Cryptography and Network Security Chapter 10 pptx

ISUI2UUIOH ỐØT Public Keys * can be considered as Using one Of; ° public announcement ° publicly available airectory ° PUbIic-key autnonity: © public-key Certificates... mybnGa Key DISt

ury ptograpny and

Chapter 10 — Key Management; Other Public Key Cryptosystems

NO Singnalese, whether man orwoman, would

venture out of the house without a bunch of keys

in his hana, tor without such ai talisman he would

fear that some devil mignt take advantage of his

Ga SIqI© So io Ws eel

—iine Golden Bough, Sir James George Frazer

Key Management

* public-key encryption helps address key

GiStnioution problems

* have two aspects Of this:

°-đjSifIl9UUOI] ØI: OUIDlIG KCWS

° USE Of PUDIiG-Key Encryption to distribute

secret Keys

ISUI2UUIOH ỐØT Public Keys

* can be considered) as Using) one Of;

° public announcement

° publicly available airectory

° PUbIic-key autnonity:

© public-key Certificates

Public Announcement

* users distribute public Keys to recipients or

bfoadcast to Community at large

° 6g append! PGP keys to emailli messages Of DOSt 10 NEWS GFOUpS OFf Email list

* major Weakness Is forgery

° anyone Can create a key Claiming) to be

Someone else and broadcast it

° Until forgery Is GiScovered Can masquerade as Glaimed user

PUDIICIY Available: Directory

* Can obtain greater Security by reaistering

KEYS With a PUbDIIC Gifectory

* directory must be trusted with properties:

° contains {name, public-key} entries

° panicipants register Securely with) Gifectory

° panicipants Can replace key at any time

®* aifectory Is penodically published

° alfeciory Can be accessed) Glectronically

SU Wuilsrelole te) elancerine) Or forcjony

PUDIIC-Key AUTHONIty

* improve secunity by tightening) Control over

đISffiil9ØUUOI] ØI: k€WS If.OIT) dÌIf'CGLOI'V

* has properties of directory

» and requires users to know public key for

LG GIICGTOIV

> then Users interact with directory 10 Obtain

any Gesired public Key securely

° does jequire real-time ACCESS 1O) GIfectonry

when keys are needea

PUDIIC-Key AUTHONIty

(1) Request || Time, (4) Request || Time,

(2) E(PRauth [PUp || Request || Time,])

(5) E(PRauthr [PU, || Request || Time.])

¬

(6) E(PU,, [ Nạ || Nạ])

(7) E(PUy, N¿) (3) E(PU¿, [ ID || Nị])

Public-Key Ceruticates

> cemuficates allow key exchange without

feal-time ACCESS 10) PUDIIG-Key authority

> a certificate binds identity to public key

° usually with other info SUCH 4S Pernod of

Validity, rights of USE etc

* with all contents signed by a trusted

Pubplic-Key or Certificate Authority (CA)

> Can be veniied by anyone Who Knows the

DUDIIG-Key AUIIONUES PUDIIG-Key,

Public-Key Ceruticates

ertificate

wn Authority

Ca = E(PRaun, [Timey || IDa || PUa])

Cg = E(PRauth [Time || IDg || PUp))

2)C

FUUDIIG GV DISUY1UUIOH of Secret

eV

* USE previous methods to obtain public-key

* Can USe for secrecy or authentication

* but public-key algorithms are slow

* so usually want to USe private-key

encrypuon tØ protect message contents

* hence need a session key

* have several altematives for negotiauna a SUItabIe SESSION

Simple Secret Key

DISthHDUTION

* proposed by Merkle in 19779

° A generates a new temporary public key pair

° A sends B the public key and their identity

° B generates a session key K sends it to A

encrypted using the Supplied) public key

° A decrypts the Session key ang potn use

* problem) IS that an) Opponent Can intercept

anal impersonate’ both) halves Of Protocol

Public-Key DIStmhbution of Secret

eV

if have securely exchanged public-Keys:

(1) E(PUp, IN; |] IDa))

a (2) E(PU,, [N; ||N;]) —

~~ * sử " ——

(4) E(PUp, [N 1 {I Ks)

mybnGa Key DIStHDUTION

* retain Use Of private-key KDC

» shares secret master key with Gach user

> distributes session key using master key

* public-key used to distribute master keys

° especially useful With Widely disthiouted| users

* favionale

* penornmance

ww Sele <WVelre| eer) eveltleiiiay

JI11iể6“HiellfẤiÊäH XGV/E=XeHande

* first public-key type scheme proposed

> by Dittie & Hellman in 1976 along with the

EXpOSsition Of PUDlic Key Concepts

° note: now Know that Williamson (UK CESG)

secretly proposed the concept in 1970

* iS a practical method for public exchange

Oil Seren «ayy

Use) ia)! ntimioar Of eopnelarefell oreel tiers

JI11iể6“HiellfẤiÊäH XGV/E=XeHande

* a public-key distribution scheme

° cannot be used to exchange an arbitrary message

° jather it Can establish a common key

° known Only to the two participants

* value of key depends on the participants (and their private and public key information)

