Network Security
Network Security
Steps 1:- Select a large prime number P, This is first part of Public Key.
Step 2:- Select a decryption key or private key D.
Steps 3:- Select the Second part of public key as E1.
Steps 4:- The Third part of public key as E2= E1˄D mod P
Step 5:- The Public key will be (E1,E2,P) and Private key will be D.
Example:-
Example:-
Let R= 4 and PT = 7
From Previous P=11, E1=2 and D=3
and public key will be (2,8,11)
C1 = E1˄R mod P = 2˄4 mod11= 5
C2=PT. E2˄R mod P = 7. 2˄8 mod 11 = 6
Hence Cipher Text is (5,6)
EIGamal Key Decryption
Steps 1:- Compute the plain text using the following formula
PT = (C2.C1˄D) ˄ -1 mod P
Example:-
PT = (C2.C1˄D) ˄ -1 mod P
PT = (6. 5˄3) ˄-1 mod 11
\ PT = (6.3) mod 11= 7
Digital Signature
A digital signature is a mathematical scheme for demonstrating the
authenticity of a digital message or documents.
Bob has been given two keys. One of Bob's keys is called a Public Key, the other is called a Private
Key.
Bob's Public key is available to anyone who needs it, but he keeps his Private Key
to himself. Keys are used to encrypt information. Either one of Bob's two keys can
encrypt data, and the other key can decrypt that data.
Susan can encrypt a message using Bob's Public Key. Bob uses his
Private Key to decrypt the message. Any of Bob's coworkers might
have access to the message Susan encrypted, but without Bob's Private
Key, the data is worthless.
With his private key and the right software, Bob can put digital
signatures on documents and other data.
A digital signature is a "stamp" Bob places on the data which is unique
to Bob, and is very difficult to forge. In addition, the signature assures
that any changes made to the data that has been signed can not go
undetected.
To sign a document, Bob's software will crunch down the data into just a
few lines by a process called "hashing". These few lines are called a
message digest. (It is not possible to change a message digest back into
the original data from which it was created.)
Bob's software then encrypts the message digest with his private key. The result is the
digital signature.
Finally, Bob's software appends the digital signature to document. All of
the data that was hashed has been signed.
Message Digest
Message digests are secure one-way hash functions that take
arbitrary-sized data and output a fixed-length hash value.
A Message Digest object starts out initialized. The data is processed
through it using the update methods. At any point reset can be called to
reset the digest.
Message digest is basically a fingerprint or summary of the message.
Message digest functions also called hash functions , are used to
produce digital summaries of information called message digests.
Message digests are commonly 128 bits to 160 bits in length and
provide a digital identifier for each digital file or document.
It is similar to CRC or LRC.
Introduction
MD5 algorithm was developed by Professor Ronald
L. Rivest in 1991. According to RFC 1321, “MD5
message-digest algorithm takes as input a
message of arbitrary length and produces as
output a 128-bit "fingerprint" or "message digest"
of the input …The MD5 algorithm is intended for
digital signature applications, where a large file
must be "compressed" in a secure manner before
being encrypted with a private (secret) key under a
public-key cryptosystem such as RSA.”
MD5 Algorithm Structure
Implementation Steps
Step1 Append padding bits
The input message is "padded" (extended) so
that its length (in bits) equals to 448 mod 512.
Padding is always performed, even if the length of
the message is already 448 mod 512.
Padding is performed as follows: a single "1" bit is
appended to the message, and then "0" bits are
appended so that the length in bits of the padded
message becomes congruent to 448 mod 512. At
least one bit and at most 512 bits are appended.
Implementation Steps
Step2. Append length
A 64-bit representation of the length of the
message is appended to the result of step1. If the
length of the message is greater than 2^64, only
the low-order 64 bits will be used.
word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10
Implementation Steps
Step4. Process message in 16-word blocks
Four functions will be defined such that each
function takes an input of three 32-bit words and
produces a 32-bit word output.
