Vous êtes sur la page 1sur 106

Cryptography

Why Information Security ?

Information is a strategic resource


- Traditionally security was provided by physical & administrative means - Spread of IT requires automated tools to protect files and other stored information

Significant portion of organizational budget is spent on managing information There are many types of information
- both stored and processed within a computer - and transferred between computers

Use of networks and communications links requires measures to protect data during transmission
Jay M Joshi

The Need for Security

Prior to this computer era, information felt to be valuable was protected by physical and administrative means

Jay M Joshi

Information Systems

Have to be available to the people for use Have to be protected (secured) from misuse A balance between availability and protection

Jay M Joshi

Information Systems

Information Systems Security is crucial for - Maintaining the proper balance Allowing proper people to use the system and preventing others from misusing the system

Jay M Joshi

What makes Cyber crime easy

Anonymity bestowed by the Internet and the applications The ability to store enormous amounts of data in compact media (CDs) facilitates data theft The difficulty in distinguishing an original electronic document from a copy

Jay M Joshi

What makes Cyber crime easy

The difficulty in ensuring the integrity of an electronic document There is no physical characteristic (such as an embossed seal or watermark) to verify authenticity

Jay M Joshi

Definitions

Computer Security

Collection of tools designed to protect data and to prevent hackers make sure to protect data during their transmission measures to protect data during their transmission over a collection of interconnected networks
Jay M Joshi

Network Security

Internet Security

Message security including cryptography

Jay M Joshi

Goals of Security

Provide confidentiality of sensitive information only intended persons can see the information Authenticate legitimate entities make sure they are who they claim to be Provide access control - prevent unauthorized entry to information systems

Jay M Joshi

Goals of Security

Enforce non-repudiation of transactions an entity cannot later disavow a transaction Ensure availability of systems and services to legitimate users

Jay M Joshi

Security Services in Conventional Transactions


Identification Face to face meetings Authentication Introduction through mutual acquaintances Confidentiality Sealed covers, locked boxes Access control Locks, keys, security personnel
Jay M Joshi

Security Services in Conventional Transactions


Integrity Handwriting, signatures, chemical analysis of paper, watermarks Authorization Signatures Non-repudiation Witnesses, signatures, receipts The trend towards paperless transactions calls for electronic analogues of all these services
Jay M Joshi

Electronic Security Services and Mechanisms

Most mechanisms that provide the services of confidentiality, integrity, authentication, access control and non-repudiation are cryptography based Availability of systems and services requires other mechanisms as well

Jay M Joshi

A Classification of Attacks

Most security attacks can be classified into one of the following generic types

Interruption Interception Modification Fabrication

Jay M Joshi

Interruption
Source Destination

Attack on availability Denial of service attacks Malicious code such as viruses, worms, Trojans Destruction of hardware or communication lines
Jay M Joshi

Interception
Source Destination

Attack on confidentiality

Eavesdropping, wiretapping, keystroke logging Illicitly acquiring data, software, personal information about entities
Jay M Joshi

Modification
Source Destination

Attack on integrity Attacker could modify


Data Programs Authentication data
Jay M Joshi

Fabrication
Source

Destination

Happens due to weak authentication of entities Results in spurious records or false message in a network

Jay M Joshi

Active and passive attacks

Attacks are also classified as: - Active attacks where in the information is modified or false information is created - Passive attacks where in the information is only accessed and analyzed

Jay M Joshi

Basic Model of Cryptography

Jay M Joshi

Few Concepts

Plaintext : Original, readable message or data. Cipher text : Coded unreadable message or data. Encryption : The art of converting plaintext into cipher text (Scrambling data). Decryption : The art of reverting cipher text back to readable, plaintext (Descrambling data). Cryptography : Algorithm for transforming plaintext to cipher text Cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key Cryptology - The field of both cryptography and cryptanalysis
Jay M Joshi

Cryptography

What is a key? Size of the key is one of the measure of the strength of the Crypto Life of the key

Jay M Joshi

Classification

Secret Key Cryptography: a cryptographic scheme where the same key is used to encrypt and decrypt.

