Public key cryptography uses asymmetric encryption with two related keys - a public key and a private key. The public key can be shared openly but the private key is kept secret. When Alice wants to send a confidential message to Bob, she encrypts it with Bob's public key. Only Bob can decrypt it using his private key. Public key infrastructure involves policies and technologies for issuing, managing, and revoking digital certificates that bind public keys to identities. Popular public key algorithms like RSA are based on the difficulty of factoring large prime numbers.
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
The Diffie-Hellman algorithm was developed by Whitfield Diffie and Martin Hellman in 1976.
This algorithm was devices not to encrypt the data but to generate same private cryptographic key at both ends so that there is no need to transfer this key from one communication end to another.
Diffie – Hellman algorithm is an algorithm that allows two parties to get the shared secret key using the communication channel, which is not protected from the interception but is protected from modification.
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
cmcs
MACs based on Block Ciphers
Digital Signature
Properties , Requirements and Security of Digital Signature
Various digital signature schemes ( Elgamal and Schnorr )
Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
The Diffie-Hellman algorithm was developed by Whitfield Diffie and Martin Hellman in 1976.
This algorithm was devices not to encrypt the data but to generate same private cryptographic key at both ends so that there is no need to transfer this key from one communication end to another.
Diffie – Hellman algorithm is an algorithm that allows two parties to get the shared secret key using the communication channel, which is not protected from the interception but is protected from modification.
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
cmcs
MACs based on Block Ciphers
Digital Signature
Properties , Requirements and Security of Digital Signature
Various digital signature schemes ( Elgamal and Schnorr )
Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
Public Key Cryptography and RSA algorithmIndra97065
Public Key Cryptography and RSA algorithm.Explanation and proof of RSA algorithm in details.it also describer the mathematics behind the RSA. Few mathematics theorem are given which are use in the RSA algorithm.
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure networks so that it cannot be read by anyone except the intended recipient.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
Encryption is a fundamental concept in cryptography that involves the process of converting plaintext (readable and understandable data) into ciphertext (encoded and unintelligible data) using a mathematical algorithm and an encryption key. The primary purpose of encryption is to ensure the confidentiality and privacy of sensitive information during transmission or storage.
In the encryption process:
1. **Plaintext:** This is the original, readable data that is to be protected. It could be a message, a file, or any form of digital information.
2. **Encryption Algorithm:** An encryption algorithm is a set of mathematical rules and procedures that transform the plaintext into ciphertext. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple DES.
3. **Encryption Key:** The encryption key is a piece of information used by the encryption algorithm to perform the transformation. The key determines the specific pattern and method by which the plaintext is converted into ciphertext. The strength of the encryption often depends on the length and randomness of the key.
4. **Ciphertext:** This is the result of the encryption process—the transformed and encoded data that appears random and is indecipherable without the corresponding decryption key.
Encryption serves several important purposes in the field of cryptography:
- **Confidentiality:** The primary goal of encryption is to keep information confidential and secure from unauthorized access. Even if an unauthorized party intercepts the ciphertext, they should be unable to understand or decipher it without the correct decryption key.
- **Integrity:** Encryption helps ensure the integrity of data by providing a means to detect any unauthorized modifications. If the ciphertext is altered, the decryption process will produce incorrect results, alerting the recipient to potential tampering.
- **Authentication:** In some encryption scenarios, the use of digital signatures or authenticated encryption helps verify the origin and authenticity of the encrypted data.
- **Secure Communication:** Encryption is widely used to secure communication over networks, such as the internet. Protocols like HTTPS (HTTP Secure) use encryption to protect the confidentiality of data transmitted between a web browser and a web server.
- **Data-at-Rest Protection:** Encryption is applied to data stored on devices or servers, ensuring that even if physical access is gained, the data remains protected from unauthorized viewing.
In summary, encryption is a crucial tool in the field of cryptography, providing a means to safeguard the confidentiality, integrity, and authenticity of sensitive information in various digital environments.
