Mid-term Review(2).ppt
-
Upload
asfandyar-durrani -
Category
Documents
-
view
221 -
download
0
Transcript of Mid-term Review(2).ppt
-
8/22/2019 Mid-term Review(2).ppt
1/14
Mid-term Review
Network Security
-
8/22/2019 Mid-term Review(2).ppt
2/14
Secure channel
SSL (and many others: incl. IPSEC)
Shared key establishing
Trusted party (Kerberos, etc. - to be covered)Public key methods
-
8/22/2019 Mid-term Review(2).ppt
3/14
Public Key techniques
Diffie-Hellman RSA
N=pq; ed 1 (mod(N))
Public: e,N; Private: d,N
Encrypt(m): cmemodN
Decrypt(c): mcdmodN
Sign(m): smdmodN
Verify(s,m):sem (modN)
Alice Boba b
p, g
magamod p mbgbmod p
ma mb
mba
mod p mab
mod p=gab
mod p=shared secret key!
Discrete log:
Given y,p,b
Find x: bxmod p = y
?
Factoring:
GivenN=pq
Findp,q
-
8/22/2019 Mid-term Review(2).ppt
4/14
Discrete log based schemes
DH, DSS (El-Gamal);
Elliptic Curves Cryptography (ECC)
Why modulus (p) is so large?Big-step/Little-step attack
Pohlig-Hellman attack:
Beware of primesp with only small factors (p) Safe primes:p=2q+1 for some prime q
-
8/22/2019 Mid-term Review(2).ppt
5/14
Factoring based
RSA
Square Roots (=factoring)
Rabin (Encryption,Signature)Fiat-Shamir (ID scheme, Signature)
-
8/22/2019 Mid-term Review(2).ppt
6/14
World modN
How many objects?
|Z*N|= (N);
for all z Z*
N, z(N)
mod N=1If N=pq, then (N)= (p-1)(q-1)
[If N=p, then (N)= p-1]
Blum integers: N=pq, pq3 (mod 4)Then
x(p+1)/4mod p= y; y2x(p+1)/2x(p-1)/2 xx mod p
-
8/22/2019 Mid-term Review(2).ppt
7/14
Chinese Remainder Theorem
(CRT)
Given y2=x mod p; z2=x mod q; N=pq;
Find s: s2=x mod N
More generally:Given a,A, b,B;
Find x: x=a mod A, x=b mod B
Let u, v be s.t. uA=1 mod B, vB=1 modAThen x=uAb+vBa[indeed: x mod A = uAb+vBa = vBa = a;
x mod B = uAb+vBa = uAb = b]
How to find u,v?
-
8/22/2019 Mid-term Review(2).ppt
8/14
Extended GCD & Inverses
Euclids GCD algorithm
(greatest common divisor):
gcd(a,b) = gcd( b, a mod b) == gcd(a,b)=cExtended GCD gives in addition x,y:
ax+by=c
If gcd(a,b)=1: ax (mod b) =1i.e. x=a-1 in Z*b
-
8/22/2019 Mid-term Review(2).ppt
9/14
Summary RSA & Rabin
RSA
Given p,q; Can compute (N), for N=pq;
With Extended gcd,can compute e, d = 1/e mod (N);
[ gcd(e, (N)) must be 1 ]
Rabin
Using Blum integers can compute SQRT mod p,q
Using CRT can combine them to SQRT mod N
-
8/22/2019 Mid-term Review(2).ppt
10/14
Efficiency for all
Exponentiation: Repetitive Squaring
bA mod N
takes 1.5 lg A long multiplicationsCost of multiplication
quadratic in length
Optimization:mod N mod p + mod q +CRT
Watch out!
-
8/22/2019 Mid-term Review(2).ppt
11/14
Attacks on factoring
(N), N => factoring (quadratic equation)
Trick:
obtain x, s.t. x=0 mod p, x0 mod qgcd(x, N)=p
SQRTmodN => Factoring
vy2mod N; zSQRTmodN(v)
If z y, then x y-z
Computing mod p + mod q + CRT
Random error mod p (or mod q) => factoring
-
8/22/2019 Mid-term Review(2).ppt
12/14
Key Establishing
Diffie-Hellman or RSA
Watch out for man-in-the-middle attack!!!
Authentication (signatures) PKI
RememberAKE: authenticated key establishment
Beyond AKE
Ciphers
MACs
-
8/22/2019 Mid-term Review(2).ppt
13/14
Ciphers
Block ciphers
DES, AES, 3DES,
Modes of operation: EDE, OFB, CBC, Stream ciphers
Pseudo-random pad
-
8/22/2019 Mid-term Review(2).ppt
14/14
Later in the course
Crypto
Hashing
MD5, SHA
MAC
Systems
PKI
Kerberos - key distribution (symmetric crypto)IPSec - security on another level
Firewalls, IDS, etc.