Show Menu
Cheatography

ab Cheat Sheet (DRAFT) by

Asymmetric techniques in Network Security

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Asymmetric Encryption

Uses public­­pr­ivate key pair
Each user generates a pair of public and private keys
Public Key is known to everyone and is used to encrypt data
Private Key is only known to the key owner and used for decryption

Used in 3 categories

–Encry­pti­on/­Dec­ryption (provide secrecy)
–Digital signatures (provide authen­tic­ation)
–Key exchange (of session keys)

Diffie­-He­llman key exchange

First public-key type scheme
Proposed by Diffie & Hellman in 1976
A practical method for public exchange of a secret key
Cannot be used to exchange an arbitrary message
Security relies on the difficulty of computing discrete logarithms

Diffie­-He­llman algorithm

q
prime number
α
α<q ,α primitive root of q
User A
Select PR=Xa
Xa<q
Calculate PU=Ya
Ya=α^Xa mod q
User B
Select PR=Xb
Xb<q
Calculate PU=Yb
Yb=α^Xb mod q
Secret key calcul­ation
User A
K=(Yb)^Xa mod q
User B
K=(Ya)^Xb mod q

Disa­dva­nta­ges

Cannot be used for asymmetric key exchanges
Man-in­-th­e-A­ttack

ElGamm­al-­Cry­pto­system

Presented in 1984 by Tather Elgammal
Used for encrypting messages
Based on discrete lagari­thmic problem
Disadv­antages
Decryption is slow
Duplicates message length by factor of two during encryption

ElGammal algorithm

Select large prime
q
Select
p , p is primitive root of q
User A
Choose private key
Xa , 1 < Xa < q-1
Compute public key
Ya=p^Xa mod q
Similarly User B calculates Xb and Yb
Encryption from A
Message M
0<=­M<=q-1
Choose k
1<=­k<=q-1
Compute
K=Ya^k mod q
Compute
C1=p^k mod q
Compute
C2=KM mod q
---Cip­her­tex­t(C­1,C2)
Decryption from B
Recover key
K=C1^Xa mod q
Compute message
M=C2*K-1 mod q

RSA

Uses large integers (eg.1024 bits)
 

RSA key generation

Select two large primes p and q
p not equal to q
Calculate
n<--p*q
Calculate
O(n)<-­-(p­-1)­*(q-1)
Select e
1<e­<O(n) and e is coprime to O(n)
Calculate
d<-­-e^­-1mod O(n)
Public key
PU={e,n}
Private key
PR={d,n}
Encryption
Plaintext
M<n
Ciphertext
C=M^e(mod n)
Decryption
Plaintext
C
Ciphertext
M=C^d(mod n)

Key Distri­bution Techniques

Means of delivering key to two parties who wish to commun­icate
For symmetric encryption to work,two parties must exchange the same key
Public-key crypto­systems are mostly used to encrypt secret keys
Frequent key exchanges are desirable to limit the amount of data compro­mised
The strength of any crypto­graphic system relys on key distri­bution technique

Advantages and Disadv­antages

Hard to crack since it involves factor­ization of prime numbers
Can be very slow in cases where large data needs to be encrypted
Man-in­-th­e-M­iddle attack

Key Distri­bution Models

Model 1
A->B
PUa||IDa
B->A
E(PUa,ks)
-Ensures confid­ent­iality but not authen­tic­ation
-Vulne­rable to man-in­-th­e-m­iddle attack
Model 2
A->B
E(PUb,­[N1­||IDa])
B->A
E(PUa,­[N1­||N2])
A->B
E(PUa,N2)
A->B
E(PUb,­E(P­Ra,Ks))
-ensures both confid­ent­iality and authen­tic­ation

Distri­bution of public keys:

Public announ­cement
Feeding in a Publicly available directory
-Both vulnerable to forger­y(a­nyone can claim to be someone)
Public Key Authority
-A trusted third party(KDC)
-Provides session keys to users who wish to commun­icate
-Requires users to be registered
-Just like a directory composed of users public key
-User interacts with the directory to obtain any desired public key securely
Intera­ction Model:
A->auth
Request|T1
auth->A
Epr_au­th[­KPU­_b|­Req­ues­t|T1]
A->B
Epu_b[­IDA|N1]
B->auth
Request|T2
auth->B
Epr_au­th[­KPU­_a|­Req­ues­t|T2]
B->A
Epu_a[­N1|N2]
A->B
Epu_b[N2]
 

Public-Key Certif­icates:

Certif­icates allow key exchange without realtime access to Public-Key Authority
A certif­icate binds user identity to public key
Certif­icate contains all necessary details appended by its hash
Helps user claim accoun­tab­ility for a Key
X_509 Certif­icates:
Issued by a Certif­ication Authority (CA)
Part of CCITT X.500 directory service standards
Defines the framework for authen­tic­ation
Uses public-key crypto & digital signatures
X.509 certif­icates are widely used and has 3 versions
Each version with inform­ation extended
Certif­icate contains inform­ation such as Public Key, Digital Signature , Issuer, Version, Serial Number, Time Stamp.
X.509 Version 3:
Has been recognised that additional inform­ation is needed in a certif­icate
-email­/URL, policy details, constr­aints
Rather than explicitly naming new fields defined a general extension model
-Ident­ifier, Critic­ality Indicator, Value

Hash Functions

Accepts variable length input M and produces fixed-size hash h
h = H(M)
Principal object is data integrity
It is infeasible to find object
- With pre-sp­ecified hash(One-Way Property)
-Two objects mapping to same hash(Collision -Free Property)

Message Authen­tic­ation Code(MAC):

Also known as a keyed hash function
Concerned with integrity and authen­tic­ation
Calculates hash from the message and encrypts with the secret key->C­ryp­tog­raphic Checksum or MAC or Tag
-Then is appended to the message
-The reciever calcutates the hash of message and compares
-Same hash value confirms that the message came from the stated sender (its authen­ticity) and has not been changed.

Digital Signatures :

Concerned with integrity , authen­tic­ation, Non-re­pud­iation
Operation is similar to that of the MAC
Model-1:
Instead the hash value of a message is encrypted with a user’s private key
Anyone who knows the user’s public key can verify the integrity of the message
An attacker who wishes to alter the message would need to know the user’s private key
-This provides authen­tic­ation.
Model 2 :
Once the encrypted hash of the message is calulated and appended to original message
Once again it is encrypted with the symmetric secret key
Reciever decrypts it with the symmetric key then public key
Then calculates hash of message and compares
This ensures confid­ent­iality as well as authen­tic­ation