150 likes | 225 Views
17.5.3 Encryption. A DBMS can use encryption to protect information in certain situations where the normal security mechanisms of the DBMS are not adequate. For example, an intruder may steal tapes containing some data or tap a communication line.
E N D
17.5.3 Encryption • A DBMS can use encryption to protect information in certain situations where the normal security mechanisms of the DBMS are not adequate. • For example, an intruder may steal tapes containing some data or tap a communication line. • By storing and transmitting data in an encrypted form, the DBMS ensures that such stolen data is not intelligible to the intruder.
Cont. • The basic idea behind encryption is to apply an encryption algorithm, which may be accessible to the intruder, to the original data and a user-specified or DBA-specified encryption key, which is kept secret. • The output of the algorithm is the encrypted version of the data. • There is also a decryption algorithm, which takes the encrypted data and the encryption key as input and then returns the original data.
Cont. • Without the correct encryption key, the decryption algorithm produces gibberish. • The main weakness of this approach is that authorized users must be told the encryption key, and the mechanism for communicating this information is vulnerable to clever intruders. • Another approach to encryption, called public-key encryption, has become increasingly popular in recent years.
Cont. • The encryption scheme proposed by Rivest, Shamir, and Adleman, called RSA, is a well-known example of public-key encryption. • Each authorized user has a public encryption key, known to everyone, and a private decryption key (used by the decryption algorithm), chosen by the user and known only to him or her.
RSA Encryption • In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography. • It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. • In this method, one party (a bank customer, for example) uses a public key. Kp. • The other party uses a secret (private) key, Ks. • Both uses a number, N.
Cont. • The RSA algorithm involves three steps: • key generation. • Encryption. • Decryption. • Key generation: • RSA involves a public key and a private key. • The public key can be known to everyone and is used for encrypting messages. • Messages encrypted with the public key can only be decrypted using the private key.
Cont. • The keys for the RSA algorithm are generated in the following way: • Choose two distinct prime numbers p and q. • For security purposes, the integers p and q should be chosen uniformly at random and should be of similar bit-length. • Compute n = pq. • n is used as the modulus for both the public and private keys. • Compute m= (p − 1)(q − 1). • Choose an integer e such that 1 < e < m, and e and m share no divisors other than 1. (i.e. e and m are coprime).
Cont. • In mathematics, two integers a and b are said to be coprime or relatively prime if they have no common positive factor other than 1 or, equivalently, if their greatest common divisor is 1. (example 6, 35). • Find d, such that de % m = 1 • Publish e and n as the public key. • Keep d and n as the secret key. • Encryption : C = Pe % n • Decryption: P = Cd % n
Example • Generate two large prime numbers, p and q. • To make the example easy to follow ,small numbers will be used, but this is not secure. • To find random primes, we start at a random number and go up ascending odd numbers until we find a prime. Lets have: p = 7, q = 19 • Let n = pq. • n = 7 * 19 = 133 • Let m = (p - 1)(q - 1) • m = (7 - 1)(19 - 1) = 6 * 18 = 108
Cont. • Choose a small number, e coprime to m • e coprime to m, means that the largest number that can exactly divide both e and m (their greatest common divisor, or GCD) is 1. Euclid's algorithm is used to find the GCD of two numbers. • e = 2 => GCD(e, 108) = 2 (no)e = 3 => GCD(e, 108) = 3 (no)e = 4 => GCD(e, 108) = 4 (no)e = 5 => GCD(e, 108) = 1 (yes!)
Cont. • Find d, such that de % m = 1 • This is equivalent to finding d which satisfies de = 1 + nm where n is any integer. • We can rewrite this as d = (1 + nm) / e. • Now we work through values of n until an integer solution for e is found: • n = 0 => d = 1 / 5 (no)n = 1 => d = 109 / 5 (no)n = 2 => d = 217 / 5 (no)n = 3 => d = 325 / 5 = 65 (yes!)
Cont. • Public Key • n = 133 • e = 5 • Secret Key • n = 133 • d = 65
Cont. • Encryption: • For this example, lets use the message "6". • C = Pe % n = 65 % 133 = 7776 % 133 = 62
Cont. • Decryption: • P = Cd % n = 6265 % 133 = 62 * 6264 % 133 = 62 * (622)32 % 133 = 62 * 384432 % 133 = 62 * (3844 % 133)32 % 133 = 62 * 12032 % 133
Cont. • We now repeat the sequence of operations that reduced 6265 to 12032 to reduce the exponent down to 1. • = 62 * 3616 % 133 = 62 * 998 % 133 = 62 * 924 % 133 = 62 * 852 % 133 = 62 * 43 % 133 = 2666 % 133 = 6 • And that matches the plaintext we put in at the beginning.