CSCE 715: Network Systems Security - PowerPoint PPT Presentation

1 / 33

About This Presentation

Title:

CSCE 715: Network Systems Security

Description:

Asymmetric encryption helps address key distribution problems. Two aspects. distribution of public keys. use of ... Fastest method is 'Pollard rho method' ... – PowerPoint PPT presentation

Number of Views:57

Avg rating:3.0/5.0

Slides: 34

Provided by: huan75

Category:

more less

Transcript and Presenter's Notes

Title: CSCE 715: Network Systems Security

1
CSCE 715Network Systems Security

Chin-Tser Huang
huangct_at_cse.sc.edu
University of South Carolina

2
Key Management

Asymmetric encryption helps address key
distribution problems
Two aspects
distribution of public keys
use of public-key encryption to distribute secret
keys

3
Distribution of Public Keys

Four alternatives of public key distribution
Public announcement
Publicly available directory
Public-key authority
Public-key certificates

4
Public Announcement

Users distribute public keys to recipients or
broadcast to community at large
E.g. append PGP keys to email messages or post to
news groups or email list
Major weakness is forgery
anyone can create a key claiming to be someone
else and broadcast it
can masquerade as claimed user before forgery is
discovered

5
Publicly Available Directory

Achieve greater security by registering keys with
a public directory
Directory must be trusted with properties
contains name, public-key entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
Still vulnerable to tampering or forgery

6
Public-Key Authority

Improve security by tightening control over
distribution of keys from directory
Has properties of directory
Require users to know public key for the
directory
Users can interact with directory to obtain any
desired public key securely
require real-time access to directory when keys
are needed

7
Public-Key Authority
8
Public-Key Certificates

Certificates allow key exchange without real-time
access to public-key authority
A certificate binds identity to public key
usually with other info such as period of
validity, authorized rights, etc
With all contents signed by a trusted Public-Key
or Certificate Authority (CA)
Can be verified by anyone who knows the CAs
public key

9
Public-Key Certificates
10
Distribute Secret KeysUsing Asymmetric Encryption

Can use previous methods to obtain public key of
other party
Although public key can be used for
confidentiality or authentication, asymmetric
encryption algorithms are too slow
So usually want to use symmetric encryption to
protect message contents
Can use asymmetric encryption to set up a session
key

11
Simple Secret Key Distribution

Proposed by Merkle in 1979
A generates a new temporary public key pair
A sends B the public key and As identity
B generates a session key Ks and sends encrypted
Ks (using As public key) to A
A decrypts message to recover Ks and both use

12
Problem with Simple Secret Key Distribution

An adversary can intercept and impersonate both
parties of protocol
A generates a new temporary public key pair KUa,
KRa and sends KUa IDa to B
Adversary E intercepts this message and sends KUe
IDa to B
B generates a session key Ks and sends encrypted
Ks (using Es public key)
E intercepts message, recovers Ks and sends
encrypted Ks (using As public key) to A
A decrypts message to recover Ks and both A and B
unaware of existence of E

13
Distribute Secret KeysUsing Asymmetric Encryption

if A and B have securely exchanged public-keys

?
14
Problem with Previous Scenario

Message (4) is not protected by N2
An adversary can intercept message (4) and replay
an old message or insert a fabricated message

15
Order of Encryption Matters

What can be wrong with the following protocol?
A?B N
B?A EKUaEKRbKsN
An adversary sitting between A and B can get a
copy of secret key Ks without being caught by A
and B!

16
Diffie-Hellman Key Exchange

First publicly proposed public-key type scheme
By Diffie and Hellman in 1976 along with advent
of public key concepts
A practical method for public exchange of secret
key
Used in a number of commercial products

17
Diffie-Hellman Key Exchange

Use to set up a secret key that can be used for
symmetric encryption
cannot be used to exchange an arbitrary message
Value of key depends on the participants (and
their private and public key information)
Based on exponentiation in a finite (Galois)
field (modulo a prime or a polynomial) - easy
Security relies on the difficulty of computing
discrete logarithms (similar to factoring) hard

18
Primitive Roots

From Eulers theorem aø(n) mod n1
Consider am mod n1, GCD(a,n)1
must exist for m ø(n) but may be smaller
once powers reach m, cycle will repeat
If smallest is m ø(n) then a is called a
primitive root
if p is prime and a is a primitive root of p,
then successive powers of a generate the group
mod p
Not every integer has primitive roots

19
Primitive Root Example Power of Integers Modulo
19
20
Discrete Logarithms

Inverse problem to exponentiation is to find the
discrete logarithm of a number modulo p
Namely find x where ax b mod p
Written as xloga b mod p or xinda,p(b)
If a is a primitive root of p then discrete
logarithm always exists, otherwise may not
3x 4 mod 13 has no answer
2x 3 mod 13 has an answer 4
While exponentiation is relatively easy, finding
discrete logarithms is generally a hard problem

21
Diffie-Hellman Setup

All users agree on global parameters
large prime integer or polynomial q
a which is a primitive root mod q
Each user (e.g. A) generates its key
choose a private key (number) xA lt q
compute its public key yA axA mod q
Each user publishes its public key

22
Diffie-Hellman Key Exchange

Shared session key for users A and B is KAB
KAB axA.xB mod q
yAxB mod q (which B can compute)
yBxA mod q (which A can compute)
KAB is used as session key in symmetric
encryption scheme between A and B
Attacker needs xA or xB, which requires solving
discrete log

23
Diffie-Hellman Example

Given Alice and Bob who wish to swap keys
Agree on prime q353 and a3
Select random secret keys
A chooses xA97, B chooses xB233
Compute public keys
yA397 mod 353 40 (Alice)
yB3233 mod 353 248 (Bob)
Compute shared session key as
KAB yBxA mod 353 24897 160 (Alice)
KAB yAxB mod 353 40233 160 (Bob)

24
Elliptic Curve Cryptography

Majority of public-key crypto (RSA, D-H) use
either integer or polynomial arithmetic with very
large numbers/polynomials
Imposes a significant load in storing and
processing keys and messages
An alternative is to use elliptic curves
Offers same security with smaller bit sizes

25
Real Elliptic Curves

An elliptic curve is defined by an equation in
two variables x and y, with coefficients
Consider a cubic elliptic curve of form
y2 x3 ax b
where x, y, a, b are all real numbers
also define zero point O
Have addition operation for elliptic curve
geometrically, sum of PQ is reflection of
intersection R

26
Real Elliptic Curve Example
27
Finite Elliptic Curves

Elliptic curve cryptography uses curves whose
variables and coefficients are finite
Two families are commonly used
prime curves Ep(a,b) defined over Zp
use integers modulo a prime
best in software
binary curves E2m(a,b) defined over GF(2m)
use polynomials with binary coefficients
best in hardware

28
Elliptic Curve Cryptography