1 / 28

254542 Networks Management and Security

254542 Networks Management and Security. Lecture 3. Public-Key Cryptography. Each party will have a public key for encryption and a private key for decryption No key transmission High scalability Either key can be used first (for encryption)!. E p (m). m. M = D s (E p (m)).

seth
Télécharger la présentation

254542 Networks Management and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 254542 Networks Management and Security Lecture 3

  2. Public-Key Cryptography • Each party will have a public key for encryption and a private key for decryption • No key transmission • High scalability • Either key can be used first (for encryption)! Ep(m) m M = Ds(Ep(m)) Private key, s Public key, p

  3. Symmetric vs. Asymmetric • Fast (In software, DES is 100 times as fast as RSA) • L(c) usually ≤ L(m) • Key management is difficult • No. of keys is approximately = (No. of participants)2 • Slower • L(c) ≥ L(m) • No problem in managing keys • No. of keys = No. of participants • Non-repudiation check

  4. RSA: basic ideas • Ron Rivest, Adi Shamir, and Len Adleman from MIT developed RSA in 1978 • Keys are based on large prime numbers • easy to find • extremely hard to factor their products • Selection and generation of public and private keys?

  5. RSA: algorithm • Use 2 large prime numbers, P and Q • N = P x Q • Find small E (public exponent) such that it is relatively prime to (P-1) x (Q-1) • Find D (private exponent) such that (DxE) mod (P-1)(Q-1) = 1 • For encryption C = ME mod N • For decryption M = CD mod N

  6. RSA: example • Let’s P = 7 and Q = 17 • N = P x Q = 119 and (P-1)(Q-1) = 96 • 96 = 2 x 2 x 2 x 2 x 2 x 3, therefore E can be 5 (no 2 and 3 as a factor) • D = 77 since (5x77) mod 96 = 1 • Set M = 6, therefore C = 65 mode 119 = 41 • Decrypting C, M = 4177 mod 119 = 6

  7. Cracking RSA • Factoring N to find P, Q (and finally D) • complex and time-consuming if N is sufficiently large • Find Eth root mod N (since C=ME mod N) • No general methods are known • Related messages encrypted with the same E may give away some clues • M can be guessed if it is sent to multiple parties • Prevented by random padding

  8. RSA Key Size • Larger N, higher security, slower process • P and Q should be roughly of equal length • In 1999, 512-bit RSA keys was factored in 7 months • Recommended 1024 bits for corporate use (2048 bits for extremely valuable keys)

  9. RSA in Practice • Built into current OS by Microsoft, Apple, SUN, Novell • On Ethernet cards, smart cards, secure telephones • In protocols such as S/MIME, SSL, and S/WAN • It’s the most widely used cryptosystem in the world

  10. Elliptic Curve Algorithm • Let’s E be an elliptic curve • P is a point in E • A random number d is generated • Let’s Q = d x P • Then E, P, Q are public values • And d is a private key • If the curve is big enough, it’s almost impossible to find d

  11. Dk3(Ek2(K1)) = K1 • Dk1(Ek1(m) = m Hybrid Scheme: Digital Envelope • A encrypts m using K1, a one-time secret key • A encrypts K1 with B’s public key, K2 (Key wrapping) • A puts c and encrypted symmetric key in a digital envelope,which is then sent to B • B uses its private key, K3, to decrypt and get K1 • B uses K1 to decrypt m Ek1(m) + Ek2(K1) B A

  12. Advantages of Digital Envelope • Using a symmetric key to encrypt a long m is fast • c is of the same size of m • Using a public key for K1 encryption is relatively fast (since K1 is smaller than m) • No problem in key exchange

  13. Digital Signature • For authentication and non-repudiation purpose • A encrypts h(m) with its private key • ESA(h(m)) = digital signature (DS) of A • B decrypts A’s DS with A’s public key • B computes h(m) and compares with the hash value from A’s message. If matched, … • The sender is really A • Message is not altered in transit

  14. Well-known Hashing Functions • MD5, designed by Ron Rivest • 128-bit output • No known attacks have been proved to break MD5 (yet) • SHA-1 (Secure Hash Algorithm) • A modified version of MD5 by NIST and NSA • 160-bit output • Slower but more secure

  15. Problem in Public-key Exchange: Man-in-the-middle Attack M A my E=3 my E=5 B Intercepted and send ‘my E=5’ instead my E=5 my E=7 • How to know the DS is really from A (or B)? • Timestamp to bind DS to a particular time • Need someone who is trusted by everyone

  16. RSA-based Digital Signature in Practice • If a third party is needed to check m’s integrity, MD can be computed from c • Since E is much smaller than D, signature verification is faster than signing • Certificate(s) may accompany DS to prevent impersonation

  17. Digital Certificate • A signed document that binds the public key to the identity of a party • The certifier’s public key is widely trusted • Contains the user name, the user’s public key, and • The validity date range • Issuer name and its digital signature • X.509 defines the structure of a digital certificate

  18. Certification Authority (CA) • A trusted agency that issues digital certificates • Can issue digital certificates to individuals or organizations • May be assisted by RA (registration authority) in interaction activities between CA and users

  19. Certificate Creation • Key generation (by users or by RA) • Registration by using Certificate Signing Request (CSR) or PKCS #10 (Public key Cryptography Standard) • User’s credential verification • Checks paper-based evidence (e.g. passport) • Checks Proof of Possession (POP) of D • CA signs certificates with its private key

  20. CA’s certificate verification • Alice cannot verify B4’s nor A2’s certificates • Both Alice and Bob can verify root CA • Who signs root CA’s certificate? Root CA A1 2nd level CA 2nd level CA A2 3rd level CA 3rd level CA 3rd level CA 3rd level CA B4 B1 Bob Alice

  21. Cross-certification • Alice and Bob live in different countries = different root CAs • Bob’s root CA is certified by Alice’s root CA • Alice’s root CA can also be certified by Bob’s root CA

  22. Certificate Revocation • In case a private key is compromised or lost • The user must immediately notify CA • The public key is then added to Certificate Revocation List (CRL) • The user may need to use a new private key to re-sign documents

  23. Well-known CAs • Baltimore (http://www.baltimore.com/) • Entrust Technologies (http://www.entrust.com/) • RSA Security (http://www.rsasecurity.com/) • VeriSign (http://www.verisign.com/)

  24. Attacks on CAs • Cryptanalytic attack on CA’s key pair • CAs use long keys that change regularly • Top-level CAs must use specially long keys • What if a CA’s key is broken after it expires? • E.g. Forged will or other legal documents etc • Impersonated CSR by • Forged evidence • Bribery

  25. Key Agreement Protocol • A.k.a. Key exchange protocol • Used by multiple parties to agree on a secret key • Allows a secure key sharing over a insecure medium • e.g. Diffie-Hellman algorithm • Public-key cryptography or digital envelope can also be used for key exchange

  26. Diffie-Hellman Key Exchange:initial setup • A.k.a. exponential key exchange • Public values p and g (generator) where • p is prime and g ≤ p • For every n between 1 and p-1, there are g and k such that n = gk mod p

  27. Diffie-Hellman Key Exchange: Algorithm • Alice and Bob generate random private values a and b (both are integers) • A’s public value = ga mod p • B’s public value = gb mod p • Public values exchanged • A computes gab = (gb)a mod p = k • B computes gab = (ga)b mod p = k

  28. Attacks on Diffie-Hellman Algorithm • Man-in-the-middle !! • Solution: • digital signature • authenticated Diffie-Hellman (STS: Station to Station protocol)

More Related