Transcript public key
IS410: Information Security
Lecture 6: Key Management
Course Information
Lecturer: Dr. Walid Khedr
[email protected]
http://groups.yahoo.com/group/CS_Network_Security
Course Readings:
Lecture Notes
The Textbook
2/55
Course Syllabus
Introduction
Cryptography
Classical Encryption Techniques
Block Ciphers and the Data Encryption Standard
More on Symmetric Ciphers
Public-Key Cryptography and RSA
Key Management
Hash and MAC Algorithms
Digital Signatures Standard
Real-World Information Security Protocols
Authentication Protocols
Secure Electronic Transaction (SET)
Access Control
3/55
Course Syllabus
Cryptography
Key Management
Key Management
Diffie-Hellman Key Exchange
4/55
Last Lecture
Public-Key Cryptography and RSA
Principles of Public-Key Cryptosystems
The RSA Algorithm
5/55
Key Management
Key management is the set of
techniques and procedures supporting
the establishment and maintenance
of keying relationships between
authorized parties.
Key management includes techniques
and procedures supporting:
1. Storing Keying materials;
2. establishment, distribution, and
installation of keying material;
3. Update and revocation of keying material
6/55
7/55
Importance of Key Management
8/55
Key Management –two problems
Distribution of public keys (for public-key
cryptography)
Distribution of secret keys (for classical
cryptography)
This has more to do with authentication of the
users
9/55
Distribution of Public Keys
Several techniques have been
proposed for the distribution of public
keys:
1.
2.
3.
4.
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
10/55
Public Announcement
If Alice and Bob do not know each other,
how do they get each other’s public key to
communicate with each other?
Solution 1: append your public key to the
end of your email
Attack: emails can be forged:
Eve sends an email to Bob pretending she is
Alice and handing him a public key
Eve will be able to communicate with Bob
pretending she is Alice
11/55
Public Announcement – Cont.
Solution 2: post it on your website
Attack: Eve breaks into the DNS server
and sends Alice a fake webpage
purportedly of Bob’s
Alice encrypts the message using that
public key and Eve will be able to read it
Eve may even modify the message and
forwards it to Bob using his public key
12/55
Public Announcement – Cont.
13/55
Publicly Available Directory
Can obtain greater security by registering
keys with a public directory
Directory must be trusted with properties:
contains {name, public-key} entries
participants register securely (e.g. in person)
with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
Still vulnerable to tampering or forgery.
14/55
Publicly Available Directory
15/55
Public-Key Authority
16/55
Public-Key Authority – Cont.
The scenario is attractive, yet it has
some drawbacks.
The public-key authority could be
somewhat of a bottleneck in the system.
As before, the directory of names and
public keys maintained by the authority
is vulnerable to tampering.
17/55
Public-Key Certificates
Certificates allow key exchange without
real-time access to public-key authority
A certificate binds identity to public key
usually with other info such as period of validity,
rights of use etc
With all contents signed by a trusted
Public-Key or Certificate Authority (CA)
Can be verified by anyone who knows the
public-key authorities public-key
18/55
Public-Key Certificates
19/55
Public-Key Certificates
We can place the following requirements on
this scheme:
1. Any participant can read a certificate to
determine the name and public key of the
certificate's owner.
2. Any participant can verify that the certificate
originated from the certificate authority.
3. Only the certificate authority can create and
update certificates.
4. Any participant can verify the currency of the
certificate.
20/55
A standard for certificates: X.509
To avoid having different types of
certificates for different users
standard X.509 has been issued for
the format of certificates –widely
used over the Internet.
At its core, X.509 is a way to describe
certificates.
X.509 certificates are used in most
network security applications,
including IP security, secure sockets
layer (SSL)
21/55
Distribution of Secret Keys Using Public-Key
Cryptography
Use previous methods to obtain
public-key
Can use for secrecy or authentication
But public-key algorithms are slow
So usually want to use private-key
encryption to protect message
contents
Hence need a session key
22/55
Simple Secret Key Distribution
1. A generates a public/private key pair {PUa, PRa} and
transmits a message to B consisting of PUa and an
identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to A,
encrypted with A's public key.
