Professional Documents
Culture Documents
Tools
Demetrios Glinos
University of Central Florida
"Computer Security: Principles and Practice", (3rd Edition), by William Stallings and
Lawrie Brown
Chapter 2
Public-Key Encryption
Alice Bob
Eve
D. Glinos CIS3360 Security in Computing 4
Symmetric Encryption
Symmetric encryption
Also called: single-key encryption
Historically, the only type of encryption until public-key methods introduced in
late 1970s
Still, universally used for providing confidentiality for transmitted or stored
data
Basic idea: the same key is used by sender and receiver
Components
plaintext
encryption algorithm
secret key
ciphertext
decryption algorithm
Brute-force attack
Attacker tries all possible keys on some ciphertext until an intelligible
translation into plaintext is obtained
On average, half of all possible keys must be tried to achieve success
Simplest approach
use the same key to encrypt each block
this is called the "electronic codebook (ECB)" mode of operation
weakness: cryptanalysis may be able to exploit regularities in the plaintext
More complex modes of operation mix results of earlier encryptions into later
encryptions or modify the key used in various ways to overcome this weakness
we will cover modes of operation in a later lecture
Basic idea
use a different key for decryption than for encryption
the keys are related mathematically to make this possible
Each person has two keys: a private key that only he/she knows, and a public key
that is broadcast widely; other components are the same as for symmetric systems
To send a message, the sender encrypts the message using the recipient's public key
On receipt, the recipient uses his private key to decrypt the message.
Solves key distribution and digital signature issues, but algorithms run much slower
than symmetric algorithms.
Authentication
Sender encrypts using his private key
Recipients can decrypt using sender's public key, which they all know
Since only sender has the corresponding private key, authenticity is assured
Digital signature
use authentication scenario, but encrypt a hash value, not the message
A digital certificate vouches for an entity (e.g., Bob) and contains Bobs public key
The DC is digitally signed by the CA using its private key; Alice uses the CAs public
key to verify the CAs signature
Entities (e.g., Alice) wishing to communicate with Bob can now trust that they
have a valid public key for Bob, since they trust the CA.
Uses a one-time
symmetric key
Requirements
Randomness
uniform distribution each value is equally likely
independence cannot infer any value from other values
Unpredictability
opponent should not be able to predict future element of sequence on
basis of earlier elements (similar to statistical independence, above)