Embed Size (px)
Citation preview
cryptography cryptography ReadingsReadings
Encryption, Decryption, & Digital Certificates
RRIVESTIVESTSSHAMIRHAMIRAADLEMANDLEMAN
ProblemExchanging Key for encryption securelySigning a message (proving the true-party sent it)
Solution (confidentiality)M^e mod n = Ciphertext
n = (p * q) where p & q are 2 very large ‘random’ prime numberse is derived from p and q
C^d mod n = Md is derived from p and q
Anyone can know (e,n)d must be secret
Solution (signing)S = DB(M) (D = decrypt with private key = encrypt plaintext with private key)E(S) = EA(S) (EA = Encrypt with public)
S = DA(E(S) M = EB(S)
Requirements For RSA Requirements For RSA to be Secureto be Secure
You can decrypt an encrypted message back to its original plaintext.
Encryption for Confidentiality
Both the public (e) and private (d) keys are easy to compute.
By making the (e) key public, there is no easy way to compute (d).
You can encrypt a decrypted message back to its original plaintext.
Encryption for Authentication (Integrity)
PROBLEMPROBLEMHow do you exchange the key(s) necessary for encryption?Solution:
Diffie-Hellman math – don’t ask me to explainRequirements:p and q
Two random very large numbers 100’s of digits long or longern = p * q
if p and q are sufficiently large it is almost impossible to factor n and come up with p and q; thus almost impossible to determine d!
d = private key; derived from p and q (see wikipedia)e = public key; derived from p and q (see wikipedia)
THE MATHTHE MATHPlaintext Message = M
Convert PlainText to number (binary) = M
M^e (mod n) = CipherText(C)
e and n are publicly known, either sent to party for communication or stored publicly (CA’s)
C^d (mod n) = M
An ExampleAn Example
Its all about key sizeIts all about key size
Digits# of
Operations
Time*
501.4 x
10^103.9 hours
759.0 x
10^12104 days
1002.3 x
10^1574 years
2001.2 x
10^233.8 x 10^9 years
3001.5 x
10^294.9 x 10^15 years
5001.3 x
10^394.2 x 10^25 years
* 1 operation = 1 microsecond (1 millionth of a
second)
WEAKEST LINK WEAKEST LINK FAILUREFAILURE
What is the weakest link in RSA?
FEBRUARY 2012FEBRUARY 2012What did security researchers allege?
Were they right?
What is a Pseudo-Random Number Generator?
What size keys should be in use today?
Digital Certificates & Digital Certificates & SSL/TLSSSL/TLS
What does SSL/TLS What does SSL/TLS Assure?Assure?
Encrypted message between browser and server
Authentication of server
Depends on.....
What are root certificate authorities?
How are they used?
Can the system be made more secure? If so, How?
Using Certificates to Using Certificates to Authenticate SoftwareAuthenticate Software
