28
Cryptography in .Net Chapters 12-17 (O’Reilly book) CS 795

Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Embed Size (px)

Citation preview

Page 1: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Cryptography in .NetChapters 12-17 (O’Reilly book)

CS 795

Page 2: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

References

• Video: http://channel9.msdn.com/Events/aspConf/aspConf/Cryptography-101-Using-the-NET-Framework-and-ASP-NET

• https://www.youtube.com/watch?v=FFE-72t2Chg

Page 3: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Goals

• Confidentiality---no one else can intercept a message as it passes from A to B---Encryption is the answer

• Integrity---message is not tampered as it passes from A to B --- Hashing is the answer

• Authentication---B wants to be sure to be sure it is A who has sent the message---digital signature is the answer

Page 4: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Hashing Algorithms

• Create a message digest or hash code for a given message

• Hashing algorithms break a message into fixed blocks (512 or 1024 bits)

• Given a seed value and the 1st block, it produces a hash code. This hash code and the next block are fed again, that produce a new hash code. This continues until the last data block. The final hash code is the message digest.

Page 5: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

.Net Framework Hashing Algorithms

Name Input block size (bits)

Message limit (bits)

Hash code size (bits)

MD5 512 264 128

SHA-1 512 264 160

SHA-256 512 264 256

SHA-384 2128 384

SHA-512 1024 2128 512

Page 6: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795
Page 7: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Programming Hashing Algorithms

• Managed (e.g., SHA1Managed) and unmanaged (e.g., SHA1CryptoServiceProvider)

• System.Security.Cryptography.HashAlgorithm class: Methods: Create, ComputeHash, Initialize, Clear, TransformBlock,

SHA1Managed hash_alg = new SHA1Managed();

Or

hashAlgorithm hash_alg = HashAlgorithm.Create(“SHA1”);

byte[ ] hash_code = hash_alg.ComputeHash(message_data);

To validate hash code, generate a new hash code and compare byte-by-byte.

Page 8: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Keyed Hashing Algorithms (MAC)

• These mix a secret key with the message data blocks when creating a hash code.

• HMAC is one standard to combine secret key and message data (e.g., HMAC-SHA-1)---here the key is used as the 1st data block

• HMAC-SHA-1 and MAC-Triple-DESKeyedHashAlgorithm hash_alg = KeyedHahAlgorithm.Create(“HMACSHA1”);Hash_alg.Key = key_bytes;byte [ ] hash_code = hasg_alg.ComputeHash(message_data);

Page 9: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Symmetric Encryption• Both parties agree on a secret key• Sender encrypts the message using secret key and sends the encrypted

data• Receiver decrypts the received data using the secret key• To create encrypted data: (i) Data is treated as a number of fixed-size

blocks• (ii) The fixed-size blocks are converted to encrypted blocks• http://msdn.microsoft.com/en-us/library/ff650720.aspx

Page 10: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

.Net Framework Encryption Algorithms

Name Block size (bits) Key length (bits)

DES 64 56

RC2 64 40,48,…,128

Triple-DES 64 2 or 3 56-bit keys, expressed as 64-bit numbers

Rijndale (AES) 128,192,256 128,192,256

Page 11: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

http://www.javamex.com/tutorials/cryptography/ciphers.shtml

http://www.crypt.gen.nz/papers/backup_encryption.html

Page 12: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Programming Symmetric Encryption

• System.Security.SymmetricAlgorithm• Managed (DES, TripleDES, RC2, Rijndeal) and unmanaged

(DESCryptoServiceProvider, TripleDESCryptoServiceProvider…)• Methods: Create, CreateEncryptor, CreateDecryptor, GenerateIV,

ValidKeySize• Padding mode: PKCS7 (value of the padding byte is the number of

padded bytes); Zeros (0’s are padded)• Cipher Modes: ECB, CBC, CFB, CTS, OFB• KeySizes structure: MinSize, SkipSize (increments), MaxSize of the

range of key sizes• IV: Initialization vector; .Net Framework has some default value for

it; but it can be changed• Secret key: Same as in the case of IV

Page 13: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Configuring the Symmetric Encryption Algorithms

SymmetricAlgorithm algx = SymmetricAlgorithm.Create(“Rijndael”);

//This assigns default values to the parameters; but they may be changed as follows

algx.BlockSize = 192;

algx.KeySize = 128;

KeySizes[ ] x_size_ranges = algx.LegalKeySizes;

Console.WriteLine(x_size_ranges[0].MinSize);

algx.Padding = PaddingMode.Zeros;

algx.Mode = CipherMode.ECB;

byte[ ] x_secretkey = algx.Key; // Get the secret key value assigned

algx.Key = new byte[ ] {0x64, …..};

algx.IV = new bytes[ ] {…};

Page 14: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Symmetric Encryption (Cont.)

