Top Banner
ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book. Problems with symmetric cryptography “What good would it do after all to develop impenetrable cryptosystems, if their users were forced to share their keys with a KDC that could be compromised either by a burglary or subpoena?” – Whitfield Diffie (1988)
64

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

Dec 13, 2015

Download

Documents

Bryce Simon
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Problems with symmetric cryptography

“What good would it do after all to develop impenetrable cryptosystems, if their users were forced to share their keys with a KDC that could be compromised either by a burglary or subpoena?” – Whitfield Diffie (1988)

Page 2: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Problems with Symmetric Key Cryptography

• (1) Confidentiality is achieved. But, are there any threats:– Security depends on the Key

Distribution Centers! (2) Historically, goal of cryptography

was confidentiality.– However, now there is a need for

something better.• E.g., authentication, non-repudiation.

Page 3: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Asymmetric Key Cryptography

Copyright © 2007 by Daswani Enterprises, Inc. This material is available at http://www.learnsecurity.com/ntk and complements the book

"Foundations of Security: What Every Programmer Needs To Know" (ISBN 1590597842) by Neil Daswani, Christoph Kern, and Anita Kesavan. This material may be distributed only subject to the terms and conditions set

forth in the Open Publication License in the README.txt file accompanying this package.

Page 4: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Private-Key Cryptography

• traditional private/secret/single key cryptography uses one key

• shared by both sender and receiver • if this key is disclosed

communications are compromised • also is symmetric, parties are

equal • hence does not protect sender from

receiver forging a message & claiming is sent by sender

Page 5: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Public-Key Cryptography

• The most significant advance in the 3000 year history of cryptography

• uses two keys – a public & a private key

• asymmetric since keys are not equal • Used as a complement to private key

cryptography.

Page 6: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Public-Key Cryptography

• public-key/two-key/asymmetric cryptography involves the use of two keys: – a public-key, which may be known by

anybody, and can be used to encrypt messages, and verify signatures

– a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

• is asymmetric because– those who encrypt messages or verify

signatures cannot decrypt messages or create signatures

Page 7: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Popular misconceptions about public key cryptography

• Public key is more secure than symmetric (or secret) key cryptography.

• It has made secret key cryptography obsolete.

• Key distribution is trivial.

Page 8: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Why Public-Key Cryptography?

• developed to address two key issues:– key distribution – how to have secure

communications in general without having to trust a Key Distribution Center with your key

– authentication using digital signatures – how to verify a message comes intact from the claimed sender

• Invented byWhitfield Diffie & Martin Hellman at Stanford University in 1976

Page 9: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Public-Key Characteristics

• Public-Key algorithms rely on two keys with the characteristics that it is:– computationally infeasible to find decryption

key knowing only algorithm & encryption key

– computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known

Page 10: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Public-Key Applications

• Fall into three categories: – encryption/decryption (provide

secrecy)– digital signatures (provide

authentication)– key exchange (of session keys)

• some algorithms are suitable for all uses, others are specific to one

Page 11: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Fun with Public Key cryptography

• Assume the following notations: – KU is public key.

• E.g., KUalice is public key of Alice

– KR is private key.• E.g., KRbob is private key of Bob.

– E: Encryption function.• E.g., E(M, KRalice): encrypt plaintext M

using private key KRalice.

– D: Decryption function• E.g., D(C, KUalice): decrypt ciphertext C

using public key KUalice

Page 12: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Fun with Public Key cryptography (2)

• Confidentiality: Design a protocol by which Alice and Bob can exchange secret messages using their public and private keys.

Page 13: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Public-Key Cryptography (Confidentiality)

© Image William Stallings

Page 14: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Fun with Public Key cryptography (3)

• Authentication: Design a protocol by which Alice can send a plaintext message to Bob, such that Bob knows that it was Alice who sent that message. (Digital signature).

Page 15: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Fun with Public Key cryptography (4)

• Confidentiality and authentication: – Design a protocol such that Alice can

send Bob a secret message, and in addition, Bob knows that it was Alice who sent that secret message.

Page 16: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Public-Key Cryptosystems (Secrecy and Authentication)

Page 17: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Security of Public Key Schemes

• like private key schemes brute force exhaustive search attack is always theoretically possible

• but keys used are too large (>512bits) • security relies on a large enough difference in

difficulty between easy (en/decrypt) and hard (cryptanalys) problems

• more generally the hard problem is known, its just made too hard to do in practise

• requires the use of very large numbers• hence is slow compared to private key schemes

Page 18: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA

• by Rivest, Shamir & Adleman of MIT in 1977 • best known & widely used public-key scheme • based on exponentiation in a finite (Galois)

field over integers modulo a prime – nb. exponentiation takes O((log n)3) operations

(easy)

• uses large integers (eg. 1024 bits)• security due to cost of factoring large numbers

Page 19: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Key Setup

• Let: – e be the public key– d be the private key.

