Asymmetric key cryptography uses two keys - a public key that can be shared publicly and a private key that is kept secret. This allows two parties who have never shared secrets before, like Alice and Bob, to communicate securely by encrypting messages with each other's public keys. Common asymmetric algorithms discussed are RSA, which uses prime number factorization, and ECC, which is based on elliptic curve discrete logarithms. A public key infrastructure (PKI) with certificate authorities (CAs) is required to authenticate users and manage public keys.
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Data Encryption Standard and its variants.
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Data Encryption Standard and its variants.
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the ElGamal Cryptosystem.
USER AUTHENTICATION
MEANS OF USER AUTHENTICATION
PASSWORD AUTHENTICATION
PASSWORD VULNERABILITIES
USE OF HASHED PASSWORDS – IN UNIX
PASSWORD CRACKING TECHNIQUES
USING BETTER PASSWORDS
TOKEN AUTHENTICATION
BIO-METRIC AUTHENTICATION
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the ElGamal Cryptosystem.
USER AUTHENTICATION
MEANS OF USER AUTHENTICATION
PASSWORD AUTHENTICATION
PASSWORD VULNERABILITIES
USE OF HASHED PASSWORDS – IN UNIX
PASSWORD CRACKING TECHNIQUES
USING BETTER PASSWORDS
TOKEN AUTHENTICATION
BIO-METRIC AUTHENTICATION
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
1. CHAPTER 13
Asymmetric Key
Cryptography
Slides adapted from "Foundations of Security: What Every Programmer
Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan
(ISBN 1590597842; http://www.foundationsofsecurity.com). Except as
otherwise noted, the content of this presentation is licensed under the
Creative Commons 3.0 License.
2. Agenda
Problem with Symmetric Key Crypto: Alice &
Bob have to agree on key!
In 1970, Diffie & Hellman propose asymmetric or
public key cryptography
RSA & Elliptic Curve Cryptography (ECC)
Certificate Authorities (CAs)
Identity-Based Encryption (IBE)
Authentication via Encryption
3. 13.1. Why Asymmetric Key
Cryptography?
So two strangers can talk privately on Internet
Ex: Bob wants to talk to Alice & Carol secretly
Insteadof sharing different pairs of secret keys with
each (as in symmetric key crypto)
Bob has 2 keys: public key and private (or secret) key
Alice and Carol can send secrets to Bob
encrypted with his public key
Only Bob (with his secret key) can read them
4. 13.1. … To Mess With Poor Eve
Source: http://xkcd.com/177/
6. 13.1. The Public Key Treasure
Chest
Public key = Chest with open lock
Private key = Key to chest
Treasure = Message
Encrypting with public key
Find chest with open lock
Put a message in it
Lock the chest
Decrypting with private key
Unlock lock with key
Take contents out of the chest
7. 13.1. Asymmetric Encryption
Alice encrypts a message with different key
than Bob uses to decrypt
Bob has a public key, kp, and a secret key, ks.
Bob’s public key is known to Alice.
Asymmetric Cipher: F-1(F(m,kp),ks) = m
Alice Bob
1. Construct m
2. Compute c= F(m,kp)
c
3. Send c to Bob 4. Receive c from Alice
5. Compute d=F-1(c,ks)
6. m = d
8. 13.2. RSA (1)
Invented by Rivest/Shamir/Adelman (1978)
First
asymmetric encryption algorithm
Most widely known public key cryptosystem
Used in many protocols (e.g., SSL, PGP, …)
Number theoretic algorithm: security based on
difficulty of factoring large prime numbers
1024, 2048, 4096-bit keys common
9. 13.2. RSA (2)
Public Key Parameters:
Largecomposite number n with two prime factors
Encryption exponent e coprime to φ(n) = (p-1)(q-1)
Private Key:
Factors of n: p, q (n = pq)
Decryption exponent d such that ed ´ 1 (mod φ(n))
Encryption: Alice sends c = me mod n
Decryption: Bob computes m = cd mod n
Euler’sTheorem: aφ(n) ´ 1 (mod n)
Check: med ´ m ¢ mφ(n) ´ m (mod n)
10. 13.3. Elliptic Curve
Cryptography
Invented by N. Koblitz & V. Miller (1985)
Based on hardness of elliptic curve discrete log
problem
Standardized by NIST, ANSI, IEEE for
government, financial use
Certicom, Inc. currently holds patent
Small keys: 163 bits (<< 1024-bit RSA keys)
11. 13.3: RSA vs. ECC
RSA Advantages:
Has been around longer; math well-understood
Patent expired; royalty free
Faster encryption
ECC Advantages:
Shorter key size
Fast key generation (no primality testing)
Faster decryption
12. 13.4. Symmetric vs. Asymmetric
Key Cryptography
Symmetric-Crypto (DES, 3DES, AES)
Efficient(smaller keys / faster encryption) because
of simpler operations (e.g. discrete log)
Key agreement problem
Online
Asymmetric-Crypto (RSA, ECC)
RSA 1000x slower than DES, more complicated
operations (e.g. modular exponentiation)
How to publish public keys? Requires PKI / CAs
Offline or Online
13. 13.5. Certificate Authorities
Trusted third party: CA verifies people’s identities
Authenticates Bob & creates public key
certificate (binds Bob’s identity to his public key)
CA also revokes keys and certificates
Certificate Revocation List: compromised keys
Public Key Infrastructure (PKI): CA + everything
