An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

Save this PDF as:

Size: px
Start display at page:

Download "An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC"

Transcription

1 An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and Technology, Bhubaneswar 2Department of Computer Science, KMBB College of Engineering and Technology, Khurda 1 2 Abstract In a key management scheme for hierarchy based access control, each security class having higher clearance can derive the cryptographic secret keys of its other security classes having lower clearances. In 2006 Jeng-Wang proposed an efficient scheme on access control in user hierarchy based on elliptic curve cryptosystem. Their scheme provides solution of key management efficiently for dynamic access problems. However, in this paper, we propose an attack on Jeng-Wang scheme to show that Jeng-Wang scheme is insecure against our proposed attack. We show that in our proposed attack, an attacker (adversary) who is not a user in any security class in a user hierarchy attempts to derive the secret key of a security class. Key Words: Key management, Elliptic curve, Hierarchical Access control, Security, Dynamic Exterior attacks. 1. Introduction Hierarchical access control is a fundamental problem in computer and network systems. In a hierarchical access control, a user of higher security level class has the ability to access information items (such as message, data, files, etc.) of other users of lower security classes. A user hierarchy consists of a number n of disjoint security classes, say, SC 1, SC 2,...,, SC n. Let this set be SC = {SC 1, SC 2,..., SCn}. A binary partially ordered relation is defined in SC as SC i SC j, which means that the security class SC i has a security clearance higher than or equal to the security class SC j. In addition the relation, satisfies the following properties: (a) [Reflexive property] SC i SC i SC i Є SC. (b) [Anti-symmetric property] If SC i, SC j Є SC such that SC i SC j and SC j SC i, then SC i = SC j. (c) [Transitive property] If SC i, SC j, SC k Є SC such that SC i SC j and SC j SC k, then SC i SC k. If SC i SC j, we call SC i as the predecessor of SC j and SC j as the successor of SC i. If SC i SC k SC j,then SC k is an intermediate security class. In this case SC k is the predecessor of SC j and SC i is the predecessor of SC k. In a user hierarchy, the encrypted message by a successor security class is only decrypted by that successor class as well as its all predecessor security classes in that hierarchy. Akl and Taylor [1] first developed the cryptographic key assignment scheme in an arbitrary partial order set (poset) hierarchy. MacKinnon et al. [11] presented an optimal algorithm, called the canonical assignment,to reduce the value of public parameters. Harn and Lin [6] then proposed a bottom up key generating scheme,instead of using a top-down approach as in the Akl and Taylor scheme and MacKinnon et al. s scheme. In order to solve dynamic access control problems, many schemes have been proposed in the literature[10], [7], [9], [16], [3], [13], [14], [4]. Chang et al. [3] proposed a key assignment scheme based on Newton s interpolation method and one-way hash function. In their scheme, a user with higher security clearance must iteratively perform the key derivation process for deriving the secret key of a user who is not an immediate successor. Other proposed schemes [16], [14] enhance Akl and Taylor s scheme [1], and explore other possible approaches that can enable a user in a hierarchy to modify the secret key as and when necessary. Thus,a predecessor can directly and efficiently derive the secret keys of its successor(s). Kuo et al. later developed a method [9] that employs the public key to encrypt the secret key. Their scheme has a straightforward key assignment algorithm, small storage space requirement, and uses a one-way hash function. In 2006, Jeng-Wang proposed an efficient key management and derivation scheme based on the elliptic curve cryptosystem. An attractive advantage of their scheme is that it solves dynamic key management efficiently and flexibly. However, we show that their scheme is vulnerable to dynamic exterior attack. In this paper, we propose our dynamic exterior attack on Jeng-Wang scheme to show that their scheme 50

