Upload
jonathanhindi
View
215
Download
0
Embed Size (px)
Citation preview
7/31/2019 Chapter 4 Data Security (Dr.Atef)
1/26
1
7/31/2019 Chapter 4 Data Security (Dr.Atef)
2/26
public-key encryption helps address key
distribution problems
have two aspects of this:
distribution of public keys use of public-key encryption to distribute secret
keys
2
7/31/2019 Chapter 4 Data Security (Dr.Atef)
3/26
can be considered as using one of:
public announcement
publicly available directory
public-key authority public-key certificates
3
7/31/2019 Chapter 4 Data Security (Dr.Atef)
4/26
users distribute public keys to recipients orbroadcast to community at large E.g., append PGP keys to email messages or post
to news groups or email list
major weakness is forgery anyone can create a key claiming to be someone
else and broadcast it
until forgery is discovered can masquerade as
claimed user
4
7/31/2019 Chapter 4 Data Security (Dr.Atef)
5/26
5
7/31/2019 Chapter 4 Data Security (Dr.Atef)
6/26
can obtain greater security by registeringkeys with a public directory
directory must be trusted with properties: contains {name,public-key} entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
still vulnerable to tampering or forgery
6
7/31/2019 Chapter 4 Data Security (Dr.Atef)
7/267
7/31/2019 Chapter 4 Data Security (Dr.Atef)
8/26
improve security by tightening control over
distribution of keys from directory
requires users to know public key for the
directory then users interact with directory to obtain
any desired public key securely
does require real-time access to directory when
keys are needed
8
7/31/2019 Chapter 4 Data Security (Dr.Atef)
9/269
7/31/2019 Chapter 4 Data Security (Dr.Atef)
10/26
certificates allow key exchange without real-time access to public-key authority
a certificate binds identity to public key-contains other info such as period of validity,
rights of use, etc.
with all contents signed by a trusted Public-Key or Certificate Authority (CA)
can be verified by anyone who knows the
public-key authorities public-key
10
7/31/2019 Chapter 4 Data Security (Dr.Atef)
11/2611
7/31/2019 Chapter 4 Data Security (Dr.Atef)
12/26
use previous methods to obtain public-key
can use for secrecy or authentication
but public-key algorithms are slow
so usually want to use private-key encryptionto protect message contents
hence need a session key
have several alternatives for negotiating a
suitable session key
12
7/31/2019 Chapter 4 Data Security (Dr.Atef)
13/26
proposed by Merkle in 1979
A generates a new temporary public key pair
A sends the public key and its identity to B
B generates a session key K and sends it to Aencrypted using the supplied public key
A decrypts the session key and both use
problem is that an opponent can intercept
and impersonate both halves of protocol
13
7/31/2019 Chapter 4 Data Security (Dr.Atef)
14/2614
Simple Use of Public-Key Encryption to Establish a Session Key
7/31/2019 Chapter 4 Data Security (Dr.Atef)
15/26
A & B securely exchange public-keys:
-Insures both
(i) confidentiality and (ii) authentication.
15
7/31/2019 Chapter 4 Data Security (Dr.Atef)
16/26
use of private-key KDC
shares secret master key with each user
distributes session key using master key
public-key used to distribute master keys Three-level hierarchy.
rationale
Performance (public key cryptography is used
the least frequently.)
16
7/31/2019 Chapter 4 Data Security (Dr.Atef)
17/26
by Diffie & Hellman in 1976 along with theexposition of public key concepts Williamson secretly proposed the concept in 1970
a practical method for public exchange of asecret key
--even when two parties do not know eachother (they share no secret information).
-does not require a third party (like KDC).
17
7/31/2019 Chapter 4 Data Security (Dr.Atef)
18/26
a public-key distribution scheme establishes a common key
known only to the two participants
value of key depends on the participants(and their private and public keyinformation)
based on exponentiation in a finite field
(modulo a prime or a polynomial)security relies on the difficulty of
computing discrete logarithms (similar tofactoring) hard
18
7/31/2019 Chapter 4 Data Security (Dr.Atef)
19/26
all users agree on global parameters:
large prime integer or polynomial q
number a that isa primitive root mod q
each user (e.g., A) does the following:-chooses a secret key (number): xA < q
-computes: yA = axA mod q
-sends yA to the other party.
19
7/31/2019 Chapter 4 Data Security (Dr.Atef)
20/26
shared session key for users A & B is KAB:
KAB = axA.xB mod q
= yAxB mod q (which B can compute)
= yB
xA
mod q (whichA
can compute) KAB is used as session key in private-key
encryption scheme between Alice and Bob
attacker needs an x, must solve discrete log
20
7/31/2019 Chapter 4 Data Security (Dr.Atef)
21/26
users Alice & Bob who wish to swap keys:agree on prime q=353 and a=3
select random secret keys: A chooses xA=97, B chooses xB=233
compute respective public keys: yA=3
97mod 353 = 40 (Alice)
yB=3233
mod 353 = 248 (Bob)
compute shared session key as: KAB= yBxA mod 353 = 24897 = 160 (Alice)
KAB= yAxB mod 353 = 40
233= 160
(Bob)
21
7/31/2019 Chapter 4 Data Security (Dr.Atef)
22/26
vulnerable to a man-in-the-Middle Attack
authentication of the keys is needed
22
7/31/2019 Chapter 4 Data Security (Dr.Atef)
23/26
23
Hacker
Alice Bob
YA
Generates Two Private Keys XD1, XD2
Generates Two Public Keys YD1, YD2
YD1
YB
YD2
K1 = (YD1)X
B mod q
K1 = (YB)X
D1 mod q
K2 = (YD2)XA mod q
K2 = (YA)X
D2 mod q
7/31/2019 Chapter 4 Data Security (Dr.Atef)
24/26
Darth prepares for the attack by generating two
random private keys XD1 and XD2 and then computing
the corresponding public keys YD1 and YD2.
Alice transmits YA to Bob.
Darth intercepts YA and transmits YD1 to Bob. Darthalso calculates K2 = (YA)
XD2 mod q.
Bob receives YD1 and calculates K1 = (YD1)XB mod q.
Bob transmits YB to Alice.
Darth intercepts YB and transmits YD2 to Alice. Darthcalculates K1 = (YB)
XD1 mod q.
Alice receives YD2 and calculates K2 = (YD2)XA mod q.
24
7/31/2019 Chapter 4 Data Security (Dr.Atef)
25/26
Alice sends an encrypted message M:
E(K2, M).
Darth intercepts the encrypted message
and decrypts it, to recover M.Darth sends Bob E(K1, M) or E(K1, M'),
where M' is any message. In the first case,
Darth simply wants to eavesdrop on the
communication without altering it. In the
second case, Darth wants to modify the
message going to Bob
25
7/31/2019 Chapter 4 Data Security (Dr.Atef)
26/26
have considered:
distribution of public keys
public-key distribution of secret keys
Diffie-Hellman key exchange