1 / 16

Cryptographic Security

This article discusses the goals, basic terminology, forms of attack, and different types of cryptosystems in operating systems. It also explores the RSA method, encryption, decryption, digital signatures, and secure communication.

mylesa
Télécharger la présentation

Cryptographic Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems

  2. Goals of Cryptography • The most basic problem : ensure security of communication over in-secure medium • Security Goals: • - privacy (secrecy, confidentiality) • only the intended recipient can see the communication • - authenticity (integrity) • the communication is generated by the intended sender • information is not altered or destroyed • - non-repudiation • party in a dispute cannot repudiate, or refute the validity of a statement CS 5204 – Operating Systems

  3. Basic terminology in Cryptography Plaintexts Cipher texts Keys Encryption Decryption Cryptography Cryptanalysis Cryptology

  4. Cryptography CA M’ public information C M M E D Kd Ke Decryption key Encryption key • Forms of attack: • ciphertext­only • known­plaintext • chosen­plaintext CS 5204 – Operating Systems

  5. Forms of Cryptosystems Secret-key cryptography (a.k.a. symmetric cryptography) – encryption & decryption use the same key – key must be kept secret – key distribution is very difficult Public-key cryptography (a.k.a. asymmetric cryptography) – encryption key different from decryption key – cannot derive decryption key from encryption key

  6. (1) A B (2) Combining Public/Private Key Systems Public key encryption is more expensive than symmetric key encryption For efficiency, combine the two approaches • Use public key encryption for authentication; once authenticated, transfer a shared secret symmetric key • (2) Use symmetric key for encrypting subsequent data transmissions CS 5204 – Operating Systems

  7. M M Bob Ebob(M) Dbob(C) Alice C ? Ebob is the public key for Bob Dbob is the private key for Bob Eve Secure Communication - Public Key System CS 5204 – Operating Systems

  8. M Rivest­Shamir­Adelman (RSA) Method M C Cd mod n Me mod n Bob Alice (e, n) (d, n) Encryption Key for Bob Decryption Key for Bob CS 5204 – Operating Systems

  9. RSA Method 1. Choose two large (100 digit) prime numbers, p and q, and set n = p x q 2. Choose any large integer, d, so that: GCD( d, ((p­1)x(q­1)) = 1 3. Find e so that: e x d = 1 (modulo (p­1)x(q­1)) Example: 1. p = 5, q = 11 and n = 55. (p­1)x(q­1) = 4 x 10 = 40 2. A valid d is 23 since GCD(40, 23) = 1 3. Then e = 7 since: 23 x 7 = 161 modulo 40 = 1 CS 5204 – Operating Systems

  10. Encryption and Decryption using RSA method Encryption - Alice does the following:- i) Obtains Bob’s public key (e, n). ii) Represents the plaintext message as a positive integer m. iii) Computes the ciphertext c = m^e mod n. iv) Sends the ciphertext c to Bob. Decryption - Bob does the following:- i) Uses his private key (d, n) to compute m = c^d mod n. ii) Extracts the plaintext from the message representative m.

  11. File/message hash process digest (Large) Document Integrity • Digest properties: • fixed-length, condensation of the source • efficient to compute • irreversible - computationally infeasible for the original source to be reconstructed from the digest • unique - difficult to find two different sources that map to the same digest (collision resistance) • Also know as: fingerprint • Examples: MD5 (128 bits), SHA-1 (160 bits) CS 5204 – Operating Systems

  12. (Large) Document Integrity • Note that small differences in the input result in very different digests CS 5204 – Operating Systems

  13. file file digital envelope hash process decrypt with sender’s public key compare digest digest Guaranteeing Integrity CS 5204 – Operating Systems

  14. Digital Signatures (Public Key) • Requirements: • cannot be forged and unique • receiver: knows that a message came from the sender (authenticity) • sender: cannot deny authorship( non-repudiation) • message integrity • sender & receiver: message contents preserved (integrity)(e.g., cannot cut­and­paste a signature into a message) • Public Key System: • sender, Alice: (EAlice : public, DAlice : private) • receiver, Bob: (EBob : public, DBob : private) • sender(Alice) ­­­­ C= EBob (DAlice (M)) ­­­> receiver(Bob) • receiver(Bob) ­­ M = EAlice (DBob (C)) ­­­> M CS 5204 – Operating Systems

  15. Digital Signature using RSA Method Digital Signing Bob does the following:- i) Creates a message digest of the information to be sent. ii) Represents this digest as an integer m between 0 and n-1. iii) Uses her private key (d, n) to compute the signature s = m^d mod n. iv) Sends this signature s to Bob. Signature verification:- Alice does the following:- i) Uses Bob’s public key (e, n) to compute integer v = s^e mod n. ii) Extracts the message digest from this integer. iii) Independently computes the message digest of the information that has been signed. iv) If both message digests are identical, the signature is valid.

  16. Secure Communication (Public Key) Handshaking EPKB, (IA, A) EPKA (IA, IB) B A EPKB (IB) IA, IB are “nonces” nonces can be included in each subsequent message PKB: public key of B; PKA: public key of A;

More Related