Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.

Topic 7: Network Security

Lecture 15

Security Mechanisms

a.Encryption – addresses privacy issues

Symmetric key and public key

cryptography

b. Digital Signatures – addresses integrity/

authentication and non-repudiation issues

Lecture’s outline

Security Requirements

Encryption

What is Encryption

Secret Key EncryptionAlso known as symmetric encryption algorithms

Advantage: Relatively quick

Public algorithms (usually) that are each other’s

inverseDisadvantage: Communicating pairs have to share keys

Example of Secret Key EncryptionCaeser’s Cipher

Public Key Encryption

The key to encrypt is different from key that decrypts

9

need K ( ) and K ( ) such thatB. .

given public key K , it should be impossible to compute private key K

Requirements:

1

2

RSA: Rivest, Shamir, Adelson algorithm

B+ -

K (K (m)) = m BB

- +

B+

Public Key Encryption Algorithm

B-

10

• x mod n = remainder of x when divide by n• Facts:

[(a mod n) + (b mod n)] mod n = (a+b) mod n[(a mod n) - (b mod n)] mod n = (a-b) mod n[(a mod n) * (b mod n)] mod n = (a*b) mod n

• Thus (a mod n)d mod n = ad mod n• Example: x=14, n=10, d=2:

(x mod n)d mod n = 42 mod 10 = 6xd = 142 = 196 xd mod 10 = 6

Prerequisite: Modular Arithmetic

11

• A message is a bit pattern.• A bit pattern can be uniquely represented by an integer

number. • Thus encrypting a message is equivalent to encrypting a

number.Example• m= 10010001 . This message is uniquely represented by the

decimal number 145. • To encrypt m, we encrypt the corresponding number, which

gives a new number (the cyphertext).

RSA: Getting Ready

12

1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).

4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).

5. Public key is (n,e). Private key is (n,d).

K B+ K B

-

RSA: Creating private/public key

13

0. Given (n,e) and (n,d) as computed above

1. To encrypt message m (<n), compute

c = m mod ne

2. To decrypt received bit pattern, c, compute

m = c mod nd

m = (m mod n)e mod ndMagichappens!

c

RSA: Encryption, Decryption

14

Bob chooses p=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z).

bit pattern m me c = m mod ne

0000l000 12 24832 17

c m = c mod nd

17 481968572106750915091411825223071697 12

cd

encrypt:

decrypt:

Encrypting 8-bit messages.

RSA Example

15

• Must show that cd mod n = m where c = me mod n

• Fact: for any x and y: xy mod n = x(y mod z) mod n– where n= pq and z = (p-1)(q-1)

• Thus, cd mod n = (me mod n)d mod n

= med mod n = m(ed mod z) mod n = m1 mod n = m

Why does RSA work?

16

The following property will be very useful later:

K (K (m)) = m BB

- +K (K (m))

BB+ -

=

use public key first, followed by

private key

use private key first, followed by

public key

Result is the same!

RSA: Another Important Property

17

Follows directly from modular arithmetic:

(me mod n)d mod n = med mod n = mde mod n = (md mod n)e mod n

K (K (m)) = m BB

- +K (K (m))

BB+ -

=Why ?

RSA: Another Important Property

18

• Suppose you know Bob’s public key (n, e). How hard is it to determine d?

• Essentially need to find factors of n without knowing the two factors p and q.

• Fact: factoring a big number is hard.

Generating RSA keys Have to find big primes p and q Approach: make good guess then apply testing

rules (see Kaufman)

Why RSA is secure?

Hybrid Asymmetric/Symmetric

Digital Signature

Can’t we simply use checksums/ CRC/ Parity

Checks?

Signing the whole document

Signing the digest

Most common hash functions are MD5 and

SHA-1

A hash function maps a message of an arbitrary length to a m-bit output output known as the fingerprint or the message digest

23

large message

mH: Hashfunction H(m)

digitalsignature(encrypt)

Bob’s private

key K B-

+

Bob sends digitally signed message:Alice verifies signature and integrity

of digitally signed message:

KB(H(m))-

encrypted msg digest

KB(H(m))-

encrypted msg digest

large message

m

H: Hashfunction

H(m)

digitalsignature(decrypt)

H(m)

Bob’s public

key K B+

equal ?

Signing the digest

24

• Suppose Alice receives msg m, digital signature KB(m)

• Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m.

• If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key.

+

+

-

-

--

+

Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’.

Non-repudiation: Alice can take m, and signature KB(m) to court and prove

that Bob signed m.

-

Digital Signature (more)

Hash Functions 25

• Data X = (X0,X1,X2,…,Xn-1), each Xi is a byte• Suppose hash is – h(X) = X0+X1+X2+…+Xn-1

• Is this secure?• Example: X = (10101010,00001111)• Hash is 10111001• But so is hash of Y = (00001111,10101010)• Easy to find collisions, so not secure…

Non-Crypto Hash (1)

Hash Functions 26

• Data X = (X0,X1,X2,…,Xn-1)

• Suppose hash is– h(X) = nX0+(n-1)X1+(n-2)X2+…+1Xn-1

• Is this hash secure? At least

h(10101010,00001111)h(00001111,10101010)

• But hash of (00000001,00001111) is same as hash of (00000000,00010001)

• Not too secure, need security requirements

Non-Crypto Hash (2)

Fall 2011/Topic 5CS526 27

Given a function h:X Y, then we say that h is:• preimage resistant (one-way): if given y Y it is computationally infeasible to find a value x X such that h(x) = y• 2-nd preimage resistant (weak collision resistant): if given x X it is computationally infeasible to find a value x’ X, such that x’x and h(x’) = h(x)• collision resistant (strong collision resistant): if it is computationally infeasible to find two distinct values x’, x X, such that h(x’) = h(x)

Security requirements for Cryptographic hash function

Fall 2011/Topic 5CS526 28

• MD5 – output 128 bits– collision resistance completely broken by researchers in China in 2004

• SHA1– output 160 bits– no collision found yet, but method exist to find collisions in less than

2^80– considered insecure for collision resistance

• SHA2 (SHA-224, SHA-256, SHA-384, SHA-512)– outputs 224, 256, 384, and 512 bits, respectively– No real security concerns yet

Well known hash functions

Fall 2011/Topic 5CS526 29

• Message is divided into fixed-size blocks and padded• Uses a compression function f, which takes a chaining variable (of size of

hash output) and a message block, and outputs the next chaining variable• Final chaining variable is the hash value

Markle-Damgard construction for hash

functions

??? Questions/

Confusions?