170 likes | 338 Views
Cryptographic Security. Identity-Based Encryption. Cryptography. ciphertext. message. Alice. Bob. untrusted network. encrypt. decrypt. Types Symmetric key Asymmetric key. Attacks Ciphertext only Known plaintext Chosen plaintext. Intruder. RSA Encryption.
E N D
Cryptographic Security Identity-Based Encryption
Cryptography ciphertext message Alice Bob untrusted network encrypt decrypt • Types • Symmetric key • Asymmetric key • Attacks • Ciphertext only • Known plaintext • Chosen plaintext Intruder
RSA Encryption • (e,n) is Alice’s public key • (d,n) is Alice’s secret key (d,n) (e,n) M C M C Me mod n Cd mod n Alice Bob untrusted network encrypt decrypt Rivest, Shamir, Adelman Intruder
RSA Algorithm 1. Choose two large (100 digit) prime numbers, p and q, and set n = p x q 2. Choose any large integer, d, so that: GCD( d, ((p1)x(q1)) = 1 3. Find e so that: e x d = 1 (modulo (p1)x(q1)) Example: 1. p = 5, q = 11 and n = 55. (p1)x(q1) = 4 x 10 = 40 2. A valid d is 23 since GCD(40, 23) = 1 3. Then e = 7 since: 23 x 7 = 161 modulo 40 = 1
Public Key Infrastructure (PKI) • Certification Authority (CA) • Trusted (by Bob) entity • Authenticates identity of individual (Alice) • creates (public key, private key) pair • Certificate • contains an (identity, public key) pair • is signed with the private key of the CA • Repository • need not be trusted • is read-only to relying parties • may be duplicated for performance • Certificate can be “pushed” to the relying party proves identity issues stored in retrieved Alice Bob (relying party)
identity identity identity identity Certificate/Trust Chain trusted CA (root CA, trust anchor) presented identity certificate signed by signed by signed by
Diffie-Hellman Key Exchange • How can two parties come to possess a shared secret using only insecure channels of communication? • Assumes passive eavesdropping only (i.e. susceptible to active (wo)man-in-the-middle attack) • Relies on prime number groups (more later) • Same/similar techniques underlie more recent cryptographic methods
Diffie-Hellman Key Exchange • Some mathematics • If p is prime number, then the numbers 1..p-1 form a group of order p-1 with multiplication modulo p as its operator. • A generator, g, is any number 1..p-1 such that for all n in 1..p-1 there is a power k such that n=gkmod p. • Example: 3 is a generator for the group with p=7 • Notation: • Operations: • Security based on computational infeasibility of solving the discrete logarithm problem (i.e., finding x if y = gx mod p given y, g, and p).
Key Exchange Protocol • Public information • A prime number, p • A generator, g • Steps • Alice chooses a random number a and computes u=ga mod p and sends u to Bob. • Bob chooses a random number b and computes v=gb mod p and sends v to Alice. • Bob computes the key k = ub mod p = (ga)b mod p. • Alice computes the key k = va mod p = (gb)a mod p. • (note: both Bob and Alice have k = (gab) mod p)
Identity-based encryption • Public-key encryption • Identity is conveyed in a certificate from a certificate authority that binds the public key to the identity • Certificate must be obtained in advance • Certificate authority is trusted to validate claim of identity • Identity-based encryption • Identity itself serves as the public key (e.g, bob@company.com) • No advance preparation needed • Trusted service validates claim of identity • Key escrow issue (trusted service can recreate secret key associated with an identity)
Identity-based encryption Bob Alice send private key Encrypted with bob@company.com as public key Private Key Generator authenticate bob@company.com
Identity-based Encryption Private Key Generator (PKG) master-key Extract Setup k ID ID params Receiver dID Decrypt C Encrypt M M Sender
Bilinear Maps • Some mathematics • Fortunately, groups with these properties can be generated algorithmically using a positive integer seed value (security parameter) k.
Identity-based encryption • BasicIdent algorithm • Setup
Identity-based Encryption • Extract • Encrypt • Decrypt
Why does this work? • Encryption bitwise exclusive-ors M with: • Decryption bitwise exclusive-ors V with: • These masks are the same since:
Extensions bilinear groups ID-based threshold secret sharing attribute/fuzzy ID access tree key/policy-based