2 is vulnerable under the proposed attack. The rest of this paper is sketched as follows. In Section 2, we review some mathematical backgrounds which are useful to review Jeng-Wang scheme. We then give briefly an overview of Jeng-Wang scheme [4] in Section 3. In Section 4, we describe our proposed dynamic exterior attack on Jeng-Wang scheme [4]. Finally, we conclude the paper in Section Mathematical backgrounds In this section, we discuss the elliptic curve and its properties. We then discuss the rules for adding points on elliptic curve and the elliptic curve discrete logarithm problem. We, finally, discuss the properties of a oneway hash function. 2.1 Elliptic Curve over Finite Field Let and, where 0,1,., 1 and 3 be a prime, such that A non-singular elliptic curve over the finite field is the set, of solutions, to the congruence:, where and are constants such that , together with a special point called the point at infinity or zero point. The condition is the necessary and sufficient to ensure that the equation 0 has a non-singular solution [12]. If , then the corresponding elliptic curve is called a singular elliptic curve. If, and, be points in,, then implies that and. Also,, for all,. Moreover, an elliptic curve, over has roughly points on it. More precisely, a well-known theorem due to Hasse asserts that the number of points on,, which is denoted by #, satisfies the following inequality [15]: p 1 2 p #E p 1 2 p. In addition,, forms an abelian group or commutative group under addition modulo operation Addition of Points on Elliptic Curve over Finite Field We take an elliptic curve over a finite filed as, :, where and. The field size is considered as a large prime. We take as the base point on, whose order is, that is,. The elliptic curve addition differs from the general addition [8]. Let, and, be two points on elliptic curve, with, then, is computed as follows:,,, In elliptic curve cryptography, multiplication is defined as repeated additions. For example, if,, then 6 is computed as Discrete Logarithm Problem The discrete logarithm problem (DLP) is as follows: given an element in a finite group whose order is, that is, and another element, find an integer such that. It is relatively easy to calculate discrete exponentiation given,, but it is computationally infeasible to determine given,, when is large. 2.3 Elliptic Curve Discrete Logarithm Problem Let, be an elliptic curve modulo a prime. Given two points, and,, for some positive integer. represents the point on elliptic curve, is added to itself times. The elliptic curve discrete logarithm problem (ECDLP) is to determine given and. It is relatively easy to calculate given and, but it is computationally infeasible to determine given and, when the prime is large. 2.4 One-way Hash Function A one-way hash function : 0,1 0,1 takes an arbitrary-length input 0,1, and produces a fixedlength (say, -bits) output 0,1, called the message digest. The hash function is the fingerprint of a file, a message, or other data blocks, and has the following attributes [15]. 1. can be applied to a data block of all sizes. 51

3 2. For any given variable, is easy to operate, enabling easy implementation in software and hardware. 3. The output length of is fixed. 4. Deriving from the given value and the given hash function. is computationally infeasible. 5. For any given variable, finding any so that is computationally infeasible. 6. Finding a pair of inputs,,,, so that is computationally infeasible. Example- Figure-1 shown SC 1 determines its own secret key K 1, and its secret parameter n 1, and then generates its public parameter P 1 = n 1 G. Then it sends its pair of points kg, (K 1,n 1 ) + kp ca } to CA. The other classes in the hierarchy do the same job. While CA derives all the secret keys and secret parameters, he constructs the corresponding polynomials for each class and then makes them public. The polynomials are generated as follows: 3 Overview 3.1 Key generation algorithm Step 1. Suppose there are m, m Є N, security classes in a user hierarchy over the partial-order relation( ). CA determines an elliptic group Ep(a,b) as y 2 = x 3 + ax + b (mod p), where p is a large prime number, and the coefficients satisfy 4a b 2 0 (mod p). Then CA selects a base point G = (x,y) from E p (a,b) whose order is a very large value n such that ng = O. CA makes Ep(a,b), G and the value n public. Step 2. CA selects an algorithm Ã :( x, y) v, for representing a point on E p (a,b) as a real number v.ca makes Ã public. CA chooses a secret parameter n ca and makes P ca public, where P ca = n ca G. Step 3. For security class SC i,1 i m, it chooses its own secret key K i, 1 K i p -1, and a secret parameter ni, ni < n, firstly. It makes Pi public, where Pi = nig. Then it encrypts the point (K i,n i ) by adding kp ca to it and sends the pair of points {kg, (K i,n i ) + kp ca } to CA, where k is a positive integer selected randomly. Step 4. For each pair of points {kg, (K i,n i ) + kp ca },1 i m, CA multiples the first point by his secret parameter nca and subtracts the result from the second point to derive (K i,n i ). (K i ; n i ) + kpc a - nc a (kg)= (K i, n i )+ k(nc a G) nc a (kg)= (K i, n i ) Step 5. For security class SC i, 1 i m, CA constructs a polynomial H i (x) for him. H i (x)= x A n P K for all C i <C t Figure-1 H 1 (x)=nil, which means no other class has access to SC 1. H 2 (x)=(x- Ã(n 2 P 1 )+k 2. H 3 (x)=(x- Ã(n 3 P 1 )+k 3. H 4 (x)=(x- Ã(n 4 P 2 ))(x- Ã(n 4 P 1 ))+k 4 H 5 (x)=(x- Ã(n 5 P 2 ))(x- Ã(n 5 P 3 ))(x- Ã(n 5 P 1 ))+k 5. H 6 (x)=(x- Ã(n 6 P 3 ))(x- Ã(n 6 P 1 ))+k Key Derivation Algorithm- Assume user u i in the security class SC i wants to access the encrypted data held by user u j in one of his successor classes SC j, u i can derive the secret key K j of u j by the following steps: Step 1. Get the public parameters H j (x) and P j of u j. Step 2. Compute H j (Ã (n i P j ) and then K j can be obtained. Now suppose a user in SC 1 wants to derive the secret key K 4. Using his own secret parameter n 1 along with the public parameters H 4 (x) and P 4, he can derive the secret key K 4 by computing H 4 (Ã (n 1 P 4 )shown below. H 4 (Ã (n 1 P 4 ))=( Ã (n 1 P 4 - Ã(n 4 P 2 ))( Ã (n 1 P 4 - Ã(n 4 P 1 ))+k 4. =( Ã (n 1 P 4 - Ã(n 4 P 2 ))( Ã(n 1 n 4 G)- Ã(n 4 n 1 G))+k 4 =k Inserting new security class- 52

