Understanding Public Key Cryptography in Network Security
Explore the concepts of public key cryptography, key distribution challenges, solutions to secret key schemes, and the importance of secure communication in network security. Learn about cryptology, cryptography, cryptanalysis, block ciphers, stream ciphers, and more in this informative content.
- Public Key Cryptography
- Network Security
- Cryptography Concepts
- Key Distribution
- Secure Communication
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Public Key Cryptography INFSCI 1075: Network Security Spring 2013 Amir Masoumzadeh
What we have looked at so far CRYPTOLOGY CRYPTOGRAPHY CRYPTANALYSIS Private Key (Secret Key) Public Key Block Cipher Stream Cipher Integer Factorization Discrete Logarithm 2
Outline Problems with secret key schemes Public key cryptography Integer factorization Discrete logarithms How to achieve confidentiality, authentication, or both 3
Conventional Encryption Model Insecure channel Alice Bob x Encrypt Decrypt y x k k Secure Channel Key Source y = ek (x) : Ciphertext x = dk (y) : Plaintext Oscar 4
Secret Key Cryptosystems Block ciphers and stream ciphers Use the same secret key on both sides for encryption and decryption Operations for ek and dk are identical A separate key for each communication Kbob&Carol KAlice&Bob Bob Carol KAlice&Carol Alice 5
Problems with Secret Key Schemes Key distribution and management is a problem If the key is disclosed, communications are compromised How many secret keys do we need? How to provide non-repudiation? What if a receiver forges a message and claims that is sent by a sender! Both have access to the secret key! Authentication, which secret key cryptosystems do not provide 6
Problems with Secret Key Schemes (cont.) A secret key algorithm implies every pair of communicating entities share a secret key Total number of keys is O(n2) For n users, we need n(n 1)/2 pairs of keys It is like having a mailbox for EACH pair of communicating people Bob Alice Dan Carol 7
Solution One mailbox for one person Make a SLOT in the mailbox Everyone (including Oscar) can deposit messages in the mailbox Only the owner of the mailbox can recover the messages So now for n users we only need n mailboxes and n keys 8
Why Public Key Cryptography? Developed to address two key issues: Key distribution how to have secure communications in general without having to trust a KDC with your key (Confidentiality) Digital signatures how to verify a message comes intact from the claimed sender (non-repudiation) 9
Public Key Cryptography Pioneered by Whitfield Diffie and Martin Hellman in 1976 Public-key / two-key / asymmetric cryptography involves the use of two keys: Public-key (KU) Is known to everyone, used to encrypt messages and verify signatures (Slot in the mailbox) Private-key (KR) known only to the recipient, used to decrypt messages and sign (create signatures) (Actual key to open the mailbox) Public Key Cryptography is asymmetric because Those who encrypt messages or verify signatures cannot decrypt messages or create signatures 10
Public Key Encryption Model Insecure channel y Encrypt Decrypt x x Alice Bob krbob kubob y = eku (x) : Ciphertext x = dkr (y) : Plaintext Oscar knows kubob 11
Requirements It is easy to encrypt using the public key KU It is easy to decrypt using the private key KR It is computationally infeasible to determine the private key given the public key It is computationally infeasible to determine the plaintext x given the ciphertext y and the public key KU It should be easy to generate a public key-private key pair Encryption and decryption should be inverse functions dKR(eKU(x)) = x 12
What can satisfy these requirements? There is a need for a mathematical function unlike secret key cryptosystems One way functions: Every function value has a unique inverse Calculating y = f (x) is easy Calculating x = f-1(y) is not feasible Examples: Integer factorization Discrete logarithms 13
Integer Factorization Multiplication is easy 7 17 109 151 = 195821 Integer factorization is difficult 30616693 = ? ? ? ? Answer: 47 59 61 181 Used in RSA 14
Discrete Logarithm EASY: Modular exponentiation 223 mod 109 = ? 223 = 8388608 77 mod 109 DIFFICULT: Discrete logarithm 2x mod 109 = 68 : Find x x = log2 68 mod 109 One way to solve it: Brute Force Answer: x = 15 Used in Diffie-Hellman Key Exchange, ElGamal Encryption Scheme, and Elliptic Curves 15
Trapdoor One-Way Functions A special kind of one-way function that is hard to invert unless some secret information, called the trapdoor, is known Every function value has a unique inverse There are two related keys k1 and k2 Calculating y = f (k1, x) is easy Calculating x = f-1(k2, y) is easy if k2 is known. It is infeasible if k2 is not known and only k1 is known Finding k2 given k1 is very hard 16
Providing Confidentiality Bob s public key Bob s private key KUB KRB plaintext message m = dKR ( eKU (m) ) B encryption algorithm decryption algorithm plaintext message, m ciphertext eKU (m) B B 17
Providing Authentication Alice s public key KUA Alice s private key KRA plaintext message m = dKR ( eKU (m) ) B encryption algorithm decryption algorithm plaintext message, m ciphertext eKR (m) B B Bob s public key Bob s private key KUB KRB 18
Providing Authentication & Confidentiality C C encryption algorithm plaintext message, m encryption algorithm eKR (m) A eKU ( eKR (m) ) B A decryption algorithm C plaintext message decryption algorithm dKU ( eKR (m) ) A dKR ( eKU ( eKR (m) ) ) B B A A 19
Remarks Single most major advance in cryptography Much slower than private key cryptosystems Used primarily for signatures and key exchange rather than bulk data encryption Vulnerable to brute force attacks Vulnerable to mathematical analysis Note that KU and KR are related Key sizes are much larger than those in secret key algorithms Probable message attack KU is known If the number of messages is small, Oscar can encrypt all possible messages to break the system 20
Public Key Algorithms and Security Three different popular algorithms RSA (integer factorization) ElGamal (discrete logarithms on prime number fields) Menezes-Vanstone (discrete logarithms on elliptic curves) Keys sizes for security 1024 bits for RSA and ElGamal 160 bits for Menezes-Vanstone 80 bits for block ciphers 21