cryptography readings

cryptography cryptography ReadingsReadings

Encryption, Decryption, & Digital Certificates

RRIVESTIVESTSSHAMIRHAMIRAADLEMANDLEMAN

ProblemExchanging Key for encryption securelySigning a message (proving the true-party sent it)

Solution (confidentiality)M^e mod n = Ciphertext

n = (p * q) where p & q are 2 very large ‘random’ prime numberse is derived from p and q

C^d mod n = Md is derived from p and q

Anyone can know (e,n)d must be secret

Solution (signing)S = DB(M) (D = decrypt with private key = encrypt plaintext with private key)E(S) = EA(S) (EA = Encrypt with public)

S = DA(E(S) M = EB(S)

Requirements For RSA Requirements For RSA to be Secureto be Secure

You can decrypt an encrypted message back to its original plaintext.

Encryption for Confidentiality

Both the public (e) and private (d) keys are easy to compute.

By making the (e) key public, there is no easy way to compute (d).

You can encrypt a decrypted message back to its original plaintext.

Encryption for Authentication (Integrity)

PROBLEMPROBLEMHow do you exchange the key(s) necessary for encryption?Solution:

Diffie-Hellman math – don’t ask me to explainRequirements:p and q

Two random very large numbers 100’s of digits long or longern = p * q

if p and q are sufficiently large it is almost impossible to factor n and come up with p and q; thus almost impossible to determine d!

d = private key; derived from p and q (see wikipedia)e = public key; derived from p and q (see wikipedia)

THE MATHTHE MATHPlaintext Message = M

Convert PlainText to number (binary) = M

M^e (mod n) = CipherText(C)

e and n are publicly known, either sent to party for communication or stored publicly (CA’s)

C^d (mod n) = M

An ExampleAn Example

Its all about key sizeIts all about key size

Digits# of

Operations

Time*

501.4 x

10^103.9 hours

759.0 x

10^12104 days

1002.3 x

10^1574 years

2001.2 x

10^233.8 x 10^9 years

3001.5 x

10^294.9 x 10^15 years

5001.3 x

10^394.2 x 10^25 years

* 1 operation = 1 microsecond (1 millionth of a

second)

WEAKEST LINK WEAKEST LINK FAILUREFAILURE

What is the weakest link in RSA?

FEBRUARY 2012FEBRUARY 2012What did security researchers allege?

Were they right?

What is a Pseudo-Random Number Generator?

What size keys should be in use today?

Digital Certificates & Digital Certificates & SSL/TLSSSL/TLS

What does SSL/TLS What does SSL/TLS Assure?Assure?

Encrypted message between browser and server

Authentication of server

Depends on.....

What are root certificate authorities?

How are they used?

Can the system be made more secure? If so, How?

Using Certificates to Using Certificates to Authenticate SoftwareAuthenticate Software