Chapter3
Public-Key Cryptography and Public-Key Cryptography and Message AuthenticationMessage Authentication
OUTLINE
Approaches to Message Authentication Secure Hash Functions and HMAC Public-Key Cryptography Principles Public-Key Cryptography Algorithms Digital Signatures Key Management
Authentication
• Requirements - must be able to verify that:1. Message came from apparent source or
author,2. Contents have not been altered,3. Sometimes, it was sent at a certain time or
sequence.
• Protection against active attack (falsification of data and transactions)
Approaches to Message Authentication
Authentication Using Conventional Encryption Only the sender and receiver should share a key
Message Authentication without Message Encryption An authentication tag is generated and appended to each
message Message Authentication Code
Calculate the MAC as a function of the message and the key. MAC = F(K, M)
One-way HASH One-way HASH functionfunction
One-way HASH function
Secret value is added before the hash and removed before transmission.
Secure HASH Functions Purpose of the HASH function is to produce a
”fingerprint. Properties of a HASH function H :
1. H can be applied to a block of data at any size2. H produces a fixed length output3. H(x) is easy to compute for any given x.4. For any given block x, it is computationally infeasible
to find x such that H(x) = h5. For any given block x, it is computationally infeasible
to find with H(y) = H(x).6. It is computationally infeasible to find any pair (x, y)
such that H(x) = H(y)xy
Simple Hash Function
One-bit circular shift on the hash value after each block is processed would improve
Message Digest Generation Using SHA-1
SHA-1 Processing of single 512-Bit Block
Other Secure HASH functionsSHA-1 MD5 RIPEMD-
160
Digest length 160 bits 128 bits 160 bits
Basic unit of processing
512 bits 512 bits 512 bits
Number of steps
80 (4 rounds of 20)
64 (4 rounds of 16)
160 (5 paired rounds of 16)
Maximum message size
264-1 bits
HMAC
Use a MAC derived from a cryptographic hash code, such as SHA-1.
Motivations: Cryptographic hash functions executes faster in software
than encryptoin algorithms such as DES Library code for cryptographic hash functions is widely
available No export restrictions from the US
HMAC Structure
Public-Key Cryptography Principles
The use of two keys has consequences in: key distribution, confidentiality and authentication.
The scheme has six ingredients (see Figure 3.7)
Plaintext Encryption algorithm Public and private key Ciphertext Decryption algorithm
Encryption using Public-Key system
Authentication using Public-Key System
Applications for Public-Key Cryptosystems
Three categories: Encryption/decryption: The sender encrypts a
message with the recipient’s public key. Digital signature: The sender ”signs” a message
with its private key. Key echange: Two sides cooperate two exhange
a session key.
Requirements for Public-Key Cryptography
1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb)
2. Easy for sender to generate ciphertext:
3. Easy for the receiver to decrypt ciphertect using private key: )(MEC KUb
)]([)( MEDCDM KUbKRbKRb
Requirements for Public-Key Cryptography
4. Computationally infeasible to determine private key (KRb) knowing public key (KUb)
5. Computationally infeasible to recover message M, knowing KUb and ciphertext C
6. Either of the two keys can be used for encryption, with the other used for decryption:
)]([)]([ MEDMEDM KRbKUbKUbKRb
Public-Key Cryptographic Algorithms
RSA and Diffie-Hellman RSA - Ron Rives, Adi Shamir and Len Adleman at
MIT, in 1977. RSA is a block cipher The most widely implemented
Diffie-Hellman Echange a secret key securely Compute discrete logarithms
The RSA Algorithm – Key Generation
1. Select p,q p and q both prime
2. Calculate n = p x q
3. Calculate
4. Select integer e
5. Calculate d
6. Public Key KU = {e,n}
7. Private key KR = {d,n}
)1)(1()( qpn)(1;1)),(gcd( neen
)(mod1 ned
Example of RSA Algorithm
The RSA Algorithm - Encryption
Plaintext: M<n
Ciphertext: C = Me (mod n)
The RSA Algorithm - Decryption
Ciphertext: C
Plaintext: M = Cd (mod n)
Other Public-Key Cryptographic Algorithms
Digital Signature Standard (DSS) Makes use of the SHA-1 Not for encryption or key echange
Elliptic-Curve Cryptography (ECC) Good for smaller bit size Low confidence level, compared with RSA Very complex
Key Management
public-key encryption helps address key distribution problems
have two aspects of this: distribution of public keys use of public-key encryption to distribute secret
keys
Distribution of Public Keys