4 If a new security class SC a is inserted in to hierarchy such that SC i SC a SC j..ca will do following process to update the partial relationship to manage the accessing priority when SC a joins the hierarchy. Step-1 For security class SC a, it chooses its own secrete key K a,1 K a p-1,and a secrete parameter n a, n<n. It makes Pa public, where P a =n a G. Then it encrypts the point (K a,n a ) by adding KP ca to it and sends the pair of points {KG,(K a, n a )+KP ca )} to CA, where K is a positive integer selected randomly. Step-2 For pair of points {KG,(K a,n a )+KP ca )}, CA multiplies the first point by his secrete parameter n ca and subtracts the result from the second point to derive (K a,n a ) For pair of points {KG,(K 7,n 7 )+KP ca )}, CA multiplies the first point by his secrete parameter n ca and subtracts the result from the second point to derive (K 7,n 7 ) (K 7,n 7 )+KP ca -n ca KG=(k 7,n 7 ) + K(n ca G)- n ca (KG)=(K 7,n 7 ) Step-3 For security class SC 7,,CA constructs a polynomial H 7 (x) for him H 7 (x)= (x- Ã(n 7 P 1 ))+k 7. Step-4 Determine the public polynomial H 6 (x) by following equation H 6 (x)=(x- Ã(n 6 P 3 ))(x- Ã(n 6 P 1 ))(x- Ã(n 6 P 7 ))+k 6 (K a,n a )+KP ca -n ca KG=(k a,n a ) + K(n ca G)-n ca (KG)=(K a,n a ) Step-3 For security class SCa,,CA constructs a polynomial Ha(x) for him Ha(x)= x Ã n P ka for all j satisfying SCa<SCj and j a. Step-4 Determine the public polynomial Hi (x) by following equation Hi (x)= x Ã n P x Ã n P Where t is performed identical to eq-1 and for each SCj such that SCi SCa. Example- It assumes that a new security class SC 7 is inserted into the user hierarchy such that SC 6 SC 7 SC 1 in Fig.2. Afterward the information K 7,n 7,P 7,H 7 (x),h 6 (x) will generate the information by using following steps. Step-1. For security class SC 7, it chooses its own secrete key K 7,1 K 7 p-1,and a secrete parameter n 7, n 7 <n. It makes P 7 public, where P 7 =n 7 G. Then it encrypts the point (K 7,n 7 ) by adding KP ca to it and sends the pair of points {KG,(K 7, n 7 )+KP ca )} to CA, where K is a positive integer selected randomly. Step-2 Figure Deleting existing security class phases- Suppose that a security class SC a is to be removed from a user hierarchy such that the relationship SC i SC a SC j breaks up. Figure-3 Suppose there is an existing security class SC a and let it is to be removed from a user hierarchy, such that the relationship SC i SCa SC j breaks up then the corresponding key Ka and parameter na,pa are deleted. 53

