Beruflich Dokumente
Kultur Dokumente
"Chapter "2
Introduction 2.1
we will discuss which of the four security services can be supported. In addition, we will
.discuss whether the algorithm can be used for secret key distribution
Encryption equipment has been widely used due to the rising need for security.
Nowadays, encryption systems are used to protect information transmitted through
personal computers, local area networks, packet radio, satellite teleconferencing, electronic
mail, banking, and electronic commerce. Cryptography can provide protection against
eavesdropping, and also protects against message modification and against injection of
false message by making it infeasible for an opponent to create cipher text that will be
deciphered into accepted meaningful plaintext.
denoted by (M).
2- The set of all cryptograms (or cipher text) and it is called "cryptogram space," and it is
denoted by (C).
3- The set of all possible keys, called "key space," and denoted by (K.)
C = Ek (M)
M = Dk (C)
Figure 2.3 illustrates the cipher system components. Note that, the interceptor is not a part
of the system, he is included in the diagram merely to show where is the interception is
most likely to take that place.
Cryptanalyst
Dr\Tarek Abdel Mageed
Secret key K
Cipher text C
k k
Secure channel
Key source
1. The enciphering and deciphering transformation must be efficient for all sets of keys.
Cipher system
Symmetric algorithms can also be used to authenticate the integrity and origin of
data. Alice uses her key to generate ciphertext for the entire plaintext, as above. She
sends the plaintext and a portion of the ciphertext to Bob. This portion of the ciphertext
is known as a message authentication code, or MAC. Bob uses his copy of the key to
generate the ciphertext, selects the same portion of the ciphertext and compares it to the
MAC he received .
If they match, Bob knows that Alice sent him the message. This does not provide
non-repudiation, though. Alice can deny sending the message, since Bob could have
generated it himself.
Alice and Bob need to share a symmetric key before Alice encrypts or generates a
MAC for a message. Establishing that shared key is called key management, and it is a
difficult problem.
Key management can be performed with symmetric key cryptography, but it is a
classic way To use symmetric cryptography, Alice and Bob need to share a secret. Once
Alice and Bob share a symmetric encryption key, the algorithm can be used to establish
additional shared secrets.
Dr\Tarek Abdel Mageed
However, this problem can become manageable through the introduction of a trusted
third party (TTP). If Alice and the party she wishes to communicate with trust the same
TTP, they can get a new key for this purpose from the TTP. Each party must establish a
secret out of band with the TTP as a starting point. However, the secure hash function
takes a stream of data and reduces it to a fixed size through a one-way mathematical
function. The result is called a message digest and can be thought of Alice will not need
to repeat this process for each new party with which she communicates.
cryptography, uses a class of algorithms in which Alice has a private key, and Bob
The public and private keys are generated at the same time, and data encrypted with
one key can be decrypted with the other key. That is, a party can encrypt a message
using Alice’s public key, then only Alice, the owner of the matching private key,
can decrypt the message.
Asymmetric algorithms are poorly suited for encrypting large messages because they
are relatively slow. Instead, these algorithms are used to achieve authentication, integrity
and non-repudiation, and support confidentiality through key management. Asymmetric
algorithms are used to perform three operations explained below: digital signatures, key
transport, and key agreement in order to find the right one.
c- H(M) is relatively easy to compute for any given M, making both hardware and
H (M) = h.
e- For any given block M, it is computationally infeasible to find M' not equal M with H
(M) = H (M').
f- It is computationally infeasible to find any pair (M, M') such that :
H (M) = H (M').
such a way that it is hard to reverse the process, that is, to find a string that hashes to a
given value (hence the name one-way.) A good hash function also makes it hard to find
two strings that would produce the same hash value.
X h(x)
Hash
It is not known if a trapdoor one-way function can be constructed from any one-
way function.
of two large primes. While selecting and verifying two large primes and
(as far as is known) very difficult. This is the basis for RSA encryption,
X X
Hash h(x)
The MD5 algorithm takes as input a message of arbitrary length and produces as
output a message of arbitrary length and produces as output a 128-bit "fingerprint" or
"message digest" of the input. The input is processes in 512-bit blocks. It is most widely
used secure hash algorithm as shown in figure
Dr\Tarek Abdel Mageed
Figure: One
operation of MD5
Rivest, Shamir, Adleman (RSA) Cipher System lies in the difficulty of the problem of
factoring large integer . the RSA system described, as “A new kind of cipher that would
take millions of years to break”.
