scsc 455 computer security chapter 3 public key cryptography and message authentication dr. frank li
TRANSCRIPT
SCSC 455 Computer Security
Chapter 3 Public Key Cryptography and Message Authentication
Dr. Frank Li
Index
Approaches to Message Authentication Secure Hash Functions Message Authentication Public Key Cryptography Principles Public Key Cryptography Algorithms Digital Signatures
Message Authentication
Three aspects of message authentication in this chapter: message authentication code and hash function Public key encryption principles Digital signature
Protect against active attack is known as message authentication Contents have NOT been altered and the source is
authentic Verify message’s timeliness (delay and replay)
Authentication using conventional encryption Authentication using conventional encryption
Only sender and receiver share a key Error detection code and sequence number Time stamp
However, symmetric encryption alone is NOT a suitable tool
e.g. block reordering
Message authentication without encryption Typically, message authentication is provided as a
separate function from message encryption. Message authentication code (MAC)
Use of a secret key to generate a small block of data appended to the message.
MAC_m = F(K_ab, M) FIPS recommends the use of DES – A 16- or 32-bit
code The difference between authentication algorithm and
encryption Need NOT be reversible
Message authentication without encryption One-way hash function is alternative to MAC
No need for secret key Hash value (message digest) is sent with the message Three ways:
Using conventional encryption Using public key encryption Using secret value MD_m = H(S_ab || MD_m)
Secure Hash Function (3.2)
Hash function H must have properties:1. H can be applied to a block of data of any size
2. H produce fixed-length output
3. H(x) is relatively easy to compute
4. Computationally infeasible to find x such that H(x) = h (one-way or pre-image resistant)
5. Computationally infeasible to find x<>y with H(y) = H(x) i.e. weak collision resistant.
6. Computationally infeasible to find any pair (x, y), such that H(x) = H(y) i.e. strong collision resistant
Hash Function
Weak hash function v.s. strong hash function The sixth property protects against birthday attack
What is birthday attack
A message digest also provide data integrity
9
Attack Against One-Way Hash Functions If the hash algorithm produces the same hash value
for two distinctly different messages, this is called a collision.
An attacker can attempt to force a collision, which is referred to as a birthday attack. Birthday paradox
Q: How many people must be in the same room for the probability is more than 50% that at least two of them will have the same birthday?
10
Birthday paradox
Given a group of 23 (or more) randomly chosen people, the probability is more than 50% that at least two of them will have the same birthday.
For 60 or more people, the probability is greater than 99%, although it cannot actually be 100% unless there are at least 366 people
11
Birthday paradox
Q: What is the implication of birthday paradox to hash functions?
12
Birthday attack
Attackers can find the corresponding hashing value that matches a specific message is through a brute force attack. Q: Why?
If an attacker finds two messages with the same hash values, it is equivalent to finding two people with the same birthday. Birthday attack is a type of brute force attack. Based on birthday paradox, if the output of a hashing algorithm is
n bits, finding two messages that hash to the same value would require check of only 2^n/2 messages. e.g., SHA-1 generates a 160-bit hash value. The attacker
need approximately 2^80 computation to find a collision. A larger bit hash value is less vulnerable to brute force attack.
Security of Hash function
Two approaches to attacking a secure hash function Cryptoanalysis: exploit logic weakness Brute-force attack: the length of the hash code is n
Pre-image resistant Second Pre-image resistant Collision resistant
128 bit ? 160 bits ?
