1 / 22

Chapter 2 Encryption Algorithms & Systems (Part G)

Chapter 2 Encryption Algorithms & Systems (Part G). Outline. NP-completeness & Encryption Symmetric (secret key) vs Asymmetric (public key) Encryptions Popular Encryption Algorithms DES AES RSA Encryption El Gamal Algorithms Hashing Algorithms. Uses of Encryption. Key Exchange

mclinton
Télécharger la présentation

Chapter 2 Encryption Algorithms & Systems (Part G)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 2Encryption Algorithms & Systems (Part G)

  2. Outline • NP-completeness & Encryption • Symmetric (secret key) vs Asymmetric (public key) Encryptions • Popular Encryption Algorithms • DES • AES • RSA Encryption • El Gamal Algorithms • Hashing Algorithms V. Sawma, Computer Security

  3. Uses of Encryption • Key Exchange • Cryptographic Hash Functions • Hash • Message Digest • Digital Signatures • Certificates V. Sawma, Computer Security

  4. El Gamal Algorithm • A public key algorithm • 1984 • Important in the U.S. DSS (Digital Signature Standard) • Digital Signatures The sender computes the digital signature using his own private key. DS = E (Keypriv, P) The receiver verifies the signature using the sender’s public key. P = D (Keypub, DS) V. Sawma, Computer Security

  5. El Gamal Algorithm • To generate a key pair: • Choose a prime p and two integers, a and x, such that a < p and x < p. • The prime p should be chosen so that (p-1) has a large prime factor q. • Calculate the public key: y = ax mod p. • Private key: x • Public key: y V. Sawma, Computer Security

  6. El Gamal Algorithm • (The sender) To sign a message m: • Choose a new random integer k, 0 < k < p-1 and k is relprime to (p-1). • Compute r = ak mod p. • Compute s = k-1 ( m – xr ) mod (p-1) • The message signature: r and s. • Verification: A recipient use the public key (y) to compute ( y r r s ) mod p and determine if it is equivalent to am mod p. V. Sawma, Computer Security

  7. Traditional Legal Meaning of "Non-Repudiation" • There is a definitional distinction between the legal use of the term "non-repudiation" and its crypto-technical use. In the legal sense an alleged signatory to a document is always able to repudiate a signature that has been attributed to him or her. • The basis for a repudiation of a traditional signature may include: • The signature is a forgery; • The signature is not a forgery, but was obtained via: • Unconscionable conduct by a party to a transaction; • Fraud instigated by a third party; • Undue influence exerted by a third party. V. Sawma, Computer Security

  8. Crypto-Technical Meaning of "Non-Repudiation" • In general terms, the term "non-repudiation" crypto-technically means: • In authentication, a service that provides proof of the integrity and origin of data, both in an unforgeable relationship, which can be verified by any third party at any time; or, • In authentication, an authentication that with high assurance can be asserted to be genuine, and that can not subsequently be refuted. “Non-repudiation is a property achieved through cryptographic methods which prevents an individual or entity from denying having performed a particular action related to data (such as mechanisms for non-rejection or authority (origin); for proof of obligation, intent, or commitment; or for proof of ownership).” -- 1998, the Australian Federal Government's Electronic Commerce Expert Group V. Sawma, Computer Security

  9. Digital Signature • A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document • To ensure that the original content of the message or document that has been sent is unchanged. • Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. V. Sawma, Computer Security

  10. Digital Signature • The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later. • A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. V. Sawma, Computer Security

  11. Encryption for Digital Signatures • An electronic check can resemble a simple text message sent to the bank by the sender • Integrity: To ensure that no changes occur to the file • Authenticity: The bank needs to authenticate that the message is from the legitimate sender • Confidentiality: Needed to ensure only the bank gets the message • Non repudiation: Since the sender might deny that the message was sent by him/her V. Sawma, Computer Security

  12. Digital Certificates • The distribution mechanism by which the public keys are sent is called certificates • Suppose user A wishes to send his/her public key to user B • User A sends a message requesting certificate from a common trusted party by A and B, say Certificate Authority (CA) • CA digitally signs the message using its private key and sends it to A • A now can send its certificate to B • B gets the certificate, verifies the signature using CA’s public key V. Sawma, Computer Security

  13. Hash Algorithm • A hash algorithm is a check function that protects data against modifications. • C.f., checksum in network transmission • Hash functions produce a reduced form of a body of data (called a digest or check value) such that most changes to the data will also change the reduced form. • A cryptographic hash function uses a cryptographic function as part of the hash function. • 1992: Secure Hash Algorithm (SHA) V. Sawma, Computer Security

  14. Message Digest • MD5 is a tool which guarantees the integrity of data • MD5 can help you in a variety of ways. • When files are downloaded from the Internet, MD5 can guarantee the correctness of the file. • This protects from Trojans or corrupted files. This means someone cannot figure out the data based on its MD5 fingerprint. V. Sawma, Computer Security

  15. Different versions of Message Digest • MD2 ,MD4 and MD5 are message-digest algorithms developed by Rivest. • They are meant for digital signature applications where a large message has to be ``compressed'' in a secure manner before being signed with the private key. • All three algorithms take a message of arbitrary length and produce a 128-bit message digest. • Structural similarity and Design difference of these algorithms. • MD2 was optimized for 8-bit machines, whereas MD4 and MD5 were aimed at 32-bit machines. V. Sawma, Computer Security

  16. Message Digest - Details • MD5 is a one-way hash algorithm that takes any length of data and produces a 128 bit "fingerprint" or "message digest". • This fingerprint is  "non-reversible", it is computationally infeasible to determine the file based on the fingerprint. V. Sawma, Computer Security

  17. Message Digest - Details • Message Padding • Checksum calculation • Block division and compression function • Hash generation – MD generation V. Sawma, Computer Security

  18. Message Digest - Details V. Sawma, Computer Security

  19. MD5 - Example An example of a MD5 output for the binary /usr/bin/ls: $ md5 /usr/bin/ls MD5 (/usr/bin/ls) = 1eabd3dbc0746c8a4b5467f99a4f8823 The actual finger print is 1eabd3dbc0746c8a4b5467f99a4f8823 V. Sawma, Computer Security

  20. MD5 – Example (contd.) • MD5 applies a mathematical algorithm to the "ls" binary to produce the fingerprint. • Every time when a MD5 hash is done on the binary /usr/bin/ls, the exact same fingerprint should be obtained. • If a different fingerprint is obtained, then the binary has been altered, maybe the result of a system patch or the binary has been trojaned. V. Sawma, Computer Security

  21. MD5 – Application • When a new file or patch is downloaded, one of the first things is to generate MD5 hash of the file. • Compare the fingerprint to a known good fingerprint (usually posted on remote site). • If the fingerprints match, the file’s integrity is assured. • The tool Tripwire works the same way. V. Sawma, Computer Security

  22. Secure Hash Algorithm (SHA) • 1992: NIST • Input data < 264 bits • 160-bit digest • Strength: diffusion, the avalanche effect • C.f., MD4, MD5 Both MD5 and SHA are variants of the MD4 by Rivest. Strength: MD4 < MD5 < SHA V. Sawma, Computer Security

More Related