can be considered as using one of: public announcement publicly available directory public-key authority public-key certificates
Public Announcement
users distribute public keys to recipients or broadcast to community at large eg. append PGP keys to email messages or post
to news groups or email list major weakness is forgery
anyone can create a key claiming to be someone else and broadcast it
until forgery is discovered can masquerade as claimed user
Publicly Available Directory
can obtain greater security by registering keys with a public directory
directory must be trusted with properties: contains {name,public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically
still vulnerable to tampering or forgery
Public-Key Authority
improve security by tightening control over distribution of keys from directory
has properties of directory and requires users to know public key for the
directory then users interact with directory to obtain any
desired public key securely does require real-time access to directory
when keys are needed
Public-Key Authority
Public-Key Certificates
certificates allow key exchange without real-time access to public-key authority
a certificate binds identity to public key usually with other info such as period of
validity, rights of use etc with all contents signed by a trusted Public-Key
or Certificate Authority (CA) can be verified by anyone who knows the public-
key authorities public-key
Public-Key Certificates
Public-Key Distribution of Secret Keys
use previous methods to obtain public-key can use for secrecy or authentication but public-key algorithms are slow so usually want to use private-key encryption to
protect message contents hence need a session key have several alternatives for negotiating a
suitable session
Simple Secret Key Distribution
proposed by Merkle in 1979 A generates a new temporary public key pair A sends B the public key and their identity B generates a session key K sends it to A
encrypted using the supplied public key A decrypts the session key and both use
problem is that an opponent can intercept and impersonate both halves of protocol
Public-Key Distribution of Secret Keys
if have securely exchanged public-keys:
Hybrid Key Distribution
retain use of private-key KDC shares secret master key with each user distributes session key using master key public-key used to distribute master keys
especially useful with widely distributed users rationale
performance backward compatibility
Diffie-Hellman Key Exchange
first public-key type scheme proposed by Diffie & Hellman in 1976 along with the
exposition of public key concepts note: now know that Williamson (UK CESG)
secretly proposed the concept in 1970 is a practical method for public exchange of a secret
key used in a number of commercial products
Diffie-Hellman Key Exchange
a public-key distribution scheme cannot be used to exchange an arbitrary message rather it can establish a common key known only to the two participants
value of key depends on the participants (and their private and public key information)
based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy
security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard
Diffie-Hellman Setup
all users agree on global parameters: large prime integer or polynomial q a being a primitive root mod q
each user (eg. A) generates their key chooses a secret key (number): xA < q
compute their public key: yA = axA mod q
each user makes public that key yA
Diffie-Hellman Key Exchange
shared session key for users A & B is KAB: KAB = a
xA.xB mod q
= yA
xB mod q (which B can compute)
= yB
xA mod q (which A can compute) KAB is used as session key in private-key encryption
scheme between Alice and Bob if Alice and Bob subsequently communicate, they
will have the same key as before, unless they choose new public-keys
attacker needs an x, must solve discrete log
Diffie-Hellman Example
users Alice & Bob who wish to swap keys: agree on prime q=353 and a=3 select random secret keys:
A chooses xA=97, B chooses xB=233 compute respective public keys:
yA=397 mod 353 = 40 (Alice)
yB=3233 mod 353 = 248 (Bob)
compute shared session key as: KAB= yB
xA mod 353 = 24897 = 160 (Alice)
KAB= yA
xB mod 353 = 40233 = 160 (Bob)
Key Exchange Protocols users could create random private/public D-H
keys each time they communicate users could create a known private/public D-
H key and publish in a directory, then consulted and used to securely communicate with them
both of these are vulnerable to a meet-in-the-Middle Attack
authentication of the keys is needed
Diffie-Hellman Key Echange
Key ManagementPublic-Key Certificate Use
Top Related