Information Security CS 526 Lecture 17

1
Information Security CS 526Lecture 17

• Public Key Cryptography

2
Review of Secret Key (Symmetric) Cryptography

• Confidentiality
• stream ciphers
• block ciphers with encryption modes
• Integrity
• message authentication code
• Limitation sender and receiver must share the
  same key
• needs secure channel for key distribution
• impossible for two parties having no prior
  relationship

3
Public Key Cryptography Overview

• Proposed in Diffie and Hellman (1976) New
  Directions in Cryptography
• public-key encryption schemes
• public key distribution systems
• Diffie-Hellman key agreement protocol
• digital signature
• Public-key encryption was proposed in 1970 by
  James Ellis
• in a classified paper made public in 1997 by the
  British Governmental Communications Headquarters
• Diffie-Hellman key agreement and concept of
  digital signature are still due to Diffie
  Hellman

4
Public Key Encryption

• Public-key encryption
• each party has a PAIR (K, K-1) of keys K is the
  public key and K-1 is the private key, such that
  DK-1EKM M
• Knowing the public-key and the cipher, it is
  computationally infeasible to compute the private
  key
• Public-key crypto system is thus known to be
  asymmetric crypto systems
• The public-key K may be made publicly available,
  e.g., in a publicly available directory
• Many can encrypt, only one can decrypt

5
Public Key Encryption Algorithms

• Almost all public-key encryption algorithms use
  number theory and modular arithmetic
• RSA
• based on the hardness of factoring large numbers
• El Gamal
• based on the hardness of solving discrete
  logarithm

6
RSA Algorithm

• Invented in 1978 by Ron Rivest, Adi Shamir and
  Leonard Adleman
• Published as R L Rivest, A Shamir, L Adleman, "On
  Digital Signatures and Public Key Cryptosystems",
  Communications of the ACM, vol 21 no 2,
  pp120-126, Feb 1978
• Security relies on the difficulty of factoring
  large composite numbers
• Essentially the same algorithm was discovered in
  1973 by Clifford Cocks, who works for the British
  intelligence

7
RSA Public Key Crypto System

• Key generation
• Select 2 large prime numbers of about the same
  size, p and q
• Compute n pq, and ?(n) (q-1)(p-1)
• Select a random integer e, 1 lt e lt ?(n), s.t.
  gcd(e, ?(n)) 1
• Compute d, 1lt dlt ?(n) s.t. ed ? 1 mod ?(n)
• Public key (e, n)
• Private key d

8
RSA Description (cont.)

• Encryption
• Given a message M, 0 lt M lt n M ? Zn? 0
• use public key (e, n)
• compute C Me mod n C ? Zn? 0
• Decryption
• Given a ciphertext C, use private key (d)
• Compute Cd mod n (Me mod n)d mod n Med mod n
  M

9
RSA Example

• p 11, q 7, n 77, ?(n) 60
• d 13, e 37 (ed 481 ed mod 60 1)
• Let M 15. Then C ? Me mod n
• C ? 1537 (mod 77) 71
• M ? Cd mod n
• M ? 7113 (mod 77) 15

10
RSA Security

• Security depends on the difficulty of factoring n
• The length of npq reflects the strength
• 700-bit n factored in 2007
• 1024 bit for minimal level of security today
• likely to be breakable by 2010
• 2048 for things need to kept secret until 2030
• NIST suggests 15360-bit RSA keys are equivalent
  in strength to 256-bit

11
Digital Signatures The Problem

• Consider the real-life example where a person
  pays by credit card and signs a bill the seller
  verifies that the signature on the bill is the
  same with the signature on the card
• Contracts, they are valid if they are signed.
• Can we have a similar service in the electronic
  world?

12
Digital Signatures

• Digital Signature a data string which associates
  a message with some originating entity.
• Digital Signature Scheme
• a signing algorithm takes a message and a
  (private) signing key, outputs a signature
• a verification algorithm takes a (public) key
  verification key, a message, and a signature
• Provides
• Authentication
• Data integrity
• Non-Repudiation (MAC does not provide this.)

13
Digital Signatures and Hash

• Very often digital signatures are used with hash
  functions, hash of a message is signed, instead
  of the message.
• Hash function must be
• Pre-image resistant
• Weak collision resistant
• Strong collision resistant

14
RSA Signatures

• Key generation (as in RSA encryption)
• Select 2 large prime numbers of about the
• same size, p and q
• Compute n pq, and ? (q - 1)(p - 1)
• Select a random integer e, 1 lt e lt ?, s.t.
• gcd(e, ?) 1
• Compute d, 1 lt d lt ? s.t. ed ? 1 mod ?
• Public key (e, n)
• Secret key d,

15
RSA Signatures (cont.)

• Signing message M
• Verify 0 lt M lt n
• Compute S Md mod n
• Verifying signature S
• Use public key (e, n)
• Compute Se mod n (Md mod n)e mod n M
• Note in practice, a hash of the message is
  signed
• and not the message itself.

16
Public Keys and Trust
Public Key PB Secret key SB
Public Key PA Secret key SA

• How are public keys stored?
• How to obtain the public key?
• How does Bob know or trusts that PA is
• Alices public key?

17
Distribution of Public Keys

• Public announcement users distribute public keys
  to recipients or broadcast to community at large
• Publicly available directory can obtain greater
  security by registering keys with a public
  directory
• Both approaches have problems, and are vulnerable
  to forgeries

18
Public-Key Certificates

• A certificate binds identity (or other
  information) to public key
• Contents signed by a trusted Public-Key or
  Certificate Authority (CA)
• Can be verified by anyone who knows the
  public-key authoritys public-key
• Certificates allow key exchange without real-time
  access to public-key authority

19
X.509 Certificates

• Part of X.500 directory service standards.
• Defines framework for authentication services
• Defines that public keys stored as certificates
  in a public directory.
• Certificates are issued and signed by an entity
  called certification authority (CA).
• Used by numerous applications SSL, IPSec, SET
• Started 1988

20
Digital Signature Signing (figure from wikipedia)
21
How to Obtain a Certificate?

• For a particular application you can define your
  own CA (libraries like openssl provide the
  necessary tools)
• many companies define their own CA.
• VeriSign a company that provides certificates to
  many commercial companies
• Private key remains secret and certificate must
  be accessible.
• Example see certificates accepted by your browser

22
CAs and Trust

• Certificates are trusted if signature of CA
  verifies
• Chain of CAs can be formed, head CA is called
  root CA
• In order to verify the signature, the public key
  of the root CA should be obtain.
• TRUST is centralized (to root CAs) and
  hierarchical

23
The Big Picture
Public Key Setting
Secret Key Setting
24
Coming Attractions

• October 8
• Discretionary Access Control and Mandatory Access
  Control