Mid-term Review

Network Security

Secure channel
SSL (and many others: incl. IPSEC) Shared key establishing
Trusted party (Kerberos, etc. - to be covered) Public key methods

Public Key techniques

Diffie-Hellman RSA
N=pq; ed 1 (mod (N)) Public: e,N; Private: d,N

Alice

p, g

Bob

a b magamod p mbgbmod p

ma

mb

mbamod p =gabmod p= mabmod p shared secret key!

Encrypt(m): cmemodN Decrypt(c): mcdmodN Sign(m): smd modN ?m (modN) Verify(s,m): se Factoring: Given N=pq

Discrete log: Given y,p,b

Find x: bxmod p = y

Find p,q

Discrete log based schemes

DH, DSS (El-Gamal);
Elliptic Curves Cryptography (ECC)

Why modulus (p) is so large?

Big-step/Little-step attack Pohlig-Hellman attack:
Beware of primes p with only small factors (p) Safe primes: p=2q+1 for some prime q

Factoring based
RSA Square Roots (=factoring)
Rabin (Encryption,Signature) Fiat-Shamir (ID scheme, Signature)

World mod N
How many objects? |Z*N|= (N); for all z Z*N, z (N) mod N=1 If N=pq, then (N)= (p-1)(q-1) [If N=p, then (N)= p-1] Blum integers: N=pq, pq3 (mod 4) Then x(p+1)/4 mod p= y; y2x(p+1)/2x(p-1)/2 xx mod p

Chinese Remainder Theorem (CRT)

Given y2=x mod p; z2=x mod q; N=pq; Find s: s2=x mod N More generally: Given a,A, b,B; Find x: x=a mod A, x=b mod B Let u, v be s.t. uA=1 mod B, vB=1 modA Then x=uAb+vBa
[indeed: x mod A = uAb+vBa = vBa = a; x mod B = uAb+vBa = uAb = b] How to find u,v?

Extended GCD & Inverses

Euclids GCD algorithm (greatest common divisor): gcd(a,b) = gcd( b, a mod b) == gcd(a,b)=c
Extended GCD gives in addition x,y: ax+by=c

If gcd(a,b)=1: ax (mod b) =1
i.e. x=a-1 in Z*b

Summary RSA & Rabin

RSA
Given p,q; Can compute (N), for N=pq; With Extended gcd, can compute e, d = 1/e mod (N); [ gcd(e, (N)) must be 1 ]

Rabin
Using Blum integers can compute SQRT mod p,q Using CRT can combine them to SQRT mod N

Efficiency for all

Exponentiation: Repetitive Squaring bA mod N takes 1.5 lg A long multiplications Cost of multiplication
quadratic in length

Optimization: mod N mod p + mod q +CRT

Watch out!

Attacks on factoring
(N), N => factoring (quadratic equation) Trick:
obtain x, s.t. x=0 mod p, x0 mod q gcd(x, N)=p

SQRTmodN => Factoring

vy2mod N; zSQRTmodN(v)

If z y, then x y-z

Computing mod p + mod q + CRT

Random error mod p (or mod q) => factoring

Key Establishing
Diffie-Hellman or RSA
Watch out for man-in-the-middle attack!!!
Authentication (signatures) PKI Remember AKE: authenticated key establishment

Beyond AKE
Ciphers MACs

Ciphers
Block ciphers
DES, AES, 3DES, Modes of operation: EDE, OFB, CBC,

Stream ciphers
Pseudo-random pad

Later in the course

Crypto
Hashing
MD5, SHA MAC

Systems
PKI Kerberos - key distribution (symmetric crypto) IPSec - security on another level Firewalls, IDS, etc.