Asymmetric Cryptography Concepts and Concerns • • • • • • • • • • About the Speaker Chuck Easttom chuck@chuckeasttom.com www.ChuckEasttom.com Certifications A+,Network+, iNet+, Server+, Linux+, MCP (Windows 2000 Pro, VB 6 [Desktop and Distributed]), MCAD, MCSE, MCDBA, MCSA, MCT, MCTS (Windows Server 2008, SQL Server 2008, Visual Studio 2010, Windows 7), MCITP (Windows 7 and SQL Server 2008) CIW Security Analyst, CEH, CHFI, EC Council Certified Security Analyst, EC Council Certified Instructor, CISSP, ISSAP, and others. Education: B.A. and M.Ed. from Southeastern Oklahoma State University. Ph.D. in progress(A.B.D.) from Northcentral University. Publications: 13 computer science books. Worked as a subject matter expert for CompTIA in the creation of the Security+, Server+, and Linux+ exams as well as revising the CTT+. Created the advanced cryptography course for EC Council Experience: many years in IT, 10+ years of teaching/training. Creates study guides for Ucertify.com http://www.ucertify.com/blog/chuckeasttom.html , including their A+ study guide Frequent expert witness in computer related computer cases 7 provisional patents Prime Numbers A prime number is any number whose factors are 1 and itself. So 2, 3, 5, 7, 11, 13, 17, 23, etc. are prime numbers. Prime numbers are used in some public key cryptography algorithms (which we will study in lesson 4) such as RSA. Prime Number Theorem: If a random number N is selected, the chance of it being prime is approximately 1 / ln(N), where ln(N) denotes the natural logarithm of N. Co-Prime Just as important as prime numbers are in cryptography, co-prime numbers are also important. A coprime is a number that has no factors in common with another number. For example 3 and 7 are co-prime Eulers Totient This is actually a part of the RSA Algorithm which we will study in lesson 4. The number of positive integers less than or equal to n that are coprime to n is called the Euler’s Totient of n. So for the number 6, 4 and 5 are coprime with 6. Therefore Eulers Totient = 2 For a prime number p the Eulers totient is always p-1. Symbolized Eulers Totient Coprime numbers have interesting relationships that are part of algorithms like RSA. For example if m and n are coprime then the totient of m * the totient of n is equal to the totient of (m*n). Put more mathematically If m and n are coprime then (m) * (n) = (mn) Modulus Operator The modulus operator is simple, and you will see it used in a number of cryptography algorithms. Simply divide A by N and return the remainder. So 5 mod 2 = 1 So 12 mod 5 = 2 Sometimes symbolized as % as in 5%2=1 Asymmetric Encryption Asymmetric systems use key pairs which consist of a public key and private key. The public key is made public (for example, by publishing it in a directory) and the private key is kept secret. So the asymmetric cryptography does not involve exchanging a secret key. The public key can be used to encrypt messages and only the recipients private key can decrypt them. Advantages: Provides a secure way to communicate; provides method of validation; non-repudiation Disadvantages: Slower than Symmetric algorithms. Algorithms • • • • • • Diffie Hellman MQV ElGamal RSA DSA Elliptic Curve Diffie-Hellman A cryptographic protocol that allows two parties to establish a shared key over an insecure channel. Developed by Whitfield Diffie and Martin Hellman in 1976. An interesting twist is that the method had actually been developed a few years earlier by Malcolm J. Williamson of the British Intelligence Service, but it was classified. Diffie-Hellman The system has two parameters called p and g. Parameter p is a prime number and parameter g (usually called a generator) is an integer less than p, with the following property: for every number n between 1 and p-1 inclusive, there is a power k of g such that n = gk mod p. Many cryptography textbooks use the fictitious characters ‘alice’ and ‘bob’ to illustrate cryptography and we will do that here as well: 1. Alice generates a random private value a and Bob generates a random private value b. Both a and b are drawn from the set of integers 2. They derive their public values using parameters p and g and their private values. Alice's public value is ga mod p and Bob's public value is gb mod p. 3. They exchange their public values. 