CS 483 – SD SECTION

BY DR. DANIYAL ALGHAZZAWI

(4)

Information Security

Cryptography

Ciphers

1. Classic

Substitution

e.g.,Caesar Cipher

Transpositione.g.,

Route Cipher

Hybrid

2. Modern

Symmetric

(Private Key)

Stream Ciphere.g.,R

C4,

A5/1

Block Ciphere.g.,

DES, AES

Asymmetric

(Public Key)e.g.,RSA

Hybrid

Asymmetric-Key Algorithms(Public Key Encryption Algorithms)

a user has a pair of cryptographic keys - a public key and a private key.

The private key is kept secret, while the public key may be widely distributed

The keys are related mathematically, but the private key cannot be practically derived from the public key. Then, HOW?

A message encrypted with the public key can be decrypted only with the corresponding private key.

Math1. Prime

The prime is a natural number which has exactly two distinct natural number divisors: 1 and itself

The first 15 prime numbers are:2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47.

Math2. Coprime

The integers a and b are said to be coprime or relatively prime if they have no common factor other than 1 and −1 (if their Greatest Common Divisor is 1)

For example,6 and 35 are coprime6 and 27 are not coprime because they are both

divisible by 3

A fast way to determine whether two numbers are coprime is given by the Euclidean algorithm that determine the greatest common divisor (GCD) of two elements.

Euler's Totient Function of a positive integer n is the number of integers between 1 and n which are coprime to n

Math3. Euclidean Algorithm (Euclid's Algorithm)

The Euclidean algorithm is an algorithm to determine the greatest common divisor (GCD) of two elements.

Using recursion, the algorithm can be expressed:function gcd(a, b) { if b = 0 return a else return gcd(b, a mod b)}

For example:gcd(35,6) = gcd(6,5) = gcd(5,1) = gcd(1,0) = 1

(This means that 35 and 6 are coprime)gcd(27,6) = gcd(6,3) = gcd(3,0) = 3

Math4. The Congruence Relation

Two integers a and b are said to be “congruent modulo” n, if their difference a − b is an integer multiple of n. If this is the case, it is expressed as:

a ≡ b (mod n) "a is congruent to b modulo n“

For example,38 ≡ 14 (mod 12)38 ≡ 2 (mod 12)-3 ≡ 2 (mod 5)

The totient φ(n) of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n.

To compute Euler's function for n:

with the product ranging only over the distinct primes p dividing n

if n=p.q and p&q are distinct primes:

φ(n) = φ(p.q) = (p-1)(q-1)

For example,

φ(6) = φ(3.2) = (3-1)(2-1) = 2 // 1, 5

Math5. Euler's Totient Function

Euler's Totient Function Values For n = 1 to 500, with Divisor Lists (http://www.geocities.com/primefan/Phi500.html)

Asymmetric-Key AlgorithmsExample: RSA

The algorithm was publicly described in 1977 , however, was not revealed until 1997 due to its top-secret classification.

Rivest, Shamir, and Adleman devised RSA independently of Cocks' work.

RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key.

Asymmetric-Key AlgorithmsRSA – Key Algorithm

1. Choose two distinct large random prime numbers p and q

2. Compute n=p.q n is used as the modulus for both the public and private

keys

3. Compute the totient: φ(n)=(p-1)(q-1) 4. Choose an integer e such that 1<e<φ(n), and e and φ(n) share no factors other than 1;(i.e. e and φ(n) are coprime) e is released as the public key exponent

5. Compute d to satisfy the congruence relation:d.e ≡ 1 (mod φ(n)); (i.e. d.e=1+kφ(n) for some integer k ) d is kept as the private key exponent

Public Key: (n, e)Private Key: (n,d)

To encrypt message:c = me mod n

To decrypt message:m = cd mod n

Asymmetric-Key AlgorithmsRSA – Example

p = 11q = 3n = 11.3 = 33φ(33) = (11-1)(3-1) = 20e = 3 // 3 and 20 are coprime

d = 7 // 3.7 ≡ 1 (mod 20)

Question: Encrypt the message M=15?c = me mod n = 153 mod 33 = 9m = cd mod n = 97 mod 33 = 15

Uses for Public Key Crypto1. Confidentiality

The primary advantage of symmetric key cryptography is efficiency (because there is no infrastructure, such as PKI).

In the realm of confidentiality, the primary advantage of public key cryptography is that no need to establish a shared key in advance.

To achieve both advantage, use a hybrid cryptosystem, where public key crypto is used to establish a symmetric key.

Uses for Public Key Crypto2. Integrity and Non-repudiation

With symmetric key crypto, a MAC provides for integrity.

With public key crypto, a digital signature provides for integrity and non-repudiation. Scenario?

Hints: Using a MAC, anyone can repudiate a transaction because the key is shared between the two sides. However, using a digital signature, no one can repudiate a transaction because the private key can be owned by only one.

Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security.

Uses for Public Key Crypto3. Confidentiality and Non-repudiation

For confidentiality only, Alice can encrypt M with Bob’s public key.

For integrity and non-repudiation only, Alice can sign M with her private key. To achieve all:

1. Alice can sign the message M and encrypt the result:{[M]Alice}Bob

2. Alice can encrypt M first and then sign the result: [{M}Bob]AliceC={M}Alice: encrypt message M with Alice’s public key M=[C]Alice: decrypt ciphertext C with Alice’s private key

Asymmetric-Key Algorithms Ways to Use

Anyone can encrypt using the public key, but only the holder of the private key can decrypt. Secrecy depends on the secrecy of the private key.

Using a private key to encrypt (thus signing) a message; anyone can check the signature using the public key. Validity depends on private key security.

By combining your own private key with the other user's public key, you can calculate a shared secret that only the two of you know. The shared secret can be used as the key for a symmetric cipher.

1 2 3

Public Key Infrastructure (PKI)

PKI is showing everything required to securely use public key crypto: A digital certificate, or public key certificate, that

contains a user’s name along with the user’s public key.

A digital certificate needs to be signed by one of the Certificate Authorities (CAs) – trusted third party- in order to verify the public key.

A digital certificate needs to be added to the Certificate Revocation Lists (CRLs) if the private key is compromised.