Information and Network Security (2170709)

4th Year B.E. (Information Technology) A.Y. 2019-20 Semester: 1

Topics Covered
Public Key Cryptography and RSA

Adapted From
William Stallings, 4th Edition, “Cryptography and Network Security”

Prof. Nirav M. Raja

Assistant Professor, Department of Information Technology,
G H Patel College of Engineering and Technology (GCET),
Vallabh Vidyanagar, Anand, Gujarat, INDIA
Public Key Encryption
 Attacks two of the most difficult problems associated with
symmetric encryption.
1. Key distribution under symmetric encryption requires
either;
• Two communicants already share a key, which
somehow has been distributed to them.
• The use of a key distribution centre.
2. Digital signatures

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

Public Key Cryptosystem
 Rely on one key for encryption and a different but related key
for decryption.
 Important characteristic:
• It is computationally infeasible to determine the
decryption key given only knowledge of the cryptographic
algorithm and the encryption key.
• Either of the two related keys can be used for encryption,
with the other used for decryption.
 Six Ingredients:
Plaintext, Encryption Algorithm, Public and Private Keys,
Ciphertext, Decryption algorithm.
Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption
Public Key Cryptosystem

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

Public Key Cryptosystem
 Keys never needs to be distributed.
 As long as a user's private key remains protected and
secret, incoming communication is secure.
 Easy change of key.

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

Public Key Cryptosystem
Public-Key Cryptosystem: Secrecy

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

Public Key Cryptosystem
Public-Key Cryptosystem: Authentication

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

Public Key Cryptosystem
Public-Key Cryptosystem: Authentication and Secrecy

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

Public Key Cryptosystem
Application
 Encryption/decryption
 Digital signature
 Key Exchange

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

The RSA Algorithm
Application
 Rivest-Shamir-Adleman (RSA) scheme developed in 1977.
 Most widely accepted and implemented general-purpose
approach to public-key encryption.
 Block cipher in which the plaintext and ciphertext are
integers between 0 and (n – 1) for some n.
 A typical size for n is 1024 bits, or 309 decimal digits.

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

The RSA Algorithm

 Both sender and receiver must know the value of n.

 The sender knows the value of e, only the receiver knows the
value of d.
 Public key, PU = {e, n} and Private key, PR = {d, n}.

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

The RSA Algorithm

 e and d are multiplicative inverses modulo Ø(n), where Ø(n)

is the Euler Phi function.
 The relationship between e and d can be expressed as

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

The RSA Algorithm

p,q, two prime numbers (private, chosen)

n = pq (public, calculated)
e, with gcd(Ø(n),e) = 1;1 < e < Ø (n) (public, chosen)
d Ξ e -1 (mod f(n)) (private, calculated)
Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption
The RSA Algorithm

Prof. Nirav M. Raja, IT Department, GCET Public Key Encryption

Key Management
 One of the major roles of public-key encryption has been to
address the problem of key distribution.
 Two distinct aspects to the use of public-key cryptography
1. The distribution of public keys.
2. The use of public-key encryption to distribute secret keys.

Prof. Nirav M. Raja, IT Department, GCET Key management

Key Management

The distribution of
public keys.

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
 Several techniques;
1. Public Announcement
2. Publicly Available Directory
3. Public-Key Authority
4. Public-Key Certificates

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
1. Public Announcement:
 Public key is public.

 Weakness:
Anyone can forge such a public announcement.

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
2. Publicly Available Directory:

 Publicly available dynamic directory of public keys.

 Maintenance and distribution by some trusted entity or
organization.
Prof. Nirav M. Raja, IT Department, GCET Key management
The distribution of public keys
2. Publicly Available Directory:
 Required Elements:
1. The authority maintains a directory with a {name, public
key} entry for each participant.
2. Registration of each participants, in person or by some
form of secure authenticated communication.
3. Easy replacement of existing keys at any time.
4. Participants could also access the directory electronically
provided with necessary security measures.

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
2. Publicly Available Directory:
 Provide a greater degree of security compare to previous
scheme.
 Vulnerabilities:
• An adversary can impersonate any participant and
eavesdrop on messages sent to any participant.
• The adversary to tamper with the records kept by
the authority.