Single key used to encrypt and decrypt. Key must be known by both parties.

Public Key Cryptography: a cryptographic scheme where different keys are used for encryption and decryption.

asymmetric cryptography public key (well known) used for encryption private key (a secret) used for decryption No key is required
Jay M Joshi

Cryptographic Hash functions:

Privacy using symmetric-key encryption

Jay M Joshi

Privacy using public-key encryption

Jay M Joshi

HASHING

It means creating the miniature version of a message that can be used for cryptography instead of the message directly. In the message certain security aspects are added by following certain protocols which we shall discuss very soon and thereafter the message can be encrypted.

Jay M Joshi

Symmetric key encryption : Cipher Types

Stream ciphers Block ciphers


stream ciphers
pseudo-random bit stream generator plaintext seed ciphertext

...
block ciphers

...

plaintext

block cipher
key
Jay M Joshi

ciphertext

padding

Secret Key Cryptography Algorithms

Substitution cipher

Caesar cipher Mono alphabetic cipher

Transposition cipher One Time Pads DES (Data Encryption Standard)


DES DES Chaining (ECB - Electronic code book) Triple DES use 3 keys to make it 168 bit key

IDEA (International data encryption algorithm) BLOWFISH variable key length cipher RC2, RC4, RC5 (used by Netscape) Rinjadels AES (Advance Encryption Standard) use 128-256 bit key
Jay M Joshi

Substitution Ciphers

Each letter or group of letters is replaced by another letter or group of letters to disguise it. Caesar cipher: In this method a becomes D, b becomes E etc.. attack become DWWDFN Slightly generation of caesar cipher allows the cipher text alphabet to be shifted by k letters, instead of always 3

Jay M Joshi

Mono-alphabetic Substitution
Each of the letter in plaintext in simplicity say 26 symbol, map onto some other letter. For example: Plaintext: abcdefghIjklmnopqrstuvwxyz Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM Key:26-letter string attack become QZZQEA

Jay M Joshi

Cryptanalyst Mono-alphabetic Substitution

The first glance this might appear to be a safe system because although the cryptanalyst know the general system, he does not know which of 26!=4*1026 possible keys in use. The basic attack take the advantage of the statistical properties of natural languages. In English, for example, e is the most common letter, followed by t, o, a, n, i, etc.
Jay M Joshi

Cryptanalyst Mono-alphabetic Substitution


The most common two letter combination, or diagrams are th, in, er, re and an. The most common three letter combination, or triagrams, are the, ing and and ion Another approach is to guess a probable word or phrase. For example CTBMN BYCTC BTJDS QXBNS GSTJC BTSWX CTQTZ CQVUJ QJSGS TJQZZ MNQJS VLNSX VNZUJ JDSTS JQUUS JUBXJ Common word is financial repeated character i-4diff, n-1diff, a-3diff XCTQTZCQV

Jay M Joshi

Cryptanalyst Mono-alphabetic Substitution


X-f, C-i, T-n, Q-a, Z-c, V-l inBMN BYini BnJDS afBNS GSnJi BnSWf inanc ialUJ aJSGS nJacc MNaJS lLNSf lNcUJ JDSnS JaUUS JUBfJ B-t, M-h, N-e inthe tYini tnJDS afteS GSnJi tnSWf inanc ialUJ aJSGS nJacc heaJS lLeSf lecUJ JDSnS JaUUS JUtfJ S-r in the tYini tnJDS after GrnJi tnrW financial UJ aJrGr nJacc heaJr lLerf lecUJ JDrnr JaUUr JUtfJ
Jay M Joshi

Poly-alphabetic Substitution

A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. The first published polyalphabetic cipher was invented by Leon Battista Alberti around 1467. Alberti used a Caesar cipher to encrypt a message, but whenever he wanted to he would switch to a different alphabet, indicating that he had done so by capitalizing the first letter encrypted with the new alphabet.