required for public key encryption
14. 13.6. Identity-Based Encryption
Ex: e-mail address as identity & public key
Bob gets his private key from a generator (PKG)
after authenticating himself via a CA
Commercialized by Voltage Security (2002)
Revoked Keys: concatenate current date to
public key
Then PKG doesn’t provide private key after date
when compromised
15. 13.7. Authentication with
Encryption
Alice issues “challenge” message to person
Random # (nonce) encrypted with Bob’s public key
If person is actually Bob, he will be able to decrypt it
{384764342}PK(Bob) Bob
384764342
Alic
e
Eve
{957362353}PK(Bob)
???
16. A Word of Caution
In the previous example, as well as some other
examples presented in later chapters, the simple toy
protocols that we discuss are for instructive and
illustration purposes only. They are designed to make
concepts easy to understand, and are vulnerable to
various types of attacks that we do not necessarily
describe. Do not implement these protocols as is in
software.
For example, the simple “challenge” authentication
method is vulnerable to a man-in-the-middle attack.
Mallory gets a challenge from Alice, sends it to Bob
She takes his response and returns it to Alice
Bob needs to authenticate Alice as well
17. Summary
Asymmetric Cryptography: Two Keys
Publickey published in directory
Secret key known only to Bob
Solves key exchange problem
Examples: RSA, ECC
PKI required: CAs, Trusted Third Parties
Applications: IBE, Authentication, SSL…
Editor's Notes
Welcome to SEC103 on Secure Programming Techniques. In this course, I assume that you have some background in computer security, but now you want to put that background to use. For example, in the Computer Security Principles and Introduction To Cryptography courses, we cover topics such concerning trust and encryption. In this course, we put these principles into to practice, and I’ll show you have to write secure code that builds security into your applications from the ground up.
Another way to think of asymmetric encryption is as follows. When Bob gives out his public key, it is like him giving out an open, empty treasure chest. Anyone can put a message in the treasure chest and lock the treasure chest. However, Bob is the only one that can open the treasure chest because his private key is the key to the treasure chest.
In this slide, we summarize how asymmetric cryptography works. If Alice wants to send a secret message to Bob, she first constructs her message, M. She then computes a ciphertext, C, using an asymmetric encryption scheme that takes the message to be encrypted and Bob’s public key as input. Remember that Bob’s public key is public and can be published in a directory so that is how Alice knows Bob’s public key. Alice sends the ciphertext to Bob. When Bob receives the ciphertext, he feeds the ciphertext and his private key to an asymmetric decryption algorithm to recover the message.
After briefly introducing how symmetric ciphers in the last lecture, we talked about some examples of symmetric ciphers such as DES and AES. Now that we have talked about how asymmetric ciphers work in general, we will talk about two examples of them; namely, RSA and ECC. RSA is the first asymmetric encryption algorithm that we ever developed. Shortly after Diffie and Hellman published a paper about the idea of an asymmetric cipher, Rivest, Shamir, and Adelman, the R, S, and A, in RSA came up with an implementation of the idea. Even today, RSA is the most widely known and used asymmetric cipher. It is used in protocols such as SSL, CDPD, WTLS, PGP, and many others. SSL used for secure communication between web browsers and servers, we have already met. CDPD stands for Cellular Digital Packet Data, and it is a wireless data protocol. WTLS stands for Wireless Transport Layer security, and it is SSLs analog in the wireless web. So you get the point– RSA is widely used in many other protocols. The mathematical properties of the RSA algorithm are based on number theory, and we will go through a very high level overview of how it works in just a second. Its security of the algorithm depends on the difficulty of factoring large prime numbers. If it is difficult the factor large prime factors, it will be hard to break the mathematical properties of the algorithm. Common key sizes that are used with RSA are 1024, 2048, and 4096 bits. Keep in mind that since RSA is different than any other algorithm, these key sizes have not have a direct relation to the key sizes of symmetric algorithms (or even other asymmetric algorithms). That is, just because we might encrypt message with a 1024-bit RSA key, that does not mean that it is more or less “secure” in any way than encrypting a message using a 256-bit AES key. We can compare the strength of key sizes of different algorithms by measuring the expected amount of time it would take to successfully conduct a brute force attack on them, but in general it does not make much sense to directly compare the lengths of keys of two different algorithms.
