CRYPTOGRAPHIC ALGORITHMS FOR NETWORK SECURITY by

1
CRYPTOGRAPHICALGORITHMS FOR NETWORK SECURITY
by

• Dr. P. S. Avadhani
• Professor
• Dept. of C. S. S. E
• ANDHRA UNIVERSITY
• VISAKHAPATNAM, INDIA

2
Agenda

• Introduction
• Ancient Cryptosystems
• Objectives of Security
• Cryptographic systems for security
• Issues in Key Exchange
• Authentication systems
• Conclusions

3
Ancient Cryptosystems

• Ceaser Cypher
• Pradhamashara samhitha

4
Objectives of Security

• SECRECY Information should not be disclosed to
  unauthorized users. For example, a student should
  not be allowed to examine other students grades
• INTEGRITYOnly authorized users should be allowed
  to modify data. For example, students may be
  allowed to see their grades,yet not allowed to
  modify them
• AVAILABILITY Authorized users should not be
  denied access. For example, an instructor who
  wishes to change a grade should be allowed to so.
  

5
Objectives of Security contd...

• AUTHENTICATION Verification of the Origin
• NON-REPUDIATION Proof of Origin, Receipt and
  Contents. ( The sender cannot falsely deny
  sending or receiving the message )

6
Cryptographic Techniques for Security

• Symmetric key Cryptosystems
• Public Key Cryptosystems

7
Symmetric Key Cryptosystems

• Based on Substitution and Permutation methods
• Sender and Receiver use the same Key
• Key has to be transported by sender to Receiver.

8
Some Symmetric Key Cryptosystems

• AES( Advanced Encryption Standard)
• DES ( Data Encryption Standard)
• IDEA ( International Data Encryption Algorithm )
• Blowfish Algorithm

9
General Security Measures of a Symmetric Key
Cryptosystem

• Key Length
• Strength of the algorithm
• Block length

10
Data Encryption Standard

• Sixteen Rounds of Permutations
• Key length 56 bits
• Plain Text block length 64 bits
• Strong in Avalanche Effect

11
International Data Encryption Algorithm

• Eight Rounds of Permutations followed by a
  transformation
• Block Length 64 bits
• Key Length 128 bits
• Considered to be secure for all attacks

12
Blowfish Algorithm

• Sixteen Rounds of Permutations followed by a
  transformation
• Key length varies from 32 bits to 448 bits
• Block Length 64 bits
• Considered to be secure because of variable
  length key

13
Public key Cryptosystems

• Depend on Mathematical theory like Number Theory,
  Elliptic Curves, Discrete Logorithms etc.
• Two keys used one for Encryption and one for
  Decryption called Public and Private Keys

14
Issues in Key exchange

• Authenticity of the sender
• Authenticity of the receiver
• Legal issues
• Key generation mechanisms

15
Diffie-Hellman Key Exchange

• Based on Discrete Logorithms
• Sender and receiver develop the same key on their
  own.

16
Some Public Key Cryptosystems

• RSA Algorithm
• NTRU Cryptosystem

17
RSA Algorithm

• Key Generation
• Select two large primes P,Q
• Calculate N P Q , ? (N) (P-1)(Q-1)
• Select an integer E such that (? (N),E ) 1
• Calculate D such that DE 1 mod ? (N)
• Public Key E, N
• Private Key D, N

18
RSA Algorithm contd...

• Encryption
• Plain Text M lt N
• Cipher Text C M E mod N
• Decryption
• Cipher Text C
• Plain Text M C D mod N

19
Issues with RSA

• Primes-How large?
• How to generate them?
• Its Strength is its weakness

20
Security of RSA

• Depends mainly on primality of P and Q.
• However, no Efficient, Deterministic algorithm
  for generating large primes is known.
• Only probabilistic algorithms are known.
• Assumes that there is no known polynomial time
  algorithm for factoring large numbers.