Jay M Joshi

Poly-alphabetic Substitution

The following compact table provides 26 alphabets, each labelled with a letter of the alphabet:

Jay M Joshi

Poly-alphabetic Substitution

A progressive-key system, where keys are used one after the other in normal order. The key ABCD...Z was used with regular alphabets in the form depicted therein. The autokey system, where a key starts the choice of alphabet, but the message itself determines the alphabets to use for later parts of the message.
Jay M Joshi

Poly-alphabetic Substitution
The message "Wish you were here" can be encrypted by the three possible methods, using SIAMESE as the keyword: Straight keyword: Message: WISHYOUWEREHERE Key: SIAMESESIAMESES Cipher: OQSTCGYOMRQLWVW Progressive key: Message: WISHYOUWEREHERE Key: SIAMESETJBNFTFU Cipher: OQSTCGYPNSRMXWY Autokey: Message: WISHYOUWEREHERE Key: SIAMESEWISHYOUW Cipher: OQSTCGYSMJLFSLA
Jay M Joshi

Mobile keypad substitution

Character replaced by the numerical letter on the mobile key pad, For e.g. A-2, B-22, C222,D-3. SVMIT,BHARUCH encrypted by 77778886444811224427778822244

Jay M Joshi

Transposition cipher
Key is MEGABUCK Plaintext :pleasetransferonelakhsinmyswissbankaccounttwotwoo neoneone

M E G A B U C K

7 4 51 2 p l e a s a ns f e e l a k h mysw i a nk a c n t t w o o neo n e

8 e r s s c t e

3 6 t r o n i n s b ou wo o n

Ciphertext: AFKWAWOSEHICONTOISOWOLNLYNTNESASKTE Jay M Joshi RNNBUONPAEMANOE

One time pads

Choose random bit string as a key, convert the plaintext into a bit string- by using ASCII codes, compute the ex-or of these two strings. The resulting cipher text cannot be broken because every possible candidate is a equally probable candidate. It has number of the practical disadvantages
Jay M Joshi

Disadvantage of one time pads

Key cannot be memorized, so that both the sender and receiver must carry a written copy with them. The total number of data that can be transmitted can be limited by the amount of key available. If the sender and the receiver get out of synchronization, all data from then on will appear garbled.
Jay M Joshi

Cryptographic principles

The first one, all encrypted message must contain some redundancy to prevent passive intruders from tricking the receiver into acting on a false message. However, this same redundancy make it much easier for active intruder to break the system. Furthermore, the redundancy should never be in form of n zeros at the start or at the end of the message, since running such message through some cryptographic algorithms gives some more predictable results making cryptanalysts easier. A random string of English word is much better choice for redundancy
Jay M Joshi

Cryptographic principles

The second cryptographic principles is that some measures must be taken to prevent active intruder from playing back old messages. One such measures is including in every message a timestamp valid only for say 5min. The receiver can then just keep the message 5min to compare newly arrived message with previous ones to filter out duplicates. Message older than 5min later will be rejected.
Jay M Joshi

Basic element of ciphers


P-box S-box

3-8 decoder

8-3 encoder

Jay M Joshi

Product cipher
S1 S2 P1 P2 S3 S7 S5 S6 P3 S11 S9 S10 P4

S4

S8

S12

Jay M Joshi

Data Encryption Standard (DES)

DES is the block cipher an algorithm that takes a fixed-length string (64-bits) of plaintext bits and transforms it through a series of complicated operations into another cipher text bit string of the same length(64-bits). DES also uses a key to customize the transformation, so that decryption can only be performed by those who know the particular key used to encrypt. The key consists of 64 bits; however, only 56 of these are actually used by the algorithm. Eight bits are used solely for checking parity, and are thereafter discarded.
Jay M Joshi

Data Encryption Standard (DES)