4. Alice computes gab = (gb)a mod p, and Bob computes gba = (ga)b mod p. 5. Since gab = gba = k, Alice and Bob now have a shared secret key k. RSA The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT; the letters RSA are the initials of their surnames. This is perhaps the most widely used public key cryptography algorithm in existence today. It is based on some interesting relationships with prime numbers. The security of RSA derives from the fact that it is difficult to factor a large integer composed of two or more large prime factors. RSA – How does it work • Key generation – Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length (such as 128 bits, 256 bits, etc.) – Let n = pq – Let m = (p-1)(q-1) – Choose a small number e, co-prime to m (note: Two numbers are co-prime if they have no common factors.) – Find d, such that de % m = 1 – Publish e and n as the public key. Keep d and n as the secret key. RSA – How does it work • Encrypt – = Me % n – Put another way • Computes the ciphertext c = me mod n • Decrypt – P = Cd % n – Put another way • Uses his private key (d,n) to compute m = cd mod n. RSA Normally RSA would be done with very large integers. To make the math easy to follow we will use small integers in this example. (note this example is from Wikipedia): Choose two distinct prime numbers, such as p = 61 and q = 53. Compute n = pq giving n = 61 · 53 = 3233. Compute the totient of the product as φ(n) = (p − 1)(q − 1) giving φ(3233) = (61 − 1)(53 − 1) = 3120. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for e leaves us only to check that e is not a divisor of 3120. Let e = 17. Compute d, the modular multiplicative inverse of yielding d = 2753. The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function is m17 (mod 3233). The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function is c2753 (mod 3233). Is RSA Still Secure? • • • • Heninger and Shacham Zhao and Qi Yeh, Huang, Lin, and Chang Hinek Heninger and Shacham • Heninger and Shacham (2009) found that RSA implementations that utilized a smaller modulus were susceptible to cryptanalysis attacks. \A smaller modulus can increase the efficiency of an RSA implementation, but as Heninger and Shacham (2009) showed, it may also decrease the efficacy. Heninger and Shacham • Heninger and Shacham (2009) utilized the fact of the smaller modulus to reduce the set of possible factors, thus decreasing the time needed to factor the public key of an RSA implementation. It is in fact a common practice to use a specific modulus e = 216 + 1= 65537 (Heninger & Shacham, 2009). If an RSA Implementation is using this common value for e, then factoring the public key is a much simpler process Zhao and Qi • Zhao and Qi (2007) also utilized implementations that have a smaller modulus operator. The authors of this study also applied modular arithmetic, a subset of number theory, to analyzing weaknesses in RSA. Many implementations of RSA use a shorter modulus operator in order to make the algorithm execute more quickly. Resources • Hinek, M. (2009). Cryptanalysis of RSA and its variants. England: Chapman and Hall. • Heninger, N., Shacham, H. (2009). Reconstructing RSA private keys from random key bit. Advances in Cryptology Lecture Notes in Computer Science, 1 (1). doi:10.1007/978-3-64203356-8_1. • Yeh, Y., Huang, T., Lin, H., Chang, Y. (2009). A study on parallel RSA factorization. Journal of Computers, 4 (2), 112-118. doi:10.4304/jcp.4.2.112-118 • Zhao, Y., Qi, W. (2007). Small private-exponent attack on RSA with primes sharing bits. Lecture Notes in Computer Science, 2007, 4779 (2007) 221-229. doi: 10.1007/978-3-540-754961_15 Elliptic Curve This algorithm was first described in 1985 by Victor Miller (IBM) and Neil Koblitz (University of Washington) . The security of Elliptic Curve cryptography is based on the fact that finding the discrete logarithm of a random elliptic curve element with respect to a publicly-known base point is difficult to the point of being impractical to do. The size of the elliptic curve determines the difficulty of the finding the algorithm, and thus the security of the implementation. The level of security afforded by an RSAbased system with a large modulus can be achieved with a much smaller elliptic curve group. Elliptic Curve The U.S. National Security Agency has endorsed ECC by including schemes based on it in its Suite B set of recommended algorithms and allows their use for protecting information classified up to top secret with 384-bit keys Elliptic Curve It is based on equations of the form y2 = x3 + Ax + B along with a distinguished point at infinity, denoted An elliptic curve is the set of solutions to the equation given above. All the points which satisfy the equation plus a point at infinity lies on the elliptic curve. The public key is a point in the curve, obtained by multiplying the private key with the generator point (called G). The private key is a random number. Want to learn more? • My Blog • My website www.ChuckEasttom.com