Public Key EncryptionPublic Key Encryption

CS432 – Security in Computing

Copyright © 2005, 2008 by Scott Orr and the Trustees of Indiana University

Section OverviewSection Overview

Symmetric Key distribution issuesSymmetric Key distribution issues

Public Key encryptionPublic Key encryption

Digital Signatures and HashesDigital Signatures and Hashes

Key ManagementKey Management

ReferencesReferences Security in Computing, 3Security in Computing, 3rdrd Ed. Ed.

Chapter 2 (pgs. 73-88)Chapter 2 (pgs. 73-88) Chapter 10 (pgs. 637-642; 666-682)Chapter 10 (pgs. 637-642; 666-682)

Online ResourcesOnline Resources Why Johnny Can't Encrypt: A Usability EvWhy Johnny Can't Encrypt: A Usability Ev

aluation of PGP 5.0aluation of PGP 5.0, Alma Whitten, Carnegie Mellon , Alma Whitten, Carnegie Mellon UniversityUniversity

Shared Secret Key Shared Secret Key EncryptionEncryption

AliceAlice BobBob

CharlieCharlie ScottScott

• How does Alice distribute the key?How does Alice distribute the key?

• What happens if Scott leaves?What happens if Scott leaves?

Secret Key PairsSecret Key PairsAliceAlice BobBob

CharlieCharlie ScottScott

# of Keys = n * (n – 1)/2# of Keys = n * (n – 1)/2Where n is the # of usersWhere n is the # of users

Public-Key EncryptionPublic-Key Encryption

------------------------------------------------------------------------------------

EncryptionEncryption

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

------------------------------------------------------------------------------------

DecryptionDecryption

Recipient’sRecipient’sPublic KeyPublic Key

Recipient’sRecipient’sPrivate KeyPrivate Key

PlaintextPlaintext PlaintextPlaintextCiphertextCiphertext

PKE Algorithm ComponentsPKE Algorithm Components

One or more Prime NumbersOne or more Prime Numbers Large integer factoringLarge integer factoring Modular arithmeticModular arithmetic Example AlgorithmsExample Algorithms

Merkle-Hellman KnapsacksMerkle-Hellman Knapsacks Rivest-Shivar-Adelman (RSA)Rivest-Shivar-Adelman (RSA) Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange

Knapsack ConceptKnapsack Concept

Using each block only once, Using each block only once, which blocks could be which blocks could be combined to completely fill combined to completely fill this space without leaving any this space without leaving any open squares inside or block open squares inside or block parts outside the highlighted parts outside the highlighted area?area?

00

11

11

00

11

Merkle-Hellman KnapsacksMerkle-Hellman Knapsacks

Use 1 knapsack for encoding a Use 1 knapsack for encoding a messagemessage

Use a 2Use a 2ndnd knapsack for decoding knapsack for decoding The knapsacks are mathematically The knapsacks are mathematically

related to each otherrelated to each other Modulus Modulus nn Multiplier Multiplier ww

Simple Knapsack Simple Knapsack GenerationGeneration

Create a simple (superincreasing) Create a simple (superincreasing) knapsackknapsack Select a (small) initial numberSelect a (small) initial number Each new number is greater than the sum of all Each new number is greater than the sum of all

previous numbers.previous numbers.

S = [ 1, 2, 4, 8 ]S = [ 1, 2, 4, 8 ] Pick Pick nn and and ww

n is greater than the sum of Sn is greater than the sum of S n and w have no common factors n and w have no common factors Easiest way: set n to a prime numberEasiest way: set n to a prime number

n > 15; set n = 17 / Pick w < n; w = 7n > 15; set n = 17 / Pick w < n; w = 7

Hard Knapsack GenerationHard Knapsack Generation Hard knapsack is a function of S, w, and nHard knapsack is a function of S, w, and n

hhii = s = sii * w mod n * w mod n

hh11 = 1 * 7 mod 17 = 7 = 1 * 7 mod 17 = 7

hh22 = 2 * 7 mod 17 = 14 = 2 * 7 mod 17 = 14

hh33 = 4 * 7 mod 17 = 11 = 4 * 7 mod 17 = 11

hh44 = 8 * 7 mod 17 = 5 = 8 * 7 mod 17 = 5

H = [ 7, 14, 11, 5 ]H = [ 7, 14, 11, 5 ]

H becomes the public keyH becomes the public key S, n, and w together become the private S, n, and w together become the private

keykey

Encrypting a MessageEncrypting a Message Message is broken down in binary blocksMessage is broken down in binary blocks Block size = number of elements in HBlock size = number of elements in H Calculate sum of PT * H for each blockCalculate sum of PT * H for each block This becomes the encrypted messageThis becomes the encrypted message

SumSum11 = 7 + 11 + = 7 + 11 + 55

= 23= 23

SumSum22 = 14 + 11= 14 + 11 = 25= 25

SumSum33 = 7 + 11= 7 + 11 = 18= 18

SumSum44 = 14 + 5= 14 + 5 = 19= 19

PT = 1011 0110 1010 0101 / H = [ 7, 14, 11, 5 ]PT = 1011 0110 1010 0101 / H = [ 7, 14, 11, 5 ]

