Public Key algorithm & Authentication protocols
Click to edit Master subtitle style Presented By: Arun Rajan
4/28/12
�Public key Algorithms
Deffie and Hellman 1976 at Stanford University Use different keys for encryption and decryption Denotations:
Encryption algorithm : E Decryption algorithm : D Plain text : P
4/28/12
These algorithms should meet 3 requirements
D ( E(P) ) = P It is exceedingly difficult to deduce D from E. E cannot be broken by a chosen plain text attack.
4/28/12
�RSA Algorithm
Rivest, Shamir, Adleman in 1978 Compute the following in advance:
Choose 2 large primes p, q (typically greater than 10^100) Compute n = p*q & z = (p-1)*(q-1) Choose a no. relative prime to z and call it d. Find e such that
4/28/12
�Example:
P=3 and q=11 n=33 z=20 d=7 since 7 and 20 has no common factors e 7e = 1 (mod 20)
e= 3 C = p^3 (mod 33) P = c^7 (mod 33)
4/28/12
4/28/12
�Authentication Protocols
It is a technique by which a process verifies that its communication partner is who it is supposed to be and not an imposter.
4/28/12
�Authentication based on a shared secret key
Notations
A, B are the identities of Alice and Bob R i are the challengers K i are keys, where i indicates the owner
4/28/12
�Message sequence: Alice sends her identity , A, to Bob in a way that Bob understands. Bob, of-course, has no way of knowing whether this message came from Alice or from some one else. so he chooses a challenge ie, a large random number, RB and sends it back to Alice as message 2, in plain text. Alice then encrypts the message with the key she shares with Bob and send the cipertext, KAB(RB), back in message 3.
4/28/12 When
Bob sees the message, he
�4/28/12
Establishing a shared key: The Diffie Hellman key Exchange
This is a way for strangers to establish a shared secret key in any manner without bothering any intruders.
4/28/12
�Diffie-hellman key exchange works as follows.
Alice and Bob have to agree on two large prime numbers, n, and g, where (n-1)/2 is also a prime and certain conditions apply to g. These numbers may be public, so either one of them can just pick n and g and tell the other openly. Now Alice picks a large (say, 512 bit) number, x, and keeps it secret. Similarly, Bob picks a large secret 4/28/12 number, y.
�4/28/12
�Authentication Using a key distribution center
The wide mouth frog authentication protocol The Needham Schroeder authentication protocol The Otway- Rees authentication protocol
4/28/12
A different approach is to introduce a trusted key distribution center (KDC). In this model, each user has a single key shared with the KDC. Authentication and session key management now goes through the KDC. The idea behind the wide-mouth frog protocol is simple. Alice picks a session key, Ks, and tells the KDC that she wants to talk to Bob using Ks. This message is encrypted with 4/28/12 the secret key Alice shares (only)
It is a variant of Needham Schroeder It is developed to allow workstation users to access network resources in a secure way Widely used version V4
Authentication using Kerberos
Kerberos involves 3 additional servers Authentication server : Verifies users during login Ticket granting server : Issues Proof of
4/28/12
�Authentication using Public key cryptography
Here Alice starts by encrypting her identity and a random number, RA, using Bobs public (or encryption) key, EB. When Bob receives this message he has no idea of whether it come from Alice or not, but he plays along and sends Alice back a message containing Alices RA, his own random number, RB, and a proposed session key, Ks.
4/28/12
�4/28/12
�Thank You
4/28/12
