IS 302: Information Security and Trust Week 4: Asymmetric Encryption 2012.

IS 302: Information Security and TrustWeek 4: Asymmetric Encryption

2012

© Yingjiu Li 2007 2

Review

• Symmetric block ciphers– DES– 3-DES– AES– ECB, CBC

© Yingjiu Li 2007 3

key distribution and key management

© Yingjiu Li 2007 4

Asymmetric Cryptosystem

• private key d public key e

• Encryption: C=E(e, P)

• Decryption: P=D(d, C)

Encryption Algorithm E

Decryption Algorithm D

Plaintext Ciphertext Plaintext

P PC

public privateAlice Bob e d

Computationally infeasible

© Yingjiu Li 2007 5

Asymmetric Encryption

Encrypt

Decrypt

Plaintext

Plaintext

Public key e

Private key d

© Yingjiu Li 2007 6

RSA• RSA cryptosystem

– Rivest-Shamir-Adelman in 1978

– Turing award in 2002

© Yingjiu Li 2007 7

RSA Keys• Public keys (n,e), private keys d

– n: a composite. n=pq, where p and q are large primes

– d: an integer, 2<d<n

– e: an integer, 2<e<n, s.t. for any number x, x=(xe mod n) d

mod n

© Yingjiu Li 2007 8

RSA Encryption/Decryption• Encryption of P: C=Pe mod n• Decryption of C: P=Cd mod n

– PKCS: P =plaintext+ random padding < n

– Why need random padding?

Bob Aliceinsecure channeln,e n,ed

d: Bob’s private keyn,e: Bob’s public key

C=Pe mod n

© Yingjiu Li 2007 9

How to Choose Keys in RSA• Choose 2 large prime numbers p, q

• Compute n=pq and φ=(p-1)(q-1)

• Choose e relatively prime to φ

• Compute d from φ and e such that e*d mod φ =1

• Public: n, e

• Private: p, q, φ, d

• A Toy Example:

– Let p = 47, q = 71, then n = pq = 3337, φ=(p-1)(q-1) = 3220

– Let e =79, Note φ = 3220 = 22 5 7 23– Solve d from d*79 mod 3220 =1, which gives d = 1019 (using

extended Euclidean algorithm)

– Let P = 688, then C =Pe mod n = 688^79 mod 3337 = 1570

– P = Cd mod n = 1570^1019 mod 3337

© Yingjiu Li 2007 10

RSA Demo

• Cryptool indiv. Procedures RSA– Generate prime numbers– Factorization of a number

• Cryptool Encrypt/decrypt – RSA encryption (in blocks)– RSA decryption

© Yingjiu Li 2007 11

RSA Key Size and Security

• key size size of n– n: 1024 bits (309 digits); 2048 bits (618

digits); 4096 bits

• Security difficulty of– Factorizing n=p*q p, q, φ, d– A 512 bits (154 digits) n could be factored in

several months

© Yingjiu Li 2007 12

RSA Key Size and Security

• http://www.rsasecurity.com/rsalabs/node.asp?id=2007 – By the year 2009, a machine that could break a

1024-bit RSA key in about a day would cost at least $250 million

– For data that needs to be protected no later than the year 2015, the table indicates that the RSA key size should be at least 1024 bits. For data that needs to be protected longer, the key size should be at least 2048 bits.

© Yingjiu Li 2007 13

Asymmetric vs Symmetric• Asymmetric

– Key exchange over public channel

– Scalable for multi-party communication

– Long keys (e.g., 1024 bits)

– Slow implementation• RSA software can encrypt

7.4~21.6 Kb/sec• Fastest RSA hardware can

encrypt 1 Mb/sec

• Symmetric

– Key exchange must be done over secure channel

– Non-scalable for multi-party communication

– Relative short keys (e.g., 128 bits)

– Fast implementation• In software, DES is

generally 100 times faster than RSA

• In hardware, DES is between 1000 to 10,000 times faster

© Yingjiu Li 2007 14

Scenario

• RSA is too slow, not suitable for large P

© Yingjiu Li 2007 15

Question

• Can we have a fast (as AES) and scalable crypto-system without secure channel (as RSA)? – Envelop encryption: combine AES and RSA

– Es: AES encryption

– Ds: AES decryption

– k: AES key

– Ea: RSA encryption

– Da: RSA decryption

– (e,n): RSA public key; d: RSA private key

© Yingjiu Li 2007 16

Envelop Encryption (1)

• Alice selects a random session key (AES key) k, and gets C1=Es(k,P) (using AES)

Bob Alice

Mallory

C1= Es(k,P)

© Yingjiu Li 2007 17

Envelop Encryption (2)

• Alice uses Bob’s public key e,n to encrypt k (using RSA), and gets C2=Ea(e,n,k)

Bob Alice

Mallory

C2=Ea(e,n,k) C1= Es(k,P)

© Yingjiu Li 2007 18

Communication

• Alice sends C1 and C2 together to Bob

Bob Alice

Mallory

C2=Ea(e,n,k) C1= Es(k,P)

© Yingjiu Li 2007 19k=Da(d,C2)

Envelop Decryption (1)

• Bob uses his private key d to decrypt C2 (using RSA) and gets k = Da(d,C2)

Bob Alice

Mallory

C2=Ea(e,n,k) C1= Es(k,P)

© Yingjiu Li 2007 20

Envelop Decryption (2)

• Bob uses k to decrypt C1 (using AES) and gets P=Ds(k,C1)

Bob Alice

Mallory

C2=Ea(e,n,k) C1= Es(k,P)

k=Da(d,C2) P=Ds(k,C1)

© Yingjiu Li 2007 21

Demo

• Cryptool Encrypt/Decrypt Hybrid – RSA-AES encryption– RSA-AES decryption

© Yingjiu Li 2007 22

Hands-on Exercise

• Download Lab.doc

• Generate RSA key pairs of 1024 and 2048 bits– Instruction 2.1

• RSA encryption and decryption for small file and large file– Instruction 2.2

© Yingjiu Li 2007 23

Review• When we say the key length of RSA is 1024 bits, we mean

1) n 2) p,q 3) e,d• Alice encrypts her message for Bob in RSA, which key should she

use in encryption?1) Alice’s private key 2) Alice’s public key3) Bob’s public key

• Alice encrypts her message for Bob in envelop encryption, which of the following is true?

1) Alice uses her private key to encrypt a session key, and uses the session key to encrypt her message

2) Alice uses her public key to encrypt a session key, and uses the session key to encrypt her message

3) Alice uses Bob’s public key to encrypt a session key, and uses the session key to encrypt her message

© Yingjiu Li 2007 24

Assignment 1

• Submit hardcopy today