20-751 ecommerce technology summer 2002 copyright © 2002 michael i. shamos cryptographic security
Post on 19-Dec-2015
215 views
TRANSCRIPT
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Cryptographic Security
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Outline
• Information security• Encryption and keys• Symmetric encryption
– DES• Public-key cryptosystems
– RSA• Digital signatures• Digital certificates
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Information Security
• Keep data secret from unauthorized parties• Authenticate identity of users • Verify that messages have not been altered in transit• Prove that a party engaged in a transaction
– Make it impossible for him to deny (nonrepudiation)
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
The Encryption Process
MATERIALWE WANT TOKEEP SECRET
UNREADABLEVERSION OFPLAINTEXT
DATA TO THEENCRYPTIONALGORITHM
MATHEMATICALSCRAMBLINGPROCEDURE (TELLS HOW TO
SCRAMBLE THISPARTICULAR MESSAGE)
MIGHT BE:TEXTDATAGRAPHICSAUDIOVIDEOSPREADSHEET. . .
SOURCE: STEIN, WEB SECURITY
OBJECT: HIDE A MESSAGE(PLAINTEXT) BY MAKING ITUNREADABLE (CIPHERTEXT)
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Role of the Key in Cryptography
• The key is a parameter to an encryption procedure• Procedure stays the same, but produces different
results based on a given key
NOTE: THIS METHOD IS NOT USED IN ANY REAL CRYPTOGRAPHY SYSTEM.IT IS AN EXAMPLE INTENDED ONLY TO ILLUSTRATE THE USE OF KEYS.
S P E C I A L T Y B D F G H J K M N O Q R U V W X ZA B C D E F G H I J K L M N O P Q R S T U V W X Y Z
C O N S U L T I N G
D S R A V G H E R MEXAMPLE:
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Symmetric Encryption
SAME KEY USED FORBOTH ENRCYPTIONAND DECRYPTION
SENDER AND RECIPIENT MUSTBOTH KNOW THE KEYTHIS IS A WEAKNESS
SOURCE: STEIN, WEB SECURITY
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Data Encryption Standard (DES)
• Symmetric, key-based encryption-decryption standard. No public keys
• Block cipher: operates on 64-bit blocks• Uses 56-bit key• 16 “rounds” -- key for each round is a 48-bit function
of the original 56-bit key. Each key bit participates in an average of 14 rounds
• Completely symmetric. Same algorithm decrypts.• Fast implementation in hardware: 1 gigabit/second
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Data Encryption Standard (DES)
64 BITS OF MESSAGE INPUT PERMUTATION
INVERSE OF INPUTPERMUTATION
SUBKEYS:EACH IS A 48-BITFUNCTION OF A56-BIT KEY
OUTPUT: 64 BITS OFENCRYPTED TEXT
LEFT HALF OFBLOCK (32 BITS)
f IS A COMPLICATEDFUNCTION INVOLVINGVARIOUS PERMUTATIONS
SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY
IS EXCLUSIVE-OR
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Information Loss with Exclusive-OR
• x y = 1 if either x or y is 1 but not both:
• If x y = 1 we can’t tell which one is a 1• Can’t trace backwards to determine values
xy 0 1
0 0 1
1 1 0x
y
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Cracking Symmetric Encryption
KEYLENGTH
SPEND$$THOUSANDS
SPEND$$MILLIONS
SPEND$100 MILLION
40 bits seconds < 1 second < .01 second
56 bits days minutes 1 second
64 bits months days minutes
80 bits million years millennia centuries
128 bits > age of Universe > age of Universe > age of Universe
(40-bit symmetric key = 384-bit PKE key)
ESTIMATED TIME TO CRACK KNOWNSYMMETRIC ENCRYPTION ALGORITHMS
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Public-Key (Asymmetric) Encryption
1. USERS WANT TO SEND PLAINTEXT TO RECIPIENT WEBSITE
2. SENDERS USE SITE’S PUBLIC KEY FOR ENCRYPTION
3. SITE USES ITS PRIVATE KEY FOR DECRYPTION
4. ONLY WEBSITE CAN DECRYPT THE CIPHERTEXT. NO ONE ELSE KNOWS HOW
SOURCE: STEIN, WEB SECURITY
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Public-Key Encryption• Alice wants to send Bob a secure message M.• Alice uses Bob’s public key to encrypt M.• Bob uses his private key to decrypt M.• Bob is the ONLY ONE who can do this,
so M is secure.• Problem: Anyone could have sent it. Was it really Alice?
ALICE’SCLEARTEXT
ALICE’SCODEDTEXT
ALICE’SCODEDTEXT
ALICE’SCLEARTEXT
TRANSM ISSION
BOB DECRYPTS WITHHIS PRIVATE KEY
ALICE ENCRYPTS WITHBOB’S PUBLIC KEY
BOB’SPUBLIC
KEY
BOB’SPRIVATE
KEY
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Digital Authentication• Alice wants to send Bob a message M so that Bob is sure Alice
is the sender.• Alice uses her own private key to encrypt M.• Bob uses Alice’s public key to decrypt M.• Alice is the ONLY ONE who could have sent it.• Problem 1: Anyone can read it! Problem 2: Replay attack!
ALICE’SCLEARTEXT
ALICE’SCODEDTEXT
ALICE’SCODEDTEXT
ALICE’SCLEARTEXT
TRANSM ISSION
BOB DECRYPTS WITHALICE’S PUBLIC KEY
ALICE ENCRYPTS WITHHER PRIVATE KEY
ALICE’SPRIVATE
KEY
ALICE’SPUBLIC
KEY
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Secure Authenticated Messages• Alice must send Bob a secret & authenticated message M so
Bob is sure it was sent by Alice. Use both encryption and signature.