The algorithm's overall structure is shown in Figure : there are 16 identical stages of processing, termed rounds. There is also an initial and final permutation, termed IP and FP, which are inverses (IP "undoes" the action of FP, and vice versa). Before the main rounds, the block is divided into two 32-bit halves and processed alternately; this criss-crossing is known as the Feistel scheme.
Jay M Joshi

Data Encryption Standard (DES)

The Feistel structure ensures that decryption and encryption are very similar processes the only difference is that the subkeys are applied in the reverse order when decrypting. The rest of the algorithm is identical. This greatly simplifies implementation, particularly in hardware, as there is no need for separate encryption and decryption algorithms. The F-function scrambles half a block together with some of the key. The output from the Ffunction is then combined with the other half of the block, and the halves are swapped before the next round. After the final round, the halves are not swapped; this is a feature of the Feistel structure which makes encryption and decryption similar processes.
Jay M Joshi

F-function

The F-function, depicted in Figure 2, operates on half a block (32 bits) at a time and consists of four stages

1. Expansion the 32-bit half-block is expanded to 48 bits using the expansion permutation, denoted E in the diagram, by duplicating some of the bits. 2. Key mixing the result is combined with a subkey using an XOR operation. Sixteen 48-bit subkeys one for each round are derived from the main key using the key schedule
Jay M Joshi

F-function
3. Substitution after mixing in the subkey, the block is divided into eight 6-bit pieces before processing by the S-boxes, or substitution boxes. Each of the eight S-boxes replaces its six input bits with four output bits according to a non-linear transformation, provided in the form of a lookup table. The S-boxes provide the core of the security of DES without them, the cipher would be linear, and trivially breakable. 4. Permutation finally, the 32 outputs from the S-boxes are rearranged according to a fixed permutation, the P-box.

Jay M Joshi

Key-schedule

Figure illustrates the key schedule for encryption the algorithm which generates the subkeys. Initially, 56 bits of the key are selected from the initial 64 by Permuted Choice 1 (PC-1) the remaining eight bits are either discarded or used as parity check bits. The 56 bits are then divided into two 28-bit halves; each half is thereafter treated separately. In successive rounds, both halves are rotated left by one or two bits (specified for each round), and then 48 subkey bits are selected by Permuted Choice 2 (PC-2) 24 bits from the left half, and 24 from the right. The key schedule for decryption is similar it must generate the keys in the reverse order. Hence the rotations are to the right, rather than the left.
Jay M Joshi

Breaking of DES

DES exhibits the complementation property, namely that

The complementation property means that the work could be reduced by a factor of 2 (or a single bit) under a chosen-plaintext assumption. DES also has four so-called weak keys. Encryption (E) and decryption (D) under a weak key have the same effect EK(EK(P)) = P or equivalently, EK = DK There are also six pairs of semi-weak keys. Encryption with one of the pair of semiweak keys, K1, operates identically to decryption with the other, K2:
or equivalently,
Jay M Joshi

Triple DES

Here two keys and three stages of DES are K1 used. K2 K1


P

E
K1

D
Encryption
K2

E
K1

E
Decryption
Jay M Joshi

Triple DES

Why two keys not three? Most cryptographers believe that 112 bits is adequate for routine commercial applications for the time being. Going to 168 bits would just add the unnecessary overhead of managing and transporting another key. Why EDE not EEE? For compatible with single key DES system. It become single key DES system if K1=K2.
Jay M Joshi

Attack in DES standard


Name Reeta, D evesh Raghav, Clerk Position Bonus(Rs) 1,000 5,00,000 5,000 20,000

Kishor Boss Clerk

Meeta, R ani Ravi, Na

rendra Manager

This attack can be happen in any mono-alphabetic substitution cipher

Jay M Joshi

Cipher block chaining mode

Each plaintext block is XORed with the previous the previous cipher text block before being encrypted. Consequently, the same plaintext block no longer maps onto the same cipher text block, and the encryption is no longer a big monoalphabetic substitution cipher. The first block is XORed with a randomly chosen IV (Initialization Vector), which is transmitted along with the cipher text.
Jay M Joshi

