Understanding Public Key Cryptography & Key Agreement with Diffie-Hellman Protocol, Study notes of Computer Science

An overview of computer security, focusing on public key cryptography and key agreement using the diffie-hellman protocol. The history, mathematics, and steps of the protocol, as well as potential attacks and the importance of authentication. Students of computer science, particularly those studying security and cryptography, will find this document useful for understanding the fundamental concepts of public key cryptography.

Typology: Study notes

Pre 2010

Uploaded on 09/24/2009

koofers-user-m5u
koofers-user-m5u 🇺🇸

4

(1)

9 documents

1 / 20

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger
CSE 543 - Computer Security
Lecture 5 - Public Key Cryptosystems
September 11, 2007
URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14

Partial preview of the text

Download Understanding Public Key Cryptography & Key Agreement with Diffie-Hellman Protocol and more Study notes Computer Science in PDF only on Docsity!

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

CSE 543 - Computer Security

Lecture 5 - Public Key Cryptosystems

September 11, 2007

URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/

1

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Key Distribution/Agreement

  • Key Distribution is the process where we assign and transfer keys to a participant - Out of band (e.g., passwords, simple) - During authentication (e.g., Kerberos) - As part of communication (e.g., skip-encryption)
  • Key Agreement is the process whereby two parties negotiate a key - 2 or more participants
  • Typically, key distribution/agreement this occurs in conjunction with or after authentication. - However, many applications can pre-load keys

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Diffie-Hellman Protocol

  • For two participants p 1 and p 2
  • Setup: We pick a prime number p and a base g (< p )
    • This information is public
    • E.g., p=13 , g=
  • Step 1: Each principal picks a private value x (< p-1 )
  • Step 2: Each principal generates and communicates a new value y = g x mod p
  • Step 3: Each principal generates the secret shared key z z = y x mod p
  • Perform a neighbor exchange.

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Attacks on Diffie-Hellman

  • This is key agreement, not authentication.
    • You really don’t know anything about who you have exchanged keys with
    • The man in the middle …
    • Alice and Bob think they are talking directly to each other, but Mallory is actually performing two separate exchanges
  • You need to have an authenticated DH exchange
    • The parties sign the exchanges (more or less)
    • See Schneier for a intuitive description

A B

CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger RSA (Rivest, Shamir, Adelman)

  • A dominant public key algorithm
    • The algorithm itself is conceptually simple
    • Why it is secure is very deep (number theory)
    • Use properties of exponentiation modulo a product of large primes "A method for obtaining Digital Signatures and Public Key Cryptosystems“, Communications of the ACM, Feb., 1978 21(2) pages 120-126.

CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger RSA Key Generation

  • Pick two large primes p and q
  • Calculate n = pq
  • Pick e such that it is relatively prime to phi(n) = (q-1)(p-1) - “Euler’s Totient Function”
  • d ~= e

     mod phi(n) or 

de mod phi(n) = 1

  1. p=3, q=
  2. n = 3*11 = 33
  3. phi(n) = (2*10) = 20
  4. e = 7 | GCD(20,7) = 1
  5. “Euclid’s Algorithm” d = 7-1 mod 20 d = 7 mod 20 = 1 d = 3

CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Encryption using private key …

  • Encryption and Decryption E(k - ,P) : ciphertext = plaintext d mod n D(k

,C) : plaintext = ciphertext e mod n

  • E.g.,
    • E({3,45},4) = 4 3 mod 33 = 64 mod 33 = 31
    • D({7,45},19) = 31 7 mod 33 = 27,512,614,111 mod 33 = 4
  • Q: Why encrypt with private key?

CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Digital Signatures

  • Models physical signatures in digital world
    • Association between private key and document
    • … and indirectly identity and document.
    • Asserts that document is authentic and non- reputable
  • To sign a document
    • Given document d, private key k-
    • Signature S(d) = E( k -, h(d) )
  • Validation
    • Given document d, signature S(d), public key k+
    • Validate D(k +, S(d)) = H(d)

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Needham-Schroeder Public Key

  • Does It Still Look OK?
  • Message a.1: A --> B : A,B, {NA, A}PKB
    • A initiates protocol with fresh value for B
  • Message a.2: B --> A : B,A, {NA, NB}PKA
    • B demonstrates knowledge of NA and challenges A
  • Message a.3: A --> B : A,B, {NB}PKB
    • A demonstrates knowledge of NB
  • A and B are the only ones who can read NA and NB

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Gavin Lowe’s Attack on N-S Public Key

  • An active intruder X participates...
  • Message a.1: A --> X : A,X, {NA, A}PKX
  • Message b.1: X(A) --> B : A,B, {NA, A}PKB
    • X as A initiates protocol with fresh value for B
  • Message b.2: B --> X(A) : B,A, {NA, NB}PKA
  • Message a.2: X --> A : X,A, {NA, NB}PKA
    • X asks A to demonstrates knowledge of NB
  • Message a.3: A --> X : A,X, {NB}PKX
    • A tells X NB; thanks A!
  • Message b.3: X(A) --> B : A,B, {NB}PKB
    • X completes the protocol as A

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page The Fix

  • It’s Trivial
    • Find it
  • Message a.1: A --> B : A,B, {NA, A}PKB
    • A initiates protocol with fresh value for B
  • Message a.2: B --> A : B,A, {NA, NB, B }PKA
    • B demonstrates knowledge of NA and challenges A
  • Message a.3: A --> B : A,B, {NB}PKB
    • A demonstrates knowledge of NB

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Impact on Protocol Analysis

  • Protocol Analysis Took a Black Eye
    • BAN Logic Is Insufficient
    • BAN Logic Is Misleading
  • Protocol Analysis Became a Hot Topic
    • Lowe’s FDR
    • Meadow’s NRL Analyzer
    • Millen’s Interrogator
    • Rubin’s Non-monotonic protocols
    • ....
  • In the end, could find known flaws, but...
    • attacker model is too complex

CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Review: secret vs. public key crypto.

  • Secret key cryptography
    • Symmetric keys, where A single key (k) is used is used for E and D
    • D( E( p, k ), k ) = p
  • All (intended) receivers

have access to key

  • Note: Management of keys

determines who has access

to encrypted data

  • E.g., password encrypted email
  • Also known as symmetric

key cryptography

  • Public key cryptography
  • Each key pair consists of a public and private component: k+ (public key), k- (private key) D( E(p, k+), k- ) = p D( E(p, k-), k+ ) = p
  • Public keys are distributed (typically) through public key certificates
  • Anyone can communicate secretly with you if they have your certificate
  • E.g., SSL-based web commerce

CSE543 Computer (and Network) Security - Fall 2005 - Professor McDanielCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger The symmetric/asymmetric key tradeoff

  • Symmetric (shared) key systems
    • Efficient (Many MB/sec throughput)
    • Difficult key management
      • Kerberos
      • Key agreement protocols
  • Asymmetric (public) key systems
    • Slow algorithms (so far …)
    • Easy (easier) key management
      • PKI - public key infrastructures
      • Webs of trust (PGP)