Introduction to Computer Security - UNT Computer …mgomathi/teaching/2009/csce5550/Lectures/Lecture... · Introduction to Computer Security Instructor: Mahadevan Gomathisankaran

Introduction to Computer Security

Instructor: Mahadevan Gomathisankaran

[email protected]

CSCE 4550/5550, Fall 2009 1Lecture 13

mailto:[email protected]�

Asymmetric Encryption

CSCE 4550/5550, Fall 2009 Lecture 13 2

Asymmetric Authentication


Diffie Hellman Key Exchange

• Based on Discrete logarithm problem– Fix large prime p and generator g– Define f(x) = gx mod p– f-1(x) is the “Discrete Logarithm Problem”


Source: Wikipedia

ElGamal• Based on Discrete Logarithm (DH) problem• Key Generation

1. Alice generates cyclic group G and its generator g2. Generates a random number x and computes h = gx

3. Public Key = (h, g, G); Private Key = (x, g, G)• Encryption

1. Bob generates random number y and computer a = gy

2. Ciphertext c = m. hy

3. Sends to Alice (c, a)• Decryption

1. Alice generates b = ax

2. Decrypts the message m = c.b-1


ElGamal Signature Scheme

• Using DH and Fermat’s little theorem• Sender

– Compute h = gx

– Choose a random k s.t 0 < k < p -1 and gcd(k,p-1) = 1– Compute r = gk

– Compute s = (m – xr)k-1 mod (p-1)– Message (m), Signature (r,s) and Public Key (h,g,p)

• Receiver– Verify gm = hrrs


ElGamal Signature• Example• Sender

– p=11, g=2, x=8, m=5– h= 28 mod 11 = 3– choose k=7– r=27 mod 11 = 7– s=(5 – 8.7)3 mod 10 = 7– Message(5), Signature(7,7) and Public Key(3,2,11)

• Receiver– Verify

25 mod 11 = 3777 mod 1110 = (27)(27)(3)(49)(49)(49)(7) mod 1110 = 54 mod 11


Hash Function

• A function that takes variable sized inputs and generates fixed size output

• Properties– it is easy to compute the hash value for any given

message– it is infeasible to find a message that has a given

hash (pre-image resistance)– it is infeasible to modify a message without

changing its hash (second pre-image resistance)– it is infeasible to find two different messages with

the same hash (collision resistance)


Hash Functions• Widely used:

– MD5 (128 bit digest) – as of August 2004: Don’t use this!(doesn’t exhibit strong collision resistance)

– SHA1 (160 bit digest) – as of August 2005: Be skeptical!– SHA-256 (256 bit digest) – also SHA-384 and SHA-512


MAC• Essentially keyed hash functions

– Consider as a shared-secret signature– Common algorithms: HMAC or symmetric cipher in CBC mode

• Typical use (e.g., in SSL):– Protocol uses public key crypto to establish shared secret session

keys– Confidentiality of subsequent session protected by symmetric

crypto with a session key– Integrity of packets protected using a MAC with a shared session

key

• Much less resource-intensive than a public key digital signature


MAC Usage


Source: Wikipedia

Complete Cryptosystem


Key Management• Kirckhoff ’s Principle: Security depends on the secrecy of

the key– Analogy: The toughest safe in the world is easy to get into if the

combination is revealed.

• Key management deals with questions like:– How are keys generated?– Where are keys stored (and who has a copy)?– How long are keys used for?– When/how should key material be destroyed?– Can compromised keys be revoked?

• Government/military has a formalized Key Management Infrastructure (KMI) for dealing with these issues


Key Management• Keys should be for a single purpose

– Don’t use encryption keys for signatures, etc.– Reasons:

• Different uses can weaken security• Limit damage from key compromise• Sometimes uses conflict

• Keys should be labeled as to approved use

• Key lifetime (cryptoperiod) should be carefully chosen

• Integrity of keys is also important


Symmetric Key Distribution• Symmetric key encryption is more efficient than

asymmetric cryptography when messages are large.• A single sender needs n different keys to exchange

messages with n people• Total # of keys: n(n-1)/2 → n2 problem!• 2 problems

– # of keys– Distribution of these keys

• Solution: Use session keys distributed by Key Distribution Centers (KDS)

• Example: Kerberos


KDC• Each user in the system has a secret key between

him(her)self and KDC.• Alice sends a request to KDC to acquire a session key

KAlice,Bob• KDC informs Bob of Alice’s request• If Bob agrees, KDC creates a session key KAlice,Bob

and sends it to both Alice and Bob


KDC

Alice

Bob

JohnMary

DaisyKAlice

KJohn

KBob

KMary

KDaisy

Asymmetric Key Distribution

• Public announcement– Web site publication, asking with e-mail, etc.

• Trusted Center– Keeps a large directory of public and private keys

• Certification Authority (CA)– A federal or state organization which issues a certificate

for a public key registration– CA signs the certificate with its private key– E.g. X.509


Certification

• Verification of a signature– In the physical world: notary publics, signature

guarantees, ...– In the digital world, the question is “the public key

authentic?”

• Components of a Certificate– Associates an identity with a public key– Signed by the “Certification Authority” (CA)

• CA is a “trusted third party”• Role is similar to a notary public

– Good for a set time (validity period)– Certificates may be revoked


CA

• A CA can be anyone you trust– Visible and prominent company

• Verisign, Entrust, AOL, ...

– Government organization• Deutsche Telekom

– Organizational CA (used internally)• UNT CA

– Personal knowledge• Personal knowledge, “Joe’s signed certificates”,...


Certificate Chain


Subject: UNT CSE CAUNT CSE Public Key

Issuer: UNT CA

Subject: Jon DoeJon’s Public Key

Issuer: UNT CSE CA

Subject: UNT CAUNT Public KeyIssuer: Verisign

Subject: VerisignVerisign Public Key

Issuer: Verisign (trusted)

Signs

SignsSigns

“Trust Anchor” or “Root CA”

Key Management


From NIST document 800-57: “Recommendation for Key Management”

Cryptoperiod• Definition: The cryptoperiod is the time when a

key is authorized for use by legitimate entities.

• Issues:– In picking cryptoperiod consider:

• Key length• Volume of traffic• Window of vulnerability for compromised key

– Short periods are generally good, but consider key distribution channel – frequent key updates over a marginally secure channel is dangerous!

– Parts of a keypair can have different cryptoperiods


Cryptoperiod


From NIST document 800-57: “Recommendation for Key Management”

Other Results/Directions

• Identity-based encryption– Public key is widely known, non-special value (like an

e-mail address)– Private key for recipient computed by trusted dealer– Advantage: Can send message without looking up long

public key– Disadvantage: Requires trusted third party, and

recipient must have proper software and key


Other Results/Directions

• Threshold cryptography– Secret key split into “shares”, and a particular number of

shares must be present in order to decrypt or sign– Example: Separation of duties / multiple signing

authorities– Example: Intrusion tolerant servers (Stanford project)


Final Notes

• Crypto is very subtle, and not a field for amateurs– Use solid/proven crypto libraries whenever

possible– Problems when done by non-cryptographers,

even when very good technical people (WordPerfect, Netscape, …)

• But: A fun field to become an expert in!


Announcements

• Project Description– Due today

• Good luck for the exams– Every topic covered till today– Understand the cryptographic algorithms– Remember the mathematical formulae

• IC, Entropy, etc.


Documents

Introduction to Computer Security - UNT Computer …mgomathi/teaching/2009/csce5550/Lectures/Lecture... · Introduction to Computer Security Instructor: Mahadevan Gomathisankaran