Cipher block chaining mode

C0=E(P0 XOR IV), and C1=E(P1 XOR C0)


P0 IV P1 P2 P3

+ E
C0

+ E
C1

+ E
C2

+ E ...
C3

Encryption
Jay M Joshi

Cipher block chaining mode

P0=D(C0) XOR IV, and P1=D(C1) XOR C0


C0 C1 C2 C3

D
IV

D +
P1

D +
P2

D + ...
P3

+
P0

Decryption
Jay M Joshi

Advantage and Disadvantage

Cipher block chaining also has the advantage that the same plain text block will not result in the same cipher text block, making cryptanalysis more difficult Cipher block chaining has the disadvantage of requiring an entire 64-bit block to arrive before decryption can being. For use with interactive terminals, where people can type lines shorter than eight characters and then stop, waiting for response, this mode is unsuitable.
Jay M Joshi

Cipher Feedback Mode


64-bit shift register
C2 C3 C4 C5 C6 C7 C8 C9

C10

KEY

E
Select LSByte

P10

+
Jay M Joshi

C10

Cipher Feedback Mode


64-bit shift register
C2 C3 C4 C5 C6 C7 C8 C9

C10

KEY

E
Select LSByte

C10

+
Jay M Joshi

P10

Advantage and Disadvantage

Byte by byte encryption, no need to wait entire 64-bit block to arrive. A problem is that if one bit of he cipher text is accidentally inverted during transmission, the 8 bytes that are decrypted while the bad byte is in the shift register will be corrupted. Once the bad byte is pushed out of the shift register, correct paling text will once again be generated.
Jay M Joshi

Stream cipher mode


IV IV

Key

E
Keystream Ciphertext

Key

E
Keystream Plaintext

Plaintext

Ciphertext

Encryption
Jay M Joshi

Decryption

Key stream reuse attack

Using the same key stream twice exposes the cipher text to a key stream reuse attack. Imagine that the plain text block P0 is encrypted with keystream K0 by P0 xor K0. Later, second plain text Q0 is encrypted with the same keystream by Q0 xor K0. An intruder who captures both of these ciphertext blocks can simply xor them together to get P0 xor Q0, which eliminates the key.
Jay M Joshi

International Data Encryption Algorithm (IDEA)

1. 2. 3.

IDEA operates on 64-bit blocks using a 128-bit key, and consists of a series of eight identical transformations (a round, see the illustration) and an output transformation (the half-round). The processes for encryption and decryption are similar. IDEA derives much of its security by interleaving operations from different groups modular addition and multiplication, and bitwise ex-or. In more detail, these operators, which all deal with 16-bit quantities, are: Bitwise eXclusive OR (denoted with a blue). Addition modulo 216 (denoted with a green). Multiplication modulo 216+1, where the all-zero word (0x0000) is interpreted as 216 (denoted by a red ).
Jay M Joshi

64-bit input

final half round

64-bit output

An encryption round of IDEA M Joshi Jay

RSA

The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman, the letters RSA are the initials of their surnames RSA involves a public and private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key.
Jay M Joshi

RSA
The keys for the RSA algorithm are generated the following way: 1. Choose two large random prime numbers p and q 2. Compute n=p*q

n is used as the modulus for both the public and private keys

3. 4.

Compute (n)= (p-1)(q-1) Choose an integer e such that 1<e<(n)


e is released as the public key exponent

5.

Compute d to satisfy the congruence relation d*e=1 (mod (n)) i.e. d*e=1+k(n)
d is kept as the private key exponent
Jay M Joshi

RSA
1.

Choose two prime numbers


p = 3 and q = 11

2.

Compute
n = 3 * 11 = 33

3.

Compute the totient


(n) = (3 1)(11 1) = 20

4.

Choose e > 1 co-prime to 20


e=3

5.

