Security Identitybased Encryption 1 Dennis Kafura CS5204 Operating Systems Diffie Hellman Key Exchange How can two parties come to possess a shared secret using only insecure channels of communication ID: 244583
Download Presentation The PPT/PDF document "Cyrtographic" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Cyrtographic Security
Identity-based Encryption
1
Dennis Kafura – CS5204 – Operating SystemsSlide2
Diffie-Hellman Key Exchange
How can two parties come to possess a shared secret using only insecure channels of communication?Assumes passive eavesdropping only (i.e. susceptible to active (
wo)man-in-the-middle attack)Relies on prime number groups (more later)Same/similar techniques underlie more recent cryptographic methods
Dennis Kafura – CS5204 – Operating Systems
2Slide3
Diffie-Hellman Key Exchange
Some mathematicsIf
p is prime number, then the numbers 1..p-1 form a group of order
p-1
with
multiplication modulo
p as its operator.A generator,
g
, is any number
1..p-1 such that for all n in 1..p-1 there is a power k such that n=gk mod p.Example: 3 is a generator for the group with p=7Notation: Operations:Security based on computational infeasibility of solving the discrete logarithm problem (i.e., finding x if y = gx mod p given y, g, and p).
Dennis Kafura – CS5204 – Operating Systems
3Slide4
Key Exchange Protocol
Public informationA prime number, pA generator,
gStepsAlice chooses a random number a
and computes
u=
g
a mod p and sends
u
to Bob.
Bob chooses a random number b and computes v=gb mod p and sends v to Alice.Bob computes the key k = ub = (ga)b mod p.Alice computes the key k = va = (gb)a mod p.(note: both Bob and Alice have k = (gab) mod p)
Dennis Kafura – CS5204 – Operating Systems
4Slide5
Identity-based encryption
Public-key encryption Identity is conveyed in a certificate from a certificate authority that binds the public key to the identity
Certificate must be obtained in advanceCertificate authority is trusted to validate claim of identityIdentity-based encryption
Identity itself serves as the public key (
e.g
, bob@company.com)
No advance preparation neededTrusted service validates claim of identity
Key escrow issue (trusted service can recreate secret key associated with an identity)
Dennis Kafura – CS5204 – Operating Systems
5Slide6
Identity-based encryption
Dennis Kafura – CS5204 – Operating Systems
6
Private Key Generator
Encrypted with bob@company.com as public key
authenticate bob@company.com
send private key
Alice
BobSlide7
Identity-based Encryption
Dennis Kafura – CS5204 – Operating Systems
7
Setup
k
Extract
master-key
Private Key Generator (PKG)
Receiver
Decrypt
params
Sender
Encrypt
M
C
M
d
ID
ID
IDSlide8
Bilinear Maps
Some mathematics
Fortunately, groups with these properties can be generated algorithmically using
a positive integer seed value (security parameter)
k
.
Dennis Kafura – CS5204 – Operating Systems
8Slide9
Identity-based encryption
BasicIdent algorithmsSetup
Dennis Kafura – CS5204 – Operating Systems
9Slide10
Identity-based Encryption
Extract
EncryptDecrypt
Dennis Kafura – CS5204 – Operating Systems
10Slide11
Why does this work?
Encryption bitwise exclusive-ors M with: Decryption bitwise exclusive-ors V with:
These masks are the same since:
Dennis Kafura – CS5204 – Operating Systems
11Slide12
Extensions
Dennis Kafura – CS5204 – Operating Systems
12
b
ilinear groups
threshold secret sharing
access tree
ID-based
attribute/fuzzy ID
key/policy-based