Asymmetric Encryption



Similar documents
Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Lecture 3 Programming with OpenSSL

The Mathematics of the RSA Public-Key Cryptosystem

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Elements of Applied Cryptography Public key encryption

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Computer Security: Principles and Practice

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CS Computer Security Third topic: Crypto Support Sys

Cryptography and Network Security Chapter 10

CRYPTOGRAPHY IN NETWORK SECURITY

Practice Questions. CS161 Computer Security, Fall 2008

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

IT Networks & Security CERT Luncheon Series: Cryptography

Cryptography and Network Security

CS 758: Cryptography / Network Security

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Lukasz Pater CMMS Administrator and Developer

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Package PKI. July 28, 2015

A Factoring and Discrete Logarithm based Cryptosystem

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Notes on Network Security Prof. Hemant K. Soni

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Lecture 6 - Cryptography

Public Key Cryptography Overview

Symmetric and Public-key Crypto Due April , 11:59PM

2. Cryptography 2.4 Digital Signatures

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Package PKI. February 20, 2013

Lecture 17: Re-encryption

Advanced Cryptography

7! Cryptographic Techniques! A Brief Introduction

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Lecture 9: Application of Cryptography

Cryptography and Network Security Chapter 9

Chapter 10. Network Security

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890

CSCE 465 Computer & Network Security

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

A Java implementation of the Elliptic Curve Integrated Encryption Scheme

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version , October 22, 2012

Cryptography & Digital Signatures

A SOFTWARE COMPARISON OF RSA AND ECC

National Security Agency Perspective on Key Management

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Overview of Public-Key Cryptography

PGP - Pretty Good Privacy

Performance Investigations. Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015

Authentication requirement Authentication function MAC Hash function Security of

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

Symmetric Key cryptosystem

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Cryptography and Network Security Chapter 15

Chapter 17. Transport-Level Security

VoteID 2011 Internet Voting System with Cast as Intended Verification

Symmetric Mechanisms for Authentication in IDRP

Kleptography: The unbearable lightness of being mistrustful

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Apple Cryptographic Service Provider Functional Specification

Encryption Libraries

Public Key (asymmetric) Cryptography

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

CIS 5371 Cryptography. 8. Encryption --

Waspmote Encryption Libraries. Programming guide

Network Security Technology Network Management

Paillier Threshold Encryption Toolbox

AWS Encryption SDK. Developer Guide

Recommendation for Cryptographic Key Generation

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Center for Internet Security. INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO

Shor s algorithm and secret sharing

Cryptography and Network Security: Summary

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.


ETSI TS V1.2.1 ( )

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Table of Contents. Bibliografische Informationen digitalisiert durch

An Efficient data storage security algorithm using RSA Algorithm

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

An Introduction to Cryptography as Applied to the Smart Grid

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

EXAM questions for the course TTM Information Security May Part 1

EDA385 Embedded Systems Design. Advanced Course

Network Security. Omer Rana

A Survey of the Elliptic Curve Integrated Encryption Scheme

The application of prime numbers to RSA encryption

Transcription:

Asymmetric Encryption

logical representation: Asymmetric Cryptography plaintext plaintext kpub E kpub () kprv E kprv () ciphertext ciphertext kprv E -1 kprv () kpub E -1 kpub () used in digital envelope plaintext used in digital signature plaintext An asymmetric cryptosystem uses two keys, one of which is private, the other public. It usually provides for four operations (apart from key generation): public encryption (E kpub ), private decryption (E -1 ), private encryption (E ), public kprv kprv decryption (E -1 ). The public encryption is undone by the private decryption. kpub These two operations are used in the digital envelope technique. The private encryption is undone by the public decryption. These two operations are used in the digital signature technique.

