P. 1
PublicKeyCrypto

|Views: 0|Likes:

See more
See less

04/19/2012

pdf

text

original

# Public Key Cryptography

Inside PKCS
Rajaram Pejaver

Press the <Page Down> key to advance Press the <Back space> key to replay a slide

       Background: Shared Secret Keys Public Key Cryptography – Key Exchange explained Key Exchange using Diffie-Hellman Key Exchange using RSA Signatures using RSA Applications of PKC Problems/issues with PKC (c) Rajaram Pejaver 2 .Outline This is not a talk about PKI. This is a prerequisite for PKI.

using the same key KAB KAB Only 1 Key is needed. KBC KCD Nkeys = n * (n – 1) / 2 KAB KAB For 100 communicants. Nkeys KAC KBC will be ~5000 ! KAD KBD For 1000 communicants. Carol & Dave want to communicate Carol KAC Total of 6 Keys needed.000 !! KCD Dave (c) Rajaram Pejaver 3 . – But when Alice. Alice & Bob communicate using shared secret keys – Alice encrypts text and Bob decrypts it.Background: Shared Secret Keys It takes two to share a secret Say. Bob. KAD KBD Nkeys will be ~500.

KC  Each person needs only one key pair. – – .  Public Key Cryptography keys come in pairs: – – PA. Scales linearly: 4 keys for 4 subjects. Alice & Bob agree to use KAB without anyone else finding out. Never shared or exposed. – – KA KD KB  Problem: Encryption is slow & compute intensive. This is called Key Exchange. Shared with everyone. PB. PD Public component: PA. PC.Public Key Cryptography No sharing of private information. – Cannot encrypt messages with PKC. (c) Rajaram Pejaver 4  Solution: Use PKC to establish a shared secret session key. Much easier to secure private component. Private component: KA. ever.

A A Private Alice Bob Public Key Exponentiation KA PA = g ^ K A PA ^ KB = (g ^ KA) ^ KB = g ^ (KA* KB) KB PB = g ^ K B PB ^ KA = (g ^ KB) ^ KA = g ^ (KA* KB)  Ta da… Both parties have computed the same value: – g ^ (KA* KB) 5 They can use this value to compute a shared secret key .e. PA: gK (i.Diffie-Hellman Algorithm (1) Key Exchange Only. PA  PB Each person exponentiates other‟s public key with their own private key. No direct encryption. (c) Rajaram Pejaver . g ^ K ) Alice and Bob exchange their public keys.      First. everyone agrees on a number for „generator value‟: g Each person picks a random number as Private Key: KA Each person computes their Public Key. No signatures.

PA = gKA = 86 = 262 144. Private Alice Bob Public Key Exponentiation 6 4 262 144 4 096 262 144^4 = 4 722 366 482 869 645 213 696 4 096^6 = 4 722 366 482 869 645 213 696  They can use this value to compute a shared secret key.Diffie-Hellman Algorithm (2) Example: using regular math and small numbers.   First. PA and PB: –  Each person exponentiates other‟s public key with their own private key. everyone agrees on a number for „generator value‟: Each person picks a random number as Private Key: – g = 8 KA = 6. (c) Rajaram Pejaver 6 . KB = 4 PB = gKB = 84 = 4 096  Each person computes their Public Key.

we could use much larger numbers for keys and for g. – That helps a bit.   Next solution: Use a different number system: Modulo arithmetic field. even though we used single digit keys.  . p>g (c) Rajaram Pejaver 7 In addition to g. It is much harder to calculate log functions in modulo fields.  Note how big the result got. –  One solution. but not anywhere near enough. – The result was 22 digits long! Given the value of g and Alice‟s public key.Diffie-Hellman Algorithm (3) Some analysis. calculate the log function: KA = logg(PA)  Yet. we need to pick a system wide prime modulus p. Alice‟s private key can be easily hacked. – – Discrete logarithm problem in modular fields is NP complete.

(c) Rajaram Pejaver 8 .   Besides g. PA and PB: – – PA = gKA % 17 = 86 % 17 = 262 144 % 17 = 4 PB = gKB % 17 = 84 % 17 = 4 096 % 17 = 16 Private Alice Bob Public Key Exponentiation  Each person exponentiates other‟s public key with their own private key.Diffie-Hellman Algorithm (4) Using modular arithmetic and small numbers. 6 4 4 16 4 ^ 4 % 17 = 256 % 17 = 1 16 ^ 6 % 17 = 16 777 216 % 17 = 1  Foundation: Given g. agree on „prime modulus‟ p: g = 8. p = 17 Each person picks a random number as Private Key: – KA = 6. KB = 4  Each person computes their Public Key. p and PA (g^KA % p) it is not easy to calculate KA.

Adding two points M3 = M1 + M2 = -P Doubling a point M4 = M 2 + M 2 Multiply two points M5 = M1 * M2 = M1 + M1 + M1 … (M2 times) Can‟t easily find the multiplicative inverse Alice and Bob have both calculated: Public Key g * KA * KB   Foundation: Given M5 and M1.  Given a polynomial of the form: – – – – The points on the curve form a closed set of numbers constituting a field. it is not easy to get M2 – Multiply other‟s public key with own private key – Multiplication Alice Bob KA KB PA = g * K A PB = g * K B PA * KB = g * KA * KB PB * KA = g * K B * KA (c) Rajaram Pejaver 9 M4 .Diffie-Hellman Algorithm (5) Elliptic Curve math.