5 The public polynomial Hi(x) for SCi will also be changed as follows- (x)= (. Example- It assumes that the existing security class SC 3 is removed from hierarchy as shown in figure-3. So the corresponding key K 3 and the parameter P 3,n 3 are deleted. The public polynomial H 5 (x) will be changed to H 5 (x) and H 6 (x) will be H 6 (6) H 5 (x)=(x- Ã(n 5 P 1 ))(x- Ã(n 5 P 2 ))+K 5. Figure-4 H 6 (x)=(x- Ã(n 6 P 1 ))+K 6 4. On the security of Jeng-Wang Scheme- However, the WWC-scheme still cannot resist another case of the exterior attack which is not discussed in [14]. Before we introducing this novel exterior attack, we must review the result of product by the following theorem: Theorem 1[2]: The product can be expanded as follows. 1, Where,, For instance, 1,, 4.1 Dynamic Exterior Attack When an illegal user wishes to access the security key of through the related public information when a new class joins the hierarchy. Consider the example as shown in the figure- 4.the public polynomial of is formed before joins the hierarchy. After joins the hierarchy the public polynomial are formed. and As and are public information, so any one can obtain that information. Therefore anyone can discover the secrete key from public information by the following equations. (1) (2) Therefore from equation-1 and equation-2 we can find out the coefficient of in is - and the coefficient of in is respectively. Therefore we can recover the information by subtracting coefficient of from the coefficient of. Then by putting in equation-2, we will find out the secrete key. Hence this proposed scheme is insecure when a new security class joins the hierarchy. 4.2 On the security of removing existing security class- Consider the example as shown in the figure-1, when the existing security class is removed from user hierarchy, the public polynomial of becomes and of becomes, whose equations are given below. (3) (4) 54

6 (5) (6) As all above information are public so anyone can get these information.by dynamic exterior attack, the attacker can easily obtain.where is the coefficient of in equation-4 and is the coefficient of in equation-3 respectively. Similarly the attacker can also obtain where and is the coefficient of in equation-5.thetefore it is feasible for the attacker to obtain the secrete key and with knowing the value and respectively. Hence the proposed scheme is insecure when an existing security class is removed from the hierarchy. 5 Conclusion In this paper we have shown that an illegal user can find out the secrete key when a new class joins or an existing security class is removed from the hierarchy in jengwang scheme. References [1] S. G. Akl and P. D. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems (TOCS), 1(3): , [2]Bruce Schneier Applied Cryptography Second edition Wiley publication [3] C. C. Chang, I. C. Lin, H. M. Tsai, and H. H.Wang. A Key Assignment Scheme for Controlling Access in Partially Ordered User Hierarchies. In Proceedings of 18th International Conference on Advanced Information Networking and Applications (AINA 04), volume 2, pages , [7] F. G. Jeng and C. M. Wang. An efficient key-management scheme for hierarchical access control based on elliptic curve cryptosystem. Journal of Systems and Software, 79(8): , [8] N. Koblitz. Elliptic Curves Cryptosystems. Mathematics of computation, 48: , [9] F. H. Kuo, V. R. L. Shen, T. S. Chen, and F. Lai. Cryptographic key assignment scheme for dynamic access control in a user hierarchy. Computers and Digital Techniques, IEE Proceedings, 146(5): , [10] C. H. Lin. Dynamic key management schemes for access control in a hierarchy. Computer Communications, 20(15): , [11] S.J. Mackinnon, P.D. Taylor, H. Meijer, and S.G. Akl. An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy. IEEE Transactions on Computers, 34(9): , [12] R.W. D. Nickalls. A new approach to solving the cubic: Cardan s solution revealed. The Mathematical Gazette, 77(480): , [13] V. L. R. Shen and T. S. Chen. A novel key management scheme based on discrete logarithms and polynomial interpolations. Computers & Security, 21(2): , [14] V. L. R. Shen, T. S. Chen, and F. Lai. Novel cryptographic key assignment scheme for dynamic access control in a hierarchy. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E80- A(10): , [15] W. Stallings. Cryptography and Network Security: Principles and Practices. Prentice Hall, 3rd edition, [16] H. M. Tsai and C. C. Chang. A cryptographic implementation for dynamic access control in a user hierarchy. Computers & Security, 14(2): , [4] Y. F. Chung, H. H. Lee, F. Lai, and T. S. Chen. Access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 178(1): , [5] H. Cohen. A course in computational algebraic number theory. Springer-Verlag, [6] L. Harn and H. Y. Lin. A cryptographic key generation scheme for multilevel data security. Computers & Security, 9(6): ,