Elliptic curve cryptography provides yet another way to build a public key cryptosystem. It was invented to by Neil Koblitz and Victor Miller independently at about the same time in 1985. Its discovery is much more recent than RSA. Elliptic curve cryptography is also based on number theory. Its security is not dependent upon the difficulty of factoring large prime numbers, but instead is based upon the difficulty of the elliptic curve discrete log problem. Since RSA has been around longer than ECC and mathematicians have had more time to look at attacks on RSA, we might say that RSA is more well understood than ECC. Nevertheless, ECC has started making an impact in real-world security systems, and that is why we mention it here. For example, ECC public-key crypto has been incorporated into WTLS, a wireless version of the SSL protocol. Since the mathematics of ECC are more complicated than that of RSA, were not going to cover them here, but you can consult Stallings if you are interested. The key thing to know about ECC-based public key crypto from a systems standpoint is that it allows us to do public key operations using must smaller keys than RSA allows us to do the same operations. Studies have been done which estimate that a 163-bit RSA is comparable in strength to a 1024-bit RSA key from the standpoint that it might take an attacker about the same amount of time to conduct a brute force attack on a 163-bit ECC key as it would take the attacker to conduct a brute force attack on a 1024-bit RSA key. Due to the smaller key sizes, ECC has some advantages over RSA for certain types of applications, such as wireless applications since wireless devices usually have less memory and computing resources than desktop PCs. A public company by the name of Certicom currently holds the patent for ECC-based public key crypto. As a result of the smaller key sizes, Unlike RSA, however, the security of the elliptic curve public-key cryptosystem is based on the difficulty of the discrete log problem, as opposed to the difficulty of factoring. What is the public key and what is the private key? More information on ECC at www.certicom.com http://www.certicom.com/resources/download/EccWhite3.pdf
What are the key differences between RSA and ECC? Well, as we mentioned earlier, since RSA has been around earlier, it is probably more well-understood than ECC. RSA also used to be held under a patent by RSA Data Security, but that patent expired on September 20, 2000 so RSA can be used royalty free. However, you will still need to pay royalties to Certicom, Inc. if you want to use ECC. The third advantage that RSA provides, in general, faster encryption for a comparable key strength. (Usually, a small public key exponent such as e=3 or e=65537 is used with RSA because it makes verifying digital signatures very fast. We will talk about digital signatures shortly.) Looking at ECC, we see that its advantages are: a shorter key size for comparable cryptographic strength. In order to use public key crypto, a user first needs to generate a public/private key pair that satisfies certain mathematical properties. For RSA, we needed to find two large prime numbers that we could multiply together to “set up” the system. Remember, in RSA all operations we done mod n where n was the product of these two large primes. However, checking that a number that is thousands of digits long it not easy. (That is, it takes a while!) Since ECC public key systems do not require that we use such large prime numbers, we do not have to do this primality checking. As a result, generating public-private key pairs for new users is much faster with ECC. Finally, ECC allows us to do decryption faster than RSA for comparable key strength. For more info about the trade-offs between RSA and ECC, you may consult two research papers that were written by yours truly on my web site. Double check faster encryption faster / decryption business
Until this point, we have looked at all keys as being encryption keys. That is, whether we were talking about a symmetric encryption algorithm or an asymmetric encryption algorithm, DES or RSA, we talked about using a key of the appropriate length to do encryption or decryption. The most obvious application of encryption is to achieve confidentiality. However, encryption can be used for other applications as well. For example, we can use encryption to do authentication. This is how we would do it with a public key cryptosystem. If I believe that only Bob will have Bob’s private key, then if I want to check whether or not I am really communicating with Bob, I can encrypt a “challenge” message using Bob’s public key. The challenge message is just a regular message that might say something like “If you can read this, then say ‘BOO’!” If the person on the other end of the communication is able to read the message it must be cause that person has possession of Bob’s private key, and the person should respond by sending you the message “Boo!” If we believe that Bob is responsible, and has not given his private key to anybody else, and that Bob is also smart enough to have his systems protected so that his private key was not stolen, then we have the right to believe that we are actually communicating with Bob. Hence, we just used public-key encryption to authenticate Bob. That is, we used the public key encryption scheme to check that we are actually talking to Bob and nobody else.