Simple Hash function
General principle The input is viewed as a sequence of n-bit blocks The input is processed one block at a time in an
iterative fashion to produce an n-bit hash value E.g.1 Bit-by-bit XOR E.g.2 Rotated XOR (RXOR)
Step 1 … Step 2 …
Potential problem with simple hash functions
SHA – Secure Hash Function
SHA was developed by NIST published as FIPS 180 in1993 SHA-1: 160-bit SHA-2: 256, 384, 512 bits
Details on SHA-512 Steps 1 – 5 (page 67 – 70)
Figure 3.4 is important! Detail on figure 3.5 is not required
SHA-3 Two basic requirements: 1. can replace SHA-2 (224, 256, 384,
and 512 bits) 2. perserve the online nature of SHA-2 (process
small blocks 512 or 1024 bits) at a time
Asymmetric Cryptography
In public key systems, each entity has a pair of different keys, or asymmetric keys. The two different asymmetric keys are mathematically
related. The public key can be known to everyone The private key must be known and used only by the
owner. It must be computationally infeasible to derive the
private key from the public key.
Asymmetric Cryptography
In different scenarios, we can choose to use either public key or
private key to encrypt and decrypt.
Scenario 1
Q: Is there any problem in scenario 1?
Scenario 2
Q: Is there any problem in scenario 2?
Scenario 3
Q: Is this any problem in scenario 3?
Asymmetric Cryptography
Common asymmetric algorithms Diffie-Hellman RSA Elliptic curve cryptosystem (ECC) El Gamal Digital Signature Algorithm (DSA) Knapsack
RSA is the most popular public-key encryption Developed by Ronald Rivest, Adi Shamir, and Len Adleman RSA is used in a number of products from many vendors
Web browsers, Virtual private networks (VPN)
Asymmetric vs. Symmetric Cryptography
Pro: Asymmetric algorithms Can provide authentication and non-repudiation. also provide for easier and more manageable key
distribution
Cons: Asymmetric algorithm works much more slowly than a symmetric algorithm Symmetric algorithms carry out relatively simplistic mathematical
functions – substitution and transposition Asymmetric algorithm uses much more complex mathematics to
carry out their functions.
23
Features of Asymmetric Cryptography
Asymmetric algorithm works much more slowly than a symmetric algorithm Symmetric algorithms carry out relatively simplistic mathematical
functions – substitution and transposition Asymmetric algorithm uses much more complex mathematics to
carry out their functions
Asymmetric algorithms Can provide authentication and non-repudiation. also provide for easier and more manageable key
distribution
24
Diffie-Hellman algorithm (1)
Diffie-Hellman algorithm, a.k.a. Diffie-Hellman (D-H) key exchange Was invented in 1976 is a cryptographic protocol that allows two parties
that jointly establish a shared secret key over an insecure communications channel.
This key can then be used to encrypt subsequent communications using a symmetric key cipher.
25
Diffie-Hellman algorithm (2)
Alice and Bob share a prime p and g. • g < p• g is a primitive root of p (detail is not required in this course)
26
Diffie-Hellman algorithm (3)
Example:
Precondition: Alice and Bob agree to use a prime number p =23
and a base g = 5.
1. Alice chooses a secret integer a=6, then sends Bob g^a mod p = 5^6 mod 23 = 8.
2. Bob chooses a secret integer b=15, then sends Alice g^b mod p = 5^15 mod 23 = 19.
3. Alice computes (g^b mod p)^a mod p=19^6 mod 23 = 2.
4. Bob computes (g^a mod p)^b mod p=8^15 mod 23 = 2.
27
Diffie-Hellman algorithm (4)
The D-H algorithm is considered secure against eavesdroppers if g and p are chosen properly. The eavesdropper ("Eve") must solve the Diffie-Hellman problem
to obtain the key. This is currently considered very difficult.
The D-H algorithm is vulnerable to a man-in-the-middle
attack The attacker may establish two distinct Diffie-Hellman keys, one
with Tanya and the other with Erika, then try to masquerade as Alice to Bob and/or vice-versa, by
decrypting and re-encrypting messages passed between them.
28
Man-in-the-middle attack on Diffie-Hellman algorithm
Q: How to prevent man-in-the-middle attack?
29
Man-in-the-middle attack on Diffie-Hellman algorithm The cause of man-in-the-middle attack is no
authentication occurs before public keys are exchanged.
