Professional Documents
Culture Documents
Hashing
here
pust
eeryption
Function Function
Encople Session KE
esson Key
As a tirst step, the control vector Is passea thirough a hash lunction inat produces a
value whose length is equal to the encryption key length. In essence, a hash function maps
values from a larger range into a smaller range with a reasonably uniform spread. Thus, for
example, if umbers in the range I to 100 are hashed into numbers in the range I to 10,
upproximately 10% of the source values should map into each of the target values. The hash
value is then XORed with the master key to produce an output that
iswhere
used as sthehkev
e input
masteer for
keyencrvntine thesession
and 1s the session Key.
kev. hus
The sessJOn key 1s recovered in
Initiator Responder
3 ) ELPUa, Na)
new nonce generated by B (N;) Because only B could have decrypted message (1), the
A returns Na encrypted using B's public key, to assure B that its correspondent is A.
A selects a secret key K, and sends M = EPU. EPR,. K.) to B. Encryption of this
message with B's public key ensures that only B can read it; encryption with A's private
Public-key authority
Public-key certificates
Public Announcement of Public Keys
e autoity mantanms a dirciory with a mane, publac key) eniry tor cach
participant.
Each participant registers a public key with the directory authority
A participant may replace the existing key with a new one at any time because the
coresponding pervate key lhas been compromised in some way.
Public-Key
oommunication fmm.the.authoritv.to the.narticinant is mandatory
Authoritv:
Stronger security for public-key distribution can be achieved by providing tighter control
over the dastriDuiOn ol puniic keys trom tne directory
requires users to know the public key for the directory, and that they interact with
li
Elliptic curve cryptography:
ECC addition is analog of modular multiplication in RSA
ECC repeated addition is analog of modular exponentiation
Need "hard" problem equivalent to discrete log
where Q,toP compute
=kP, o Is"easy belong to a prime curve
Q given k, P
o But "hard" to find k given Q, P
o Known as the discrete logarithm problem of clliptic curve
Version Signature algortn
Certilicate
algorithm3
identifier
Parameters
Signature
Serml Number Issuer Name
-.gorithm
algorithm
identifier
**
paramefers
This Update Date
Issuer Name
info
Issuer Unque
Tdentifier
Subject Unique
Identifier Revoked user certilicate seral
- -- ---
UccV>>
VcU
Yee
WcC>
Xe<W>>
Ycc
XeeD> (ZHz«o
<A>» ZccB
Hobs
publickey ey
CA
infoemsation
de nf unsige
ertificate
LInfrastructure
Certifcate/CRI. refrieval
Kepstr ,
Certileton,
Registration
Certifenteauthority
publication revocatiotn reqqiest
CertiflcateCRI.
plkcation
entities
lectronic Mail Security
Pretty Good Privacy
scheme
Cssion key u s c d in
symmetric encryplion
private key of userA, u s e d in public-key encryption scheme
PR
scheme
PUa public key of user A, u s e d in public-key encryption
RO conversion to raldix
oa A>
i i
ge .PaPCpplogphic Functions
LA-KDC: IDal
2. KDC=-A: EIG, |A,1M|EI6,[6,10A1|) 2 8-AUe 9M|EA,AM4
KDC-A EK,I0NIKIT|EIK,JD,&
B-A EIM,N A-B EIKD,IK, EIK,NJ)
5A-B EK,1A) 1. AB: E(K|IDAl| K,|| T%)||N
2. B A : N'|E(K,. N'a)
| Clock T| <
Al1 + Al2 3. A-B:
E(K, N')
One-Way Authentication
LA-ADC: D,ID
KDC-& EM,K D,MEM,[A|10|0
A-B EK,JA|D)JEK,M)
Key
distribution
center
KDC fir aesion key
C
O
***********
HOST HOST
Network
connection request,it generates the session key and delivers it to the two