Top Banner
Chapter 3 Public Key Cryptography and Message authentication.
25
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3

Public Key Cryptography and Message authentication.

Page 2: Chapter 3 Public Key Cryptography and Message authentication.

Approaches to message authentication Public key cryptography principles Public key cryptography algorithms Digital signatures

Introduction

Page 3: Chapter 3 Public Key Cryptography and Message authentication.

Block vs Stream Ciphers block ciphers process messages in into blocks,

each of which is then en/decrypted like a substitution on very big characters

64-bits or more stream ciphers process messages a bit or byte

at a time when en/decrypting many current ciphers are block ciphers hence are focus of course

Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a “stream”.

Page 4: Chapter 3 Public Key Cryptography and Message authentication.

Authentication

• Requirements - must be able to verify that:

1. Message came from apparent source or author,

2. Contents have not been altered,3. Sometimes, it was sent at a

certain time or sequence.

• Protection against active attack (falsification of data and transactions)

Page 5: Chapter 3 Public Key Cryptography and Message authentication.

Approaches to Message Authentication Authentication Using Conventional

Encryption Only the sender and receiver should share a

key Message Authentication without Message

Encryption An authentication tag is generated and

appended to each message Message Authentication Code

Calculate the MAC as a function of the message and the key. MAC = F(K, M)

Page 6: Chapter 3 Public Key Cryptography and Message authentication.

MAC

Page 7: Chapter 3 Public Key Cryptography and Message authentication.

One way HASH function

Page 8: Chapter 3 Public Key Cryptography and Message authentication.

One-way HASH function Secret value is added before the hash

and removed before transmission.

Page 9: Chapter 3 Public Key Cryptography and Message authentication.

Secure HASH functions Purpose of the HASH function is to produce a

”fingerprint. Properties of a HASH function H :

1. H can be applied to a block of data at any size2. H produces a fixed length output3. H(x) is easy to compute for any given x.4. For any given block x, it is computationally

infeasible to find x such that H(x) = h5. For any given block x, it is computationally

infeasible to find with H(y) = H(x).6. It is computationally infeasible to find any pair (x,

y) such that H(x) = H(y)

Page 10: Chapter 3 Public Key Cryptography and Message authentication.

Simple HASH functionOne-bit circular shift on the hash value after each block is processed would improve

Page 11: Chapter 3 Public Key Cryptography and Message authentication.
Page 12: Chapter 3 Public Key Cryptography and Message authentication.

Public-key cryptography principles

A public-key encryption scheme has 6 ingredients Plaintext: This is readable message or data that is

fed into the algorithm as input Encryption algorithm: The encryption algorithm

performs various transformation on the plain text Public and private key: pair of keys that have been

selected where one is used for encryption and other is decryption.

Ciphertext: scrambled message produced as output Decryption algorithm: accepts ciphertext and

matching key and produces the original plain text

Page 13: Chapter 3 Public Key Cryptography and Message authentication.

Public key Cryptography

Page 14: Chapter 3 Public Key Cryptography and Message authentication.

Applications for Public-Key Cryptosystems Three categories:

Encryption/decryption: The sender encrypts a message with the recipient’s public key.

Digital signature: The sender ”signs” a message with its private key.

Key echange: Two sides cooperate two exhange a session key.

Page 15: Chapter 3 Public Key Cryptography and Message authentication.

Requirements for Public-Key Cryptography

1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb)

2. Easy for sender to generate ciphertext:

3. Easy for the receiver to decrypt ciphertect using private key:

Page 16: Chapter 3 Public Key Cryptography and Message authentication.

Requirements for Public-Key Cryptography

4. Computationally infeasible to determine private key (KRb) knowing public key (KUb)

5. Computationally infeasible to recover message M, knowing KUb and ciphertext C

6. Either of the two keys can be used for encryption, with the other used for decryption:

)]([)]([ MEDMEDM KRbKUbKUbKRb

Page 17: Chapter 3 Public Key Cryptography and Message authentication.

Public-Key Cryptographic Algorithms RSA and Diffie-Hellman RSA - Ron Rives, Adi Shamir and Len

Adleman at MIT, in 1977. RSA is a block cipher The most widely implemented

Diffie-Hellman Echange a secret key securely Compute discrete logarithms

Page 18: Chapter 3 Public Key Cryptography and Message authentication.

The RSA Algorithm – Key Generation

1. Select p,q p and q both prime2. Calculate n = p x q3. Calculate 4. Select integer e5. Calculate d6. Public Key KU = {e,n}7. Private key KR = {d,n}

)1)(1()( qpn)(1;1)),(gcd( neen

)(mod1 ned

Page 19: Chapter 3 Public Key Cryptography and Message authentication.

Example of RSA Algorithm

Page 20: Chapter 3 Public Key Cryptography and Message authentication.

The RSA Algorithm - Encryption Plaintext: M<n

Ciphertext: C = Me (mod n)

Page 21: Chapter 3 Public Key Cryptography and Message authentication.

The RSA Algorithm - Decryption Ciphertext: C

Plaintext: M = Cd (mod n)

Page 22: Chapter 3 Public Key Cryptography and Message authentication.

Other Public-Key Cryptographic Algorithms

Digital Signature Standard (DSS) Makes use of the SHA-1 Not for encryption or key echange

Elliptic-Curve Cryptography (ECC) Good for smaller bit size Low confidence level, compared with

RSA Very complex

Page 23: Chapter 3 Public Key Cryptography and Message authentication.

Digital signatures Bob wants to send a message to alice and wants to

maintain secret. Bob has private key and no one could have created a

cipher text that could be decrypted bob’s public key. This is not possible to alter the message without

access. This emphasis that the encryption process just

described does not provide confidentiality. Even in this case of complete encryption, there is no

protection of confidentiality because any observer can decrypt the message by using the sender’s public key.

Page 24: Chapter 3 Public Key Cryptography and Message authentication.

Key managementPublic key certificates: A certificate consists of a public key + a user id

of the key owner, with the whole block singed by a trusted third party.

The third party should be a government agency or financial institution

Public key distribution of secret keys Sharing a secret key between 2 parties is the

conventional method to share the information

Page 25: Chapter 3 Public Key Cryptography and Message authentication.

Key ManagementPublic-Key Certificate Uses