview • Message Authentication • Secure Hash Functions and HMAC • Public-Key Cryptography Principles • Encryption • Decryption • Public-Key Cryptography Algorithms • Knapsack, RSA, ECC • Digital Signatures • Key Management

  4. Authentication • In addition to confidentiality, message authentication is an important security function • “A message, file, document or data is said to be authentic when it is genuine and came from its alleged source.” • Encryption prevents against passive attacks (eavesdropping) • Message Authentication prevents against active attacks or falsification.

  5. Message Authentication • Message authentication is concerned with: • protecting the integrity of a message • validating identity of originator • non-repudiation of origin (dispute resolution) • The three alternative functions used: • hash function • message encryption • message authentication code (MAC)

  6. Message Authentication • Requirements - must be able to verify that: 1. Message came from apparent source or author 2. Contents have not been altered 3. Timeliness – that it was sent at a certain time or sequence. • Protection against active attack (falsification of data and transactions)

  7. Approaches to Message Authentication • Authentication Using Conventional Encryption • Only the sender and receiver should share a key • Message Authentication without Message Encryption • An authentication tag is generated and appended to each message • Message Authentication Code • Calculate the MAC as a function of the message and the key. MAC= F(K, M)

  8. Message Authentication • Using Encryption • Assume only sender and receiver share a key • Then a correctly encrypted message should be from the sender • Usually also contains error-detection code, sequence number and time stamp • Encryption alone is not suitable for authentication. Blocks could have been reordered, changing meaning

  9. Message Authentication • Without Encryption No confidentiality is preferred when: • Same message is broadcast to many destinations • Heavy load and cannot decrypt all messages – some chosen at random • No danger in sending plaintext Append authentication tag to each message

  10. Message Authentication • Message Authentication Code (MAC) • Small block of data that is appended to the message • MAC is generated by using a secret key • Assumes both parties A,B share common secret key KAB • Code is function of message and key MACM= F(KAB, M) • Message plus code are transmitted

  11. Message Authentication Code • Recipient uses key to compute new code • If received code matches calculated code then • Receiver is sure message has not been altered • Message is from sender, since only sender shares the key • If the message includes correct sequence number, that number could not have been altered by hacker

  12. Message Authentication Code • Different from encryption • MAC does not have to be reversible as the cipher text does in encryption • Because of mathematical properties, it is less vulnerable to being broken than encryption • 16 to 32 bit code is typical

  13. One-way HASH function • Alternative to Message Authentication Code • Accepts a variable size message M as input and produces a fixed-size message digest H (M) as output • Unlike the MAC, a hash function does not take a secret key as input • Message digest also provides data integrity, since if bits are accidentally altered in transit, the message digest will also be in error.

  14. One-Way Hash Function • The message can be authenticated: • Using encryption using a shared secret key • Using public-key encryption • Also provides a digital signature • Does not require key distribution • Using a secret value

  15. One-way HASH function

  16. One-Way HASH Function • Secret value is added before the hash and removed before transmission. Secret Value Secret Value

  17. One-way HASH FunctionAdvantages • Using a hash function instead of encryption has advantages: • Encryption is slow • Encryption hardware can be expensive • Encryption hardware is optimized for large data sets • An encryption algorithm may be protected by a patent

  18. One-way HASH Function • The one-way hash function is a secure hash function • It is important for authentication and is also used in digital signatures • The most important hash function is SHA (Secure Hash Algorithm).

  19. Hash Function • Condenses arbitrary message to fixed size h = H(M) • Usually assume hash function is public • Hash used to detect changes to message • Want a cryptographic hash function • computationally infeasible to find data mapping to specific hash (one-way property) • computationally infeasible to find two data to same hash (collision-free property)

  20. Secure HASH Functions • Purpose of the HASH function is to produce a “fingerprint” • Properties of a HASH function H : • H can be applied to a block of data at any size • H produces a fixed length output • H(x) is easy to compute for any given x. • For any given block x, it is computationally infeasible to find x such that H(x) = h (one-way property) • For any given block x, it is computationally infeasible to find • with H(y) = H(x). (weak collision resistance) • 6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y) (strong collsion resistance)

  21. Simple Hash Function • A weak hash function satisfies the first 5 properties. • A strong hash function also satisfies the 6th property (strong collision resistance) • Effective against the birthday attack • Message Digest provides both authentication and integrity

  22. Simple Hash Function • A weak hash function satisfies the first 5 properties. • A strong hash function also satisfies the 6th property (strong collision resistance) • Effective against the birthday attack • Message Digest provides both authentication and integrity

  23. Hash Function Requirements

  24. Security of Hash Functions • Attacking a secure hash function can be done by using cryptanalysis or brute force. • Strength of function depends on the length of the hash code produced by the algorithm. • For example: • A search machine can find a collision for 128 bit code length in 24 days – considered inadequate • With 160 bits, finding a collision might take 4000 years ( or less with today’s speeds)

  25. Simple Hash Function • General principle • Input is a sequence of n-bit blocks • Input is processed one block at a time to produce an n-bit hash function • A simple example is the XOR of each block Ci = bi1 bi2  …  bim Ci is ith bit of hash code 1 <= i <= n m is number of n-bit block in input bij is ith bit in jth block  Is the XOR operation

