Cheatography

# ab Cheat Sheet (DRAFT) by Rithick

Asymmetric techniques in Network Security

This is a draft cheat sheet. It is a work in progress and is not finished yet.

### Asymmetric Encryption

 Uses public­­pr­ivate key pair Each user generates a pair of public and private keys Public Key is known to everyone and is used to encrypt data Private Key is only known to the key owner and used for decryption

### Used in 3 categories

 –Encry­pti­on/­Dec­ryption (provide secrecy) –Digital signatures (provide authen­tic­ation) –Key exchange (of session keys)

### Diffie­-He­llman key exchange

 First public-key type scheme Proposed by Diffie & Hellman in 1976 A practical method for public exchange of a secret key Cannot be used to exchange an arbitrary message Security relies on the difficulty of computing discrete logarithms

### Diffie­-He­llman algorithm

 q prime number α α

### Disa­dva­nta­ges

 Cannot be used for asymmetric key exchanges Man-in­-th­e-A­ttack

### ElGamm­al-­Cry­pto­system

 Presented in 1984 by Tather Elgammal Used for encrypting messages Based on discrete lagari­thmic problem Disadv­antages Decryption is slow Duplicates message length by factor of two during encryption

### ElGammal algorithm

 Select large prime q Select p , p is primitive root of q User A Choose private key Xa , 1 < Xa < q-1 Compute public key Ya=p^Xa mod q Similarly User B calculates Xb and Yb Encryption from A Message M 0<=­M<=q-1 Choose k 1<=­k<=q-1 Compute K=Ya^k mod q Compute C1=p^k mod q Compute C2=KM mod q ---Cip­her­tex­t(C­1,C2) Decryption from B Recover key K=C1^Xa mod q Compute message M=C2*K-1 mod q

### RSA

 Uses large integers (eg.1024 bits)

### RSA key generation

 Select two large primes p and q p not equal to q Calculate n<--p*q Calculate O(n)<-­-(p­-1)­*(q-1) Select e 1

### Key Distri­bution Techniques

 Means of delivering key to two parties who wish to commun­icate For symmetric encryption to work,two parties must exchange the same key Public-key crypto­systems are mostly used to encrypt secret keys Frequent key exchanges are desirable to limit the amount of data compro­mised The strength of any crypto­graphic system relys on key distri­bution technique

 Hard to crack since it involves factor­ization of prime numbers Can be very slow in cases where large data needs to be encrypted Man-in­-th­e-M­iddle attack

### Key Distri­bution Models

 Model 1 A->B PUa||IDa B->A E(PUa,ks) -Ensures confid­ent­iality but not authen­tic­ation -Vulne­rable to man-in­-th­e-m­iddle attack Model 2 A->B E(PUb,­[N1­||IDa]) B->A E(PUa,­[N1­||N2]) A->B E(PUa,N2) A->B E(PUb,­E(P­Ra,Ks)) -ensures both confid­ent­iality and authen­tic­ation

### Distri­bution of public keys:

 Public announ­cement Feeding in a Publicly available directory -Both vulnerable to forger­y(a­nyone can claim to be someone) Public Key Authority -A trusted third party(KDC) -Provides session keys to users who wish to commun­icate -Requires users to be registered -Just like a directory composed of users public key -User interacts with the directory to obtain any desired public key securely Intera­ction Model: A->auth Request|T1 auth->A Epr_au­th[­KPU­_b|­Req­ues­t|T1] A->B Epu_b[­IDA|N1] B->auth Request|T2 auth->B Epr_au­th[­KPU­_a|­Req­ues­t|T2] B->A Epu_a[­N1|N2] A->B Epu_b[N2]

### Public-Key Certif­icates:

 Certif­icates allow key exchange without realtime access to Public-Key Authority A certif­icate binds user identity to public key Certif­icate contains all necessary details appended by its hash Helps user claim accoun­tab­ility for a Key X_509 Certif­icates: Issued by a Certif­ication Authority (CA) Part of CCITT X.500 directory service standards Defines the framework for authen­tic­ation Uses public-key crypto & digital signatures X.509 certif­icates are widely used and has 3 versions Each version with inform­ation extended Certif­icate contains inform­ation such as Public Key, Digital Signature , Issuer, Version, Serial Number, Time Stamp. X.509 Version 3: Has been recognised that additional inform­ation is needed in a certif­icate -email­/URL, policy details, constr­aints Rather than explicitly naming new fields defined a general extension model -Ident­ifier, Critic­ality Indicator, Value

### Hash Functions

 Accepts variable length input M and produces fixed-size hash h h = H(M) Principal object is data integrity It is infeasible to find object - With pre-sp­ecified hash(One-Way Property) -Two objects mapping to same hash(Collision -Free Property)

### Message Authen­tic­ation Code(MAC):

 Also known as a keyed hash function Concerned with integrity and authen­tic­ation Calculates hash from the message and encrypts with the secret key->C­ryp­tog­raphic Checksum or MAC or Tag -Then is appended to the message -The reciever calcutates the hash of message and compares -Same hash value confirms that the message came from the stated sender (its authen­ticity) and has not been changed.

### Digital Signatures :

 Concerned with integrity , authen­tic­ation, Non-re­pud­iation Operation is similar to that of the MAC Model-1: Instead the hash value of a message is encrypted with a user’s private key Anyone who knows the user’s public key can verify the integrity of the message An attacker who wishes to alter the message would need to know the user’s private key -This provides authen­tic­ation. Model 2 : Once the encrypted hash of the message is calulated and appended to original message Once again it is encrypted with the symmetric secret key Reciever decrypts it with the symmetric key then public key Then calculates hash of message and compares This ensures confid­ent­iality as well as authen­tic­ation