SCSC 455 Computer Security Chapter 3 Public Key Cryptography and

advertisement
SCSC 455 Computer Security
Chapter 3 Public Key Cryptography and
Message Authentication
Dr. Frank Li
Index

Approaches to Message Authentication

Secure Hash Functions
Message Authentication




Public Key Cryptography Principles
Public Key Cryptography Algorithms
Digital Signatures
Message Authentication

Three aspects of message authentication in this
chapter:




message authentication code and hash function
Public key encryption principles
Digital signature
Protect against active attack is known as message
authentication


Contents have NOT been altered and the source is
authentic
Verify message’s timeliness (delay and replay)
Authentication using conventional
encryption

Authentication using conventional encryption



Only sender and receiver share a key
Error detection code and sequence number
Time stamp
However, symmetric encryption alone is NOT a
suitable tool
e.g. block reordering

Message authentication without encryption


Typically, message authentication is provided as a
separate function from message encryption.
Message authentication code (MAC)



Use of a secret key to generate a small block of data
appended to the message.
MAC_m = F(K_ab, M)
FIPS recommends the use of DES – A 16- or 32-bit
code
The difference between authentication algorithm and
encryption

Need NOT be reversible
Message authentication without encryption

One-way hash function is alternative to MAC



No need for secret key
Hash value (message digest) is sent with the message
Three ways:



Using conventional encryption
Using public key encryption
Using secret value MD_m = H(S_ab || MD_m)
Secure Hash Function (3.2)

Hash function H must have properties:
1.
2.
3.
4.
5.
6.
H can be applied to a block of data of any size
H produce fixed-length output
H(x) is relatively easy to compute
Computationally infeasible to find x such that H(x) = h
(one-way or pre-image resistant)
Computationally infeasible to find x<>y with H(y) =
H(x) i.e. weak collision resistant.
Computationally infeasible to find any pair (x, y), such
that H(x) = H(y) i.e. strong collision resistant
Hash Function


Weak hash function v.s. strong hash function
The sixth property protects against birthday attack


What is birthday attack
A message digest also provide data integrity
Attack Against One-Way Hash Functions


If the hash algorithm produces the same hash value
for two distinctly different messages, this is called a
collision.
An attacker can attempt to force a collision, which is
referred to as a birthday attack.

Birthday paradox
Q: How many people must be in the same room for the
probability is more than 50% that at least two of them will
have the same birthday?
9
Birthday paradox

Given a group of 23 (or more) randomly chosen
people, the probability is more than 50% that at
least two of them will have the same birthday.

For 60 or more people, the probability is greater
than 99%, although it cannot actually be 100%
unless there are at least 366 people
10
Birthday paradox
Q: What is the implication of birthday paradox to hash functions?
11
Birthday attack

Attackers can find the corresponding hashing value that
matches a specific message is through a brute force attack.
Q: Why?

If an attacker finds two messages with the same hash values,
it is equivalent to finding two people with the same birthday.


Birthday attack is a type of brute force attack.
Based on birthday paradox, if the output of a hashing algorithm is
n bits, finding two messages that hash to the same value would
require check of only 2^n/2 messages.


e.g., SHA-1 generates a 160-bit hash value. The attacker
need approximately 2^80 computation to find a collision.
A larger bit hash value is less vulnerable to brute force attack.
12
Security of Hash function

Two approaches to attacking a secure hash function


Cryptoanalysis: exploit logic weakness
Brute-force attack: the length of the hash code is n




Pre-image resistant
Second Pre-image resistant
Collision resistant
128 bit ?
160 bits ?
Simple Hash function

General principle




E.g.1 Bit-by-bit XOR
E.g.2 Rotated XOR (RXOR)



The input is viewed as a sequence of n-bit blocks
The input is processed one block at a time in an
iterative fashion to produce an n-bit hash value
Step 1 …
Step 2 …
Potential problem with simple hash functions
SHA – Secure Hash Function

SHA was developed by NIST published as FIPS 180
in1993



SHA-1: 160-bit
SHA-2: 256, 384, 512 bits
Details on SHA-512

Steps 1 – 5 (page 67 – 70)



Figure 3.4 is important!
Detail on figure 3.5 is not required
SHA-3

Two basic requirements: 1. can replace SHA-2 (224, 256, 384,
and 512 bits) 2. perserve the online nature of SHA-2 (process
small blocks 512 or 1024 bits) at a time
Asymmetric Cryptography

In public key systems, each entity has a pair of
different keys, or asymmetric keys.