Authentication Requirements:
Masquerade – Insertion of message from
fraudulent source
Content Modification – Changing content of
message
Sequence Modification – Insertion, deletion and
reordering sequence
Timing Modification – Replaying valid sessions
Applications:
One-way hash functions
• Public Key Algorithms
– Password Logins
– Encryption Key Management
– Digital Signatures
• Integrity Checking
– Virus and Malware Scanning
• Authentication
– Secure Web Connections
• (PGP, SSL, SSH, S/MIME)
Basic Hash Function Diagram
Message Diagram
SHA-1 (160 bit message)
Algorithm Framework
Step 1: Append Padding Bits….
Message is “padded” with a 1 and as many 0’s as
necessary to bring the message length to 64 bits
fewer than an even multiple of 512.
Step 2: Append Length....
64 bits are appended to the end of the padded message.
These bits hold the binary format of 64 bits indicating the
length of the original message.
http://www.herongyang.com
f
SHA-1 Framework Continued
Step 3: Prepare Processing Functions….
SHA1 requires 80 processing functions defined as:
f(t;B,C,D) = (B AND C) OR ((NOT B) AND D) ( 0 <= t <= 19)
f(t;B,C,D) = B XOR C XOR D (20 <= t <= 39)
f(t;B,C,D) = (B AND C) OR (B AND D) OR (C AND D) (40 <= t <=59)
http://www.herongyang.com
SHA-1 Framework Continued
Step 5: Initialize Buffers….
SHA1 requires 160 bits or 5 buffers of words (32
bits):
H0 = 0x67452301
H1 = 0xEFCDAB89
H2 = 0x98BADCFE
H3 = 0x10325476
H4 = 0xC3D2E1F0
http://www.herongyang.com
SHA-1 Framework Final Step
Step 6: Processing Message in 512-bit blocks
(L blocks in total message)….
This is the main task of SHA1 algorithm which loops through
the padded and appended message in 512-bit blocks.
Input and predefined functions:
M[1, 2, ..., L]: Blocks of the padded and appended message
f(0;B,C,D), f(1,B,C,D), ..., f(79,B,C,D): 80 Processing Functions
K(0), K(1), ..., K(79): 80 Processing Constant Words
H0, H1, H2, H3, H4, H5: 5 Word buffers with initial values
http://www.herongyang.com
SHA-1 Framework Continued
Step 6: Pseudo Code….
For loop on k = 1 to L
(W(0),W(1),...,W(15)) = M[k] /* Divide M[k] into 16 words */
For t = 16 to 79 do:
W(t) = (W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16)) <<< 1
A = H0, B = H1, C = H2, D = H3, E = H4
For t = 0 to 79 do:
TEMP = A<<<5 + f(t;B,C,D) + E + W(t) + K(t) E = D, D
= C,
C = B<<<30, B = A, A = TEMP
End of for loop
H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 =
H4 + E
End of for loop
Output:
H0, H1, H2, H3, H4, H5: Word buffers with final message
digest
http://www.herongyang.com
Message Diagram
SHA-1 Message Digest
4480afca4407400b035d9debeb88bfc402db514f
Cryptanalysis and Limitation
1. Point Addition, L = J + K
2. Point Doubling, L = 2J
Example:
If k = 23; then, kP = 23*P
= 2(2(2(2P) + P) + P) + P
Point Addition
Geometrical explanation:
Point Addition
Analytical explanation:
Geometrical explanation:
Point Doubling
Analytical explanation
Consider a point J such that J = (xJ, yJ), where yJ
≠0
Let L = 2J where L = (xL, yL), Then
xL = s2 – 2xJ
yL = -yJ + s(xJ - xL)
s = (3xJ2 + a) / (2yJ), s is the tangent at point J
and a is one of the parameters chosen with the
elliptic curve
Finite Fields
The Elliptic curve operations shown were on real
numbers
◦ Issue: operations are slow and inaccurate due to round-off
errors
and p-1
The prime number p is chosen such that there
112-521 bits
EC on Binary field F2m
EllipticCurve equation:
y2 + xy = x3 + ax2 + b,
where b ≠ 0
Here the elements of the finite field are integers of
1.
The m is chosen such that there is finitely large
571 bits
Elliptic Curve Domain parameters
Domain parameters for EC over field Fp
Parameters:
p, a, b, G, n and h.