ch20 - Computer Security: Principles and Practice...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Computer Security: Principles and Practice Principles Chapter 20 – Public-Key Chapter Key Cryptography and Message Authentication Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography and Public Key Message Authentication Message now look at technical detail concerning: now secure hash functions and HMAC secure RSA & Diffie-Hellman Public-Key Algorithms RSA Simple Hash Functions Simple a one-way or secure hash function used in one way message authentication, digital signatures message all hash functions process input a block at all a time in an iterative fashion one of simplest hash functions is the bitone by-bit exclusive-OR (XOR) of each block Ci = bi1 ⊕ bi2 ⊕ . . . ⊕ bim effective data integrity check on random data effective less effective on more predictable data less virtually useless for data security virtually SHA Secure Hash Functions SHA SHA originally developed by NIST/NSA in 1993 SHA was revised in 1995 as SHA-1 was US standard for use with DSA signature scheme US standard is FIPS 180-1 1995, also Internet RFC3174 standard produces 160-bit hash values produces bit NIST issued revised FIPS 180-2 in 2002 NIST adds 3 additional versions of SHA adds SHA-256, SHA-384, SHA-512 SHA with 256/384/512-bit hash values with same basic structure as SHA-1 but greater security same NIST intend to phase out SHA-1 use NIST SHA-512 Structure SHA SHA-512 SHA 512 Round Round Other Secure Hash Functions most based on iterated hash function design most if compression function is collision resistant if so is resultant iterated hash function so MD5 (RFC1321) MD5 was a widely used hash developed by Ron Rivest was produces 128-bit hash, now too small produces also have cryptanalytic concerns also Whirlpool (NESSIE endorsed hash) Whirlpool developed by Vincent Rijmen & Paulo Barreto developed compression function is AES derived W block cipher compression produces 512-bit hash produces HMAC HMAC interest a MAC using a cryptographic hash interest due to speed and code availability due must incorporate key into use of hash alg must HMAC (RFC2104) widely supported HMAC used in IPsec, TLS & SET used HMAC treats hash as “black box” HMAC HMAC proven secure if embedded hash HMAC function has reasonable cryptographic strength HMAC Structure Structure Security of HMAC Security security based on underlying hash strength security have prob given time and no msg-MAC’s have either attacker computes output even with either random secret IV brute force key O(2n), or use birthday attack brute or attacker finds collisions in hash function or even when IV is random and secret ie. find M and M' such that H(M) = H(M') ie and birthday attack O( 2n/2) birthday MD5 secure in HMAC since only observe MD5 RSA Public-Key Encryption RSA by Rivest, Shamir & Adleman of MIT in 1977 by Adleman of best known & widely used public-key alg best key alg uses exponentiation of integers modulo a prime uses encrypt: C = Me mod n encrypt: mod decrypt: M = Cd mod n = (Me)d mod n = M decrypt: mod mod both sender and receiver know values of n and e both and only receiver knows value of d only public-key encryption algorithm with public public key PU = {e, n} & private key PR = {d, n}. public PU private PR }. RSA Algorithm RSA RSA Example RSA Attacks on RSA Attacks brute force brute trying all possible private keys trying use larger key, but then slower use mathematical attacks (factoring n) mathematical see improving algorithms (QS, GNFS, SNFS) see currently 1024-2048-bit keys seem secure currently timing attacks (on implementation) timing use - constant time, random delays, blinding use chosen ciphertext attacks (on RSA props) chosen Diffie-Hellman Key Exchange Diffie first public-key type scheme proposed first key by Diffie & Hellman in 1976 along with the by exposition of public key concepts note: now know that Williamson (UK CESG) note: secretly proposed the concept in 1970 practical method to exchange a secret key practical used in a number of commercial products used security relies on difficulty of computing security discrete logarithms DiffieDiffie Hellman Hellman Algorithm Algorithm Diffie-Hellman Example Diffie have have prime number q = 353 prime 353 primitive root α = 3 primitive A and B each compute their public keys and A computes YA = 397 mod 353 = 40 computes B computes YB = 3233 mod 353 = 248 computes then exchange and compute secret key: then for A: K = (YB)XA mod 353 = 24897 mod 353 = 160 for for B: K = (YA)XB mod 353 = 40233 mod 353 = 160 for attacker must solve: attacker 3a mod 353 = 40 which is hard desired answer is 97, then compute key as B does desired Key Exchange Protocols Key Man-in-the-Middle Attack Man attack is: attack 1. 2. 3. 4. 5. 6. 7. Darth generates private keys XD1 & XD2, and their and public keys YD1 & YD2 public Alice transmits YA to Bob Alice Darth intercepts YA and transmits YD1 to Bob. Darth Darth and to also calculates K2 also Bob receives YD1 and calculates K1 Bob Bob transmits XA to Alice Bob Darth intercepts XA and transmits YD2 to Alice. Darth Darth and to calculates K1 calculates Alice receives YD2 and calculates K2 Alice all subsequent communications compromised all Other Public-Key Algorithms Other Digital Signature Standard (DSS) Digital FIPS PUB 186 from 1991, revised 1993 & 96 FIPS uses SHA-1 iin a new digital signature alg n uses alg cannot be used for encryption cannot elliptic curve cryptography (ECC) elliptic equal security for smaller bit size than RSA equal seen in standards such as IEEE P1363 seen still very new, but promising still based on a mathematical construct known as based the elliptic curve (difficult to explain) Summary Summary discussed technical detail concerning: discussed secure hash functions and HMAC secure RSA & Diffie-Hellman Public-Key Algorithms RSA ...
View Full Document

Ask a homework question - tutors are online