The two different asymmetric keys are mathematically
related.



The public key can be known to everyone
The private key must be known and used only by the
owner.
It must be computationally infeasible to derive the
private key from the public key.
Asymmetric Cryptography
In different scenarios, we can choose to use either public key or
private key to encrypt and decrypt.
Scenario 1
Q: Is there any problem in scenario 1?
Scenario 2
Q: Is there any problem in scenario 2?
Scenario 3
Q: Is this any problem in scenario 3?
Asymmetric Cryptography

Common asymmetric algorithms







Diffie-Hellman
RSA
Elliptic curve cryptosystem (ECC)
El Gamal
Digital Signature Algorithm (DSA)
Knapsack
RSA is the most popular public-key encryption


Developed by Ronald Rivest, Adi Shamir, and Len Adleman
RSA is used in a number of products from many vendors
 Web browsers, Virtual private networks (VPN)
Asymmetric vs. Symmetric Cryptography

Pro: Asymmetric algorithms
 Can provide authentication and non-repudiation.
 also provide for easier and more manageable key
distribution

Cons: Asymmetric algorithm works much more slowly than
a symmetric algorithm


Symmetric algorithms carry out relatively simplistic mathematical
functions – substitution and transposition
Asymmetric algorithm uses much more complex mathematics to
carry out their functions.
Features of
Asymmetric Cryptography

Asymmetric algorithm works much more slowly than a
symmetric algorithm



Symmetric algorithms carry out relatively simplistic mathematical
functions – substitution and transposition
Asymmetric algorithm uses much more complex mathematics to
carry out their functions
Asymmetric algorithms
 Can provide authentication and non-repudiation.
 also provide for easier and more manageable key
distribution
23
Diffie-Hellman algorithm (1)

Diffie-Hellman algorithm, a.k.a. Diffie-Hellman (D-H)
key exchange



Was invented in 1976
is a cryptographic protocol that allows two parties
that jointly establish a shared secret key over an
insecure communications channel.
This key can then be used to encrypt subsequent
communications using a symmetric key cipher.
24
Diffie-Hellman algorithm (2)
Alice and Bob share a prime p and g.
•g<p
• g is a primitive root of p (detail is not required in this course)
25
Diffie-Hellman algorithm (3)
Example:
Precondition: Alice and Bob agree to use a prime number p =23
and a base g = 5.
1. Alice chooses a secret integer a=6, then sends Bob g^a mod
p = 5^6 mod 23 = 8.
2. Bob chooses a secret integer b=15, then sends Alice g^b mod
p = 5^15 mod 23 = 19.
3. Alice computes (g^b mod p)^a mod p=19^6 mod 23 = 2.
4. Bob computes (g^a mod p)^b mod p=8^15 mod 23 = 2.
26
Diffie-Hellman algorithm (4)

The D-H algorithm is considered secure against
eavesdroppers if g and p are chosen properly.

The eavesdropper ("Eve") must solve the Diffie-Hellman problem
to obtain the key. This is currently considered very difficult.
The D-H algorithm is vulnerable to a man-in-the-middle
attack



The attacker may establish two distinct Diffie-Hellman keys, one
with Tanya and the other with Erika,
then try to masquerade as Alice to Bob and/or vice-versa, by
decrypting and re-encrypting messages passed between them.
27
Man-in-the-middle attack on Diffie-Hellman
algorithm
Q: How to prevent man-in-the-middle attack?
28
Man-in-the-middle attack on Diffie-Hellman
algorithm

The cause of man-in-the-middle attack is no
authentication occurs before public keys are
exchanged.