Asymmetric encryption, also known as public-key cryptography, is a cryptographic system that uses a pair of keys for secure communication. Unlike symmetric encryption, where the same key is used for both encryption and decryption, asymmetric encryption employs two distinct keys: a public key and a private key.
Public Key:
The public key is widely shared and can be freely distributed. It is used to encrypt data or messages that are intended for the owner of the corresponding private key.
Public keys are typically used for encryption and verifying digital signatures.
Private Key:
The private key is kept secret and is known only to the key owner. It is used for decrypting messages that were encrypted with the corresponding public key.
Private keys are used for decryption and creating digital signatures.
How It Works:
If Alice wants to send a secure message to Bob, she uses Bob's public key to encrypt the message. Once encrypted, only Bob, with his private key, can decrypt and access the original message.
Digital signatures work in the opposite way. If Bob wants to sign a message to prove it comes from him, he uses his private key to create a unique digital signature. Others can verify the signature using Bob's public key, ensuring the message's authenticity and integrity.
Security:
Asymmetric encryption provides a higher level of security compared to symmetric encryption because compromising one key (either the public or private key) does not compromise the other.
The security of asymmetric encryption relies on the difficulty of certain mathematical problems, such as factoring large numbers, making it computationally infeasible to derive the private key from the public key.
Common Algorithms:
RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) are among the most widely used asymmetric encryption algorithms.
Applications:
Asymmetric encryption is used in various applications, including secure communication over the internet, digital signatures for authentication, and the establishment of secure channels in protocols like SSL/TLS.
In summary, asymmetric encryption is a crucial component of modern cryptographic systems, providing a secure means of communication and data protection in a digital world.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Encryption is a technique that transforms a code from an understandable into an incomprehensible code. Many methods can be applied to an encryption process. One such method is RSA. RSA works by appointing on byte values. The value is obtained from character conversion to ASCII code. This algorithm is based on the multiplication of two relatively large primes. Applications of the RSA algorithm can be used in data security. This research provides RSA algorithm application on data security system that can guarantee data confidentiality. RSA algorithm is known as a very secure algorithm. This algorithm works with the number of bits in the search for prime numbers. The larger the bits, the less chance of ciphertext can be solved. The weakness of this method is the amount of ciphertext capacity will be floating in line with the number of prime numbers used. Also, to perform the process of encryption and decryption, RSA requires a relatively long time than other algorithms. The advantage of RSA is that complicated ciphertext is solved into plaintext.
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor.
Cryptography is a method of securing communications through some protocols in order to make the information secure or understandable only by the sender and the receiver.
A Review Paper on Secure authentication and data sharing in cloud storage usi...ijsrd.com
Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication and data again authentication. We describe new public-key cryptosystems that produce constant-size cipher texts such that efficient delegation of decryption rights for any set of cipher texts is possible. Cryptosystem or cryptographic system is any sort of methodology for encoding and accessing that information. In this technique the master key holder can release a constant-size aggregate key for flexible choices of cipher text set in cloud storage, but the other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in a smart card with very limited secure storage. We provide formal security analysis of our schemes in the standard model. We also describe other application of our schemes. In particular, one can aggregate any set of secret keys and make them compact as a single key but encompassing the power of all the keys being aggregated.
The research of the digital certified mail up to implementing the base algorithm and then, go through more on pretty good privacy (PGP) applied to the email system.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
2. Principles of Public key
Cryptography
Asymmetric encryption is a form of
cryptosystem in which encryption and
decryption are performed using the different
keys- one public key and one private key
Also known as public-key encryption
It uses mathematical functions rather than
substitution and permutation
More secure from cryptanalysis than the
symmetric encryption
3. Asymmetric keys
Two related keys, a public key and a private key,
that are used to perform complementary
operations, such as encryption and decryption or
signature generation and signature verification
Public key certificate
A digital document issued and digitally signed by
the private key of a Certification authority that
binds the name of a subscriber to a public key.