21
Some possible Methods

• Probabilistic prime generating algorithms
• Montegomery Multiplication Methods

22
NTRU Algorithm

• Key Generation
• Choose integers P,Q ( P lt Q ) and two
  polynomials F and G having coefficients 1, 0, -1
  only
• No. of 1s in FNo. of -1s 1 an No. of 1s in
  GNo. of -1s
• Compute Fp,Fq such that F Fp1(mod P) and
• F Fq1( mod Q) and H P FqG ( mod Q)
• Public Key H
• Private Key F, Fp

23
NTRU Algorithm contd

• Encryption Plain Text M
• Cipher Text ERHM (mod Q)
• Decryption Cipher Text E
• Compute A FE (mod Q) and
• B A (mod P)
• where R is random
  polynomial
• M Fp B ( mod P)

24
How it works...
ORIGINAL TEXT (SENDER)
ENCRYPT WITH RECEIVERS PUBLIC KEY
ORIGINAL TEXT (RECEIVER)

• CYPHER
• TEXT

DECRYPT WITH RECEIVERS PRIVATE KEY
25
How it works for Authentication
ORIGINAL TEXT (SENDER)
ENCRYPT WITH SENDERS PRIVATE KEY
ENCRYPT WITH RECEIVERS PUBLIC KEY
DECRYPT WITH SENDERS PUBLIC KEY
DECRYPT WITH RECEIVERS PRIVATE KEY
ORIGINAL TEXT (RECEIVER)
26
Shared RSA Algorithm

• provides a way to split and recreate a secret
  decryption key among members of a group that may
  or may not trust each other.

27
Difference between RSA and Shared RSA
RSA
Shared RSA
28
SHARED RSA

• Group public key AND Shared (distributed)
  private key

29
Shared RSA Algorithm

• Collaboratively generate public modulusN (p
  p1 pk) (q q1 qk)
• Use primality tests to check that N is product
  of two primes
• Generate n shares of private decryption/signing
  exponent d given public exponent e

30
Generating Public Modulus N
Private Keys p,q Public Keys N
User 3 p3,q3
31
Primality Test
v1 g Np1-q11 mod N F1 N - p1- q1 1
g, N
SERVER Select a random number g
User 1 F1
v1 , F F1 x
Public Keys N,g Private Keys p,q, F
g, N
g, N
v3 , F F3 x
v2 , F F2 x
User 2 F2
User 3 F3
vi g piqi mod N Fi - pi- qi
g N1 mod N ? vi mod N
32
Generating Private Key
F (N) ? Fi gcd(e, F (N)) ? F (N) mod e ? ?
-1mod e
Public Keys N,g ,?, e
SERVER
User 1 d 1
Private Keys p,q, F, d
?, e
?, e
?, e
User 2 d 2
User 3 d 3
d i ?(- ?. Fi.)/e?
33
Encryption
Let
and
d1 59 d2 3 d3 12
e 5 N 35
Let message m30 Then c me mod N
305 mod 35 c 25
34
Decryption
m cr ? c di mod N where 0 lt r lt 3
250(30.15.15) mod 35 25 if r0
251(30.15.15) mod 35 30 if r1
252(30.15.15) mod 35 15 if r2
Public Keys N,g ,?, e, r
Private Keys p,q, F, d, s
User 1
s1 30 s2 15 s3 15
c
c
s3
s2
User 2
User 3
si c di mod N
35
Details about Shared RSA

• Encryption can be done by all
• The Decryption key is shared among N users
• To provide extra security, each users messages
  must be signed by their respective private keys.

36
Some Authentication Methods

• Passwords
• Biometric authentication methods
• Cryptography based authentication systems
• Wavelet based authentication systems
• Zero knowledge protocols

37
Some Algorithms used for Authentication

• Secure Hash Algorithm
• Digital Signature Algorithm

38
Attributes of Signatures

• SIGNER AUTHENTICATION The Signature should
  indicate who signed a document, message are
  record, and should be difficult for another
  person to produce without authorization.
• DOCUMENT AUTHENTICATION A Signature should
  identify what is signed, making it impracticable
  to falsify or alter either the signed matter or
  the signature without detection.