Message M = [ 23, 25, 18, 19 ]Message M = [ 23, 25, 18, 19 ]

Decrypting a MessageDecrypting a Message Need to find inverse v of w:Need to find inverse v of w:

w * v mod n = 1w * v mod n = 1 Use Extended Euclidean Algorithm to find vUse Extended Euclidean Algorithm to find v

7 * v mod 17 = 1; v = 57 * v mod 17 = 1; v = 5

Calculate new sum totals: MCalculate new sum totals: Mii * v mod n * v mod n

SumSum

11

= 23 * 5 mod = 23 * 5 mod 1717

= 13= 13

SumSum

22

= 25 * 5 mod = 25 * 5 mod 1717

= 6= 6

SumSum

33

= 18 * 5 mod = 18 * 5 mod 1717

= 5= 5

SumSum

44

= 19 * 5 mod = 19 * 5 mod 1717

= 10= 10

M = [ 23, 25, 18, 16 ] / Sumi = Mi * 5 mod 17

Decrypting the Message Decrypting the Message (con’t.)(con’t.)

To get the plaintext, we now use STo get the plaintext, we now use SS * PTS * PTii = Sum = Sumii

SumSum11 = 13 = [ 1, 2, 4, 8 ] * PT = 13 = [ 1, 2, 4, 8 ] * PT11; PT; PT11 = [1011] = [1011]

SumSum22 = 6 = [ 1, 2, 4, 8 ] * PT = 6 = [ 1, 2, 4, 8 ] * PT22; PT; PT22 = [0110] = [0110]

SumSum33 = 5 = [ 1, 2, 4, 8 ] * PT = 5 = [ 1, 2, 4, 8 ] * PT33; PT; PT33 = [1010] = [1010]

SumSum44 = 10 = [ 1, 2, 4, 8 ] * PT = 10 = [ 1, 2, 4, 8 ] * PT44; PT; PT44 = [0101] = [0101]

PT = 1011 0110 1010 0101PT = 1011 0110 1010 0101

RSA Public Key EncryptionRSA Public Key Encryption

Developed by MIT professors Ron Rivest, Developed by MIT professors Ron Rivest, Adi Shamir and Len Adleman (1977)Adi Shamir and Len Adleman (1977)

Message blocks treated as a large number Message blocks treated as a large number less that some number less that some number nn

Block size 2Block size 2kk bits bits 2 2kk < n < 2 < n < 2k+1k+1

Relies on:Relies on: Large prime numbersLarge prime numbers Large number factoringLarge number factoring Modular arithmeticModular arithmetic

RSA Key GenerationRSA Key Generation

Select 2 prime numbers, p and qSelect 2 prime numbers, p and q Let n = p * qLet n = p * q Let Let (n) = (p – 1)(q – 1)(n) = (p – 1)(q – 1) Pick e that is Pick e that is relatively primerelatively prime to to (n)(n) Find d Find d d = e d = e-1-1 mod mod (n) (n) de = 1 mod de = 1 mod

(n)(n) Generated keys:Generated keys:

Public: e & nPublic: e & n Private: d & n Private: d & n

RSA Encryption & RSA Encryption & DecryptionDecryption

Encryption:Encryption: Break message into M sized blocks < nBreak message into M sized blocks < n Cipher C = MCipher C = Mee mod n mod n

Decryption:Decryption: Message M = CMessage M = Cdd mod n mod n

RSA ExampleRSA Example

Key Generation:Key Generation: Let p = 5 and q = 11Let p = 5 and q = 11 N = 5 * 11 = 55N = 5 * 11 = 55 (n) = (5 – 1)(11 – 1) = 40(n) = (5 – 1)(11 – 1) = 40 Let e = 3Let e = 3 Find d Find d 3d = 1 mod 40; d = 27 3d = 1 mod 40; d = 27

Encrypt M = 5 Encrypt M = 5 C = 5 C = 533 mod 55 = 15 mod 55 = 15 Decrypt C Decrypt C M = 15 M = 152727 mod 55 = 5 mod 55 = 5

Digital SignaturesDigital Signatures

------------------------------------------------------------------------------------

HashHashEncryptionEncryption

------------------------------------------------++++++++++++++++++++++++

------------------------------------------------------------------------------------

HashHashDecryptionDecryption

Sender’sSender’sPrivate KeyPrivate Key

Sender’sSender’sPublic KeyPublic Key

PlaintextPlaintext PlaintextPlaintextSignedSignedMessageMessage

Hash FunctionsHash Functions

Accept messages of Accept messages of anyany size and size and generated a small, fixed size outputgenerated a small, fixed size output

One way functionOne way function Easy and fast to calculateEasy and fast to calculate Collision ResistantCollision Resistant

XOR ExampleXOR Example

Break message into fixed length Break message into fixed length blocksblocks

XOR first element of all blocksXOR first element of all blocks Repeat for all elementsRepeat for all elements

