1 / 42

Public-Key Cryptography and Message Authentication

In the Name of the Most High . Public-Key Cryptography and Message Authentication. Behzad Akbari Spring 2012. OUTLINE. Approaches to Message Authentication Secure Hash Functions and HMAC Public-Key Cryptography Principles Public-Key Cryptography Algorithms Digital Signatures

jaguar
Download Presentation

Public-Key Cryptography and Message Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. In the Name of the Most High Public-Key Cryptography andMessageAuthentication BehzadAkbari Spring 2012

  2. OUTLINE • Approaches to Message Authentication • Secure Hash Functions and HMAC • Public-Key Cryptography Principles • Public-Key Cryptography Algorithms • Digital Signatures • Key Management

  3. Authentication • Requirements: must be able to verify that: 1. Message came from apparent source or author, 2. Contents have not been altered, 3. Sometimes, it was sent at a certain time or sequence. • Protection against active attack (falsification of data and transactions)

  4. Approaches to Message Authentication • Authentication Using Conventional Encryption • Only the sender and receiver should share a key • Message Authentication without Message Encryption • An authentication tag is generated and appended to each message • Message Authentication Code • Calculate the MAC as a function of the message and the key. MAC= F(K, M)

  5. One-way HASH function

  6. One Way Hash Function • Ideally we would like to avoid encryption, because: • Encryption software is slow • Encryption hardware costs aren’t cheap • Hardware optimized toward large data sizes • Algorithms covered by patents • Algorithms subject to exportcontrol

  7. One-way HASH function • Secret value is added before the hash and removed before transmission.

  8. Secure HASH Functions • Purpose of the HASH function is to produce a ”fingerprint. • Properties of a HASH function H : • H can be applied to a block of data at any size • H produces a fixed length output • H(x) is easy to compute for any given x. • For any given value h, it is computationally infeasible to find x such that H(x) = h • For any given block x, it is computationally infeasible to find with H(y) = H(x). • It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)

  9. Simple Hash Function • One-bit circular shift on the hash value after each block is processed would improve

  10. Message Digest Generation Using SHA-1

  11. SHA-1 Processing of single 512-Bit Block

  12. Other Secure HASH functions

  13. HMAC(Hash-based MAC) • Use a MAC derived from a cryptographic hash code, such as SHA-1. • Motivations: • Cryptographic hash functions executes faster in software than encryptoin algorithms such as DES • Library code for cryptographic hash functions is widely available • No export restrictions from the US

  14. HMAC Structure

  15. Public-Key Cryptography Principles • The use of two keys has consequences in: key distribution, confidentiality and authentication. • The scheme has six ingredients (see Figure 3.7) • Plaintext • Encryption algorithm • Public and private key • Ciphertext • Decryption algorithm

  16. Encryption using Public-Key system

  17. Authentication usingPublic-Key System

  18. Applications for Public-Key Cryptosystems • Three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender ”signs” a message with its private key. • Key echange: Two sides cooperate two exhange a session key.

  19. Requirements for Public-Key Cryptography • Computationally easy for a party B to generate a pair (public key KUb, private key KRb) • Easy for sender to generate ciphertext: • Easy for the receiver to decrypt ciphertect using private key:

  20. Requirements for Public-Key Cryptography • Computationally infeasible to determineprivate key (KRb) knowing public key (KUb) • Computationally infeasible to recover message M, knowing KUband ciphertext C • Either of the two keys can be used for encryption, with the other used for decryption:

  21. Public-Key Cryptographic Algorithms • RSA and Diffie-Hellman • RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977. • RSA is a block cipher • The most widely implemented • Diffie-Hellman • Exchange a secret key securely • Compute discrete logarithms

  22. The RSA Algorithm–Key Generation • Select p,q p and q both prime • Calculate n = p x q • Calculate • Select integer e • Calculate d • Public Key KU = {e,n} • Private key KR = {d,n}

  23. The RSA Algorithm - Encryption • Plaintext: M<n • Ciphertext: C = Me (mod n)

  24. The RSA Algorithm - Decryption • Ciphertext: C • Plaintext: M = Cd(mod n)

  25. d e c = m mod n m = c mod n d c RSA example: Bob chooses p=5, q=7. Then n=35, z=(p-1) (q-1)=24. e=5 (so e, z relatively prime). (d=29(so ed-1 exactly divisible by z. e m m letter encrypt: l 17 1524832 12 c letter decrypt: 17 12 l 481968572106750915091411825223071697

