Upload
jonathan-spencer
View
232
Download
0
Embed Size (px)
Citation preview
Q: How do Ole and Lena get a shared private key?
1) Lena Lockmaster EkeyLena( IDLena || IDOle )
Example (Suppose Lena wants a key to shared with Ole.)
Needham-Schroeder Protocol (1978)
A: Generally, they need a trusted third party and a secure protocol.
2) Lockmaster Lena EkeyLena( newkey || EkeyOle(newkey) )
3) Lena Ole EkeyOle(newkey)
1) Lena Lockmaster IDLena || IDOle || nonce1
2) Lockmaster Lena EkeyLena(IDLena || IDOle || nonce1 || newkey || EkeyOle(IDLena|| newkey))
3) Lena Ole EkeyOle(IDLena|| newkey)
4) Ole Lena Enewkey( nonce2 )
5) Lena Ole Enewkey( nonce2 - 1 )
Assume that a hacker has managed to crack an old key and replays Step 3.
This protocol uses time stamps to avoid the problem.
Denning-Sacco Protocal
Otway-Rees Protocol (a solution without time stamps)1) Lena Ole num || IDLena || IDOle || EkeyLena(nonce1 || num || IDLena || IDOle)
2) Ole Lockmaster num || IDLena || IDOle || EkeyLena(nonce1 || num || IDLena || IDOle) || EkeyOle(nonce2 || num || IDLena || IDOle)
3) Lockmaster Ole num || EkeyLena(nonce1 || newkey) || EkeyOle(nonce2 || newkey)
4) Ole Lena num || EkeyLena(nonce1 || newkey)
However, time stamps depend upon clock synchronization.
Simple Public Key Protocol1) Lena Ole EkeyOlePub( EkeyLenaPriv(newkey) )
This algorithm was first published in 1976 in the same paper as public-key encryption.
To select key
• Select a prime number q.
• Select integer so that is a primitive root of q..
(Note to be a primitive root means that (1 mod q), (2 mod q) , ... (q-1 mod q)
form some permutation of the integers 1, 2, ..., (q-1)
Select Publicly-known q &
• User A selects a secret integer XA such that 1 ≤ XA < q
• User A calculates a public value YA = XA mod q
• User B calculates a public value YB = XB mod q
• User B selects a secret integer XB such that 1 ≤ XB < q
• The key is (YA)XB mod q = (YB)XA mod q
Select passwords
• Select a prime number q = 7
• Select = 3..
(Note the primitive root property from (k mod q) for 1 ≤ k ≤ q-131 = 3, 32 = 9, 33 = 27, 34 = 81, 35 = 243, 36 = 729
mod 7 ...
Example (with artificially small numbers)
• Ole selects a secret integer XOle = 5
• Ole calculates a public value YOle = 35 mod 7 = ______
• Lena calculates a public value YLena = 33 mod 7 = _______
• Lena selects a secret integer XLena = 3
• Ole calculates the key (YLena)XOle mod q = (6)5 mod 7 = 7776 mod 7 = ______
• Lena calculates the key (YOle)XLena mod q = (5)3 mod 7 = 125 mod 7 = ______
In order to provide non-repudiation it is common to include a digital signature in public keytransmission.
RSA approach
plaintext ciphertext
encryption keyOlePub
plaintext sig
encryption keyLenaPriv
ciphertext plaintext sig
decryption keyOlePriv
compare
from Lena
to Ole
The DSS/A approach uses the El Gamal algorithm.
This algorithm provides keys and generates/checks signatures.
Generate Digital Signature
• Select a prime number p.
• Select g and d so that 1 ≤ g, d < p.
• Calculate y = gd mod p
• public key: (y, g, p) private key: (d)
Verify the Digital SignatureThe signature is checked as follows: (yaab) mod p = gHash(message) mod p
Select Key
• Select k that is relatively prime to (p - 1).
• Calculate a = gk mod p
• digital signature: (a, b) • Find b so that Hash(message) = (da + kb) mod (p - 1)