350 likes | 369 Views
This lecture discusses the introduction of electronic mail and the need to preserve privacy and digital signatures. It includes topics such as key distribution, Diffie-Hellman key agreement, and public-key cryptosystems.
E N D
Lecture 6: Key Exchange The era of “electronic mail” [Potter1977] may soon be upon us; we must ensure that two important properties of the current “paper mail” system are preserved: (a) messages are private, and (b) messages can be signed. R. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, January 1978. (The original RSA paper.) David Evans http://www.cs.virginia.edu/~evans CS551: Security and Privacy University of Virginia Computer Science
Menu • PS1 • RC6 Proof Challenge (Vic Ludwig) • Key Distribution (Greg Lamm) • Diffie-Hellman Key Agreement • Intro to Public-Key Cryptosystems • Return PS1 University of Virginia CS 551
PS1 • Problem 2 • Process more interesting than answer • Problem 4 • Even a “provably perfect” scheme breaks in practice • Bonus question: • any 98 agents obtain no information • any 99 agents can determine message • key data O(100 * n) University of Virginia CS 551
RC6 Proof Vic Ludwig University of Virginia CS 551
U.S. Army Key Distribution Greg Lamm
U.S. Army Distribution • Two Distribution Schemes • Physically • OTAR • Three Types of Distributions • Initial (Staging Area) • Operating Procedures • Compromise (Equipment or Keys) • A tactical network (voice/data) can have over 20 keys. • Key Types • Transmission Encryption Key (TEK)-128 bit • Key Encryption Key (KEK)-128 bit • Key Distribution is Technology + People University of Virginia CS 551
DREAR Staging Area Key Distribution 2BDE 1-62 ADA BSA 45 CSB DMAIN • Close Connectivity • Static Environment • Data/Voice Network • Key Distributed • Physically • Test OTAR DTAC
DREAR Tactical Network Key Distribution 2BDE 1-62 ADA BSA 45 CSB DMAIN DTAC • Dispersed Connectivity • Dynamic Environment • Data/Voice Network • Key Distributed • OTAR
FM Key Distribution AVN TOC AVN FARP 1-14 TOC 2d BDE ALT NCS 1-14 SCOUTS DTAC NCS 1-27 TOC 2d BDE TOC 1-27 SCOUTS DREAR 45 CSG FWD 45 CSG MAIN • Dispersed Connectivity • NCS issues key distribution by SOP University of Virginia CS 551
Key Distribution Problems NCS ALT NCS TEK 1 damaged TEK 1 TEK 2 1 2 3 4 5 6 7 • Multiple Key Distributors • Issuing a second key at the staging area • Good for compromise • Bad if it is not the same (only testing TEK 1) • Labeling Keys with name rather than code • Key Training, Handling and Protection University of Virginia CS 551
Public-Key Cryptosystems University of Virginia CS 551
Public-Key Cryptosystems • Distributing secret keys is hard and expensive • Can two people communicate securely without having to meet first and establish a key? University of Virginia CS 551
E (“Alice” || KAB, KB) E (KAB, KB) E (KAB, KA) E (M, KAB) Trust a Third Party Keys “R” Us knows KA, KB ... Generates random KAB E(“Bob”, KA) Bob Alice University of Virginia CS 551
Merkle’s Puzzles • Ralph Merkle [1974] • Alice generates 220 messages: “This is puzzle x. The secret is y.” (x and y are random numbers) • Encrypts each message using symmetric cipher with a different key. • Sends all encrypted messages to Bob University of Virginia CS 551
Merkle’s Puzzles, cont. • Bob chooses random message, performs brute-force attack to recover plaintext and key k • Bob sends x (clear) to Alice • Alice and Bob use k to encrypt messages University of Virginia CS 551
Is this secure? • Alice: symmetric cipher DES ~255 expected brute force work to break DES • Eve: has to break the 220 to find which one matches x. ~ 219 * 255 expected work • Alice and Bob change keys frequently enough since it is less work to agree to a new key University of Virginia CS 551
Birth of Public Key Cryptosystems • 1969 – ARPANet born: 4 sites • Whitfield Diffie starts thinking about strangers sending messages securely • 1974 – Whitfield Diffie gives talk at IBM lab • Audience member mentions that Matrin Hellman (Stanford prof) had spoke about key distribution • That night – Diffie starts driving 5000km to Palo Alto • Diffie, Hellman and Ralph Merkle work on key distribution problem University of Virginia CS 551
We stand today on the brink of a revolution in cryptography. Diffie and Hellman, “New Directions in Cryptography”, IEEE Transactions on Information Theory, November 1976. University of Virginia CS 551