Elliptic Curve Cryptography

Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE

IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE Mrs. Megha Kolhekar Assistant Professor, Department of Electronics and Telecommunication Engineering Fr. C. Rodrigues Institute of Technology,

Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

Cryptography and Network Security

Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS D. Sravana Kumar 1 CH. Suneetha 2 A. ChandrasekhAR 3 1 Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography

A New Credit Card Payment Scheme Using Mobile Phones Based on Visual Cryptography Chao-Wen Chan and Chih-Hao Lin Graduate School of Computer Science and Information Technology, National Taichung Institute

Elliptic Curves and Elliptic Curve Cryptography

Undergraduate Colloquium Series Elliptic Curves and Elliptic Curve Cryptography Amiee O Maley Amiee O Maley graduated Summa Cum Laude from Ball State in May 00 with a major in Mathematics. She is currently

A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

Cryptography: RSA and the discrete logarithm problem

Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

A New Generic Digital Signature Algorithm

Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

Elements of Applied Cryptography Public key encryption

Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10

with Embedding Degree 10 University of California, Berkeley, USA ANTS-VII, 2006 Outline 1 Introduction 2 The CM Method: The Basic Construction The CM Method: Generating Families of Curves 3 Outline 1 Introduction

ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

JUST THE MATHS UNIT NUMBER 1.8. ALGEBRA 8 (Polynomials) A.J.Hobson

JUST THE MATHS UNIT NUMBER 1.8 ALGEBRA 8 (Polynomials) by A.J.Hobson 1.8.1 The factor theorem 1.8.2 Application to quadratic and cubic expressions 1.8.3 Cubic equations 1.8.4 Long division of polynomials

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

The Mathematics of RSA

The Mathematics of RSA Dimitri Papaioannou May 24, 2007 1 Introduction Cryptographic systems come in two flavors. Symmetric or Private key encryption and Asymmetric or Public key encryption. Strictly speaking,

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

Mathematics of Cryptography

CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

MODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction.

MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on

Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

Multilevel Access Control in a MANET for a Defense Messaging system using Elliptic Curve Cryptography

Multilevel Access Control in a MANET for a Defense Messaging system using Elliptic Curve Cryptography J. Nafeesa Begum nafeesa_jeddy@yahoo.com Sr.Lecturer/CSE Government College of Engineering,Bargur Krishnagiri

Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

Session Initiation Protocol Attacks and Challenges

2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

City Research Online. Permanent City Research Online URL: http://openaccess.city.ac.uk/2499/

Komninos, N., Tselikis, C. & Douligeris, C. (2013). SAnoVs: Secure Anonymous Voting Scheme for clustered ad hoc networks. Paper presented at the 18th IEEE Symposium on Computers and Communication (ISCC

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

Outline. Cryptography. Bret Benesh. Math 331

Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

Introduction to Computer Security

Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors

Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

Public Key Cryptography Overview

Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

SFWR ENG 4C03 - Computer Networks & Computer Security

KEY MANAGEMENT SFWR ENG 4C03 - Computer Networks & Computer Security Researcher: Jayesh Patel Student No. 9909040 Revised: April 4, 2005 Introduction Key management deals with the secure generation, distribution,

Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

Computer Security: Principles and Practice

Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

Analyzing the Point Multiplication Operation of Elliptic Curve Cryptosystem over Prime Field for Parallel Processing

322 The International Arab Journal of Information Technology, Vol. 11, No. 4, July 2014 Analyzing the Point Multiplication Operation of Elliptic Curve Cryptosystem over Prime Field for Parallel Processing

A new probabilistic public key algorithm based on elliptic logarithms

A new probabilistic public key algorithm based on elliptic logarithms Afonso Comba de Araujo Neto, Raul Fernando Weber 1 Instituto de Informática Universidade Federal do Rio Grande do Sul (UFRGS) Caixa