To prevent man-in-the-middle attack: When Alice and Bob have a public key infrastructure (PKI), they may digitally sign their public keys authenticating each other’s public keys
30
RSA
RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, in 1977 de facto standard used for digital signatures, key exchange, and
encryption. The security of RSA comes from the difficulty of factoring large
numbers. The public and private keys are functions of a pair of
large prime numbers
RSA is the most popular public key algorithm. It has been implemented in applications, operating systems, and at the hardware level in network interface cards, secure telephones, and smart cards.
31
RSA – background
Totient function (n)Number of positive integers less than n and relatively prime to n (Relatively prime means with no factors in common with n)
e.g.1: (10) = 4:
1, 3, 7, 9
e.g.2: (21) = 12
1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20
32
RSA – Create a pair of keys
1. Choose two random large prime numbers, p and q. and generate the product: n = pq.
2. Choose a random number e. So that e and (n) = (p – 1)(q – 1) are relatively prime.
3. Compute the decryption key d. e d = 1 mod (n)
(calculate d by using Extended Euclidean algorithm)
The public key = (n, e), the private key = d.
33
RSA – Encryption / Decryption
Modulo operations are computational expensive. Thus, public cryptosystem is slower than symmetric cryptosystems.
34
RSA Example
Alice calculates her key pair. Let p = 7, q = 11 n = 77, (n) = (p-1)(q-1) = 60 chooses e = 17 through calculating d * 17 = 1 mod 60
d = 53
Public Key (e=17, n=77); Private key: (d=53)
Encryption process: Bob wants to send Alice a secret message “HELLO”
(07 04 11 11 14) Bob knows Alice’s pulic key (e=17, n=77), and encrypts message
0717 mod 77 = 28 0417 mod 77 = 16 1117 mod 77 = 44 1117 mod 77 = 44 1417 mod 77 = 42
Bob sends 28 16 44 44 42
35
RSA Example
Decryption process : Alice receives 28 16 44 44 42 Alice uses private key d = 53, to decrypt message:
2853 mod 77 = 07 1653 mod 77 = 04 4453 mod 77 = 11 4453 mod 77 = 11 4253 mod 77 = 14
Alice translates message to letters “ HELLO”No one else could read it, as only Alice knows her private key and that is needed for decryption
Authentication the public key
A potential weakness of public-key cryptographyQ: How do you know that the pubic key you have for an individual is really for that individual?
The solution is authentication public key Authentication is the process of proving that you are in
fact the person you say you are. E.g., A phone ID is commonly used to authenticate a
person.
Q: How to authenticate a public key?
One way to authenticate public key:Signatures
Signatures let you authenticate a public key How the signature works?
You verify that another person’s key really belongs to that person. And then sign that public key with your own private key.
Others get that public key can see your signature and know you trust that key, so they may decide to trust it OR may decide to verify that key themselves.
Form a web of trust -- a peer to peer trust relationship Example …
Q: How to verify another person’s public key?
Verify public key
Verify the public key in person or call the owner of the public key and check the key A key usually has hundred of digits Check bit by bit is not very efficient
A fingerprint is a smaller number that is derived from a very lengthy public key Fingerprints are created by hashing the public key,
Hashing is a process by which a mathematical function is used that converts larger numbers into smaller numbers
Hash function
A hash function is a function that takes a variable-length string, and produces a fixed-length hash value.
The hash value is also called fingerprint, checksum, or message digest A fingerprint is changed the contents have been altered Example …
Two commonly used hash functions Message digest hash (MD5) provides 128 bits fingerprint Secure hash algorithm (SHA-1) provides 160 bits fingerprint
The second way to authenticate public key:CertificateUsing digital certificate -- with PKI
A certificate is a numeric code that is used to identify an organization
Certificate authority (CA) verifies the credential of an organization or individual.
Then CA issues a client’s public key and sign it with CA’s private key
E.g. VeriSign is an well-known CA