1 / 12

Cyrtographic Security

Cyrtographic Security. Identity-based Encryption. Diffie -Hellman Key Exchange. How can two parties come to possess a shared secret using only insecure channels of communication? Assumes passive eavesdropping only (i.e. susceptible to active ( wo )man-in-the-middle attack)

dagmar
Download Presentation

Cyrtographic Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyrtographic Security Identity-based Encryption Dennis Kafura – CS5204 – Operating Systems

  2. Diffie-Hellman Key Exchange How can two parties come to possess a shared secret using only insecure channels of communication? Assumes passive eavesdropping only (i.e. susceptible to active (wo)man-in-the-middle attack) Relies on prime number groups (more later) Same/similar techniques underlie more recent cryptographic methods Dennis Kafura – CS5204 – Operating Systems

  3. Diffie-Hellman Key Exchange • Some mathematics • If p is prime number, then the numbers 1..p-1 form a group of order p-1 with multiplication modulo p as its operator. • A generator, g, is any number 1..p-1 such that for all n in 1..p-1 there is a power k such that n=gkmod p. • Example: 3 is a generator for the group with p=7 • Notation: • Operations: • Security based on computational infeasibility of solving the discrete logarithm problem (i.e., finding x if y = gx mod p given y, g, and p). Dennis Kafura – CS5204 – Operating Systems

  4. Key Exchange Protocol • Public information • A prime number, p • A generator, g • Steps • Alice chooses a random number a and computes u=ga mod p and sends u to Bob. • Bob chooses a random number b and computes v=gb mod p and sends v to Alice. • Bob computes the key k = ub = (ga)b mod p. • Alice computes the key k = va = (gb)a mod p. • (note: both Bob and Alice have k = (gab) mod p) Dennis Kafura – CS5204 – Operating Systems

  5. Identity-based encryption • Public-key encryption • Identity is conveyed in a certificate from a certificate authority that binds the public key to the identity • Certificate must be obtained in advance • Certificate authority is trusted to validate claim of identity • Identity-based encryption • Identity itself serves as the public key (e.g, bob@company.com) • No advance preparation needed • Trusted service validates claim of identity • Key escrow issue (trusted service can recreate secret key associated with an identity) Dennis Kafura – CS5204 – Operating Systems

  6. Identity-based encryption Bob Alice send private key Encrypted with bob@company.com as public key Private Key Generator authenticate bob@company.com Dennis Kafura – CS5204 – Operating Systems

  7. Identity-based Encryption Private Key Generator (PKG) master-key Extract Setup k ID ID params Receiver dID Decrypt C Encrypt M M Sender Dennis Kafura – CS5204 – Operating Systems

  8. Bilinear Maps • Some mathematics • Fortunately, groups with these properties can be generated algorithmically using a positive integer seed value (security parameter) k. Dennis Kafura – CS5204 – Operating Systems

  9. Identity-based encryption BasicIdent algorithms Setup Dennis Kafura – CS5204 – Operating Systems

  10. Identity-based Encryption Extract Encrypt Decrypt Dennis Kafura – CS5204 – Operating Systems

  11. Why does this work? Encryption bitwise exclusive-ors M with: Decryption bitwise exclusive-ors V with: These masks are the same since: Dennis Kafura – CS5204 – Operating Systems

  12. Extensions bilinear groups ID-based threshold secret sharing attribute/fuzzy ID access tree key/policy-based Dennis Kafura – CS5204 – Operating Systems

More Related