* based on exponentiation in| a finite (Galois) field

(MOGUIO) a Prime OF a polynomial) - Gasy;

> security relies on the difficulty of computing

agiscrete Joganitnims (Sima tO factoring) — hava

Diftie-heliman Setup

» all Users agree on Global parameters:

* large prime integer or polynomial a

° 2 being a primitive foot Mod a

* each user (eg A) generates their key

° chooses a secret key (number): x, < a

* compute their public key; y, — a“ mod a

* each user makes public that key vy.

JI11iể6“HiellfẤiÊäH XGV/E=XeHande

» shared) session key for users A & BIS Kaz:

* Kas iS USed! as Session key in private-key,

encrypuon scneme between Alice and Bob

* ii Alice and Bob subsequently communicate,

they will nave the same Key as before, unless IJICV/ GI1010SC ICW/ [2UII3IIG KXC VS

» aliacker needs an x, must solve discrete log

P]jjïI-r|-JllirEz[ln[ =,<zIri|e)|=

> users Alice & Bob who wish to Swap keys:

* agree on prime g=353 and a=3

* select random secret keys:

° A chooses x,=97, BCHOOSGS < =2335

* compute respective public keys:

° yva=3 ’ mod 353 = 40 (Alice)

° 2 =3” mod 353 = 248 (Bob)

* compute shared session key as;

® K, = v„# mod 353 = 40° = 160 (E)©)©))

Key Exchange Protocols

> users Could create random) private/public D- keys Gach time they communicate

* users could create a Known private/public

D- key and! publish in a directory, then

COnSuUltea ana USea to Securely

Elliptic Curve Cryptography

* majority of public-key crypto (RSA, D-H)

use elther integer Or polynomial arithmetic With very large numbers/polynomials

> imposes a significant load in storing and

processing Keys ana| messages

* an alternative is to use elliptic curves

* Offers Same SeCunity with smaller bit Sizes

> newer, bur novas wellanalysed

Real Elliptic Curves

* an elliptic curve is defined by an

equation in two Variables x & y, With

coenicients

* consider a Cubic elliptic curve of form

Venn ches 6

° where x,y,a,0) are all real numbers

° alSo) define Zero point ©

* have: addition operation for elliptic curve

* geometinically sum of @FR is jetlection) of

I[TICTSC G1011 1S

Real Elliptic Curve Example

Finite Elliptic Curves

* Elliptic curve cryptography uses curves

WhOSe Vahiablies & Coefficients are finite

* Nave two families Commonly used;

° prime curves &, (a, ')) defined over Z,

* use Integers moauio a prime

> best in software

° Dinahy Cunves E>, (a, la) aetined over GE(Zn)

* USE Polynomials With binany COciiCients

> OSSt Ip) prelrelivelre

Elliptic Curve Cryptography

* ECC addition is analog of modulo multiply,

* ECC repeated addition is analog of modulo

exponentiation

* need ‘hard’ problem) equiv to discrete log

° O-kP, where @,P belong to a prime curve

° iS Casy to compute @ given k,P

° but hard= to tind k given @P

° Known as the elliptic Curve loganithim problem

> Cenicom/example: a, (9) 17)

ECG Dittie-Hellman

* Can do key exchange analogous to I-A

> users select a sujtable curve &, (a, 1)

» select base point G= (x, vy.)

° with large order n st nG—O

* A & B select private Keys na<n, ne<n

* compute public keys: P.=n,G, P.=n,.G

* Same Since Kn, m.G

ECC Encryption/Decrypuon

* several altermatives, will consider simplest

* must first encode any message lM as a point on

ine elliptic curve Py,

» select suitable curve & point G as in ID-A

* Gach user chooses private key nn<n

* and computes public key P,—n,.G

> decrypt CG, compute:

> ree tl (KG) = Pk (r.G) 1, ( kG) = 2

ECC Secunity

* relies on elliptic curve logarithm problem

* fastest method|is Pollard rho method"

* compared to factoring, can Use much

smaller key sizes than with RSA ete

» for equivalent key lenoths computations ane roughly equivalent

> hence for similar secunty ECC offers

Significant Computational advantages

Comparable Key Sizes Tor

EGuivalent Security

Symmetric ECC -based RSA/DSA

SUITirniarV

* have considered:

°-đjSifIl9UUOI] ØI: OUIOlIG K€WS

w 0IBÏIG“K€V: GđIS1fII9UUOI] ØlIi S€GTCL K€VS

° -ØiiijjC-T-|€llffTafI Key/ eX@haIg€

° Elliptic Curve cryptography