  26. Simple Hash Function

  27. Simple Hash FunctionImproved • To improve- perform a one-bit circular shift on the hash value after each block is processed • Initially set the n-bit hash value to zero • Process each successive n-bit block of data by: • Rotating current hash value to the left by 1 bit • XOR the block into the hash value • This has the effect of “randomizing” the input

  28. Other Secure HASH functions

  29. HMAC • Use a MAC derived from a cryptographic hash code, such as SHA-1. • Motivations: • Cryptographic hash functions execute faster in software than encryption algorithms such as DES • Library code for cryptographic hash functions is widely available • No export restrictions from the US

  30. HMAC Design Objectives • Use, without modifications, hash functions • Allow for easy replaceability of embedded hash function • Preserve original performance of hash function without significant degradation • Use and handle keys in a simple way. • Have well understood cryptographic analysis of authentication mechanism strength

  31. HMAC • specified as Internet standard RFC2104 • uses hash function on the message: HMACK(M)= Hash[(K+ XOR opad) || Hash[(K+ XOR ipad) || M)] ] • where K+is the key padded out to size • opad, ipad are specified padding constants • overhead is just 3 more hash calculations than the message needs alone • any hash function can be used • eg. MD5, SHA-1, RIPEMD-160, Whirlpool

  32. HMAC Structure

  33. HMAC Security • Proved security of HMAC relates to that of the underlying hash algorithm • Attacking HMAC requires either: • brute force attack on key used • birthday attack (but since keyed would need to observe a very large number of messages) • Choose hash function used based on speed verses security constraints

  34. CipherBased MAC(CMAC) • Based on use of block cipher • Widely used in government and industry • Has message size limitation (nb, where b= 128 for AES, b=64 for 3DES) • Can overcome using 2 keys & padding • Thus forming the Cipher-based Message Authentication Code (CMAC) • Adopted by NIST SP800-38B

  35. Private Key Cryptography • Traditional private/secret/single key cryptography uses one key • Shared by both sender and receiver • If this key is disclosed communications are compromised • Also is symmetric, parties are equal • Does not protect sender from receiver forging a message and claiming it is sent by sender

  36. Public-Key Cryptography Principles • Probably most significant advance in the 3000 year history of cryptography • Uses two keys – a public and a private key • Asymmetric since parties are not equal • Uses clever application of number theoretic concepts to function • Complementsrather than replaces private key cryptography (slower)

  37. Public-Key Cryptography Features • Knowing the public key, anyone can encrypt messages or verify signatures, but cannot decrypt messages or create signatures • Use of two keys has consequences in the areas of confidentiality, key distribution, and authentication. • Based on mathematical functions rather than on operations on bit patterns.

  38. Public Key Cryptography • Two keys • Sender uses recipient’s public key to encrypt • Recipient uses private key to decrypt • Based on “trap door one way function” • “One way” means easy to compute in one direction, but hard to compute in other direction • Example: Given p and q, product N = pq easy to compute, but given N, it’s hard to find p and q • “Trap door” used to create key pairs Part 1  Cryptography 40

  39. Public Key Cryptography • Encryption • Suppose we encryptM with Bob’s public key • Bob’s private key can decrypt to recover M • Digital Signature • Sign by “encrypting” with your private key • Anyone can verify signature by “decrypting” with public key • But only you could have signed • Like a handwritten signature, but way better… Part 1  Cryptography 41

  40. Misconceptions • Public–key encryption is more secure • Security of any scheme depends on: • Length of the key • Computational work involved in breaking the cipher • Public-key makes conventional encryption obsolete: • Computational overhead of public-key encryption is high • Both require similar key distribution protocols • Both encryption schemes can offer security

  41. Why Public-Key Cryptography? • Developed by Whitfield Diffie & Martin Hellman at Stanford University in 1976 • known earlier in classified community • Developed to address two key issues: • key distribution – how to have secure communications in general without having to trust a Key Distribution Center with your key • digital signatures– how to verify a message comes intact from the claimed sender

  42. Public-Key Cryptography Principles • Public key is made public for others to use, to encrypt messages and verify signatures • Private key is known only to owner and is used to decrypt messages and create signatures • The scheme has six ingredients: • Plaintext – readable message • Encryption algorithm – transforms plaintext into ciphertext • Public and private key • Ciphertext - scrambled message - output • Decryption algorithm – reverse of encryption

  43. Encryption using Public-Key system

  44. Essential Steps in Encryption • Each user generates a pair of keys to be used for encryption/decryption • Each user places public key in a public register or file • To send a private message to A, B encrypts the message using A’s public key • When A receives the message, A uses her private key to decrypt it. ( No one else can decrypt it, without that private key.)

  45. Encryption Using Public-Key System Features: • All participants have access to public keys • Private keys are generated locally and do not need to be distributed • As long as a user protects the private key, incoming communication is secure • A user can change keys at any time and re-publish the public key.

  46. Encryption Using Public-Key System

  47. Symmetric vs Public-Key

  48. Applications for Public-Key Cryptosystems • Three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender ”signs” a message with its private key. • Key exchange: Two sides cooperate to exhange a session key.

More Related