GG 0 1 0 0 0 1 1 10 1 0 0 0 1 1 1oo 0 1 1 0 1 1 1 10 1 1 0 1 1 1 1nn 0 1 1 0 1 1 1 00 1 1 0 1 1 1 0oo 0 1 1 0 1 1 1 10 1 1 0 1 1 1 1ww 0 1 1 0 0 1 1 10 1 1 0 0 1 1 1

0 1 0 1 1 1 1 00 1 0 1 1 1 1 0 55 E E

Source: Source: Classical and Contemporary CryptologyClassical and Contemporary Cryptologyby Richard J. Spillmanby Richard J. Spillman

Not very collision resistant!!!Not very collision resistant!!!

MD5 HashMD5 Hash Developed by Ron RivestDeveloped by Ron Rivest Generates a 128-bit hashGenerates a 128-bit hash InitializationInitialization

Pad message (1 followed by Pad message (1 followed by nn 0s) such that the 0s) such that the message size is 448 mod 512message size is 448 mod 512

(message size) mod 2(message size) mod 26464 appended to message appended to message as 64-bit numberas 64-bit number

4 32-bit registers used store intermediate and 4 32-bit registers used store intermediate and final resultsfinal results

512-bit message block processed in 4 rounds, 512-bit message block processed in 4 rounds, each consisting of 16 stageseach consisting of 16 stages

BlockBlockii

DD

CC

BB

AA

MD5 RoundsMD5 Rounds

FFT[1..16]T[1..16]

++

++

++

++

DD

CC

BB

AA

GGT[17..32]T[17..32]

HHT[33..48]T[33..48]

IIT[49..64]T[49..64]

CVCVii CVCVi+1i+1

GG

MD5 StageMD5 Stage

DD

CC

BB

AA ++ ++ ++ RotRot ++

BlockBlockii[k][k] T[j]T[j]

DD

CC

BB

AA

Birthday ParadoxBirthday Paradox

El Gamal KeysEl Gamal Keys

Choose a large prime number, Choose a large prime number, pp, , such that (such that (pp – 1) has a large prime – 1) has a large prime factor, factor, qq

Select 2 integers, Select 2 integers, xx and and aa, such that , such that x < p and a < p.x < p and a < p.

Calculate y = aCalculate y = axx mod p mod p Private Key: xPrivate Key: x Public Key: y, p, aPublic Key: y, p, a

El Gamal SignaturesEl Gamal Signatures

Used to sign message, Used to sign message, mm Select an integer Select an integer kk such that: such that:

0 < k < p – 10 < k < p – 1 Not used previouslyNot used previously Relatively prime to (p – 1)Relatively prime to (p – 1)

Message signature is Message signature is r r and and ss r = ar = akk mod p mod p s = ks = k-1-1(m – xr) mod (p – 1)(m – xr) mod (p – 1)

El Gamal Signatures (Con’t)El Gamal Signatures (Con’t)

Checked:Checked: Calculate yCalculate yrrrrss mod p mod p Should be same as aShould be same as amm mod p mod p

Digital Signature Standard (DSS)Digital Signature Standard (DSS) Based on El GamalBased on El Gamal 22511511 < p < 2 < p < 2512512

22159159 < q < 2 < q < 2160160

Uses a hash (SHA-1) instead of mUses a hash (SHA-1) instead of m q, instead of (p – 1) is used to calculate r and sq, instead of (p – 1) is used to calculate r and s

Diffie-Hellman Key Diffie-Hellman Key ExchangeExchange

Bob and Alice together select a prime number, p, Bob and Alice together select a prime number, p, and a base, gand a base, g

Alice:Alice: Selects secret number aSelects secret number a Sends Bob gSends Bob gaa mod p mod p

Bob:Bob: Selects secret number bSelects secret number b Sends Alice gSends Alice gbb mod p mod p

Shared secret: kShared secret: k k = (gk = (gaa mod p) mod p)bb mod p = (g mod p = (gbb mod p) mod p)aa mod p mod p Used as key in symmetric cryptography algorithmUsed as key in symmetric cryptography algorithm

““Pretty Good Privacy”Pretty Good Privacy”

Freely available PKE systemFreely available PKE system Minimizes email forgingMinimizes email forging Promotes privacyPromotes privacy Requires a Requires a Circle of TrustCircle of Trust AlternativesAlternatives

MIME Object Security Services (MOSS)MIME Object Security Services (MOSS) Security Multiparts for MIME (S/MIME)Security Multiparts for MIME (S/MIME)

Public Key DistributionPublic Key Distribution

Sent via disk/emailSent via disk/email Downloaded from web pageDownloaded from web page Public Key ServerPublic Key Server Fingerprints and key signingFingerprints and key signing Public Key InfrastructurePublic Key Infrastructure

Certificate AuthoritiesCertificate Authorities Registration AuthoritiesRegistration Authorities Certificate Distribution SystemCertificate Distribution System Key EscrowKey Escrow