Mid-term Review(2).ppt

8/22/2019 Mid-term Review(2).ppt

1/14

Mid-term Review

Network Security


2/14

Secure channel

SSL (and many others: incl. IPSEC)

Shared key establishing

Trusted party (Kerberos, etc. - to be covered)Public key methods


3/14

Public Key techniques

Diffie-Hellman RSA

N=pq; ed 1 (mod(N))

Public: e,N; Private: d,N

Encrypt(m): cmemodN

Decrypt(c): mcdmodN

Sign(m): smdmodN

Verify(s,m):sem (modN)

Alice Boba b

p, g

magamod p mbgbmod p

ma mb

mba

mod p mab

mod p=gab

mod p=shared secret key!

Discrete log:

Given y,p,b

Find x: bxmod p = y

?

Factoring:

GivenN=pq

Findp,q


4/14

Discrete log based schemes

DH, DSS (El-Gamal);

Elliptic Curves Cryptography (ECC)

Why modulus (p) is so large?Big-step/Little-step attack

Pohlig-Hellman attack:

Beware of primesp with only small factors (p) Safe primes:p=2q+1 for some prime q


5/14

Factoring based

RSA

Square Roots (=factoring)

Rabin (Encryption,Signature)Fiat-Shamir (ID scheme, Signature)


6/14

World modN

How many objects?

|Z*N|= (N);

for all z Z*

N, z(N)

mod N=1If N=pq, then (N)= (p-1)(q-1)

[If N=p, then (N)= p-1]

Blum integers: N=pq, pq3 (mod 4)Then

x(p+1)/4mod p= y; y2x(p+1)/2x(p-1)/2 xx mod p


7/14

Chinese Remainder Theorem

(CRT)

Given y2=x mod p; z2=x mod q; N=pq;

Find s: s2=x mod N

More generally:Given a,A, b,B;

Find x: x=a mod A, x=b mod B

Let u, v be s.t. uA=1 mod B, vB=1 modAThen x=uAb+vBa[indeed: x mod A = uAb+vBa = vBa = a;

x mod B = uAb+vBa = uAb = b]

How to find u,v?


8/14

Extended GCD & Inverses

Euclids GCD algorithm

(greatest common divisor):

gcd(a,b) = gcd( b, a mod b) == gcd(a,b)=cExtended GCD gives in addition x,y:

ax+by=c

If gcd(a,b)=1: ax (mod b) =1i.e. x=a-1 in Z*b


9/14

Summary RSA & Rabin

RSA

Given p,q; Can compute (N), for N=pq;

With Extended gcd,can compute e, d = 1/e mod (N);

[ gcd(e, (N)) must be 1 ]

Rabin

Using Blum integers can compute SQRT mod p,q

Using CRT can combine them to SQRT mod N


10/14

Efficiency for all

Exponentiation: Repetitive Squaring

bA mod N

takes 1.5 lg A long multiplicationsCost of multiplication

quadratic in length

Optimization:mod N mod p + mod q +CRT

Watch out!


11/14

Attacks on factoring

(N), N => factoring (quadratic equation)

Trick:

obtain x, s.t. x=0 mod p, x0 mod qgcd(x, N)=p

SQRTmodN => Factoring

vy2mod N; zSQRTmodN(v)

If z y, then x y-z

Computing mod p + mod q + CRT

Random error mod p (or mod q) => factoring


12/14

Key Establishing

Diffie-Hellman or RSA

Watch out for man-in-the-middle attack!!!

Authentication (signatures) PKI

RememberAKE: authenticated key establishment

Beyond AKE

Ciphers

MACs


13/14

Ciphers

Block ciphers

DES, AES, 3DES,

Modes of operation: EDE, OFB, CBC, Stream ciphers

Pseudo-random pad


14/14

Later in the course

Crypto

Hashing

MD5, SHA

MAC

Systems

PKI

Kerberos - key distribution (symmetric crypto)IPSec - security on another level

Firewalls, IDS, etc.

Mid-term Review(2).ppt

Documents

Transcript of Mid-term Review(2).ppt