• A plaintext P is encrypted into ciphertext by:C = Pe mod n

• Decryption: P = Cd mod n

Knowing e and C will not help someone deduce “d”.

Next: why does this work?

Page 20: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Use

• to encrypt a message M the sender:– obtains public key of recipient KU={e,N} – computes: C=Me mod N, where 0≤M<N

• to decrypt the ciphertext C the owner:– uses their private key KR={d,p,q} – computes: M=Cd mod N

• note that the message M must be smaller than the modulus N (block if needed)

Page 21: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Example

1. Select primes: p=17 & q=112. Compute n = pq =17×11=1873. Compute ø(n)=(p–1)(q-1)=16×10=160

4. Select e : gcd(e,160)=1; choose e=75. Determine d: de=1 mod 160 and d <

160 Value is d=23 since 23×7=161= 10×160+1

6. Publish public key KU={7,187}7. Keep secret private key KR={23,17,11}

Page 22: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Example cont

• sample RSA encryption/decryption is:

• given message M = 88 (nb. 88<187)

• encryption:C = 887 mod 187 = 11

• decryption:M = 1123 mod 187 = 88

Page 23: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Why RSA works: Understanding number theory (properties of prime numbers, modulus

arithmetic, GCD and Euler’s theorem)

The Devil said to Daniel Webster: "Set me a task I can't carry out, and I'll give you anything in the world you ask for."

Daniel Webster: "Fair enough. Prove that for n greater than 2, the equation an + bn = cn has no non-trivial solution in the integers."

They agreed on a three-day period for the labor, and the Devil disappeared.

At the end of three days, the Devil presented himself, haggard, jumpy, biting his lip. Daniel Webster said to him, "Well, how did you do at my task? Did you prove the theorem?'

"Eh? No . . . no, I haven't proved it.""Then I can have whatever I ask for? Money? The Presidency?'"What? Oh, that—of course. But listen! If we could just prove

the following two lemmas—"—The Mathematical Magpie, Clifton Fadiman

Page 24: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Digression: Prime Numbers

• prime numbers only have divisors of 1 and self – they cannot be written as a product of other

numbers – eg. 2,3,5,7 are prime, 4,6,8,9,10 are not

• prime numbers are central to number theory

Page 25: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Prime Factorisation

• to factor a number n is to write it as a product of other numbers: n=a × b × c

• note that factoring a number is relatively hard compared to multiplying the factors together to generate the number

• the prime factorisation of a number n is when its written as a product of primes – eg. 91=7×13 ; 3600=24×32×52

• Every non-prime number can be expressed in terms of its prime factors:

Page 26: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Relatively Prime Numbers & GCD (Greatest common divisor)

• two numbers a, b are relatively prime if they have no common divisors apart from 1 – eg. 8 & 15 are relatively prime since factors

of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor

• conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers– eg. 300=21×31×52 18=21×32 hence GCD(18,300)=21×31×50=6

Page 27: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Modular Arithmetic: Congruence

• define modulo operator a mod n to be remainder when a is divided by n– Ie.., if a = xn + c, then c = a mod n.

• use the term congruence for: a === b mod n – when divided by n, a & b have same remainder – i.e., If a mod n = b mod n then we say that a is

congruent to b mod n and vice versa. – eg. 100 === 34 mod 11 , i.e., “100 is congruent to

34”

• We can use the “===“ operator to represent congruence. -12 mod 7 === -5 mod 7 2 mod 7 === 9 mod 7

Page 28: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Modular Arithmetic: Congruence

• Some use of congruence. a X b === ((a mod p) X (b mod p)) mod pVerify this:

Let a = 12, b = 4, p = 2 a X b = 12 X 4 = 48 48 mod 2 = 0. ((a mod p) X (b mod p)) mod p = ((12 mod 2) X (4 mod 2)) mod 2 = 0

• Another useful equation: • if (a X b) === (a X c) mod n, then we can

cancel out the a, to get: b === c mod n PROVIDED a is relatively

prime to n, i.e., a and n GCD is 1.

Page 29: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Modulo arithmetic: Divisors

• say a non-zero number b divides a if for some m have a=mb (a,b,m all integers)

• that is b divides into a with no remainder

• denote this b|a • and say that b is a divisor of a • eg. all of 1,2,3,4,6,8,12,24 divide

24, therefore 1|24, 2|24, …, 24|24

Page 30: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Modular Arithmetic Operations

• is 'clock arithmetic'• uses a finite number of values, and

loops back from either end• E.g., consider “mod 12”, given any

integer “x”, x mod 12, will be some number between 0 and 11 (including 0 and 11).