Asymmetric Cryptography Asymmetric keys are not simple bit strings like symmetric keys, but they have a composite structure. For example, this is the (low-level) data structure for RSA keys in OpenSSL: 1 2 3 4 5 6 7 8 9 10 11 typedef struct { BIGNUM *n; // public modulus BIGNUM *e; // public exponent BIGNUM *d; // private exponent BIGNUM *p; // secret prime factor BIGNUM *q; // secret prime factor BIGNUM *dmp1; // d mod (p-1) BIGNUM *dmq1; // d mod (q-1) BIGNUM *iqmp; // q^-1 mod p //... }RSA; public key private key An asymmetric key is not a simple string of bits like a symmetric key, but it has an internal structure. This slide shows how an RSA public/private key is internally represented in OpenSSL. The first two BIGNUM's represent the public key: the modulus n, and the public exponent e. All the BIGNUM's together represent the private key, in particular the private exponent d. We will not deal with this data structure, as we will use the high-level OpenSSL API (#include<openssl/evp.h>).

Asymmetric Cryptography RSA (Rivest-Shamir-Adleman): Based on NP-hardness of the factorization problem, Quite simple math, Very famous, TOP SECRET security requires very long keys (7680 bits), which are very inefficient. EC (Elliptic Curve): Based on NP-hardness of the discrete logarithm problem, Not-so-simple to implement, Reaches the same security of RSA with: shorter keys, more efficiency in key generation, more efficiency in encryption operations, TOP SECRET security requires short keys (384 bits), which are efficient. The most famous and widespread asymmetric cryptosystems are RSA and EC. RSA (Rivest-Shamir-Adleman, from the names of its inventors) is the oldest and most famous one. It is based on the NP-hardness of the factorization problem. RSA is very famous because it is quite simple to understand and implement. It is widespread in many applications. However, to obtain high levels of security it requires very long keys (the length of an RSA key is given by the number of bits of the modulus), and the encryption/decryption operations are inefficient. RSA cryptosystem is nowadays technologically obsolete, surpassed by Elliptic Curve cryptography (EC). EC gives the same security of RSA with far shorter keys. It is based on the NP-hardness of the discrete logarithm problem. An inefficient 7680-bit RSA key is equivalent to an efficient 384-bit EC key.

Elliptic Curve Cryptography RSA key length Equivalent EC key length* NIST** curve name OpenSSL*** curve name Effective strength Recommend ation 1536 bits 192 bits P-192 prime192v1 96 bits Low security 2048 bits 224 bits P-224 secp224r1 112 bits Medium security 3072 bits 256 bits P-256 prime256v1 128 bits Good security 7680 bits 384 bits P-384 secp384r1 192 bits TOP SECRET security**** * The RSA/EC security equivalence is taken from SEGC official documents. ** National Institute of Standards and Technology. *** Supported by OpenSSL 1.0.1k. **** Elliptic curve P-384 is recommended by NSA for TOP SECRET documents. This table shows the security equivalence between RSA and EC keys and the correspondent effective strength, as reported by SECG. SECG is an industry consortium to develop cryptography standards. It is not straightforward to determine the effective strength of an RSA key, since the complexity of the factorization problem is not easy to compute. A heuristic formula (elaborated from RFC3766) is: strength = -5.64 + 2.77*cubrt(len*ln(2)*(ln(len*ln(2))) 2 ), where len is the length of the key (i.e. of the modulus) in bits, cubrt() indicates the cube root, ln() indicates the natural logarithm, and strength is the effective strength (in bits). This formula applies for Diffie-Hellman as well, to compute the effective strength given the modulus' length in bits. The effective strength of an EC key is always half the key length (e.g. 160-bit keys give 80-bit strength). This is because the best known algorithms for solving discrete logarithm run in 2 (len/2) time, where len is the length of the key in bits. When creating an EC key pair, it is necessary to specify the curve name, which comprises also the length of the key. Common curves are P-256 (named prime256v1 in OpenSSL) and P-384 (named secp384r1 in OpenSSL).

Digital Envelope Digital envelope encrypts a message in such a way that only who knows a particular private key can open it (no pre-shared secrets). A simple method is to encrypt the whole message with the public key of the recipient. A better method is the encrypt the message with a symmetric key, and then encrypt the symmetric key with the public key of the recipient. PRNG k message E k () E kpub () kpub envelope The digital envelope technique encrypts a message in such a way that only who knows a particular private key can decrypt it. In contrast to symmetric encryption, no pre-shared secret is needed. A straightforward way to do that is to encrypt the whole message with the public key of the recipient. This is very inefficient, because symmetric encryption is extremely slow compared to symmetric one. A better solution is to encrypt the whole message with a randomly generated symmetric key, and then encrypt only the symmetric key with the public key.