Public Key (asymmetric) Cryptography

Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

One-Way Encryption and Message Authentication

One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School

Implementing Network Security Protocols

Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu

Improvement of digital signature with message recovery using self-certified public keys and its variants

Applied Mathematics and Computation 159 (2004) 391 399 www.elsevier.com/locate/amc Improvement of digital signature with message recovery using self-certified public keys and its variants Zuhua Shao Department

Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves

Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves Billy Bob Brumley Helsinki University of Technology Laboratory for Theoretical Computer Science billy.brumley@hut.fi Abstract Self-Certified

Breaking An Identity-Based Encryption Scheme based on DHIES

Breaking An Identity-Based Encryption Scheme based on DHIES Martin R. Albrecht 1 Kenneth G. Paterson 2 1 SALSA Project - INRIA, UPMC, Univ Paris 06 2 Information Security Group, Royal Holloway, University

An Approach to Shorten Digital Signature Length

Computer Science Journal of Moldova, vol.14, no.342, 2006 An Approach to Shorten Digital Signature Length Nikolay A. Moldovyan Abstract A new method is proposed to design short signature schemes based

Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

= 2 + 1 2 2 = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Instructions. Answer each of the questions on your own paper, and be sure to show your work so that partial credit can be adequately assessed. Credit will not be given for answers (even correct ones) without

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

Introduction. Digital Signature

Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

Pertinent Side Channel Attacks on Elliptic Curve Cryptographic Systems

Pertinent Side Channel Attacks on Elliptic Curve Cryptographic Systems Stanford University CS259c/MATH250: Elliptic Curves in Cryptography December 15, 2011 1 Introduction Elliptic curve cryptosystems

Problem Set 7 - Fall 2008 Due Tuesday, Oct. 28 at 1:00

18.781 Problem Set 7 - Fall 2008 Due Tuesday, Oct. 28 at 1:00 Throughout this assignment, f(x) always denotes a polynomial with integer coefficients. 1. (a) Show that e 32 (3) = 8, and write down a list

A novel deniable authentication protocol using generalized ElGamal signature scheme

Information Sciences 177 (2007) 1376 1381 www.elsevier.com/locate/ins A novel deniable authentication protocol using generalized ElGamal signature scheme Wei-Bin Lee a, Chia-Chun Wu a, Woei-Jiunn Tsaur

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS

COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS IGOR V. EROVENKO AND B. SURY ABSTRACT. We compute commutativity degrees of wreath products A B of finite abelian groups A and B. When B

CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

Galois Fields and Hardware Design

Galois Fields and Hardware Design Construction of Galois Fields, Basic Properties, Uniqueness, Containment, Closure, Polynomial Functions over Galois Fields Priyank Kalla Associate Professor Electrical

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

Lecture 9: Application of Cryptography

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

Short Programs for functions on Curves

Short Programs for functions on Curves Victor S. Miller Exploratory Computer Science IBM, Thomas J. Watson Research Center Yorktown Heights, NY 10598 May 6, 1986 Abstract The problem of deducing a function

The Journal of Systems and Software

The Journal of Systems and Software 82 (2009) 789 793 Contents lists available at ScienceDirect The Journal of Systems and Software journal homepage: www.elsevier.com/locate/jss Design of DL-based certificateless

Lecture 6 - Cryptography

Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm

The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm Maria D. Kelly December 7, 2009 Abstract The RSA algorithm, developed in 1977 by Rivest, Shamir, and Adlemen, is an algorithm

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

Applications of Fermat s Little Theorem and Congruences

Applications of Fermat s Little Theorem and Congruences Definition: Let m be a positive integer. Then integers a and b are congruent modulo m, denoted by a b mod m, if m (a b). Example: 3 1 mod 2, 6 4

Digital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015

Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice THIRD EDITION William Stallings Prentice Hall Pearson Education International CONTENTS CHAPTER 1 OVERVIEW 1 1.1 1.2 1.3 1.4 1.5 1.6 PART ONE CHAPTER

Cryptanalysis of and improvement on the Hwang Chen multi-proxy multi-signature schemes

Applied Mathematics and Computation 167 (2005) 729 739 www.elsevier.com/locate/amc Cryptanalysis of and improvement on the Hwang Chen multi-proxy multi-signature schemes Yuh-Dauh Lyuu a,b,1, Ming-Luen

Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

LUC: A New Public Key System

LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this