Q: How do Ole and Lena get a shared private key?

1) Lena Lockmaster EkeyLena( IDLena || IDOle )

Example (Suppose Lena wants a key to shared with Ole.)

Needham-Schroeder Protocol (1978)

A: Generally, they need a trusted third party and a secure protocol.

2) Lockmaster Lena EkeyLena( newkey || EkeyOle(newkey) )

3) Lena Ole EkeyOle(newkey)

1) Lena Lockmaster IDLena || IDOle || nonce1

2) Lockmaster Lena EkeyLena(IDLena || IDOle || nonce1 || newkey || EkeyOle(IDLena|| newkey))

3) Lena Ole EkeyOle(IDLena|| newkey)

4) Ole Lena Enewkey( nonce2 )

5) Lena Ole Enewkey( nonce2 - 1 )

Assume that a hacker has managed to crack an old key and replays Step 3.

This protocol uses time stamps to avoid the problem.

Denning-Sacco Protocal

Otway-Rees Protocol (a solution without time stamps)1) Lena Ole num || IDLena || IDOle || EkeyLena(nonce1 || num || IDLena || IDOle)

2) Ole Lockmaster num || IDLena || IDOle || EkeyLena(nonce1 || num || IDLena || IDOle) || EkeyOle(nonce2 || num || IDLena || IDOle)

3) Lockmaster Ole num || EkeyLena(nonce1 || newkey) || EkeyOle(nonce2 || newkey)

4) Ole Lena num || EkeyLena(nonce1 || newkey)

However, time stamps depend upon clock synchronization.

Simple Public Key Protocol1) Lena Ole EkeyOlePub( EkeyLenaPriv(newkey) )

This algorithm was first published in 1976 in the same paper as public-key encryption.

To select key

• Select a prime number q.

• Select integer so that is a primitive root of q..

(Note to be a primitive root means that (1 mod q), (2 mod q) , ... (q-1 mod q)

form some permutation of the integers 1, 2, ..., (q-1)

Select Publicly-known q &

• User A selects a secret integer XA such that 1 ≤ XA < q

• User A calculates a public value YA = XA mod q

• User B calculates a public value YB = XB mod q

• User B selects a secret integer XB such that 1 ≤ XB < q

• The key is (YA)XB mod q = (YB)XA mod q

Select passwords

• Select a prime number q = 7

• Select = 3..

(Note the primitive root property from (k mod q) for 1 ≤ k ≤ q-131 = 3, 32 = 9, 33 = 27, 34 = 81, 35 = 243, 36 = 729

mod 7 ...

Example (with artificially small numbers)

• Ole selects a secret integer XOle = 5

• Ole calculates a public value YOle = 35 mod 7 = ______

• Lena calculates a public value YLena = 33 mod 7 = _______

• Lena selects a secret integer XLena = 3

• Ole calculates the key (YLena)XOle mod q = (6)5 mod 7 = 7776 mod 7 = ______

• Lena calculates the key (YOle)XLena mod q = (5)3 mod 7 = 125 mod 7 = ______

In order to provide non-repudiation it is common to include a digital signature in public keytransmission.

RSA approach

plaintext ciphertext

encryption keyOlePub

plaintext sig

encryption keyLenaPriv

ciphertext plaintext sig

decryption keyOlePriv

compare

from Lena

to Ole

The DSS/A approach uses the El Gamal algorithm.

This algorithm provides keys and generates/checks signatures.

Generate Digital Signature

• Select a prime number p.

• Select g and d so that 1 ≤ g, d < p.

• Calculate y = gd mod p

• public key: (y, g, p) private key: (d)

Verify the Digital SignatureThe signature is checked as follows: (yaab) mod p = gHash(message) mod p

Select Key

• Select k that is relatively prime to (p - 1).

• Calculate a = gk mod p

• digital signature: (a, b) • Find b so that Hash(message) = (da + kb) mod (p - 1)