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
3. Publicly Key Authority:
 Tighter control over the distribution of public keys from
the directory.
 Central authority maintains a dynamic directory of
public keys of all participants.
 Each participant reliably knows a public key for the
authority.
 Only the authority knowing the corresponding private
key.
 Total of seven messages are required.
 Initial four messages need be used only infrequently.
Prof. Nirav M. Raja, IT Department, GCET Key management
The distribution of public keys
3. Publicly Key Authority:

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
4. Publicly Key Certificates:
 Public-key authority could be somewhat of a bottleneck in
last scheme.
 An alternative approach is to use certificates.
 Used by participants to exchange keys.
 As reliable as if the keys were obtained directly from a public-
key authority
 A certificate consists of a public key plus an identifier of the
key owner, with the whole block signed by a trusted third
party.
Prof. Nirav M. Raja, IT Department, GCET Key management
The distribution of public keys
4. Publicly Key Certificates:
 Requirements
1. Any participant can read a certificate to determine the name
and public key of the certificate's owner.
2. Any participant can verify that the certificate originated from
the certificate authority and is not counterfeit.

3. Only the certificate authority can create and update

certificates.

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
4. Publicly Key Certificates:

Prof. Nirav M. Raja, IT Department, GCET Key management

The distribution of public keys
4. Publicly Key Certificates:
 The timestamp serves as something like an expiration
date.
 Application:
• X.509 certificates are used in most network security
applications, including IP security, secure sockets
layer (SSL), secure electronic transactions (SET), and
S/MIME.

Prof. Nirav M. Raja, IT Department, GCET Key management

Key Management

Distribution of Secret Keys

Using Public-Key
Cryptography.

Prof. Nirav M. Raja, IT Department, GCET Key management

Distribution of Secret Keys Using Public-Key Crypto.
 Once public keys have been distributed or have become
accessible, secure communication that thwarts
eavesdropping, tampering or both is possible.
 Provides the distribution of secret keys.
 Schemes:
1. Simple Secret Key Distribution
2. Secret Key Distribution with Confidentiality and
Authentication
3. A Hybrid Scheme

Prof. Nirav M. Raja, IT Department, GCET Key management

Distribution of Secret Keys Using Public-Key Crypto.
1. Simple Secret Key Distribution
 A wishes to communicate with B.

Steps:
1. A generates a public/private key pair {PUa, PRa} and
transmits a message to B consisting of PUa and an
identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to A,
encrypted with A's public key.
Prof. Nirav M. Raja, IT Department, GCET Key management
Distribution of Secret Keys Using Public-Key Crypto.
1. Simple Secret Key Distribution
 A wishes to communicate with B.

Steps:
3. A recover the secret key. Because only A can decrypt
the message, only A and B will know the identity of Ks.
4. A discards PUa and PRa and B discards PUa.

Prof. Nirav M. Raja, IT Department, GCET Key management

Distribution of Secret Keys Using Public-Key Crypto.
1. Simple Secret Key Distribution
 Despite its simplicity, this is an attractive protocol.
 Insecure against an adversary who can intercept
messages and then either relay the intercepted message
or substitute another message.
 Known as a man-in-the-middle attack.
 Adversary can decrypt all messages, and both A and B are
unaware of the problem.
 This protocol is only useful in an environment where the
only threat is eavesdropping.

Prof. Nirav M. Raja, IT Department, GCET Key management

Distribution of Secret Keys Using Public-Key Crypto.
2. Secret Key Distribution with Confidentiality and Authentication
 Provides protection against both active and passive attacks.
 A and B have exchanged public keys.

 This scheme ensures both confidentiality and authentication

in the exchange of a secret key.
Prof. Nirav M. Raja, IT Department, GCET Key management
Distribution of Secret Keys Using Public-Key Crypto.
3. Hybrid Scheme
 Retains the use of a key distribution centre (KDC).
 KDC shares a secret master key with each user.
 Distribution of secret session keys using master key.
 Public key schemes for distribution of the master keys.
 Advantages:
• Performance
• Backward compatibility

Prof. Nirav M. Raja, IT Department, GCET Key management