– Further.  EC Math is more complex & slower. (c) Rajaram Pejaver 10 . EC performance scales better. No direct encryption. Cost factor compares EC to PKC Symmetric Keys 80 112 128 192 256 PKC Keys 1024 2048 3072 7680 15360 EC Keys 160 224 256 384 521 Cost Factor 3 6 10 32 64  Key sizes (in bits) for comparable strengths in different systems –  Remember: Diffie Hellman supports – – – ONLY Key Exchange. No signatures. hence smaller keys are adequate.Diffie-Hellman Algorithm (6) EC Cryptography: Final thoughts.

1) d is the multiplicative inverse of e – Select private exponent d    Encryption consists of modular exponentiation of plaintext m with e – me % n  c (where m < n)  Decryption consists of modular exponentiation of encrypted text c with d – – cd % n  (me) d % n  med % n  m Because in the exponent. such that d * e = 1 modulo LCM(p .  A good choice is F4 (65537). product of two primes: n = p * q Select public exponent e.  Key generation: – – Select modulus n.1. e*d = 1 (kind of ) (c) Rajaram Pejaver 11 . q .Key Exchange using RSA (1) Basic Concepts.

eku.edu/styere/Encrypt/RSAdemo.html (c) Rajaram Pejaver 12 .  Encryption by Bob with Public Key e: Plain text m = 123 –  Decryption by Alice with Private Key d: Crypto text = 464569 –  Plaintext chosen by Bob would be the proposed secret session key KAB –  Calculator: http://people.Key Exchange using RSA (2) Example: using modulo math and small numbers. d = 464307 123^3 % 698149 = 464569 464569^464307 % 698149 = 123 !!! Only Alice has private key d and can decrypt the message to retrieve KAB. n = 698149 (p*q) e = 3.  Key generation by Alice: – – p = 971. q = 719.

–  Bob validates the signature using Alice‟s Public Key e – 91655^3 % 698149 = 123  EC math can be used with RSA – NSA has defined a “Suite B” that includes EC-RSA (c) Rajaram Pejaver 13 .Signatures using RSA Similar to encryption. Alice signs with Private Key d the value m = 123.   Use the same keys as before. but backwards. Signing consists of modular exponentiation of plaintext m with d – s = md % n se % n  (md) e % n  med % n  m 123^464307 % 698149 = 91655  Verification consists of modular exponentiation of signature s with e –  As an example.

 Associating Public Keys with actual subjects. OCSP. how do you know that you have the correct public key for Alice? Are you sending a message securely to the wrong person? We need a secure directory.509 certificates securely associate X. You can have many names and many associations and many certificates Protect the private key in hardware A trusted Certificate Authority vouches for the association CRLs.500 names with public keys – Certificate revocation is messy – (c) Rajaram Pejaver 14 . DNS isn‟t good enough. CAs. revocation. …  Only one public key is needed per person – –   X. chaining. – – – – When you encrypt. The X.500 directory service happened to be under development at the time.PKC Issues & Problems The need for certificates.

even though it is labeled as such. Signatures. – (c) Rajaram Pejaver 15 . Difference between Identity and Authorization certificates (PACs)   Signatures to establish identity. for connection encryption.PKC Applications Encryption. – Authorization certificates. Examples of PKC usage:  Public Key based Encryption: – – – – Conditional Access in SA PowerKey. etc. PGP for file encryption. EMMs are encrypted with PKC. cable modem firmware. IPSEC. STB firmware. Authorization. SecurID fobs do not use RSA. SSL. ssh.

Thank you for listening!!   Questions? Send feedback to rajaram@pejaver.com (c) Rajaram Pejaver 16 .

89070.

759.3.

2!0.7.#\$/024 92 . #.07  ...

3-0:80/9#\$ \$.70543039.79403. #.943..8/0130/.9:708:83#\$ \$2.9434183.9.75943 -:9-..30.70543039.2!0.7/8   &80908.7.08389!7..\$3.2008.9089083..93..250 .390929 / 8 2/ 3  '071.9:7089 0 80 3 2/ 0 3 20/ 3 2  8.0 8!:-.943415.:02 )   4-.9:70:83.4388984124/:.07  . \$:90 9.:/08 #\$ .900/ 90.00 )  2..8-01470 \$33.../..4388984124/:.

884.080.95:-.98 034:03...9:.08 97:890/0791.33 70..0452039..7.947 \$83 944/034: %0  /70..089.9438.20895:-.090.3..4:.55030/94-0:3/07/0.884.0791.4...0..0 704:803/3..:70/70.990920  34305:-.90:9479.208.9003.908 !7490.90880.943 0791.94382088 #8  \$!  .759 4/44:349.0147.70     .4770.7/.943  884.:709490743507843 0300/.93!:-.0791.2!0.884..!88:08 !74-028 %0300/147.8:-0..0814790..94:.0791.08300/0/507507843 4:.. #.3/2...07  .2088.99057...:70.80.4..90  3.3.9070.3.33..908 8 .947807.02.3/2.

.:714-8/4349:80#\$ 0.9:70894089.   \$3.0-..0-09003/0399.3/:947..943.4330.-00/...7.908 !8 .908 110703.07  .7003.0791.0  !:-.70  :947.75943 \$3. #.70 .0883\$!4070 8.94303.943 .75943 43/943.9:708 :947.9438 3...0394:98. 147.-8/0399 \$%172.80/3.0791.88:.-024/02172..!55.943.250841!:8.75943 \$0.7590/9! \$\$ 88 !\$ 09.2!0.75943 !!1471003.

#.%.250.2!0..94 7.42 ...07  ...7.07 .7.34:14789033   ":089438 \$03/100/-.

scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->