3. A computes D(PRa, E(PUa, Ks)) to recover the secret
key. Because only A can decrypt the message, only A
and B will know the identity of Ks.
4. A discards PUa and PRa and B discards PUa.
23/55
Man-in-the-Middle Attack (MITM)
1 A generates a public/private key pair {PUa, PRa} and
transmits a message intended for B consisting of PUa
and an identifier of A, IDA.
2 E intercepts the message, creates its own public/private
key pair {PUe, PRe} and transmits PUe||IDA to B.
3 B generates a secret key, Ks, and transmits E(PUe, Ks).
4 E intercepts the message, and learns Ks by computing
D(PRe, E(PUe, Ks)).
5 E transmits E(PUa, Ks) to A.
24/55
Man-in-the-Middle Attack (MITM)
25/55
Secret Key Distribution with
Confidentiality and authentication
If have securely exchanged public-keys:
26/55
Discrete Logarithms
What is a logarithm?
the logarithm of a number to a given base is the
power or exponent to which the base must be
raised in order to produce that number.
log10100 = 2 because 102 = 100
In general if logmb = a then ma = b
Where m is called the base of the logarithm
A discrete logarithm can be defined for
integers only
In fact we can define discrete logarithms
mod p also where p is any prime number
27/55
Discrete Logarithm Problem
The security of the Diffie-Hellman algorithm
depends on the difficulty of solving the
discrete logarithm problem (DLP) in the
multiplicative group of a finite field
consider (Z17). To compute 34 in this group, we
compute 34 mod 17 = 13
Discrete logarithm is just the inverse operation.
For example, take the equation 3k ≡ 13 (mod
17) for k.
As shown above k=4 is a solution, but it is not
the only solution. Since if n is an integer then
34+16 n ≡ 13 (mod 17).
28/55
Sets, Groups and Fields
A set is any collection of objects
called the elements of the set
Examples of sets: R, Z, Q
If we can define an operation on the
elements of the set and certain rules
are followed then we get other
mathematical structures called groups
and fields
29/55
Groups
A group is a set G with a custom-defined binary
operation + such that:
The group is closed under +, i.e., for a, b G:
a+bG
The Associative Law holds i.e., for any a, b, c G:
a + (b + c) = (a + b) + c
There exists an identity element 0, such that
a+0=a
For each a G there exists an inverse element –a
such that
a + (-a) = 0
If for all a, b G: a + b = b + a then the group is
called an Abelian or commutative group
If a group G has a finite number of elements it is
called a finite group
30/55
More About Group Operations
+ does not necessarily mean normal
arithmetic addition
+ just indicates a binary operation
which can be custom defined
The group operation could be denoted
as •
The group notation with + is called
the additive notation and the group
notation with • is called the
multiplicative notation
31/55
Fields
A field is a set F with two custom-defined binary
operations + and • such that:
The Field is closed under + and •, i.e., for a, b F:
a + b F and a • b F
The Associative Law holds i.e., for any a, b, c F:
a + (b + c) = (a + b) + c and a • (b • c) = (a • b) • c
There exist identity elements 0 and 1, such that
a + 0 = a and a • 1 = a
For each a F there exist inverse elements –a and a1such that
a + (-a) = 0 and a • a-1 = 1
If a field F has a finite number of elements it is called
a finite field
32/55
Examples of Groups
Groups
Set
Set
Set
Set
Set
Set
Set
Set
Set of real numbers R under + and *
Set of integers Z under + and *
Set of integers modulo a prime number p under + and * ZP
Fields
of
of
of
of
of
of
of
of
real numbers R under +
real numbers R under *
integers Z under +
integers Z under *?
