Professional Documents
Culture Documents
Fred Piper
|
The Challenge
|
The Security Issues
ü Sender
· Am I happy that the whole world sees this ?
· Am I prepared to pay to stop them ?
· Am I allowed to stop them ?
ü aecipient
· Do I have confidence in :
· the originator
· the message contents and message stream
· no future repudiation.
ü Network Manager
· Do I allow this user on to the network ?
· How do I control their privileges ?
|
Cryptography is used to provide:
1. Secrecy
2. Data Integrity
3. User Verification
4. Non-aepudiation
|
Cipher System
Interceptor
|
The Attacker¶s Perspective
Unknown Key
Known r Deciphering Wants
Algorithm
|
Two Types of Cipher System
ü Conventional or Symmetric
· easily obtained from
ü Public or Asymmetric
· Computationally infeasible to
determine from
|
ü THE SECUaITY OF THE SYSTEM IS
DEPENDENT ON THE SECUaITY OF
THE KEYS
|
Public Key Systems
ü Original Concept
ü For a public key system an enciphering algorithm is
agreed and each would-be receiver publishes the key
which anyone may use to send a message to him.
ü Thus for a public key system to be secure it must not be
possible to deduce the message from a knowledge of the
cryptogram and the enciphering key. Once such a system
is set up, a directory of all receivers plus their enciphering
keys is published. However, the only person to know any
given receiver¶s deciphering key is the receiver himself.
|
Public Key Systems
|
Public Key Cryptosystems
· Enable secure communications without
exchanging secret keys
· Enable 3rd party authentication ( digital
signature )
· Use number theoretic techniques
· Introduce a whole new set of problems
· Are extremely ingenious.
|
Digital Signatures
|
Digital Signatures
ü Cryptographic checksum
ü Identifies sender
ü Provides integrity check for data
ü Can be checked by third party
|
Hand-Written Signatures
ü Intrinsic to signer
ü Same on all documents
ü Physically attached to message
ü Beware plastic cards.
Digital Signatures
ü Use of secret parameter
ü Message dependent.
|
Principle of Digital Signatures
|
Obtaining a Private Key
° Mathematical attacks
° Physical attacks
|
Certification Authority
AIM :
To guarantee the authenticity of public keys.
METHOD :
The Certification Authority guarantees the
authenticity by signing a certificate containing
user¶s identity and public key with its secret key.
aEQUIaEMENT :
All users must have an authentic copy of the
Certification Authority¶s public key.
|
Certification Process
Centre Creates
Verifies Certificate
credentials
Distribution
Owner
Generates Presents Public aeceives
Key Set Key and (and checks)
credentials Certificate
|
How Does it Work?
The CA certifies
that Fred Piper¶s
public key
is«««..
|
WAaNING
ü Identity Theft
ü You µare¶ your private key
ü You µare¶ the private key
corresponding to the public key in
your certificiate
|
Certification Authorities
ü Problems/Questions
ü Who generates users¶ keys?
ü How is identity established?
ü How can certificates be cancelled?
ü Any others?
|
Fundamental aequirement
|
Is everything OK?
|
aSA System
ü 1"'
$456
5"'
7
6%6,765,7742
ü !''$(8 8
'46
72
|
aSA System
6%6,765,774'
46
6,765,772
<=
>$;$'
591":
2?
|
aSA Summary and Example
Theory Choice
425 --04A-2B 4A-54B
2
6
6,765,77
i -2B-C 6
DDE7 4-
4B-
1";6% 7 6-%--07
& ;6
%7 6B-%--07
*'*6(8*87 *40
|
El Gamal Cipher
· Work in GF(q)
ü q = large prime
ü q = 2n
|
El Gamal Encryption
|
El Gamal Cipher
|
El Gamal - Encryption - Worked Example
|
El Gamal - Worked Example
To decrypt 20, 22
y = = = 1 od
oio = 10
|
Modular Exponentiation
HASHING
FUNCTION
HASH OF MESSAGE
SIGNATUaE -
SIGNED HASH OF MESSAGE
|
How to Verify a Digital Signature Using
aSA
Message
Signature
ae-hash the
Verify the Message with aeceived Message
aeceived Signature Appended Signature Message
Signature
Hashing
Verify using Function
Public Key
(H2) is one-way
|
DSA
|
DSA Set Up
ü System parameters
· select a 160-bit prime q
· choose a 1024-bit prime p so that q i p1
· choose g Å Üp* and compute = gp1
q mod p
· if =1 repeat with different g
ü User keys
· select random secret key 1O O q1
· compute public key y = od p
|
Signing with DSA
ü To sign message
· hash message to give 1O O q1
· generate random secret 1O O q1
· compute r = od p od q
· compute 1 od q
· compute s = 1{ + r} od q
· signature on is rs
|
DSA Signature Verification
ü To verify rs
· check that 1O rO q1 and 1O sO q1
· compute Ä = s1 od q
· compute 1 = Ä od q
· compute = rÄ od q
· accept signature if
· 1y od p od q = r
|
Security of DSA
ü Depends on
· taking discrete logarithms in pFp pF
· the logarithm problem in the cyclic subgroup
of order q
ü algorithms for this take time proportional to q1
ü we choose q V 1 and p V 1
· other concerns follow the case of El Gamal
signatures
|
Performance of DSA
|
DSA and aSA
a
ü also a difference in the sizes of the
signatures
|
Signing and Verifying
Padding /
Text Signature
aedundancy
Padding /
Signature Text
aedundancy
Verify
a) Construction b) Deconstruction
|
Types of Digital Signature
1. Arbitrated Signatures
Mediation by third party, the arbitrator
l signing
l verifying
l resolving disputes
2. True Signatures
Direct communication between sender and receiver
Third party involved only in case of dispute
|
Arbitrated Signatures
|
Example of Arbitrated Signature
Scheme (1)
aequirement: A wants to send B message
B wants assurance of contents,
that A was originator and that A
cannot deny either fact.
Assumption: A and B agree to trust an
arbitrator (AaB) and to accept
AaB¶s decision as binding.
|
Example of Arbitrated Signature
Scheme (2)
Cryptographic Assumption
1. Will use symmetric Algorithm eg DES
2. Will use MACs
3. A has established a DES key KA
shared with AaB
4. B has established a DES key KB
shared with AaB
|
Example of Arbitrated Signature
Scheme (3)
A wants to send µsigned¶ message M to B
Simplified protocol
7 +>*4*HH*F
7 +F;*F
07 + +>* 4*HH*F+
A7 +F+;*F+
Note: B has no way of checking MACKA is correct.
May be necessary to include identities in messages.
|
True Signature
|
True Signature
|
Digital Signatures
|
The Decision Process
ü Do I need Cryptography?
ü Do I need Public Key Cryptography?
ü Do I need PKI?
ü How do I establish a PKI?
|
Often Heard
|
Diffie Hellman Key Establishment
Protocol
General Idea: Use Public System
|
Diffie Hellman Key Establishment Protocol
Key: s m a r Ar B (modp)
Clearly any interceptor who can find discrete
logarithms can break the scheme
In this case
y rA rB rArB
f(x, y) m x . f(a , rB ) m f(a , rA ) m a
Note: Comparison with El Gamal
|
D-H Man in the Middle Attack
V
Fraudster
F
The Fraudster has agreed keys with both V and
V and believe they have agreed a common key
|
D-H Man-in-the-Middle Attack
F
V
V
Fraudster
F
The Fraudster has agreed keys with both V and
V and believe they have agreed a common key
|