ch09 (1) (1)
Post on 24-Feb-2018
219 Views
Preview:
TRANSCRIPT
-
7/25/2019 ch09 (1) (1)
1/26
Cryptography and NetworkSecurity
Chapter 9
Fourth Edition
by William Stallings
Lecture slides by Lawrie
Brown
-
7/25/2019 ch09 (1) (1)
2/26
Priate!"ey Cryptography
traditional private/secret/singlekeycryptography uses onekey
shared by both sender and receier
i# this key is disclosedcommunications are compromised
also is symmetric$ parties are e%ual
hence does not protect sender #romreceier #orging a message &claiming is sent by sender
-
7/25/2019 ch09 (1) (1)
3/26
Public!"ey Cryptography
probably most signi'cant adance in the())) year history o# cryptography
uses twokeys * a public & a priate key
asymmetricsince parties are note%ual
uses cleer application o# numbertheoretic concepts to #unction
complements rather thanreplacespriate key crypto
-
7/25/2019 ch09 (1) (1)
4/26
Why Public!"eyCryptography+
deeloped to address two key issues, key distribution* how to hae secure
communications in general without
haing to trust a "-C with your key digital signatures* how to eri#y a
message comes intact #rom the claimedsender
public inention due to Whit'eld-i.e & /artin 0ellman at Stan#ord1ni in 2934
known earlier in classi'ed community
-
7/25/2019 ch09 (1) (1)
5/26
Public!"ey Cryptography
public-key/two-key/asymmetriccryptography inoles the use o# twokeys, a public-key$ which may be known by anybody$
and can be used to encrypt messages$ and
verify signatures a private-key$ known only to the recipient$ used
to decrypt messages$ and sign5create6signatures
is asymmetricbecause those who encrypt messages or eri#y signatures
cannotdecrypt messages or create signatures
-
7/25/2019 ch09 (1) (1)
6/26
Public!"ey Cryptography
-
7/25/2019 ch09 (1) (1)
7/26
Public!"ey Characteristics
Public!"ey algorithms rely on two keyswhere,
it is computationally in#easible to 'nd
decryption key knowing only algorithm &encryption key
it is computationally easy to en7decryptmessages when the releant 5en7decrypt6 key
is known either o# the two related keys can be used #or
encryption$ with the other used #or decryption5#or some algorithms6
-
7/25/2019 ch09 (1) (1)
8/26
Public!"ey Cryptosystems
-
7/25/2019 ch09 (1) (1)
9/26
Public!"ey 8pplications
can classi#y uses into ( categories,
encryption/decryption5proidesecrecy6
digital signatures5proideauthentication6
key exchange5o# session keys6
some algorithms are suitable #or alluses$ others are speci'c to one
-
7/25/2019 ch09 (1) (1)
10/26
Security o# Public "eySchemes
like priate key schemes brute #orceexhaustive searchattack is alwaystheoretically possible
but keys used are too large 5:2;bits6
security relies on a large enoughdi
-
7/25/2019 ch09 (1) (1)
11/26
=S8
by =iest$ Shamir & 8dleman o# />? in 2933
best known & widely used public!key scheme
based on e@ponentiation in a 'nite 5Aalois6 'eld
oer integers modulo a prime nb e@ponentiation takes 55log n6(6 operations 5easy6
uses large integers 5eg 2);D bits6
security due to cost o# #actoring large numbers
nb #actoriation takes 5e log n log log n6 operations 5hard6
-
7/25/2019 ch09 (1) (1)
12/26
=S8 "ey Setup
each user generates a public7priate key pairby,
selecting two large primes at random ! p, q
computing their system modulus n=p.q note (n)=(p-1)(q-1)
selecting at random the encryption key e where 2e
-
7/25/2019 ch09 (1) (1)
13/26
=S8 1se
to encrypt a message / the sender,
obtains public keyo# recipient PU={e,n}
computes, C = Memod n$ where 0M
-
7/25/2019 ch09 (1) (1)
14/26
Why =S8 Works
because o# EulerJs ?heorem, a(n)mod n = 1 where gcd(a,n)=1
in =S8 hae,
n=p.q (n)=(p-1)(q-1) care#ully chose e& dto be inerses mod (n) hence e.d=1+k.(n)#or some k
hence ,Cd= Me.d = M1+k.(n)= M1.(M(n))k
