160 likes | 169 Views
This article discusses the goals, basic terminology, forms of attack, and different types of cryptosystems in operating systems. It also explores the RSA method, encryption, decryption, digital signatures, and secure communication.
E N D
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems
Goals of Cryptography • The most basic problem : ensure security of communication over in-secure medium • Security Goals: • - privacy (secrecy, confidentiality) • only the intended recipient can see the communication • - authenticity (integrity) • the communication is generated by the intended sender • information is not altered or destroyed • - non-repudiation • party in a dispute cannot repudiate, or refute the validity of a statement CS 5204 – Operating Systems
Basic terminology in Cryptography Plaintexts Cipher texts Keys Encryption Decryption Cryptography Cryptanalysis Cryptology
Cryptography CA M’ public information C M M E D Kd Ke Decryption key Encryption key • Forms of attack: • ciphertextonly • knownplaintext • chosenplaintext CS 5204 – Operating Systems
Forms of Cryptosystems Secret-key cryptography (a.k.a. symmetric cryptography) – encryption & decryption use the same key – key must be kept secret – key distribution is very difficult Public-key cryptography (a.k.a. asymmetric cryptography) – encryption key different from decryption key – cannot derive decryption key from encryption key
(1) A B (2) Combining Public/Private Key Systems Public key encryption is more expensive than symmetric key encryption For efficiency, combine the two approaches • Use public key encryption for authentication; once authenticated, transfer a shared secret symmetric key • (2) Use symmetric key for encrypting subsequent data transmissions CS 5204 – Operating Systems
M M Bob Ebob(M) Dbob(C) Alice C ? Ebob is the public key for Bob Dbob is the private key for Bob Eve Secure Communication - Public Key System CS 5204 – Operating Systems
M RivestShamirAdelman (RSA) Method M C Cd mod n Me mod n Bob Alice (e, n) (d, n) Encryption Key for Bob Decryption Key for Bob CS 5204 – Operating Systems
RSA Method 1. Choose two large (100 digit) prime numbers, p and q, and set n = p x q 2. Choose any large integer, d, so that: GCD( d, ((p1)x(q1)) = 1 3. Find e so that: e x d = 1 (modulo (p1)x(q1)) Example: 1. p = 5, q = 11 and n = 55. (p1)x(q1) = 4 x 10 = 40 2. A valid d is 23 since GCD(40, 23) = 1 3. Then e = 7 since: 23 x 7 = 161 modulo 40 = 1 CS 5204 – Operating Systems
Encryption and Decryption using RSA method Encryption - Alice does the following:- i) Obtains Bob’s public key (e, n). ii) Represents the plaintext message as a positive integer m. iii) Computes the ciphertext c = m^e mod n. iv) Sends the ciphertext c to Bob. Decryption - Bob does the following:- i) Uses his private key (d, n) to compute m = c^d mod n. ii) Extracts the plaintext from the message representative m.
File/message hash process digest (Large) Document Integrity • Digest properties: • fixed-length, condensation of the source • efficient to compute • irreversible - computationally infeasible for the original source to be reconstructed from the digest • unique - difficult to find two different sources that map to the same digest (collision resistance) • Also know as: fingerprint • Examples: MD5 (128 bits), SHA-1 (160 bits) CS 5204 – Operating Systems
(Large) Document Integrity • Note that small differences in the input result in very different digests CS 5204 – Operating Systems
file file digital envelope hash process decrypt with sender’s public key compare digest digest Guaranteeing Integrity CS 5204 – Operating Systems
Digital Signatures (Public Key) • Requirements: • cannot be forged and unique • receiver: knows that a message came from the sender (authenticity) • sender: cannot deny authorship( non-repudiation) • message integrity • sender & receiver: message contents preserved (integrity)(e.g., cannot cutandpaste a signature into a message) • Public Key System: • sender, Alice: (EAlice : public, DAlice : private) • receiver, Bob: (EBob : public, DBob : private) • sender(Alice) C= EBob (DAlice (M)) > receiver(Bob) • receiver(Bob) M = EAlice (DBob (C)) > M CS 5204 – Operating Systems
Digital Signature using RSA Method Digital Signing Bob does the following:- i) Creates a message digest of the information to be sent. ii) Represents this digest as an integer m between 0 and n-1. iii) Uses her private key (d, n) to compute the signature s = m^d mod n. iv) Sends this signature s to Bob. Signature verification:- Alice does the following:- i) Uses Bob’s public key (e, n) to compute integer v = s^e mod n. ii) Extracts the message digest from this integer. iii) Independently computes the message digest of the information that has been signed. iv) If both message digests are identical, the signature is valid.
Secure Communication (Public Key) Handshaking EPKB, (IA, A) EPKA (IA, IB) B A EPKB (IB) IA, IB are “nonces” nonces can be included in each subsequent message PKB: public key of B; PKA: public key of A;