Choose to satisfy
d=7 7 * 3 = 21 = 1 + 1 * 20.
Jay M Joshi

RSA

The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d which must be kept secret. To encrypt the message P , compute C=Pe(mod n) To decrypt C compute D=Cd(mod n)
Jay M Joshi

RSA
Symbol Numeric P3 (P) 19 22 13 9 6859 10648 2197 729 C= P3 C7 (MOD 33) 28 \ 22 V 19 S 3 C C7 Symbol (MOD 33) S V M I

S V M I

13492928512 19 2.4944e+009 893871739 2187 22 13 9

20

8000

14 N

105413504

20

Jay M Joshi

Authentication Protocol

Jay M Joshi

Authentication based on Shared Secret key


A RB KAB(RB) RA KAB(RA)
Jay M Joshi

A L I C E

B O B

It is also called challenged processed protocol

Shortened two way authentication


A,RA

A L I C E

RB,KAB(RA)

B O B

KAB(RB)
Jay M Joshi

Reflection Attack
A,RT RB,KAB(RT) A,RB RB2,KAB(RB) KAB(RB)
Jay M Joshi

T R U D Y

B O B

Designing a correct authentication protocol is harder than it looks. Three general rules

Have the initiator prove who she is before the responder has to. In this case, Bob gives away valuable information before Trudy has to give any evidence of who she is. Have the initiator and responder use different keys for proof, even if this means having two shared keys, KAB and KAB. Have the initiator and responder draw their challenges from different sets. For e.g. the initiator must use even numbers and the responder must use odd number.
Jay M Joshi

Diffie-Hellman Key Exchange


Pick x Pick y

A L I C E

n, g, gxmod n

gymod n
compute (gymod n)x =gxymod n
Jay M Joshi

B O B
compute (gxmod n)y =gxymod n

ALICE and BOB now share a secrete key gxymod n

Diffie-Hellman Key Exchange


For e.g. n=47 and g=3. Alice take x=8 and Bob y=10 38mod 47=28 so Alice sends (47,3,28). Bob computes 310mod 47=17. Alice computes 178 mod 47=4 Alice and Bob have independently determines that shared secrete key is now 4 Trudy has to solve the equation 3xmod 47=28, which can be done by exhaustive search for small numbers like this but not when all numbers are hundred of bits long
Jay M Joshi

Bucket Bridge Attack


Pick x Pick z Pick y

A L I C E

n, g, gxmod n

gzmod n

T R U D Y
Jay M Joshi

n, g, gzmod n

gymod n

B O B

Some times it is called Man In Middle(MIM) attack

Key Distribution Centre


A,KA(B,KS)

A L I C E

K D C

KB(A,KS)

B O B

Wide-mouth frog authentication protocol


Jay M Joshi

Problems of wide mouth frog


Replay attack Solution of the replay attack

Include timestamp in each message. Then if anyone receives an obsolete message, it can be discarded. Trouble with this approach is that clocks are never exactly synchronized over a network, so there has to be some interval during which a timestamp is valid. Put one-time unique message number, usually called a nonce, in each message. Each party has to remember all pervious nonce and reject message containing a previously used nonce. Time stamps and nonce can be combined to limit how long nonces have to be remembered, but clearly the protocol is going to get a lot more complicated.
Jay M Joshi

Needham-Schroeder authentication protocol


RA,A,B
KA(RA,B,KS,KB(A,KS))

A L I C E

K D C

KB(A,KS),KS(RA2)

KS(RA2-1),RB
KS(RB-1)

B O B

Jay M Joshi

Otway-Rees authentication protocol


A,B,R,KA(A,B,R,RA)

A L I C E

A,KA(A,B,R,RA) B,KB(A,B,R,RB)

KA(RA,KS)

K D C
Jay M Joshi

B O B

KB(RB,KS)

Authentication using Kerberos

1. 2.

Kerberos involves three servers in addition to Alice (a client workstation)


Authentication Server (AS) :Verifies users during login. Ticket-Granting Server (TGS): Issues proof of identity tickets Bob the server: actually does the work Alice want performed

3.

