Cryptography

Chapter 7Part 3

Pages 812 to 833

Symmetric Cryptography

• Security Services– Only confidentiality, not authentication or non-

repudiation• Scalability– N(N-1)/2 secret keys

• Secure key distribution– Secure courier?

Diffie-Hellman Algorithm

• First asymmetric • Subject to man-in-the-middle attack– Figure 7-20 on page 814

RSA

• 1978 MIT– Ron Rivest, Adi Shamir, Leonard Adleman

• De facto asymmetric standard• RSA works– Pages 816-7

RSA

• Security = difficulty in factor large numbers into a product of primes

• One-way function– Multiplying two primes is easy. Factoring is hard.

• If someone figures out an efficient way of factoring, RSA would be broken

• Key exchange protocol for AES

ECC

• Elliptic Curve Cryptosystem• Discete Logarithms of Elliptic Curves• Figure 7-21 on page 819• More efficient than RSA• Limited processing, storage, power supply and

bandwidth devices such as cellular telephones

Hash Algorithms

• MD-5– 128-bits– Ron Rivest– Subject to collisions

• SHA-1– 160-bits– NSA, NIST

Hash Algorithms

• SHA-2– SHA-256, SHA-384, SHA-512

• SHA-3– NIST draft

Message Authentication Code

• MAC– Figure 7-22a on page 822– Man-in-the-middle attack– Integrity– Can detect only unintentional modification

HMAC

• Hash MAC– Figure 7-22b on page 822– Integrity and data origin authentication

• CBC-MAC– Figure 7-23 on page 824

Collision

• Two message produce the same hash value• Birthday attack– Same birthday as you > 50%?• 253

– Two people with same birthday > 50%?• 23• 2^(n/2)

– SHA-1 (160-bits)• 2^80

Digital Signatures

• Figure 7-24 on page 830• Provides authentication, non-repudiations,

and integrity