integers modulo a prime number p under +
integers modulo a prime number p under *
3 X 3 matrices under + meaning matrix addition
3 X 3 matrices under * meaning matrix multiplication?
33/55
Generator of Group
If for a G, all members of the group can
be written in terms of a by applying the
group operation * on ‘a’ a number of times
then a is called a generator of the group G
Examples
2 is a generator of Z*11
2 and 3 are generator of Z*19
m
2m mod 11
1
2
3
4
5
6
7
8
9
10
2
4
8
5
10
9
7
3
6
1
m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2m mod 19
2
4
8
16
13
7
14
3
6
17
15
11
3
6
12
5
10
1
3m mod 19
3
9
8
5
15
7
2
6
18
16
10
11
14
4
12
17
13
1
34/55
Primitive Roots
If xn = a then a is called the n-th root of x
For any prime number p, if we have a number a such that
powers of a mod p generate all the numbers between 1
to p-1 then a is called a Primitive Root of p.
In terms of the Group terminology a is the generator
element of the multiplicative group of the finite field
formed by mod p
Then for any integer b and a primitive root a of prime
number p we can find a unique exponent i such that
b = ai mod p
The exponent i is referred to as the discrete logarithm
or index, of b for the base a.
35/55
36/55
Diffie-Hellman Key Exchange
First public-key type scheme
proposed
By Diffie & Hellman in 1976 along
with the exposition of public key
concepts
Is a practical method for public
exchange of a secret key
Used in a number of commercial
products
37/55
Diffie-Hellman Key Exchange
a public-key distribution scheme
cannot be used to exchange an arbitrary
message
rather it can establish a common key
known only to the two participants
value of key depends on the participants
(and their private and public key
information)
based on exponentiation in a finite (Galois)
field (modulo a prime or a polynomial) easy
security relies on the difficulty of computing
discrete logarithms (similar to factoring) –
hard
38/55
Discrete Logarithms
What is a logarithm?
log10100 = 2 because 102 = 100
In general if logmb = a then ma = b
Where m is called the base of the
logarithm
A discrete logarithm can be defined
for integers only
In fact we can define discrete
logarithms mod p also where p is any
prime number
39/55
Discrete Logarithm Problem
The security of the Diffie-Hellman
algorithm depends on the difficulty of
solving the discrete logarithm
problem (DLP) in the multiplicative
group of a finite field
Y = aX mod p
X = logaY mod p
40/55
Diffie-Hellman Key Exchange
41/55
Diffie-Hellman Algorithm
Five Parts
1.
2.
3.
4.
5.
Global Public Elements
User A Key Generation
User B Key Generation
Generation of Secret Key by User A
Generation of Secret Key by User B
42/55
Global Public Elements
q:
:
Prime number
< q and is a primitive
root
of q
The global public elements are also
sometimes called the domain
parameters
43/55
User A Key Generation
Select private XA
Calculate public YA
mod q
XA < q
YA = XA
44/55
User B Key Generation
Select private XB
Calculate public YB
mod q
XB < q
YB = XB
45/55
Generation of Secret Key by User A
K = (YB)XA mod q
46/55
Generation of Secret Key by User B
K = (YA)XB mod q
47/55
Diffie-Hellman Key Exchange
48/55
Diffie-Hellman Example
q = 97
=5
XA = 36
XB = 58
YA = 536 = 50 mod 97
YB = 558 = 44 mod 97
K = (YB)XA mod q = 4436 mod 97 = 75 mod 97
K = (YA)XB mod q = 5058 mod 97 = 75 mod 97
49/55
Diffie-Hellman Example
50/55
Diffie-Hellman MITM Attack
g X A mod p Y A
Y BX A mod p K AB
YA
YB
K AB
g X B mod p Y B
Y AX B mod p K BA
52/55
Diffie-Hellman MITM Attack
g X A mod p Y A
g X B mod p Y B
Y DX1A mod p K 1 K AD
Y DX2B mod p K 2 K BD
Y D2
K1 Y D1 Y A
g X D 1 mod p Y D 1
YB K2
g X D 2 mod p Y D 2
Y AX D 1 mod p K 1 K AD Y BX D 2 mod p K 2 K BD
54/55
Summary
Have considered:
Key Management
Diffie-Hellman Key Exchange
Reading: Chapter 6
55/55
Thank You . . .
56/55