To prevent man-in-the-middle attack: When Alice
and Bob have a public key infrastructure (PKI), they
may digitally sign their public keys  authenticating
each other’s public keys
29
RSA

RSA, named after its inventors Ron Rivest, Adi Shamir, and
Leonard Adleman, in 1977


de facto standard used for digital signatures, key exchange, and
encryption.
The security of RSA comes from the difficulty of factoring large
numbers.


The public and private keys are functions of a pair of
large prime numbers
RSA is the most popular public key algorithm. It has been
implemented in applications, operating systems, and at the
hardware level in network interface cards, secure telephones,
and smart cards.
30
RSA – background

Totient function (n)
Number of positive integers less than n and relatively
prime to n (Relatively prime means with no factors in
common with n)
e.g.1: (10) = 4:
1, 3, 7, 9
e.g.2: (21) = 12
1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20
31
RSA – Create a pair of keys
1.
2.
3.
Choose two random large prime numbers, p and q.
and generate the product: n = pq.
Choose a random number e. So that e and (n) =
(p – 1)(q – 1) are relatively prime.
Compute the decryption key d.
e d = 1 mod (n)
(calculate d by using Extended Euclidean algorithm)
The public key = (n, e), the private key = d.
32
RSA – Encryption / Decryption
Modulo operations are computational expensive.
Thus, public cryptosystem is slower than symmetric
cryptosystems.
33
RSA Example
Alice calculates her key pair.
 Let p = 7, q = 11 n = 77, (n) = (p-1)(q-1) = 60

chooses e = 17

through calculating d * 17 = 1 mod 60
d = 53
Public Key (e=17, n=77);
Private key: (d=53)
Encryption process:

Bob wants to send Alice a secret message “HELLO”
(07 04 11 11 14)
Bob knows Alice’s pulic key (e=17, n=77), and encrypts message






0717 mod 77 = 28
0417 mod 77 = 16
1117 mod 77 = 44
1117 mod 77 = 44
1417 mod 77 = 42
Bob sends 28 16 44 44 42
34
RSA Example
Decryption process :
 Alice receives 28 16 44 44 42
 Alice uses private key d = 53, to decrypt message:






2853 mod 77 = 07
1653 mod 77 = 04
4453 mod 77 = 11
4453 mod 77 = 11
4253 mod 77 = 14
Alice translates message to letters “ HELLO”
No one else could read it, as only Alice knows her private key and
that is needed for decryption
35
Authentication the public key

A potential weakness of public-key cryptography
Q: How do you know that the pubic key you have for
an individual is really for that individual?

The solution is authentication public key


Authentication is the process of proving that you are in
fact the person you say you are.
E.g., A phone ID is commonly used to authenticate a
person.
Q: How to authenticate a public key?
One way to authenticate public key:
Signatures

Signatures let you authenticate a public key

How the signature works?

You verify that another person’s key really belongs to that person.
And then sign that public key with your own private key.

Others get that public key can see your signature and know you trust
that key, so they may decide to trust it OR may decide to verify that
key themselves.

Form a web of trust -- a peer to peer trust relationship

Example …
Q: How to verify another person’s public key?
Verify public key

Verify the public key in person or call the owner of
the public key and check the key
 A key usually has hundred of digits


Check bit by bit is not very efficient
A fingerprint is a smaller number that is derived from
a very lengthy public key

Fingerprints are created by hashing the public key,

Hashing is a process by which a mathematical function
is used that converts larger numbers into smaller
numbers
Hash function
A hash function is a function that takes a variablelength string, and produces a fixed-length hash value.





The hash value is also called fingerprint, checksum, or message digest
A fingerprint is changed  the contents have been altered
Example …
Two commonly used hash functions


Message digest hash (MD5) provides 128 bits fingerprint
Secure hash algorithm (SHA-1) provides 160 bits fingerprint
The second way to authenticate public key:
Certificate
Using digital certificate -- with PKI

A certificate is a numeric code that is
used to identify an organization

Certificate authority (CA) verifies the
credential of an organization or
individual.
Then CA issues a client’s public key
and sign it with CA’s private key
E.g. VeriSign is an well-known CA

Download