author : prof bill buchanan · author : prof bill buchanan rc 2 . rc 2 . rc 2 (" rivest cipher...
TRANSCRIPT
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
2. Public key, private key and key exchange.
http://asecuritysite.com/crypto
Key Entropy. Key generators. Private key (AES, Twofish, CAST, IDEA, Blowfish, DES, 3DES, RC2, RC4/RC5, Skipjack, Camellia, Affine). Stream or block? ECB/CBC/OFB. Salting. Public key (RSA, DSA, ElGamal). Elliptic curve. Diffie-Hellman. FIPS.
Intr
oduc
tion
Enc
rypt
ion Trusted third party
Intruder
Author: Prof Bill Buchanan
Bob
Trent
Alice
Eve
Privacy (Private Key)
Identity (Public Key)
Integrity (Public/Private Key)
John
John
Enc
rypt
ion
Author: Prof Bill Buchanan
Encryption/
Decryption
Public key
Private key Public key
Private keyUsed to authenticate (RSA)
Key exchange (Diffie-Hellman)
Secret key used to encrypt/decrypt
(DES/3DES/AES)
Con
clus
ion
Enc
rypt
ion
Author: Prof Bill Buchanan
Communications
Channel
Encryption/
Decryption
Encryption/
Decryption
BobAlice
Eve
Public key
Private key Public key
Private key
Typical application:
Diffie-Hellman used to generate private-key.
Public-key used for authentication.
Private-key used for encryption.
Used to authenticate (RSA)
Key exchange (Diffie-Hellman)
Secret key used to encrypt/decrypt
(DES/3DES/AES)
John
John
John
John
RSA 2048 bits
Replace by:
ElGamal 160bits
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
2. Public key, private key and key exchange.
http://asecuritysite.com/crypto
Block or stream?
Priv
ate-
key
met
hods
Enc
rypt
ion
Author: Prof Bill Buchanan
RC4. This is a stream encryption algorithm, and is used in wireless
communications (such as in WEP) and SSL (Secure Sockets).
RC4IV and
Key
+
Data stream
(eg 0101010 …. 010)
Pseudo infinite stream
(eg 1110000 … 100)
The IV (Initiation Vector)
gives variation in the
output for the same key
Cipher stream
(eg 1010110 … 110)
Data stream 0101010 … 010
Pseudo infinite stream 1110000 … 100
Cipher stream 1010110 … 110
+
Ex-OR operator
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
2. Public key, private key and key exchange.
http://asecuritysite.com/crypto
Private Key
Priv
ate
key
Enc
rypt
ion
Author: Prof Bill Buchanan
RC2. RC2. RC2 ("Rivest Cipher") is
a block cipher, and is seen as a
replacement for DES. It was created
by Ron Rivest in 1987, and is a 64-
bit block code and can have a key
size from 40 bits to 128-bits (in
increments of 8 bits). The 40-bit key
version is seen as weak, as the
encryption key is so small, but is
favoured by governments for export
purposes, as it can be easily
cracked. In this case the key is
created from a Key and an IV
(Initialisation Vector). The key has
12 characters (96 bits), and the IV
has 8 characters (64 bits), which go
to make the overall key.
DES. DES encryption algorithm is
block cipher and uses a 64-bit block
and a 64-bit encryption key.
3DES. DES encryption algorithm is
block cipher and uses a 64-bit block
and a 64-bit encryption key (of which
only 56 bits are actively used in the
encryption process). Unfortunately
DES has been around for a long
time, and the 56-bit version is now
easily crackable (in less than a day,
on fairly modest equipment). An
enhancement, and one which is still
fairly compatible with DES, is the 3-
DES algorithm. It has three phases,
and splits the key into two. Overall
the key size is typically 112 bits
(2x54 bits - with a combination of the
three keys - of which two of the keys
are typically the same). The
algorithm is EncryptK3( DecryptK2(
EncryptK1(message), where K1 and
K3 are typically the same (to keep
compatibility).
DES
Bruce Schneier created Twofish with
a general-purpose private key block
cipher encryption algorithm.
RC2
AES
AES. AES (or Rijndael) is a new
block cipher, and is the new
replacement for DES, and uses 128-
bit blocks with 128, 192 and 256 bit
encryption keys. It was selected by
NIST in 2001 (after a five year
standardisation process). The name
Rijndael comes from its Belgium
creators: Joan Daemen and Vincent
Rijmen.
Blowfish
Blowfish. Bruce Schneier created
Blowfish with a general-purpose
private key block cipher encryption
algorithm.
Blowfish (with CBC). Blowfishcbc.
With CBC we split the message into
blocks and encrypt each block. The
input from the first stage is the IV
(Initialisation Vector), and the input
to the following stages is the output
from the previous stage. In this
example we will use Blowfish to
encrypt, using CBC.
Twofish
Skipjack. Skip jack. Skipjack is a
block cipher, using private-key
encryption algorithm, and
designed by NSA.
Camellia. Camillia is a block
cipher created by Mitsubishi and
NTT.
RC4. RC4 is a stream cipher
used in WEP (in wireless
encryption).
Affine. Affine is a stream cipher
which uses an equation to
encrypt.