The certificate indicates that the subscriber
identified in the certificate has sole control and
access to the corresponding private key
4. Public key cryptographic algorithm
A cryptographic algorithm that uses two related
keys, a public key and a private key
Public key infrastructure
A set of policies, processes, server platform,
software and workstations used for the
purpose of administrating certificates and
public-private key pairs, including the ability to
issue, maintain, and revoke public certificate
5. Public-key cryptosystem
Asymmetric algorithms rely on one key for
encryption and a different but related key for
decryption
These algorithms have the following important
characteristics
It is computationally infeasible to determine
the decryption key given only knowledge of the
cryptographic algorithm and the encryption key
6. Six ingredients:
Plaintext - This is a readable message or data
that is fed into the algorithm as the input
Encryption algorithm - The encryption algorithm
performs various transformations on the plaintext
Public and private keys - this is a pair of keys
that have been selected so that if one is used for
encryption, the other is used for decryption. The
exact transformations performed by the algorithm
depend on the public key and the private key that
is provided as input
7. Cipher text - this is the scrambled message
produced as output
Decryption algorithm - The algorithm that
accepts the cipher text and matching key and
produces the original plain text
8.
9.
10. The essential steps are
1. Each user generates a pair of keys to be used for the
encryption and decryption of messages
2. Each user places one of the two keys in public register or
other accessible file. This is public key. The other key is
kept private. Each user maintains a collection of public keys
obtained from others
3. If Bob wishes to send a confidential message to Alice, Bob
encrypts the message using Alice’s public key
4. When Alice receives the message, she decrypts it using her
private key
5. No other recipient can decrypt the message because only
Alice knows her private key
11. Here, all participants have access to public
keys, and private keys are generated locally
by each participant and therefore need never
be distributed
As long as a user’s private key remains
protected and secret, incoming communication
is secure
At any time, a system can change its private
key and publish the related public key to
replace its old public key
16. Applications of Public-key
Cryptosystem
A applications are divided in three broad
categories:
Encryption/decryption – The sender encrypts
the message with the recipient’s public key
Digital Signature – The sender “signs” a
message with its private key
Key exchange – two sides cooperate to
exchange a session key
17. RSA Algorithm
Asymmetric key cryptographic algorithm
Rivest-Shamir-Adleman (RSA) name is given by taking the
firstname of its inventors
It uses prime numbers
This algorithm is based on the fact that it is easy to find and
multiply large prime numbers together, but it is extremely
difficult to factor their product
The private and public keys in RSA are based on very large
prime numbers
The real challenge in RSA is the selection and generation of
the public key and private key
Lets know how private key and public key are generated and,
using them, how can we perform encryption and decryption
18. Algorithm
1. Choose two prime numbers P and Q
2. Calculate N = P * Q
3. Select the public key E (i.e. Encryption key) such that it is not a
factor of (P–1) and (Q–1)
4. Select the private key D (i.e. Decryption key) such that the
following equation is true
(D * E) mod (P–1) * (Q–1) = 1
5. For encryption, calculate the cipher text CT from the plain text PT
as follows
CT = PTE mod N
6. Send CT as the cipher text to the receiver
7. For decryption, calculate the plain text PT from the cipher text CT
as follows
PT = CTD mod N
19. Example of RSA
1. Choose two large prime numbers P and Q
Let P= 7, Q=17
2. Calculate N = P * Q
N= 7 * 17= 119
3. Select the public key E such that it is not a
factor of (P-1) * (Q-1)
Lets find (7-1) * (17-1)= 6*16= 96
The factors of 96 are 2,2,2,2,2 and 3 ( because 96 =
2*2*2*2*2*3)
Thus we have to choose E such that none of the
factors of E is 2 and 3
Lets choose E as 5
20. 4. Select the private key D such that the
following equation is true
(D * E) mod (P–1) * (Q–1) = 1
Lets substitute the values of E, P and Q in the
equation
We have (D * 5) mod (7-1) * (17-1) = 1
i.e. (D * 5) mod (6) * (16) = 1
i.e. (D * 5) mod (96) = 1
After some calculations, let us take D=77
So that (77 * 5) mod (96) = 385 mod 96 = 1
21. 5. For encryption, calculate the cipher text CT
from the plain text PT as follows
CT = PTE mod N
Lets assume that plaintext PT = 10
Then, CT = 105 mod 119 = 100000 mod 119 = 40
6. Send CT as the cipher text to the receiver
Send 40 as the cipher text to the receiver
7. For decryption, calculate the plain text PT
from the cipher text CT as follows
PT = CTD mod N
PT = 4077 mod 119 = 10
22. The Security of RSA
Four possible approaches to attacking the RSA
algorithm are as follows:
Brute force: This involves trying all possible
private keys.
