Lecture 6 - Cryptography

CSE497b - Spring 2007

Introduction Computer and Network Security
Professor Jaeger
www.cse.psu.edu/~tjaeger/cse497b-s07

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Question
Setup: Assume you and I don’t know anything about
each other, but we want to communicate securely.
We want to establish a key that we can encrypt
communication with each other.

?
Q: Is this possible?

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 2
Diffie-Hellman Key Agreement
• The DH paper really started the modern age of
cryptography, and indirectly the security community
– Negotiate a secret over an insecure media
– E.g., “in the clear” (seems impossible)
– Idea: participants exchange intractable puzzles that can be
solved easily with additional information.

• Mathematics are very deep

– Working in multiplicative group G
– Use the hardness of computing discrete logarithms in finite
field to make secure
– Things like RSA are variants that exploit similar properties
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Diffie-Hellman Protocol
• For two participants p1 and p2
• Setup: We pick a prime number p and a base g (<p)
– This information is public
– E.g., p=13, g=4
• Step 1: Each principal picks a private value x (<p-1)
• Step 2: Each principal generates and communicates
a new value
y = gx mod p
• Step 3: Each principal generates the secret shared
key z
z = yx mod p
Where y is the value received from the other party.
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
A protocol run ...
p=17, g=6

Step 1)
Alice picks x=4
Bob picks x=5

Step 2)
Alice's y = 6^4 mod 17 = 1296 mod 17 = 4
Bob's y = 6^5 mod 17 = 7776 mod 17 = 7

Step 3)
Alice's z = 7^4 mod 17 = 2401 mod 17 = 4
Bob's z = 4^5 mod 17 = 1024 mod 17 = 4

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Attacks on Diffie-Hellman
• This is key exchange, not authentication.
– You really don’t know anything about who you have
exchanged keys with
– The man in the middle …

A B

– Alice and Bob think they are talking directly to each other,
but Mallory is actually performing two separate exchanges
• You need to have an authenticated DH exchange
– The parties sign the exchanges (more or less)
– See Schneier for a intuitive description

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page
Public Key Cryptography
• Public Key cryptography
– Each key pair consists of a public and private component:
k+ (public key), k- (private key)
D( k+, E(k- ,p)) = p
D( k-, E(k+, p) ) = p
• Public keys are distributed (typically) through public
key certificates
– Anyone can communicate secretly with you if they have
your certificate
– E.g., SSL-based web commerce

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 7
RSA (Rivest, Shamir, Adelman)
• A dominant public key algorithm
– The algorithm itself is conceptually simple
– Why it is secure is very deep (number theory)
– Use properties of exponentiation modulo a product of
large primes

"A method for obtaining Digital

Signatures and Public Key
Cryptosystems“, Communications
of the ACM, Feb., 1978 21(2)
pages 120-126.

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 8
RSA Key Generation
• Pick two large primes p and q 1. p=3, q=11
• Calculate n = pq
2. n = 3*11 = 33
• Pick e such that it is relatively
3. phi(n) = (2*10) = 20
prime to phi(n) = (q-1)(p-1)
4. e = 7 | GCD(20,7) = 1
– “Euler’s Totient Function”
“Euclid’s Algorithm”
• d ~= e-1 mod phi(n)
or 5. d = 7-1 mod 20
de mod phi(n) = 1 d = 7 mod 20 = 1
d=3

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 9
RSA Encryption/Decryption
• Public key k+ is {e,n} and private key k- is {d,n}
• Encryption and Decryption
E(k+,P) : ciphertext = plaintexte mod n
D(k-,C) : plaintext = ciphertextd mod n
• Example
– Public key (7,33), Private Key (3,33)
– Data “4” (encoding of actual data)

– E({7,33},4) = 47 mod 33 = 16384 mod 33 = 16

– D({3,33},16) = 163 mod 33 = 4096 mod 33 = 4

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 10
Encryption using private key …
• Encryption and Decryption
E(k-,P) : ciphertext = plaintextd mod n
D(k+,C) : plaintext = ciphertexte mod n
• E.g.,

– E({3,33},4) = 43 mod 33 = 64 mod 33 = 31

– D({7,33},19) = 317 mod 33 = 27,512,614,111 mod 33 = 4

• Q: Why encrypt with private key?