In the RSA system the Plaintext (M) is encrypted in blocks, each block having a binary
value less than some number n. Encryption and decryption are of the following forms:
C = M e mod n
M = M ed mod n
Dr\Tarek Abdel Mageed
One of the weaknesses some point out about symmetric key encryption is that two users
attempting to communicate with each other need a secure way to do so; otherwise, an
attacker can easily pluck the necessary data from the stream. In November 1976, a paper
published in the journal IEEE Transactions on Information Theory, titled "New Directions
Also known as asymmetric-key encryption, public-key encryption uses two different keys
at once -- a combination of a private key and a public key. The private key is known only
to your computer, while the public key is given by your computer to any computer that
wants to communicate securely with it. To decode an encrypted message, a computer must
use the public key, provided by the originating computer, and its own private key.
Although a message sent from one computer to another won't be secure since the public
key used for encryption is published and available to anyone, anyone who picks it up can't
read it without the private key. The key pair is based on prime numbers (numbers that only
have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of long length. This makes
the system extremely secure, because there is essentially an infinite number of prime
numbers available, meaning there are nearly infinite possibilities for keys. One very
popular public-key encryption program is Pretty Good Privacy (PGP), which allows you to
encrypt almost anything.
The sending computer encrypts the document with a symmetric key, then encrypts the
symmetric key with the public key of the receiving computer. The receiving computer uses
Dr\Tarek Abdel Mageed
its private key to decode the symmetric key. It then uses the symmetric key to decode the
document.
To implement public-key encryption on a large scale, such as a secure Web server might
need, requires a different approach. This is where digital certificates come in. A digital
certificate is basically a unique piece of code or a large number that says that the Web
authority acts as a middleman that both computers trust. It confirms that each computer is
in fact who it says it is, and then provides the public keys of each computer to the other.
generator. There are numerous statistical tests that can be applied to the secret keys to be
sure that they satisfy the randomness properties .
The security of cipher systems depends on several factors. First, the encryption
algorithm must be powerful enough so that it is impractical to decrypt a message on the
basis of cipher text alone. The security of conventional encryption depends on the
secrecy of the key, not on the secrecy of the algorithm. In other words, we don’t need to
keep the algorithm secret; we need to keep only the key secret. Even if the encryption
algorithm is computationally infeasible to break, the entire system can be vulnerable if
Where Φ (n) is the Euler totient function It is positive integer number less than n and
relatively prime to n [3].
If p is prime Φ (p) = (p-1)
Now suppose we have two prime number p, q , with p ≠ q then
Φ (n)= (p-1) * (q-1)
Dr\Tarek Abdel Mageed
To see that Φ (n) = (p-1) * (q-1) consider that the set of residuals in Zn is {0, 1… (Pq-1)}.
The residues that are not relatively prime to n are the set:
{p, 2p,3p,…..,(q-1)p}, {q, 2q,3q,…..,(p-1)q}, and 0.
Then
Φ (n)= pq-[(q-1) + (p-1) +1]
= PQ - (p+q) +1
= (p-1) * (q-1)
- e and d are positive integers less than n that are relatively prime to n, and they are
multiplicative inverses mod Φ (n)
- d is chosen to be a prime satisfying the following equations
Max (p,q) < d < Φ (n)
Gcd (Φ (n), d) = 1
- e is computed as the inverse of the private key d
Ed mod Φ (n) =1
ed = k Φ (n)+1
e = d -1 mod Φ (n)
Suppose that a user A has published his own public key and that a user B wishes to send the
M = C dA (mod n).
For this algorithm to be satisfactory for public-key encryption, the following requirements
must be met:
Figure 2.4 summarizes the RSA encryption algorithm. describe in details the RSA
technique.
Example: given p= 11 and q=17
N= pq = 11*17= 187
Φ (n)= (p-1) * (q-1) = 10 *16= 160
e = 7 -1 mod 160
e = (k *160) +1)/ 7 if k=1 (+ve integer number) = 23
Select p and q
Calculate n = p x q
Calculate (e)
Encryption
Given Plaintext M < n
Ciphertext C = M e mod (n)
Dr\Tarek Abdel Mageed
Decryption
Given ciphertext C
Plaintext M = C d mod (n)
Figure: RSA Encryption Algorithm
Digital signature Encrypted connection is a method that will document the transactions
are made through various communication networks.
Dr\Tarek Abdel Mageed
The digital signature function includes the authentication function; there are some
requirements for a digital signature :
a- The signature must be a bit pattern that depends on the message being signed.
b- The signature must use some information unique to the sender, to prevent both forgery
and denial.
c- It must be relatively easy to produce the digital signature.
d- It must be relatively easy to recognize and verify the digital signature.
e- It must be computationally infeasible to forge a digital signature, either by
constructing a new message for an existing digital signature or by constructing a false
digital signature for a given message.
f- It must be practical to retain a copy of the digital signature in storage.
