*This preview shows
page 1. Sign up to
view the full content.*

**Unformatted text preview: **Computer Security: Principles and Practice Principles
Chapter 20 – Public-Key Chapter Key Cryptography and Message Authentication Authentication
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography and Public Key Message Authentication Message
now look at technical detail concerning: now
secure hash functions and HMAC secure RSA & Diffie-Hellman Public-Key Algorithms RSA Simple Hash Functions Simple
a one-way or secure hash function used in one way message authentication, digital signatures message all hash functions process input a block at all a time in an iterative fashion one of simplest hash functions is the bitone by-bit exclusive-OR (XOR) of each block
Ci = bi1 ⊕ bi2 ⊕ . . . ⊕ bim effective data integrity check on random data effective less effective on more predictable data less virtually useless for data security virtually SHA Secure Hash Functions SHA
SHA originally developed by NIST/NSA in 1993 SHA was revised in 1995 as SHA-1 was
US standard for use with DSA signature scheme US standard is FIPS 180-1 1995, also Internet RFC3174 standard produces 160-bit hash values produces bit NIST issued revised FIPS 180-2 in 2002 NIST
adds 3 additional versions of SHA adds SHA-256, SHA-384, SHA-512 SHA with 256/384/512-bit hash values with same basic structure as SHA-1 but greater security same NIST intend to phase out SHA-1 use NIST SHA-512 Structure SHA SHA-512 SHA 512 Round Round Other Secure Hash Functions
most based on iterated hash function design most
if compression function is collision resistant if so is resultant iterated hash function so MD5 (RFC1321) MD5
was a widely used hash developed by Ron Rivest was produces 128-bit hash, now too small produces also have cryptanalytic concerns also Whirlpool (NESSIE endorsed hash) Whirlpool
developed by Vincent Rijmen & Paulo Barreto developed compression function is AES derived W block cipher compression produces 512-bit hash produces HMAC HMAC
interest a MAC using a cryptographic hash interest
due to speed and code availability due must incorporate key into use of hash alg must HMAC (RFC2104) widely supported HMAC
used in IPsec, TLS & SET used HMAC treats hash as “black box” HMAC HMAC proven secure if embedded hash HMAC function has reasonable cryptographic strength HMAC Structure Structure Security of HMAC Security
security based on underlying hash strength security have prob given time and no msg-MAC’s have either attacker computes output even with either random secret IV
brute force key O(2n), or use birthday attack brute or attacker finds collisions in hash function or even when IV is random and secret
ie. find M and M' such that H(M) = H(M') ie and birthday attack O( 2n/2) birthday MD5 secure in HMAC since only observe MD5 RSA Public-Key Encryption RSA
by Rivest, Shamir & Adleman of MIT in 1977 by Adleman of best known & widely used public-key alg best key alg uses exponentiation of integers modulo a prime uses encrypt: C = Me mod n encrypt: mod decrypt: M = Cd mod n = (Me)d mod n = M decrypt: mod mod both sender and receiver know values of n and e both and only receiver knows value of d only public-key encryption algorithm with public
public key PU = {e, n} & private key PR = {d, n}. public PU private PR }. RSA Algorithm RSA RSA Example RSA Attacks on RSA Attacks
brute force brute
trying all possible private keys trying use larger key, but then slower use mathematical attacks (factoring n) mathematical
see improving algorithms (QS, GNFS, SNFS) see currently 1024-2048-bit keys seem secure currently timing attacks (on implementation) timing
use - constant time, random delays, blinding use chosen ciphertext attacks (on RSA props) chosen Diffie-Hellman Key Exchange Diffie
first public-key type scheme proposed first key by Diffie & Hellman in 1976 along with the by exposition of public key concepts
note: now know that Williamson (UK CESG) note: secretly proposed the concept in 1970 practical method to exchange a secret key practical used in a number of commercial products used security relies on difficulty of computing security discrete logarithms DiffieDiffie Hellman Hellman Algorithm Algorithm Diffie-Hellman Example Diffie
have have
prime number q = 353 prime 353 primitive root α = 3 primitive A and B each compute their public keys and
A computes YA = 397 mod 353 = 40 computes B computes YB = 3233 mod 353 = 248 computes then exchange and compute secret key: then
for A: K = (YB)XA mod 353 = 24897 mod 353 = 160 for for B: K = (YA)XB mod 353 = 40233 mod 353 = 160 for attacker must solve: attacker
3a mod 353 = 40 which is hard desired answer is 97, then compute key as B does desired Key Exchange Protocols Key Man-in-the-Middle Attack Man
attack is: attack
1. 2. 3. 4. 5. 6. 7. Darth generates private keys XD1 & XD2, and their and public keys YD1 & YD2 public Alice transmits YA to Bob Alice Darth intercepts YA and transmits YD1 to Bob. Darth Darth and to also calculates K2 also Bob receives YD1 and calculates K1 Bob Bob transmits XA to Alice Bob Darth intercepts XA and transmits YD2 to Alice. Darth Darth and to calculates K1 calculates Alice receives YD2 and calculates K2 Alice all subsequent communications compromised all Other Public-Key Algorithms Other
Digital Signature Standard (DSS) Digital
FIPS PUB 186 from 1991, revised 1993 & 96 FIPS uses SHA-1 iin a new digital signature alg n uses alg cannot be used for encryption cannot elliptic curve cryptography (ECC) elliptic
equal security for smaller bit size than RSA equal seen in standards such as IEEE P1363 seen still very new, but promising still based on a mathematical construct known as based the elliptic curve (difficult to explain) Summary Summary
discussed technical detail concerning: discussed
secure hash functions and HMAC secure RSA & Diffie-Hellman Public-Key Algorithms RSA ...

View Full
Document