Mathematical attacks: There are several
approaches, all equivalent in effort to factoring the
product of two primes.
Timing attacks: These depend on the running
time of the decryption algorithm.
Chosen cipher text attacks: This type of attack
exploits properties of the RSA algorithm.
24. Key management
One of the major roles of public-key encryption
has been to address the problem of key
distribution
There are actually two distinct aspects to the
use of public-key cryptography in this regard:
The distribution of public keys
The use of public-key encryption to distribute
secret keys
25. Distribution of Public Keys
Schemes for Key distribution:
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
26. Public announcement of Public
Keys
The point of public-key encryption is that the public key is
public
Thus, if there is some broadly accepted public-key algorithm,
such as RSA, any participant can send his or her public key
to any other participant or broadcast the key to the
community at large
Although this approach is convenient, it has a major
weakness
Anyone can forge such a public announcement
That is, some user could pretend to be user A and send a
public key to another participant or broadcast such a public
key
Until such time as user A discovers the forgery and alerts
other participants, the forger is able to read all encrypted
messages intended for A and can use the forged keys for
authentication
27.
28. Publicly Available Directory
A greater degree of security can be achieved
by maintaining a publicly available dynamic
directory of public keys
Maintenance and distribution of the public
directory would have to be the responsibility of
some trusted entity or organization
Such a scheme would include the following
elements:
29. 1. The authority maintains a directory with a {name,
public key} entry for each participant.
2. Each participant registers a public key with the
directory authority. Registration would have to be in
person or by some form of secure authenticated
communication.
3. A participant may replace the existing key with a new
one at any time, either because of the desire to
replace a public key that has already been used for a
large amount of data, or because the corresponding
private key has been compromised in some way.
4. Participants could also access the directory
electronically. For this purpose, secure,
authenticated communication from the authority to
the participant is mandatory.
30. This scheme is clearly more secure than
individual public announcements but still has
vulnerabilities
If an adversary succeeds in obtaining or
computing the private key of the directory
authority, the adversary could authoritatively
pass out counterfeit public keys and
subsequently impersonate any participant and
eavesdrop on messages sent to any
participant
31.
32. Public-Key Authority
Stronger security for public-key distribution
can be achieved by providing tighter control
over the distribution of public keys from the
directory
As before, the scenario assumes that a central
authority maintains a dynamic directory of
public keys of all participants
Each participant reliably knows a public key for
the authority, with only the authority knowing
the corresponding private key
33. The following steps occur:
1. A sends a timestamped message to the public-key authority
containing a request for the current public key of B.
2. The authority responds with a message that is encrypted
using the authority's private key, PRauth Thus, A is able to
decrypt the message using the authority's public key.
Therefore, A is assured that the message originated with the
authority. The message includes the following:
1. B's public key, PUb which A can use to encrypt messages
destined for B
2. The original request, to enable A to match this response with
the corresponding earlier request and to verify that the original
request was not altered before reception by the authority
3. The original timestamp, so A can determine that this is not an
old message from the authority containing a key other than B's
current public key
34. 3. A stores B's public key and also uses it to encrypt a
message to B containing an identifier of A (IDA) and
a nonce (N1), which is used to identify this
transaction uniquely.