• Encrypting and Decrypting is done by ICryptoTransform interface

SymmetricAlgorithm algx = SymmetricAlgorithm.Create(“Rijndael”);

ICryptoTransform encryptorx = algx.CreateEncryptor();

ICryptoTransform decryptorx = algx.CreateDecryptor();

See pages 356-358 (O’Reilly book) for an example

Page 15: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Asymmetric Encryption

• Public-key encryption• A has a public-secret (or private) key pair• B has a public-secret (or private) key pair• A encrypts a message using B’s public key and sends it to B• B uses corresponding secret key to decrypt it• Main limitation: Very slow relative to symmetric encryption

Page 16: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Creating Asymmetric Keys

• RSA (Rivest, Shamir, Adleman, 1977)• Algorithm:1. Choose two large random #s, p and q, of equal length and multiply them together

to create n, the RSA key modulus: n=p*q; If p=23, q=31, n=713

2. Randomly choose e, the public exponent so that e and (p-1)(q-1) are relatively prime (i.e., share no common factors except 1). In the above, (p-1)(q-1)=660; choose e=19

3. Find d such that d*e = 1 mod (p-1)(q-1)

19d= 1 mod 660; So 19d=661, 1321, 1981, 2641, .. Here, d=2641/19=139

4. Public key consists of e and n. Private key is d. Discard p and q, but do not reveal their values.

Why is RSA algorithm secure? Because it is hard to find the factors of a large number.

Here, we are given n. So we have to find factors p and q so that n=p*q

Page 17: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

http://msdn.microsoft.com/en-us/library/ff650720.aspx

http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

Page 18: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Encryption (with asymmetric keys)

• Break the plaintext into small blocks of data

• Encrypt each plaintext block using the public key and the encryption function

• Concatenate the encrypted blocks

• Length of block = trunc[(length of n in the public key -1)/8]

• RSA Algorithm

• Example: Encryption: If m= 25, (n=713,e=19) as the public key, c=(me)mod n

= (2519)mod 713 = 156

Decryption: c=156, use private key (n=713, d=139), compute m = cd (mod n) = 156139 mod 713 = 25

Page 19: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

• RSA Cipher Demonstration

Page 20: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

How secure is Asymmetric Encryption?

Symmetric key length (bits) Asymmetric key length (bits)

64 512

80 768

112 1792

128 2304

Given the public key e and n, how many computations does it take to discover the private key d?

Once we know factors p and q, it is relatively easy to calculate d, and decrypt cipher text. So the secret is in the values d,p, and q.

Page 21: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Programming Asymmetric Encryption

• System.Security.Cryptography.AsymmetricAlgorithm• System.Security.Cryptography.RSA• System.Security.Cryptography.RSACryptoServiceProvider

Page 22: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

Digital Signatures

• Purpose: For receiver to verify the sender (or author of a document)

• Use asymmetric keys• Sender signs the message; receiver verifies itA generates a digital signature on a message using its private key;

B receives the message and the signature;

B uses A’s public key to verify the signature and that the content has not been changed

Due to the slow performance of the asymmetric algorithms, A first creates a cryptographic hash code of the message and then applies the signature algorithm on the hash code.

Joint signatures on a document

Page 23: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

DS: Generation/Verification

M es s ag e

Has h in g Alg o r ith m Has h c o d e S ig n a tu r ef u n c tio n

P r iv a teKey

D ig it a lS ig n a tu re

M es s ag e

Has h c o d e

D ig it a lS ig n a tu re

D ig ita l S ig n atu r e G en er a tio n

Has h in g Alg o r ith mHas h c o d e Ver if ic a tio n

f u n c tio n

M es s ag e

D ig it a lS ig n a tu re

P u b licKey

M es s ag e

D ig ita l S ig n atu r e Ver if ic a tio n

Page 24: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

RSA Algorithm for DSDigital signingSender A does the following:- 1. Creates a message digest (hash code) of the information to be

sent. 2. Represents this digest as an integer m between 0 and n-1. 3. Uses her private key (n, d) to compute the signature s = m^d mod

n. 4. Sends this signature s to the recipient, B. Signature verificationRecipient B does the following:- • Uses A's public key (n, e) to compute integer v = s^e mod n. • Extracts the message digest from this integer. • Independently computes the message digest (hash code) of the

information that has been signed. • If both message digests are identical, the signature is valid.

Page 25: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

DS and Encryption/Decryption• Decryption and signing are identical as far as the mathematics is

concerned as both use the private key. • Similarly, encryption and verification both use the same

mathematical operation with the public key. • That is, mathematically, m = (m^e mod n)^d mod n = (m^d mod n)^e

mod n, m < n• However, note these important differences in implementation:-

– The signature is derived from a message digest of the original information. The recipient will need to follow exactly the same process to derive the message digest, using an identical set of data.

– The recommended methods for deriving the representative integers are different for encryption and signing (encryption involves random padding, but signing uses the same padding each time).

Page 26: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

DS Algorithms in .Net

• RSA algorithm (used for encryption and digital signatures)

• DSA or Digital Signature Algorithm (only digital signature, not encryption)

• Hashing algorithms to be used prior to digital signature generation:

• MD5, SHA-1, SHA-256 (minimum key length 256 bit ), SHA-384, SHA-512

• http://en.wikipedia.org/wiki/SHA_hash_functions

Page 27: Cryptography in.Net Chapters 12-17 (O’Reilly book) CS 795

XML Signatures

• .Net supports XML signatures specification or XMLDSIG for XML documents

<book> <title> Programming .Net Security </title> <author>Adam Freeman </author> <year>2004</year></book>(i) Create a URL reference for the document (page 414, O’Reilly)(ii) Create a new instance of the SignedXML class and the URL reference;(iii) Create a new asymmetric signing algorithm instance and assign it to the

reference object created along with all other parameters (signing key, etc.)(iv) Call ComputeSignature on the reference object.(v) Use GetXml().OuterXml to get the signature.

Follow similar procedure for verification of the signature.