Others
DES
(Enc)
DES
(Dec)
DES
(Enc)
K1
K2
K1
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
2. Public key, private key and key exchange.
http://asecuritysite.com/crypto
Key Exchange
Logs
Enc
rypt
ion
Author: Prof Bill Buchanan
BobAlice
Eve
AxAy
(Ax)y Axy
A(x+y)
John
John
Logs
Enc
rypt
ion
Author: Prof Bill Buchanan
BobAlice
Eve
Private key
Ax AY
yx AAgreed number
Random value Random value
AxAY
Logs
Enc
rypt
ion
Author: Prof Bill Buchanan
BobAlice
Eve
Ax AY
yx AAgreed number
Random value Random value
AxAY
(AY)x (Ax)y
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
2. Public key, private key and key exchange.
http://asecuritysite.com/crypto
Public Key
RS
AE
ncry
ptio
n
Author: Prof Bill Buchanan
Select two primes (p,q)
Next, the n value is calculated. Thus:
n = p x q = 11 x 3 = 33
Next PHI is calculated by:
PHI = (p-1)(q-1) = 20
e selected so that GCD(e,PHI)=1
Public key: (n,e)
Pub
lic-k
ey e
ncry
ptio
nE
ncry
ptio
n
Author: Prof Bill Buchanan
Bob Select two prime numbers: a and b
n = a x b
e is chosen so that e and (a-1)x(b-1)
are relatively prime (no common
factor greater than 1)
Public key is now: <e,n>
d = e-1 mod [(a-1)x(b-1)]
Private key is now: <d,n>
Generating public and private keys
Pub
lic-k
ey e
ncry
ptio
nE
ncry
ptio
n
Author: Prof Bill Buchanan
Public key are keys which
relate to extremely large prime
numbers (as it is difficult to
factorise large prime
numbers). It is extremely
difficult to determine a private
key from a public key.
Public-key
Communications
ChannelEncryption Decryption
BobAlice
Eve
Public key
Private key
Public key
Private key
Public key generates two keys: A
public key and a private one. These are
special in that if one is applied to encrypt,
the other can be used to decrypt
Pu
blic
-ke
y e
ncry
ptio
nE
ncry
ptio
n
Author: Prof Bill Buchanan
Once Bob encrypts the
message, the only key
which can decrypt it is
Alice’s private key.
Bob and Alice keep their
private keys secret.
Public-key
Communications
ChannelEncryption Decryption
BobAlice
Eve
Public key
Private key
Public key
Private key
Hello
H&$d.
Hello
B
C
D
A
A. Bob creates the message.
B. Bob encrypts with Alice’s public key
and sends Alice the encrypted message
C. Alice decrypts with her private key
D. Alice receives the message
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Using Bob’s private key to authenticate himself
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Bob encrypts the message/hash with Alice’s public key
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Alice’s
private
key
Alice’s
public
key
Encrypted
Content
Alice
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Bob encrypts the message/hash with Alice’s public key
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Alice’s
private
key
Alice’s
public
key
Encrypted
Content
Alice
Encrypted
Content
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Alice decrypts the message
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Alice’s
private
key
Alice’s
public
key
Encrypted
Content
Alice
Encrypted
Content
Message
Encrypted
MD5
The
mag
ic p
rivat
e ke
yA
uthe
ntic
atio
n
Author: Prof Bill Buchanan
Alice decrypts the message
Bob
Message
MD5
Message
Encrypted
MD5
Bob’s
private
key
Bob’s
public
key
Encrypted
Content
Alice
Encrypted
Content
Message
Encrypted
MD5
MD5 (message)
MD5 (result)Alice compares the MD5
values. If they are the
same … Bob sent the
message
Author: Prof Bill Buchanan
Advanced
CryptoAlice
Eve
Trent
Bob
2. Public key, private key and key exchange.
http://asecuritysite.com/crypto
Key Entropy. Key generators. Private key (AES, Twofish, CAST, IDEA, Blowfish, DES, 3DES, RC2, RC4/RC5, Skipjack, Camellia, Affine). Stream or block? ECB/CBC/OFB. Salting. Public key (RSA, DSA, ElGamal). Elliptic curve. Diffie-Hellman. FIPS.
Author: Prof Bill Buchanan
Discrete logarithms
within computer and
network securityProf Bill Buchanan, Edinburgh Napier
http://asecuritysite.com @billatnapier
Introduction.
Encryption:
Public/Private Key.
Key Exchange.
Authentication.
Signatures.
ElGamal.
Bob
Eve
AliceTrent
John
John
ElGamal
Nap
ier’s
logs
Enc
rypt
ion
`
Author: Prof Bill Buchanan
John
John
g = a.b
log(g) = log(a)+log(b)
g = Inverse Log (log(a)+log(b))
g = a/b
log(g) = log(a)-log(b)
g = Inverse Log (log(a)-log(b))
g = ax
log(g) = x.log(a)
g = Inverse Log (x.log(a))
Eg
g = 103
log10(g) = 3.log10(10)
g = 10(3x1)
= 1,000
Dis
cret
e Lo
gsE
ncry
ptio
n
`
Author: Prof Bill Buchanan
John
John
g = ax mod P
For example:
a=5, x=3, P=7
g = 53 mod 7
= 125 mod 7
= 6
ax
ay
(ay)x
(ax)y
Alice
Bob
xy
axy
axy
ElG
amal
Enc
rypt
ion
Bob
Y = gx mod p
Alice
John
John
Author: Prof Bill Buchanan
Eve
Extremely difficult to the value
of x, and there can be many
solutions
Y = 34 mod 17 -> 13
Eve
ElG
amal
Enc
rypt
ion
Bob
Y = gx mod p
g
p
First Bob generates a prime number (p) and a number (g) which
is between 1 and (p-1):
P:
G:
Bob select a random number (x) which will be his private key:
Bob selects a random number(x):
He then calculates Y:
Bob sends g, p and Y to Alice. x
AliceJohn
John
Author: Prof Bill Buchanan
Author: Prof Bill Buchanan
Bob
ygp
Alice
M (message)
K (random)
a=gk mod P
b=yk M mod P
a,b
John
John