Lecture 3b public key_encryption

817 views
710 views

Published on

Network Security Course (ET1318, ET2437) at Blekinge Institute of Technology, Karlskrona, Sweden

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
817
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Lecture 3b public key_encryption

  1. 1. Public-Key Cryptography & Message Authentication
  2. 2. Authentication • Requirements - must be able to verify that:  Message came from apparent source or author Authentic  Contents have not been altered message  Sometimes, it was sent at a certain time or sequence • Protection against active attack (falsification of data and transactions) 2 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  3. 3. Approaches to Message Authentication • Authentication Using Conventional Encryption  Only the sender and receiver should share a key • Message Authentication without Message Encryption  An authentication tag is generated and appended to each message • Message Authentication Code - MAC  The use of secret key to generate a small block of data, MAC Or  Calculate the MAC as a function of the message and the key.  MAC = F(K, M) 3 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  4. 4. Message Authentication Code• Need not to be reversible• A & B Share a common secret key KAB• A send message to B  A calculates message authentication code as a function of the message and the key.  MACM1 = F(KAB, M)  The message + MAC are transmitted to B.  B performs the same calculation on the recieved message, using same KAB  MACM2 = F(KAB, M)  If MACM1 = F(KAB, M) = MACM2 = F(KAB, M) – Message has not been altered – From intended sender 4 – Addition of sequence number, give more surity
  5. 5. Message Authentication with MAC 5 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  6. 6. One-way HASH function• Alternative to MAC• Input: A variable size message• Output: Fixed size message digest H(M)• No secret Key• Message digest is sent with message in such a way that message digest is authentic  Using conventional encryption  Using Public-Key encryption  Using Secret Value 6
  7. 7. One-way HASH function 7 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  8. 8. One-way HASH function cont. • Secret value (known to sender and receiver both) is added before calculating the hash and removed before transmission. • Variation of this technique is HMAC 8 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  9. 9. Secure HASH Functions • Purpose of the one-way or secure HASH function is to produce a ”fingerprint” of a file, message or block of data • Properties of a HASH function H : § H can be applied to a block of data at any size § H produces a fixed length output § H(x) is easy to compute for any given x. § For any given value h, it is computationally in-feasible to find x such that H(x) = h  one-way property / pre-image resistant § For any given block x, it is computationally infeasible to find y ≠ x with H(y) = H(x)  weak collision resistance § It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)  strong collision resistance 9 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  10. 10. Block cipher VS Hash function • Block cipher – symmetric encryption method:  input: blocks of plain-text of a fixed length  output: blocks of cipher-text of the same length • Hash function – both symmetric and asymmetric encryption method  input: binary string of arbitrary length  output: string of some fixed length 10 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  11. 11. Other Secure HASH functions SHA-1 MD5 RIPEMD-160 Digest length 160 bits 128 bits 160 bits Basic unit of 512 bits 512 bits 512 bits processing Number of steps 80 (4 rounds of 64 (4 rounds of 160 (5 paired 20) 16) rounds of 16) Maximum message 264-1 bits size 11 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  12. 12. HMAC • A keyed-hash message authentication code, or HMAC, is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. • The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function and on the size and quality of the key. • An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. • Motivations:  Cryptographic hash functions executes faster in software than encryption algorithms such as DES  Library code for cryptographic hash functions is widely available  No export restrictions from the US 12 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  13. 13. HMAC HMACK(m) = h((K ⊕ opad) ‖ h((K ⊕ ipad) ‖ m )) • h is an iterated hash function, • K is a secret key padded with extra zeros to the block size of the hash function • m is the message to be authenticated. • ‖ denotes concatenation • ⊕ denotes Exclusive Or (XOR) • The two constants ipad and opad, each one block long, are defined as ipad = 0x363636...3636 and opad = 0x5c5c5c...5c5c. That is, if block size of the hash function is 512, ipad and opad are 64 repetitions of the (hexadecimal) bytes 0x36 and 0x5c respectively 13 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  14. 14. HMAC StructureInitialization Vector (IV):a fixed-size input to acryptographic function. IVis typically random orpseudorandom 14 HMACK(m) = h((K ⊕ opad) ‖ h((K ⊕ ipad) ‖ m )) ET2437 - Network Security
  15. 15. Public Key / Asymmetric Encryption • Based on mathematical functions. • The use of two separate keys has consequences in:  key distribution  confidentiality  authentication • The scheme has six ingredients  Plain-text Encryption algorithm  Public Key Private Key  Cipher text Decryption algorithm 15 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  16. 16. Encryption with Public Key 16 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  17. 17. Encryption with Private Key (Authentication) 17 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  18. 18. Applications for Asymmetric Encryption • Encryption/Decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender ”signs” a message with its private key. • Key exchange: Both sides (i.e. Sender & Reciever) co-operate to exchange a session key 18 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  19. 19. Requirements for Asymmetric Encryption 1. Computationally easy for a party B to generate a pair (PUblic key PUb, PRivate key PRb) 2. Easy for sender to generate cipher-text: C = E(Pub, M) 3. Easy for the receiver to decrypt cipher-text using private key: M = D(PRb, C) = D[PRb, E(PUb, M)] 5. Computationally in-feasible to determine Private Key (PRb) knowing Public Key (PUb) 6. Computationally infeasible to recover message M, knowing PUb and cipher-text C 7. Either of the two related keys can be used for encryption, with the other used for decryption: 19 M = D[PUb, E(PRb,M) = D[PRb, E(PUb,M)] ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  20. 20. Asymmetric Cryptographic Algorithms • RSA - Ron Rivest, Adi Shamir and Len Adleman at MIT, in 1977.  Published in 1978  RSA is a block cipher in which plaintext and ciphertext are integers between 0 and n-1 for some n.  The most widely implemented • Diffie-Hellman  Enable two users to exchange a secret key securely that can be used for subsequent encryption message  Algorithm itself is limited to exchange of keys  Compute discrete logarithms 20 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  21. 21. The RSA Algorithm Encryption • Plain-text: M<n • Cipher-text: C = Me (mod n) Decryption • Cipher-text: C • Plain-text: M = Cd (mod n) = Med mod n • Both sender and reciever must know the values of n and e • Only reciever knows the value of d • Public Key PU = {e,n} and Private Key PR= {d,n} 21 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  22. 22. The RSA Algorithm - Key GenerationSelect p,q p and q both prime p=17, q=11Calculate n=pxq 17 x 11 = 187Calculate 16 x 10 = 160Select integer e e=7Calculate d d = 23Public Key PU = {e,n} 7,187Private key PR = {d,n} 23,187 22
  23. 23. Example of the RSA Algorithm 23 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  24. 24. Other Algorithms • Digital Signature Standard (DSS)  Makes use of the SHA-1  Not for encryption or key exchange • Elliptic-Curve Cryptography (ECC)  Good for smaller bit size  Low confidence level, compared with RSA  Very complex  Decryption algorithm 24 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD
  25. 25. 25 ET2437 - Network SecurityRAJA M KHURRAM SHAHZAD

×