4, 5.B retrieves A's public key from the authority in the
same manner as A retrieved B's public key
6. B sends a message to A encrypted with PUa and
containing A's nonce (N1) as well as a new nonce
generated by B (N2) because only B could have
decrypted message (3), the presence of N1 in
message (6) assures A that the correspondent is B.
7. A returns N2, encrypted using B's public key, to
assure B that its correspondent is A.
35.
36. Public-Key Certificates
The public-key authority could be somewhat of a bottleneck
in the system, for a user must appeal to the authority for a
public key for every other user that it wishes to contact
The directory of names and public keys maintained by the
authority is vulnerable to tampering.
An alternative approach is to use certificates that can be
used by participants to exchange keys without contacting a
public-key authority
A certificate consists of a public key plus an identifier of the
key owner, with the whole block signed by a trusted third
party
The third party is a certificate authority, such as a government
agency or a financial institution, that is trusted by the user
community
37. A user can present his or her public key to the
authority in a secure manner, and obtain a
certificate And then can publish the certificate
Anyone needed this user's public key can
obtain the certificate and verify that it is valid
by way of the attached trusted signature
A participant can also convey its key
information to another by transmitting its
certificate. Other participants can verify that
the certificate was created by the authority
38. We can place the following requirements on
this scheme:
1. Any participant can read a certificate to
determine the name and public key of the
certificate's owner.
2. Any participant can verify that the certificate
originated from the certificate authority and is
not counterfeit.
3. Only the certificate authority can create and
update certificates.
39.
40. Distribution of Secret Keys Using
Public-Key Cryptography
Simple Secret Key Distribution
Secret Key Distribution with Confidentiality and
Authentication
A Hybrid Scheme
41. Simple Secret Key Distribution
If A wishes to communicate with B, the following
procedure is employed:
1. A generates a public/private key pair {PUa, PRa}
and transmits a message to B consisting of PUa
and an identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to
A, encrypted with A's public key.
3. A computes D(PRa, E(PUa, Ks)) to recover the
secret key. Because only A can decrypt the
message, only A and B will know the identity of
Ks.
4. A discards PUa and PRa and B discards PUa.
42.
43. A and B can now securely communicate using
conventional encryption and the session key
Ks
At the completion of the exchange, both A and
B discard Ks.
Despite its simplicity, this is an attractive
protocol. No keys exist before the start of the
communication and none exist after the
completion of communication.
The risk of compromise of the keys is minimal
44. The protocol depicted in Figure is insecure
against an adversary who can intercept
messages and then either relay the
intercepted message or substitute another
message
Such an attack is known as a man-in-the-
middle attack
In this case, If an adversary, E, has control of
the intervening communication channel, then
E can compromise the communication in the
following fashion without being detected:
45. 1. A generates a public/private key pair {PUa, PRa}
and transmits a message intended for B
consisting ofP Ua and an identifier of A, IDA.
2. E intercepts the message, creates its own
public/private key pair {PUe, PRe} and transmits
PUe||IDA to B.
3. B generates a secret key, Ks, and transmits
E(PUe, Ks).
4. E intercepts the message, and learns Ks by
computing D(PRe, E(PUe, Ks)).
5. E transmits E(PUa, Ks) to A.
46. Secret Key Distribution with
Confidentiality and Authentication
It provides protection against both active and passive attacks
It is assumed that A and B have exchanged public keys by one of the
schemes
1. A uses B's public key to encrypt a message to B containing an identifier
of A (IDA) and a nonce (N1), which is used to identify this transaction
uniquely.
2. B sends a message to A encrypted with PUa and containing A's nonce
(N1) as well as a new nonce generated by B (N2) Because only B could
have decrypted message (1), the presence of N1 in message (2) assures
A that the correspondent is B.
3. A returns N2 encrypted using B's public key, to assure B that its
correspondent is A.
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B.