Multi-Addressed Digital Envelope Encrypt the symmetric key with multiple public keys, one for each recipient. PRNG k message Bob's kpub Carol's kpub E k () E kpub () E kpub ()... envelope Digital envelope can also be multi-addressed, in case we want to send the same confidential message to several recipients. This is done by encrypting the symmetric key with the public key of each recipient.

Key Pair Generation Tools for RSA keys generation: openssl genrsa -out rsa_privkey.pem 1024 Generates an RSA private key. openssl rsa -pubout -in rsa_privkey.pem -out rsa_pubkey.pem Extracts the public key from an RSA private key. Tools for EC keys generation: openssl ecparam -genkey -name prime256v1 -out ec_privkey.pem Generates an EC private key. openssl ec -pubout -in ec_privkey.pem -out ec_pubkey.pem Extracts the public key from an EC private key. These are the OpenSSL command-line tools to create a private key and to extract the public key from a private key (both RSA and EC). All the keys are saved in PEM-format files.

PEM Format PEM (Privacy-Enhanced Mail) is a textual standard for storing cryptographic material. Public RSA/EC keys, Private RSA/EC keys, Diffie-Hellman parameters, Certificates, Etc. Example of 1024-bit RSA public key in PEM format: 1 2 3 4 5 6 -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDerpZiO7yI0Gp7i+EathC74vXv heri18e3isbvc0omo/06cpbz+8+kvmsoxsrxkz12cbdrkyhobo+0llpz2pzxx1gl qfpmddnulznaxryh/utcuzl5vlq2rmyq4yez1ha6gnfw/5m9me97heyy4gogljaq zx52ol6c/thpdwqecqidaqab -----END PUBLIC KEY----- PEM (Privacy-Enhanced Mail) is a 1993 IETF standard for securing email communications using asymmetric cryptography. It became obsolete once PGP has been published, but the correspondent file format became widespread. The PEM format is a textual one, in which cryptographic quantities are surrounded by tags, for example -----BEGIN PUBLIC KEY-----, -----END PUBLIC KEY-----. It can contain public or private keys (both RSA and EC), digital certificates, Diffie- Hellman parameters, and so on. Another common format is DER, which is a binary format.

OpenSSL API for Asymmetric Cryptography #include <openssl/evp.h> High-level OpenSSL API functions (among which EVP_PKEY) EVP_PKEY (data structure) It represents a public key or a private key (both RSA and EC cryptosystems) EVP_PKEY* EVP_PKEY_new(); Allocates an EVP_PKEY. void EVP_PKEY_free(EVP_PKEY* key); Deallocates an EVP_PKEY. int EVP_PKEY_size(EVP_PKEY* key); Returns the maximum size of an encrypted symmetric key (useful for allocating buffers). An EVP_PKEY data structure represents a private or public key (both RSA or EC). These API functions allocate and deallocate an EVP_PKEY data structure.

OpenSSL API for PEM format #include <openssl/pem.h> API functions for reading/writing PEM-format files. EVP_PKEY* PEM_read_PrivateKey(FILE* fp, NULL, NULL, NULL); Allocates a private key and loads it from a PEM file (RSA or EC). fp File where to read (opened with fopen()) It returns the EVP_PKEY structure (or NULL if error). EVP_PKEY* PEM_read_PUBKEY(FILE* fp, NULL, NULL, NULL); Allocates a public key and loads it from a PEM file (RSA or EC). fp File where to read (opened with fopen()) It returns the EVP_PKEY structure (or NULL if error). These API functions allocate and load a public or private key (both RSA and EC) from a PEM-format file.