• Example of modular addition: • can do reduction at any point, ie

– a+b mod n = [a mod n + b mod n] mod n • Verify this for a = 15, b = 12 and n = 6

Page 31: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Modular Arithmetic

• can do modular arithmetic with any group of integers: Zn = {0, 1, … , n-1}

• form a commutative ring for addition• with a multiplicative identity• note some peculiarities

– if (a+b)===(a+c) mod n then b === c mod n

– but (ab)===(ac) mod n then b === c mod n only if a is relatively prime to n

Page 32: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Modulo 7 Example

... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ...

Page 33: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Modulo 8 Example

Page 34: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Greatest Common Divisor (GCD)

• a common problem in number theory• GCD (a,b) of a and b is the largest

number that divides evenly into both a and b – E.g: GCD(60,24) = 12

• often want no common factors (except 1) and hence numbers are relatively prime– eg GCD(8,15) = 1– hence 8 & 15 are relatively prime

Page 35: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Euclid's GCD Algorithm

• an efficient way to find the GCD(a,b)

• uses theorem that: – GCD(a,b) = GCD(b, a mod b)

• Euclid's Algorithm to compute GCD(a,b): – A=a, B=b– while B>0

•R = A mod B•A = B, B = R

– return A

Page 36: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Example GCD(1970,1066)

1970 = 1 x 1066 + 904 gcd(1066, 904)1066 = 1 x 904 + 162 gcd(904, 162)904 = 5 x 162 + 94 gcd(162, 94)162 = 1 x 94 + 68 gcd(94, 68)94 = 1 x 68 + 26 gcd(68, 26)68 = 2 x 26 + 16 gcd(26, 16)26 = 1 x 16 + 10 gcd(16, 10)16 = 1 x 10 + 6 gcd(10, 6)10 = 1 x 6 + 4 gcd(6, 4)6 = 1 x 4 + 2 gcd(4, 2)4 = 2 x 2 + 0 gcd(2, 0)

Page 37: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Euler Totient Function ø(n)

• when doing arithmetic modulo n • complete set of residues is: 0..n-1 • reduced set of residues is those

numbers (residues) which are relatively prime to n – eg for n=10, – complete set of residues is

{0,1,2,3,4,5,6,7,8,9} – reduced set of residues is {1,3,7,9}

• number of elements in reduced set of residues is called the Euler Totient Function ø(n)

Page 38: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Euler Totient Function ø(n)

• to compute ø(n) need to count number of elements to be excluded

• in general need prime factorization, but– for p (p prime) ø(p) = p-1 – for p.q (p,q prime) ø(p.q) = (p-1)(q-1)

• eg.– ø(37) = 36– ø(21) = (3–1)×(7–1) = 2×6 = 12

Page 39: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Fermat's Theorem

• ap-1 mod p = 1 – where p is prime and gcd(a,p)=1– i.e., a is not divisible by p

• also known as Fermat’s Little Theorem

• useful in public key and primality testing

Page 40: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Proving Fermat’s theorem

• Consider the residue of p = {0,1,2,…,p-1}.• Now suppose we multiply any number in

the residue of p with “a”, and take mod p, what do we get? – We get some number in the set {0,1,2,…,p-1}

• Therefore, a X 2 a * 3a * … * (p-1) a === [(a mod p) X

2a mod p X … X (p-1) X a mod p] mod p = (p-1)! Mod p

Therefore, (p-1)! ap-1

=== (p-1)! mod pSince, (p-1)! Is relatively prime to p.

Page 41: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Euler's Theorem

• a generalisation of Fermat's Theorem

• aø(n)mod N = 1 – where gcd(a,N)=1

• eg.– a=3;n=10; ø(10)=4; – hence 34 = 81 = 1 mod 10– a=2;n=11; ø(11)=10;– hence 210 = 1024 = 1 mod 11

Page 42: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Why RSA Works

• because of Euler's Theorem:• aø(n)mod N = 1

– where gcd(a,N)=1• in RSA have:

– N=p.q– ø(N)=(p-1)(q-1) – carefully chosen e & d to be inverses mod

ø(N) – hence e.d=1+k.ø(N) for some k

• hence :Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))q = M1.(1)q = M1 = M mod N

Page 43: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Another example of RSA

• Encrypt the plain text: “abc”. – Step 1: Find public private keys.

• Randomly choose two very large prime numbers– This is a challenge, because how do you know if a

large number is prime? » Use Fermat’s theorem:

ap-1 mod p = 1 where p is prime and gcd(a,p)=1

• E.g., if you pick “63” as a prime number, to check if it is prime, you can use the above heuristic. Simply substitute for “a” all the residues of “p”.

• Residues of 63: {0, 1, 2, 3, …, 62}• Say, a = 62, replace p in Fermat’s theorem with

63 and a with 62: 6262 mod 63 = 1

Page 44: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Security: How hard is it to break RSA?