AS is similar to a KDC in that it shares a secret password with every user. The TGSs job is to issue tickets that can convince the real servers that the bearer of a TGS ticket really is who he or she claims to be
Jay M Joshi

Authentication using Kerberos


A A S

A L I C E

KA(KS,KTGS(A,KS)) KTGS(A,KS),B,KS(t)
KS(B,KAB),KB(A,KAB)

T G S B O B

KB(A,KAB),KAB(t) KAB(t+1)
Jay M Joshi

Authentication using Public Key Cryptography


EB(A,RA)
EA(RA,RB,Ks)

A L I C E

B O B

KS(RB)
Jay M Joshi

Digital Signature

The authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature. For computerized message system to replace the physical transport of paper and ink documents, a solution must be found to these problems.
Jay M Joshi

Digital Signature

Basically, what is needed is a system by which one party can send a signed message to another party in such a way that
1.

2.

3.

The receiver can verify the claimed identity of the sender. The sender cannot later repudiate the contents of the message. The receiver cannot possibly have concocted the message himself.
Jay M Joshi

Secrete key signature


A,KA(B,RA,t,P)

A L I C E

B B
KB(A,RA,t,P,KBB(A,t,P))

B O B

Jay M Joshi

Digital Signatures using public key Cryptography

plaintext

signing
private key

signed message

signed message

verification
Jay M Joshi

plaintext

public key

Message Digest

One way hash functions that condense information in a file into a 128/256 bit number Transforms a message of any length and computes a fixed length string. Hard to guess what the message was

Properties

Every bit of the input influences the function => the smallest change in the input creates a large change in the output. Given an input file and a message digest, its computationally infeasible to find another file which will yield the same MD value (avoids collisions) The same MD function willM always provide the same digest Jay Joshi on a given file (Repeatable)

Usage of digests

Digital signatures

Typically instead of signing the whole document, only the digest is signed.

Message Authentication Codes (MACs) used by most Internet routing protocols. Creation of keys from a textual pass phrase (PGP) Encryption of passwords in a database
Jay M Joshi

Signing the digest

Jay M Joshi

Sender site

Jay M Joshi

Receiver site

Jay M Joshi

Common Digest functions

MD2 through MD5

Developed by Ronald Rivest Produce 128 bit digests Used in SSL

SHA, SHA1

Secure Hash Algorithm Developed by NIST 160 bit digest


Jay M Joshi

Alices Signature

Alice feeds her original message through a hash function and encrypts the message digest with Aprivate. Bob can decrypt the message digest using Apublic. Bob can compute the message digest himself. If the 2 message digests are identical, Bob knows Alice sent the message.

Jay M Joshi

Revised Scheme
Alice Bob

Sign with Aprivate

check signature using Apublic

encrypt using Bpublic


Jay M Joshi

decrypt using Bprivate

Why the digest?

Alice could just encrypt her name, and then Bob could decrypt it with Apublic. Why wouldnt this be sufficient?

Implications

Suppose Alice denies she sent the message? Bob can prove that only someone with Alices key could have produced the message.
Jay M Joshi

Another possible problem


Suppose Mike receives a message from Mona including a digital signature. Mike sends the same message to Mark so that it looks like the message came from Mona. Mike includes the digital signature from the message Mona sent to him. Mark is convinced Mona sent the message!

Jay M Joshi

Solution?

Always start your messages with:

Dear Mike.,

Create a digest from the encrypted message and sign that digest. There are many other schemes as well.

Jay M Joshi

Comparison

Public key encryption/decryption algorithms are much secure than secret key algorithms. Secret key encryption/decryption algorithms are much faster than public key algorithms. Many times a combination is used:

use public key cryptography to share a secret key. use the secret key to encrypt the bulk of the communication.
Jay M Joshi

PGP (Pretty Good Privacy)

MD5-Hash function RSA algorithm for public key


Jay M Joshi

PGP (Pretty Good Privacy)

Jay M Joshi

PGP (Pretty Good Privacy)

Jay M Joshi

Vous aimerez peut-être aussi