Encryption of this message with B's public key ensures that only B can
read it; encryption with A's private key ensures that only A could have
sent it.
5. B computes D(PUa, D(PRb, M)) to recover the secret key.
47.
48. A Hybrid Scheme
This scheme retains the use of a key
distribution center (KDC) that shares a secret
master key with each user and distributes
secret session keys encrypted with the master
key
A public key scheme is used to distribute the
master keys
The following rationale is provided for using
this three-level approach:
49. Performance:
There are many applications, especially transaction-
oriented applications, in which the session keys
change frequently.
Distribution of session keys by public-key encryption
could degrade overall system performance because of
the relatively high computational load of public-key
encryption and decryption. With a three-level
hierarchy, public-key encryption is used only
occasionally to update the master key between a user
and the KDC.
Backward compatibility:
The hybrid scheme is easily overlaid on an existing
KDC scheme, with minimal disruption or software
changes.
50. The addition of a public-key layer provides a
secure, efficient means of distributing master
keys
This is an advantage in a configuration in
which a single KDC serves a widely distributed
set of users
51. Diffie-Hellman key exchange
Algorithm
The two parties, who want to communicate
securely, can agree on a symmetric key using
this technique
The can then can be used for encryption and
decryption
This algorithm can be used only for key
agreement, but not for encryption and
decryption
Once both parties agree on the key to be
used, they need to use other symmetric
encryption algorithms
52. Description of algorithm
Lets assume that Alice and Bob want to agree
upon a key to be used for encrypting/decrypting
messages that would be exchanged between
them
Then the Diffie-Hellman algorithm works as
follows:
1. Firstly, Alice and Bob agree on two large prime
numbers, n and g. these two integers need not
be kept secret. Alice and Bob can use insecure
channel to agree on them
2. Alice chooses another large random number x,
and calculates A such that
A = gx mod n
53. 3. Alice sends the number A to Bob
4. Bob independently chooses another large
random integer y and the n calculates B such
that
B = gy mod n
5. Bob sends the number B to Alice
6. A now computes the secret key K1
K1 = Bx mod n
7. B now computes the secret key K2
K2 = Ay mod n
54.
55. Example
1. Let n=11, g=7
2. Let x=3. then, we have A=73 mod 11=343
mod 11 =2
3. Alice sends 2 to Bob
4. Let y=6. then we have, B=76 mod 11=117649
mod 11 =4
5. Bob sends the 4 to Alice
6. We have, K1=43 mod 11= 64 mod 11 = 9
7. We have K2 = 26 mod 11=64 mod 11 = 9
56. Elliptic Curve
Cryptography(ECC)
An elliptic curve (EC) is a smooth, projective algebraic curve
on which there is a specified point O
The main difference between RSA and ECC is that unlike
RSA, ECC offers the same level of security for smaller key
sizes
ECC requires much smaller keys than those used in
conventional public key cryptosystem, while maintaining the
same level of security
The use of elliptic cures therefore allows faster encryption
and decryption
ECC is highly mathematical in nature
An Elliptic Curve is similar to a normal curve draw as a graph
on x-axes and y-axes and has points
Each point can be designated by an (x , y) coordinate
57. This is how elliptic curve public key
cryptography works
For Alice and Bob to communicate securely
over an unsecure network they can exchange
a private key over this network in the following
way:
A particular rationale base point P is published
in a public domain for use with a particular
elliptic curve E also published in a public
domain
Alice and Bob choose random integers Ka and
Kb respectively, which they use as private key
58. Alice computes Ka * P, Bob computes Kb * P and
they exchange these values over the network
Using the information they received from each
other and their private keys, both Alice and Bob
compute (Ka * Kb)*P = Ka * (Kb * P) =Kb * (Ka *
P)
This value is then the shared secret that only Alice
and Bob possess.
The private keys Ka and Kb and the shared
secrety (Ka * Kb)*P are difficult to compute given
Ka * P and Kb * P
Thus Alice and Bob do not compromise their
private keys or their shared secret in exchange