OpenSSL API for Digital Envelope int EVP_SealInit(EVP_CIPHER_CTX* ctx, const EVP_CIPHER* type, unsigned char** ek, int* ekl, unsigned char* iv, EVP_PKEY** pubk, int npubk); Initializes a context for (multi-addressed) digital envelope. It also generates the symmetric key for encryption and a random IV (the PRNG must be seeded). ctx (input/output) The context for digital envelope. type (input) The symmetric cipher to use. ek[0] (output) The encrypted symmetric key. In case of muld-addressed envelope, the other encrypted symmetric keys are stored in ek[1], ek[2], etc.) ekl (output) The length of the encrypted symmetric key(s). iv (output) The generated inidalizadon vector. pubk[0] (input) The public key. In case of muld-addressed envelope, the other public keys are pubk[1], pubk[2], etc. npubk (input) The number of public keys (1 if single-address envelope, >1 if multi-address envelope). Returns 0 on error, non-0 on success. This API function initializes a context for (multi-addressed) digital envelope. It takes as input one (or more) public key(s) and returns as output the encrypted text and the encrypted symmetric key. It contextually generates a random symmetric key and an initialization vector, so the PRNG must be seeded properly. The buffer ek[0] must accommodate at least EVP_PKEY_size(pubk[0]) bytes. The buffer iv must accommodate at least EVP_CIPHER_iv_length(type) bytes. Remember that the cipher context must be previously allocated with malloc() and EVP_CIPHER_CTX_init(), and finally deallocated with EVP_CIPHER_CTX_cleanup() and free(). Note: EVP_SealInit() and all the OpenSSL API functions for digital envelope support ONLY RSA cryptosystem. Although digital envelope technique based on EC is technologically possible (cfr. the standard ECIES: Elliptic-Curve Integrated Encryption Scheme), it is NOT implemented by OpenSSL (version 1.0.1k).

OpenSSL API for Digital Envelope int EVP_SealUpdate(EVP_CIPHER_CTX* ctx, unsigned char* out, int* outl, unsigned char* in, int inl); Updates a context for digital envelope. ctx (input/output) The context. out, outl (output) Output fragment. in, inl (input) Input fragment. Returns 0 on error, non-0 on success. int EVP_SealFinal(EVP_CIPHER_CTX* ctx, unsigned char* out, int* outl); Finalizes a context for digital envelope. ctx (input/output) The context. out, outl (output) Final output fragment. Returns 0 on error, non-0 on success. These API functions update and finalize a digital envelope context. They act in a similar manner to EVP_EncryptUpdate() and EVP_EncryptFinal().

OpenSSL API for Digital Envelope int EVP_OpenInit(EVP_CIPHER_CTX* ctx, EVP_CIPHER* type, unsigned char* ek, int ekl, unsigned char* iv, EVP_PKEY* priv); Initializes a context for digital envelope decryption. ctx (input/output) The context for digital envelope decrypdon. type (input) The symmetric cipher to use. ek (input) The encrypted symmetric key. ekl (input) The length of the encrypted symmetric key. iv (input) The inidalizadon vector (or NULL). priv (input) The private key. Returns 0 on error, non-0 on success. This API function initializes a context for envelope decryption. It takes as input a private key and an encrypted symmetric key. Remember that the cipher context must be previously allocated with malloc() and EVP_CIPHER_CTX_init(), and finally deallocated with EVP_CIPHER_CTX_cleanup() and free().

OpenSSL API for Digital Envelope int EVP_OpenUpdate(EVP_CIPHER_CTX* ctx, unsigned char* out, int* outl, unsigned char* in, int inl); Updates a context for digital envelope decryption. ctx (input/output) The context. out, outl (output) Output fragment. in, inl (input) Input fragment. Returns 0 on error, non-0 on success. int EVP_OpenFinal(EVP_CIPHER_CTX* ctx, unsigned char* out, int* outl); Finalizes a context for digital envelope decryption. ctx (input/output) The context. out, outl (output) Final output fragment. Returns 0 on error, non-0 on success. These API functions update and finalize an envelope decryption context. They act in a similar manner to EVP_DecryptUpdate() and EVP_DecryptFinal().

Final Exercise On the server, generate a pair of 1024-bit RSA keys, by using OpenSSL command-line tools. Give the public key to the client. The client reads a file, envelopes it with the server's public key (DES in CBC), and sends to the server: the encrypted symmetric key, the initialization vector, the ciphertext. The server decrypts the message and saves it on a local file.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information