The fourth lecture for network security continued down the path of encryption. We completed week three’s material discussing the reasoning behind and applications for encryption. The focus of week 4’s material was the public key encryption framework, specially the RSA system. Although we had little time to discuss, also on the agenda were hash functions and Digital signatures.
The point of the public key system is that two people can have no shared secret key, yet still communicate securely.
Shared information: Public key[encrypt] (which may be certified by a certificate authority) + encryption algorithm
Private information: Private key [decrypt]
In this way party A can send an encrypted message to party B using party B’s public certificate.
The mathematical process for generating RSA public and private key pairs is amazing simple and effective:
1) Generate 2 prime numbers as randomly as possible; p and q
2) n = pq
3) as p and q are prime numbers -> φ(n) = (p – 1)(q – 1) [φ – numberof coprimes]
4) Generate 2 numbers, e and d where:
-> (ed) mod φ(n) = 1
e is easy to generate as it must be coprime with φ(n).
then d = e–1 mod φ(n)
With this in mind it can be seen that d [private key] can be found using (e,n) [public key]. However as the key size increases, the computing power [workload] required to break the encryption increases dramatically.
“RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010 and that 2048-bit keys are sufficient until 2030.”
In any case, now that we have our public and private key, how do we use them??
Lets say Alice wants to send a message ‘m’ to Bob.
- Alice gets Bob’s public key – (e,n)
- Alice encrypts here message before sending it: m^e(mod n) -> encrypted message [c]
- Bob decrypts using his private key(d,n): c^d(mod n) -> message 😀
Some constraints to note:
- The message needs to be an integer between 1 and n… not difficult considering ascii
- Long messages need to be encrypted in block.
The lecture notes say that the good points of public key systems are that key distribution is not a problem.
This fact does not however protect Alice from being tricked by a MITM attack when she is retrieving Bob’s public key. Lets hope that Alice checks the validity of Bob’s public key and that the CA and software vendors ensure that vulnerabilities such as certificate chaining are avoided.
For an intersting presentation on the vulnerailities of the public key system used in https see: http://www.securitytube.net/video/157