ALICE’SCODEDTEXT
ALICE’SCODEDTEXT
(AUTHENTICATED)
ALICE’SCLEARTEXT
BOB DECRYPTS WITHALICE’S PUBLIC KEY
ALICE ENCRYPTS WITHHER PRIVATE KEY
ALICE ENCRYPTS WITHBOB’S PUBLIC KEY
ALICE’SCODED AND
SIGNED TEXT
ALICE’SCODED AND
SIGNED TEXT
T R A NSMI
T
ALICE’SCLEAR TEXT
(DECRYPTED ANDAUTHENTICATED)
BOB DECRYPTS WITHHIS PRIVATE KEY
BOB’S PUBLIC
ALICE’S PUBLIC
BOB’S PRIVATE
ALICE’S PRIVATE
4 KEYSNEEDED:
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Rivest-Shamir-Adelman (RSA)
• It is easy to multiply two numbers but apparently hard to factor a number into a product of two others.
• Given p, q, it is easy to compute n = p • q• Example: p = 5453089; q = 3918067• Easy to find n = 21365568058963• Given n, hard to find two numbers p, q with p • q = n• Now suppose n = 7859112349338149
What are p and q such that p • q = n ?• Multiplication is a one-way function• RSA exploits this fact in public-key encryption
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
RSA Encryption
• Select two large prime numbers p, q (> 100 digits)• Let n = p • q• Choose a small odd integer e that does not divide
m = (p - 1)(q - 1). Then x(p-1)(q-1) = 1 (mod n)• Compute d = e-1(mod m)
– That is, d • e gives remainder 1 when divided by m
• Public key is the pair (e, n)• Private key is the pair (d, n)• Knowing (e, n) is of no help in finding d. Still need p
and q, which involves factoring n• DEMO
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
0 1 2 3 4 5 6
0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6
2 0 2 4 6 1 3 5
3 0 3 6 2 5 1 4
4 0 4 1 5 2 6 3
5 0 5 3 1 6 4 2
6 0 6 5 4 3 2 1
MULTIPLICATIONMOD 7
Multiplicative InversesOver Finite Fields
• The inverse e-1 of a number e satisfies e-1 • e = 1• The inverse of 5 is 1/5• If we only allow numbers from 0 to n-1 (mod n), then for special
values of n, each e has a unique inverse
6 • 2 = 12WHEN DIVIDED BY 7GIVES REMAINDER 5
EACH ROW EXCEPTTHE ZERO ROWHAS EXACTLY ONE 1
EACH ELEMENT HASA UNIQUE INVERSE
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
RSA Encryption
• Message M is a number
• To encrypt message M using key (e, n):• Compute C(M) = M
e (mod n)
• To decrypt message C using key (d, n):• Compute P(C) = C
d (mod n)
• Note that P(C(M)) = C(P(M)) = (M e)d (mod n)
= M e•d (mod n) = M
because e • d = 1 and m = (p-1)(q-1)
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Message Digest (Hash)
• A message digest is a “fingerprint” of a message• Much shorter than the original message (e.g. 160 bits)• Easy to compute• Can’t recover the message from the digest• Changing the message changes the digest
MESSAGE (VERY LONG)
DIGEST
DIGEST CAN BE USED TO VERIFY THATTHE MESSAGE HAS NOT BEEN ALTERED
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Single Step of SHA-1
Operates on 16-word (512-bit) blocks
Expands 16 words to 80 words Wt
Performs 80 operations as shown for t = 0..79
a, b, c, d, e are special constants
Kt are special constants
SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY
INITIALLY CONSTANTS
80 WORDS INPUT HERE, 1 EACH STEP
MAGIC CONSTANTS
“<<< 5” means “cyclic left shift 5 bits”
+ + ++
REVISEDCONSTANTSFOR NEXTSTEP
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Digital Signature• A function of both the message AND the signer’s private key
(different for every message)
MESSAGE (LONG)
HASH
SIG
USE SECURE HASH ALGORITHM (SHA) TO PRODUCE HASH (MESSAGE DIGEST)
ENCRYPT HASH USING SIGNER’S PRIVATE KEYPRIVATE KEY
MESSAGE (LONG)SIG
APPEND SIGNATURE TO MESSAGE; SEND BOTHDIGITALLYSIGNEDMESSAGE
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Authentication by Digital Signature
MESSAGE (LONG)
HASHHASH
RECIPIENT USES SHATO COMPUTE HASH
RECIPIENT DECRYPTS SIGWITH SIGNER’S PUBLIC KEY
MESSAGE (LONG)SIG
IF HASHES ARE EQUAL, MESSAGE IS AUTHENTIC.
WHY? IF ANY BIT OF M OR SIG IS ALTERED, HASH CHANGES.
RECIPIENT RECEIVES SIG + MESSAGE
=?
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
X.509 Version 2 Certificate
SOURCE: FORD & BAUM,SECURE ELECTRON IC COMMERCE
VERSION # OF X.509
UNIQUE # ASSIGNED BY CA
EXAMPLES: MD5RSA,sha1RSA
USUALLY A DOMAIN NAME
EXAMPLES: RSA
20-751 ECOMMERCE TECHNOLOGY
SUMMER 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
QA&