= M1.(1)k= M1= M mod n
-
7/25/2019 ch09 (1) (1)
15/26
=S8 E@ample ! "ey Setup
2 Select primes,p=1 ! q=11
; Computen =pq =1 " 11=1#
( Compute(n)=(p1)(q-1)=1$ "
10=1$0D Select e,gcd(e,1$0)=1% choose e=
: -etermine d,de=1 mod 1$0and d < 1$0Kalue is d=&'since &'"=1$1= 10"1$0+1
4 Publish public key PU={,1#}
3 "eep secret priate key PR={&',1#}
-
7/25/2019 ch09 (1) (1)
16/26
=S8 E@ample !En7-ecryption
sample =S8 encryption7decryption is,
gien message M = ##5nb ##
-
7/25/2019 ch09 (1) (1)
17/26
E@ponentiation
can use the S%uare and /ultiply 8lgorithm
a #ast$ e.cient algorithm #or e@ponentiation
concept is based on repeatedly s%uaring base
and multiplying in the ones that are neededto compute the result
look at binary representation o# e@ponent
only takes 5log;n6 multiples #or number n
eg = .1= '. = 10 mod 11
eg '1&*= '1.'1= .' = mod 11
-
7/25/2019 ch09 (1) (1)
18/26
E@ponentiation
c = 0; f = 1
for i = k downto 0
do c = 2 x c
f = (f x f) mod n
if bi== 1then
c = c + 1
f = (f x a) mod n
return f
-
7/25/2019 ch09 (1) (1)
19/26
E.cient Encryption
encryption uses e@ponentiation to powere
hence i# e small$ this will be #aster
o#ten choose eG4::(3 5;24!26 also see choices o# eG( or eG23
but i# e too small 5eg eG(6 can attack using Chinese remainder theorem & (
messages with di
-
7/25/2019 ch09 (1) (1)
20/26
E.cient -ecryption
decryption uses e@ponentiation topower d this is likely large$ insecure i# not
can use the Chinese =emainder?heorem 5C=?6 to compute mod p & %separately then combine to get desiredanswer appro@ D times #aster than doing directly
only owner o# priate key who knowsalues o# p & % can use this techni%ue
-
7/25/2019 ch09 (1) (1)
21/26
=S8 "ey Aeneration
users o# =S8 must, determine two primes at random ! p, q
select either eor dand compute the other
primes p,qmust not be easily deried#rom modulus n=p.q means must be su.ciently large
typically guess and use probabilistic test
e@ponents e$ d are inerses$ so use>nerse algorithm to compute the other
-
7/25/2019 ch09 (1) (1)
22/26
=S8 Security
possible approaches to attacking =S8are,
brute #orce key search 5in#easible gien
sie o# numbers6 mathematical attacks 5based on di.culty
o# computing M5n6$ by #actoring modulus n6
timing attacks 5on running o# decryption6 chosen cipherte@t attacks 5gien
properties o# =S86
-
7/25/2019 ch09 (1) (1)
23/26
Factoring Problem
mathematical approach takes ( #orms, #actor n=p.q$ hence compute (n)and then d
determine (n)directly and compute d
'nd d directly
currently beliee all e%uialent to #actoring hae seen slow improements oer the years
as o# /ay!): best is ;)) decimal digits 544(6 bit with LS
biggest improement comes #rom improed
algorithm c# S to A0FS to LS
currently assume 2);D!;)DO bit =S8 is secure ensure p$ % o# similar sie and matching other constraints
-
7/25/2019 ch09 (1) (1)
24/26
?iming 8ttacks
deeloped by Paul "ocher in mid!299)s
e@ploit timing ariations in operations eg multiplying by small s large number
or >FJs arying which instructions e@ecuted in#er operand sie based on time taken
=S8 e@ploits time taken in e@ponentiation
countermeasures use constant e@ponentiation time
add random delays
blind alues used in calculations
-
7/25/2019 ch09 (1) (1)
25/26
Chosen Cipherte@t 8ttacks
Q =S8 is ulnerable to a ChosenCipherte@t 8ttack 5CC86
Q attackers chooses cipherte@ts & gets
decrypted plainte@t backQ choose cipherte@t to e@ploit properties
o# =S8 to proide in#o to helpcryptanalysis
Q can counter with random pad o#plainte@t
Q or use ptimal 8symmetric EncryptionPadding 58SP6
-
7/25/2019 ch09 (1) (1)
26/26
Summary
hae considered,
principles o# public!key cryptography
=S8 algorithm$ implementation$ security
top related