A - Documentation Site:
Dr\Tarek Abdel Mageed
If there is a pair of keys, one public and one private and were associated
with a particular person or third party and specifically, the digital
signature attributes the message attributed to the entity or person. Can
not be rigging the digital signature is not lost or the person controlling
the private key if the Bifshaih or the center or the means held therein.
Also, the digital signature serves to identify the identity of the signed
message with confidence and accuracy and more certainty of signatures
on paper. The process of verification of health reveal any tampering
with the results of the comparison of the hash (one to be prepared when
the signature and the other at the validation of Health) indicate whether
the message is the same when it was signed.
C - An affirmative action:
The creation of a digital signature requires the entity or person that uses
the private key of this work can be completed formal or ritual function in
alerting the person or to the fact that the entity or person is to complete
her treatment and the outcome of legal consequences.
D - Effectiveness:
such as paper cards form the signature and which methods are tedious
digital signatures and give the breed to ensure the highest degree,
A secure hash function embedded in a scheme such as of Figure (a) and Figure (b )
satisfies these requirements.
In Figure (a), the hash code; H(M) is encrypted, using public key encryption and
using the sender's private key (KRa), the result is, EK [H(M)] is a function of a variable-
length message M and the secret key (k) that produces a fixed-size output that is secure
against an opponent that does not know the secret key. This is provides authentication, it
also provides a digital signature because only the sender could have produced the
encrypted hash code. If confidentiality as well as a digital signature is desired, as shown in
Figure (b), the message plus the public key encrypted hash code can be encrypted using a
conventional secret key.
(a)
Source Destination
M
M H H
KRa KUa Compare
H E
D
EKRa (H(M))
(b)
Source Destination
M H
M H E D
KRa K K KUa Compare
H E EK [M EKRa (H(M))] D
EKRa (H(M))
KRa private key KUa public key
Dr\Tarek Abdel Mageed
Public-key algorithms can be used for digital signature. Digital Signature algorithm
(DSA) is an example; there is a separate algorithm for digital signature that cannot be used
for encryption. Diffie and Hellman invented this idea contain further expanded and
elaborated of many protocols explained how public key cryptography used for signing
documents. The basic protocol is simple:
Mary encrypts the document with her private key, thereby signing the document.
Mary sends the signed document to John.
• John decrypts the document with Mary's public key, thereby verifying the signature.
In practical implementations, public-key algorithms are often too inefficient to
sign long documents. Digital signature protocols are often implemented with one-way
hash function [30]. Instead of signing a document, Mary signs the hash of the
document. In this protocol, both the one-way hash function and the digital signature
algorithm are agreed upon beforehand.
• Mary produces a one-way hash of a document.
• Mary encrypts the hash with her private key, thereby signing the document.
• Mary sends the document and the signed hash to John.
• John produces a one-way hash of the document that Mary sent. He then, using the
digital signature algorithm, decrypts the signed hash with Mary's public key. If the
signed hash matches the hash he generated, the signature is valid.
There are many digital signature algorithms. All of them are public-key algorithm
with secret information to sign documents and public information to verify signatures.
Different algorithms have different implementation. For example, one-way hash functions
and timestamps sometimes add extra steps to the process of signing and verifying.
By combining digital signatures with public-key cryptography, a protocol was
developed, by Schneir that combines the security of encryption with the authenticity of
digital signatures.
(1) Mary signs the message with her private key. S A (M).
Dr\Tarek Abdel Mageed
(2) Mary encrypts the signed message with John's public-key and sends it to John. EB (S
A (M)).
(3) John decrypts the message with his private key.
DB ( EB (S A (M))) = S A (M)
(4) John verifies with Mary's public-key and recovers the message.
VA ( S A (M)) = M
2.7 Summary :
At that chapter we have talked about the attacks that threat our network and work
against that threats to prevent it through some mechanisms that is more helpful to achieve
more security for our network to implement security services. We have talked about the
Encryption Systems and how it divided to Stream Cipher System and Block Cipher
System. We talked about the encryption algorithm that we used at our project which is
considering block cipher system. We talked about Revist, Shamir and Adelman (RSA). We
have talked about the key management. We talked about hash function, and it's used in
digital signature. How to generate it and how to distribute it. The previous steps achieve
security of our data.