• For any public-key cryptographic algorithm, there are three possible attacks:

– Brute force: try out all possible private keys.– Mathematical attacks: figure out how to

break the underlying math.– Timing attacks: determine the private key

by looking at the running time of the decryption algorithm

Page 45: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Security

• Defending against brute force:– ?

• Mathematical attack on RSA: – RSA security is based on finding the prime factors of N.

• Why? – We know that N = p X q.– Once an attacker determines p and q,– The attacker can easily find, p-1 and q-1.– Thus, attacker can then compute: phi(n) = (p-1)(q-1)

• Given that the public key is “e”, the attacker can then find the private key by using the formula: e.d = 1 mod phi(n)

• Hence, the security of RSA depends on the difficulty of finding prime factors of a number such as N.

Page 46: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Security

• If N is large, and p and q are large prime numbers, factoring is hard. But it has become easier!– In 1977, RS and A offered a price of $100 to

anyone who would break their cipher encrypted using RSA.

• The award was claimed in 1994. • The key size was 428 bits!!

– The latest challenge is 512 bits. • Broken in August 1999

• Right now a key size of 1024 bits still remains un-beaten

Page 47: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Primality Testing

• often need to find large prime numbers • traditionally sieve using trial division

– ie. divide by all numbers (primes) in turn less than the square root of the number

– only works for small numbers

• alternatively can use statistical primality tests based on properties of primes – for which all primes numbers satisfy property – but some composite numbers, called pseudo-

primes, also satisfy the property

Page 48: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Exponentiation

• can use the Square and Multiply Algorithm• a fast, efficient algorithm for exponentiation • concept is based on repeatedly squaring base • and multiplying in the ones that are needed to

compute the result • look at binary representation of exponent

• only takes O(log2 n) multiples for number n – eg. 75 = 74.71 = 3.7 = 10 mod 11– eg. 3129 = 3128.31 = 5.3 = 4 mod 11

Page 49: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Exponentiation

Page 50: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Key Generation

• users of RSA must:– determine two primes at random - p, q – select either e or d and compute the

other• primes p,q must not be easily

derived from modulus N=p.q– means must be sufficiently large– typically guess and use probabilistic test

• exponents e, d are inverses, so use Inverse algorithm to compute the other

Page 51: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

RSA Security

• three approaches to attacking RSA:– brute force key search (infeasible

given size of numbers)– mathematical attacks (based on

difficulty of computing ø(N), by factoring modulus N)

– timing attacks (on running of decryption)

Page 52: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Factoring Problem

• mathematical approach takes 3 forms:– factor N=p.q, hence find ø(N) and then d– determine ø(N) directly and find d– find d directly

• currently believe all equivalent to factoring– have seen slow improvements over the years

• as of Aug-99 best is 130 decimal digits (512) bit with GNFS

– biggest improvement comes from improved algorithm

• cf “Quadratic Sieve” to “Generalized Number Field Sieve”

– barring dramatic breakthrough 1024+ bit RSA secure• ensure p, q of similar size and matching other

constraints

Page 53: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Timing Attacks

• developed in mid-1990’s• exploit timing variations in operations

– eg. multiplying by small vs large number – or IF's varying which instructions executed

• infer operand size based on time taken • RSA exploits time taken in

exponentiation• countermeasures

– use constant exponentiation time– add random delays– blind values used in calculations

Page 54: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Summary

• have considered:– principles of public-key cryptography– RSA algorithm, security

Page 55: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Next: Key Management; Other Public Key Cryptosystems

No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman he would fear that some devil might take advantage of his weak state to slip into his body.

—The Golden Bough, Sir James George Frazer

Page 56: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-11  The Idea Behind Key Exchange.

S’s Public Key

R’s Private Key

Exchanging a secret key using public key cryptography.

Page 57: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Exchanging secret key: without knowing a public key.

• Let R and S be the two parties that wish to communicate:

•Then R sends to S a large number g.•R then computes a secret number “r” and sends to S;

•gr •S computes a secret number “s” and sends to R:

•gs

•R receives gs and computes (gs)r = gsr = grs

•S receives gr and computes: (gr)s = grs.

Page 58: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-12  Requirements for a Digital Signature.

Another use of public key: Digital Signatures.

Page 59: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-13  Use of Two Keys in Asymmetric Digital Signature.

Page 60: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-14  Organization in Hypothetical Company.

Page 61: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-15  Andrew Passes a Key to Ann.

Page 62: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-16  Expanded Corporate Structure.

Page 63: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-17  Signed Certificates.

Page 64: ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani 1. This slide notes/text from “Cryptography and.

ITEC502 (Fall 2007) © All slides are copyrighted to one of the following: Prem Uppuluri, or Neil Daswani

1. This slide notes/text from “Cryptography and Network Security” by William Stallings. Slide by Laurie Brown. A lot of the notes, even that without double quotation marks, are taken verbatim from the book.

Figure 2-18  Chain of Certificates.