39
Attributes of Signatures Contd...

• AFFIRMATIVE ACT The affixing of the signature
  should be an affirmative act which serves the
  ceremonial and approval functions of a signature
  and establishes the sense of having legally
  consummated a transaction.
• EFFICIENCY Optimally, a signature and its
  creation and verification process should provide
  the greatest possible assurances of both signer
  authenticity and document authenticity, with the
  least possible expenditure of resources.
• Source American Bar Association - Digital
  Signatures Guidelines, August, 1996

40
Use of Digital Signatures

• To verify the authenticity of the message.
• To verify the identity of the sender.
• To verify message integrity.
• The receipent, should not be able to use the
  received digital signature to falsely sign
  messages on behalf of the original sender.

41
Digital Signature based on Public key
Cryptosystem

• Message is encrypted with the senders private
  key to generate the signature.
• The message is sent to the destination along with
  the signature.
• The recipient decrypts the signature using the
  senders public key.
• If the result matches with the copy of the
  message received, then the authenticity,
  integrity of the message and identity of the
  sender are established.

42
Zero Knowledge Protocols

• Interactive proof methods
• Useful for Authentication

43
Requirements of Zero Knowledge Protocols

• The verifier cannot learn anything from the
  protocol
• The prover cannot cheat the verifier
• The verifier cannot cheat the prover
• The verifier cannot pretend to be the prover to a
  third party

44
Cave Example
Left branch
Right branch
Secret door
45
Some Zero knowledge Protocols

• Feige-Fiat-Shamir Protocol     
•   (Depends on the assumption that extracting the
  square roots modulo large composite integers
  infeasible in practice.)
• Goldreich-Micali-Wigderson Protocol
• ( Depends on the graph isomorphism problem)

46
Wavelet Transforms

• Wavelet transforms (WT) are multi-resolution
  signal analysis tools capable of representing
  regular patterns at different scales.
• Each subband of a wavelet-transformed object
  encapsulates significant amount of image
  information in a compact way, requiring modest
  memory and computational power to analyse.
• One or more subbands can be used to represent a
  relatively small feature in any verification
  scheme.

47
Biometric methods

• Finger Prints
• Hand Geometry
• Face recognition

48
Other methods

• Genetic algorithm based authentication
• Spline based authentication

49
Conclusions

• Discussed the concepts of cryptography
• Discussed the techniques used for Encryption,
  Decryption and Authentication
• Various authentication mechanisms including the
  zero knowledge protocols are presented

50
References

• Coppersmith, D The Data Encryption Standard and
  its strength against Attacks, IBM Journal of
  RD, May,1994
• Diffie, W The First Ten Years of Public Key
  Cryptography, Proc. of IEEE,May92
• Rivest, R, Shamir, A and Adleman, A Method for
  Obtaining Signatures and Public Key
  Cryptosystems, Com. of ACM, Feb 78
• Silverman, I.H, NTRU Cryptosystem,
  http//ntru.com

51
References

•  DIFFIE, W. AND HELLMAN, M. 1976. New
  directions in cryptography. IEEE Trans. Inf.
  Theory IT-22, 6, pp644-654.
• FEIGE, U., FIET, AND SHAMIR, A. 1988. Zero
  knowledge proofs of identity. J. Crypt. 1, 2,
  pp77-94
•   GOLDREICH, O. 1999. Modern Cryptography,
  probabilistic proofs, and pseudo-randomness,
  Algorithms and Combinatorics, vol 17,
  Springer-Verlag, New York.
• GOLDREICH, O., MANSOUR, Y. AND SIPSER, M. 1897.
  Interactive proof systems provers that never
  fail and random selection. In Proceedings of the
  28th IEEE Symposium on Foundations of Computer
  Science, IEEE Computer Society Press, Los
  Almitos, Calif., pp. 449-461.

52
THANK YOU