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 11
The symmetric/asymmetric key tradeoff
• Symmetric (shared) key systems
– Efficient (Many MB/sec throughput)
– Difficult key management
• Kerberos
• Key agreement protocols
• Asymmetric (public) key systems
– Slow algorithms (so far …)
– Easy key management
• PKI - public key infrastructures
• Webs of trust (PGP)

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 12
Hash Algorithms (aka crypto checksums)
• Hash algorithm h()
– In general algorithmic use, generates succinct
representation of some data, fixed output size
– Used for binning items in collections
– A “funneling algorithm” Infinite inputs
...

Fixed-length outputs
• Pigeonhole Principle
– If you have n bins, and n+1 items, at least one bin will
contain more than one item
– Implication: there will be collisions in any hash algorithm
• i.e., h(x) == h(y), for some infinite number of x and y
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 13
Hash Algorithms (aka crypto checksums)
• Hash algorithm
– Compression of data into a hash value
– E.g., h(d) = parity(d)
– Such algorithms are generally useful in programs
• … as used in cryptosystems
– One-way - (computationally) hard to invert h() , i.e.,
compute h-1(y), where y=h(d)
– Collision resistant hard to find two data x1 and x2 such that
h(x1) == h(x2)
• Q: What can you do with these constructs?

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 14
Birthday Attack
• A birthday attack is a name used to refer to a class
of brute-force attacks.
– birthday paradox : the probability that two or more people
in a group of 23 share the same birthday is >than 50%
• General formulation
– function f() whose output is uniformly distributed
– On repeated random inputs n = { n1, n2, , .., nk }
• Pr(ni = nj) = 1.2k1/2, for some 1 <= i,j <= k, 1 <= j < k, i != j
• E.g., 1.2(3651/2) ~= 23

• Q: Why is resilience to birthday attacks

important?

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 15
Basic truths of cryptography …
• Cryptography is not frequently the source of
security problems
– Algorithms are well known and widely studied
• Use of crypto commonly is … (e.g., WEP)
– Vetted through crypto community
– Avoid any “proprietary” encryption
– Claims of “new technology” or “perfect security”
are almost assuredly snake oil

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16
Important principles
• Don’t design your own crypto algorithm
– Use standards whenever possible
• Make sure you understand parameter choices
• Make sure you understand algorithm
interactions
– E.g. the order of encryption and authentication
• Turns out that authenticate then encrypt is risky
• Be open with your design
– Solicit feedback
– Use open algorithms and protocols
– Open code? (jury is still out)

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17
Common issues that lead to pitfalls
• Generating randomness
• Storage of secret keys
• Virtual memory (pages secrets onto disk)
• Protocol interactions
• Poor user interface
• Poor choice of key length, prime length, using
parameters from one algorithm in another

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 18
Review: secret vs. public key crypto.
• Secret key cryptography • Public key cryptography
– Symmetric keys, where A – Each key pair consists of a
single key (k) is used is used public and private component:
for E and D
k+ (public key), k- (private key)
D( k, E(k, p) ) = p D( k-, E(k+, p) ) = p
D( k+, E(k, -p) ) = p
• All (intended) receivers
have access to key • Public keys are distributed
(typically) through public key
• Note: Management of keys
certificates
determines who has access
– Anyone can communicate
to encrypted data
secretly with you if they have
– E.g., password encrypted
email your certificate
• Also known as symmetric – E.g., SSL-base web
key cryptography commerce
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 19
A really good book on the topic
• The Code Book, Simon
Singh, Anchor Books, 1999.

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 20