Alice’s Secret Color Bob’s Secret Color CA = Yellow + Purple CB = Yellow + Red K = Yellow + Red + Purple K = Yellow + Purple + Red Analogy due to Simon Singh, The Code Book. Secret Paint Mixing Alice Bob Yellow paint (public) Eve University of Virginia CS 551
Diffie-Hellman Key Agreement • Choose public numbers: q (large prime number), (generator mod q) • A generates random XAand sends B: YA =XA mod q. • B generates random XBand sends A: YB = XB mod q. • A calculates secret key: K = (YB) XA mod q. • B calculates secret key: K = (YA) XB mod q. University of Virginia CS 551
What’s a generator? • is a generator mod q if for all 0 n < q, there is some 1 m< q such that m = n mod q • Is m unique? • Yes: Proof by counting. • Discrete logarithm: given , n, and q find 0 m< q such that m = n mod q. University of Virginia CS 551
Example • What is a generator for q = 11? 2111 2 26 = 64 11 9 2211 4 27 = 128 11 7 2311 8 28 = 256 11 3 24 = 16 11 5 29 = 512 11 6 25 = 32 11 10 210 = 1024 11 1 If q is prime, there must be a generator. University of Virginia CS 551
Diffie-Hellman Example • Choose public numbers: q (large prime number), (generator mod q): q = 11, = 2 • A generates random XAand sends B: YA =XA mod q. XA = 4, YA =24mod 11 = 16 mod 11 = 5 • B generates random XBand sends A: YB = XB mod q. XB = 6, YB =26mod 11 = 64 mod 11 = 9 Example from Tom Dunigan’s notes: http://www.cs.utk.edu/~dunigan/cs594-cns00/class14.html University of Virginia CS 551
Diffie-Hellman Example, cont. q = 11, = 2 XA = 4, YA =5 XB = 6, YB =9 • A calculates secret key: K = (YB) XA mod q. K = 94mod 11 = 6561 mod 11 = 5. • B calculates secret key: K = (YA) XB mod q. K = 56mod 11 = 15625 mod 11 = 5. University of Virginia CS 551
Is it magic? Things to Prove: • They generate the same keys: K = (YB) XA mod q = (YA) XB mod q • An eavesdropper cannot find K from any transmitted value: q, ,YA, YB University of Virginia CS 551
Stallings: “by the rules of modular arithmetic” 1. Keys Agree • Prove K = (YB)XA mod q = (YA)XB mod q. (YB)XA mod q (YA)XB mod q = (XB mod q)XA mod q = (XA mod q)XB mod q = (XB)XA mod q = (XA)XB mod q = XBXA mod q = XAXB mod q QED. University of Virginia CS 551
Modular Exponentiation (a mod q)b mod q= ab mod q (7 mod 6)2 mod 6= 72 mod 6 12 mod 6 = 49mod 6 Proof by example? University of Virginia CS 551
Modular Exponentiation • First prove: (a * b) mod q = (a mod q) * (b mod q) mod q • Then, by induction, (a mod q)b mod q= ab mod q since ab = a * ab-1and a1 = a. University of Virginia CS 551
Modular Arithmetic (a * b) mod n = x x + (n * d0) = a * b x = a * b – (n * d0) a mod n = y y = a – (n * d1) b mod n = z z = b – (n * d2) (a mod n) * (b mod n) mod n = (a – (n * d1)) * (b – (n * d2)) mod n = (a * b + (a * (n * d2) – b * (n * d1) + (n * d1)(n * d2)) mod n = a * b mod n (all terms with n * are 0 mod n) University of Virginia CS 551
2. Secure from Eavesdropper • An eavesdropper cannot find K from any transmitted value: q, ,YA, YB K = (YB)XA mod q = (YA)XB mod q • To find K without XA or XB we need to find x and y such that (YB)xmod q = (YA)ymod q • Finding discrete logarithms is (probably) hard! (More on this later...) University of Virginia CS 551
Diffie-Hellman Use • SSL • Cisco encrypting routers • Sun secure RPC • etc... University of Virginia CS 551
Public-Key Cryptography • Same paper introduced concept of Public-Key Cryptography • Private algorithm: E • Public algorithm: D • Identity: E (D(m)) = D (E(m)) = m • Secure: cannot determine E from D • But didn’t know how to find suitable E and D University of Virginia CS 551
Who really invented public-key cryptography? • General Communications Headquarters, Cheltenham (formed from Bletchley Park after WWII) • 1969 – James Ellis asked to work on key distribution problem • Secure telephone conversations by adding “noise” to line • Late 1969 – idea for PK, but function University of Virginia CS 551
RSA & Diffie-Hellman • Asks Clifford Cocks, Cambridge mathematics graduate, for help • He discovers RSA (four years early) • Then (with Malcolm Williamson) discovered Diffie-Hellman • Kept secret until 1997! • NSA claims they had it even earlier University of Virginia CS 551
Charge • Next time: • Rivest, Shamir, Adelman: First solution to finding suitable E and D • Identity: E (D(m)) = D (E(m)) = m • Secure: cannot determine E from D • Read the paper! • Go somewhere appropriate • Identify 2 questionable statements in the paper University of Virginia CS 551