  26. Example of RSA Algorithm

  27. ed e d (m mod n) mod n = m mod n edmod (p-1)(q-1) 1 = m = m mod n = m mod n y y mod (p-1)(q-1) d e x mod n = x mod n m = (m mod n) mod n RSA: Why is that Useful number theory result: If p, q prime and n = pq, then: (using number theory result above) (since we choseed to be divisible by (p-1)(q-1) with remainder 1 )

  28. Diffie-Hellman

  29. Diffie-Hellman • Alice and Bob agree to use a prime number p=23 and base g=5. • Alice chooses a secret integer a=6, then sends Bob (ga mod p) • 56 mod 23 = 8. • Bob chooses a secret integer b=15, then sends Alice (gb mod p) • 515 mod 23 = 19. • Alice computes (gb mod p)a mod p • 196 mod 23 = 2. • Bob computes (ga mod p)b mod p • 815 mod 23 = 2. base g : primitive root of p A primitive root of p is a number r such that any integer a between 1 and p-1 can be expressed by a=r^k mod p, with k a nonnegative integer smaller that p-1.

  30. Other Public-Key Cryptographic Algorithms • Digital Signature Standard (DSS) • Makes use of the SHA-1 • Not for encryption or key echange • Elliptic-Curve Cryptography (ECC) • Good for smaller blocksize • Low confidence level, compared with RSA • Very complex

  31. H(.) public Internet m m m append H(.) H(m+s) H(m+s) H(m+s) H(m+s) compare Message Authentication Code (shared secret) s (message) s (shared secret)

  32. MACs in practice • MD5 hash function widely used (RFC 1321) • computes 128-bit MAC in 4-step process. • arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x • recent (2005) attacks on MD5 • SHA-1 is also used • US standard [NIST, FIPS PUB 180-1] • 160-bit MAC

  33. Digital Signatures cryptographic technique analogous to hand-written signatures. • sender (Bob) digitally signs document, establishing he is document owner/creator. • verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

  34. - - K K B B Digital Signatures simple digital signature for message m: • Bob “signs” m by encrypting with his private key KB, creating “signed” message, KB(m) - - Bob’s private key Bob’s message, m (m) Dear Alice Oh, how I have missed you. I think of you all the time! …(blah blah blah) Bob Bob’s message, m, signed (encrypted) with his private key public key encryption algorithm

  35. Digital Signatures (more) • suppose Alice receives msg m, digital signature KB(m) • Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m. • if KB(KB(m) ) = m, whoever signed m must have used Bob’s private key. - - + - + + - - Alice thus verifies that: • Bob signed m. • No one else signed m. • Bob signed m and not m’. non-repudiation: • Alice can take m, and signature KB(m) to court and prove that Bob signed m.

  36. Digital signature = signed MAC H: hash function H: hash function large message m large message m + - digital signature (decrypt) digital signature (encrypt) K K B B encrypted msg digest encrypted msg digest + - - KB(H(m)) KB(H(m)) H(m) H(m) Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: H(m) Bob’s private key Bob’s public key equal ?

  37. Public Key Certification public key problem: • When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? solution: • trusted certification authority (CA)

  38. + + digital signature (encrypt) K K B B - K K CA CA + (K ) B Certification Authorities • Certification Authority (CA): binds public key to particular entity, E. • E registers its public key with CA. • E provides “proof of identity” to CA. • CA creates certificate binding E to its public key. • certificate containing E’s public key digitally signed by CA: CA says “This is E’s public key.” Bob’s public key CA private key certificate for Bob’s public key, signed by CA - Bob’s identifying information

  39. + + digital signature (decrypt) K K B B - K K CA CA + (K ) B Certification Authorities • when Alice wants Bob’s public key: • gets Bob’s certificate (Bob or elsewhere). • apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key CA public key +

  40. Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) A certificate contains: • info about certificate issuer • valid dates • digital signature by issuer

  41. Key ManagementPublic-Key Certificate Use

More Related