Guy Coward: Hello everyone and welcome to the third webinar of cryptography a short course presented by it masters, on behalf of charles sturt university. Guy Coward: My name is guy coward and and it masters short course MC your mentor as you now now he's matt constable who thankfully here and listers encoded diaries in late Victorian England after decoding them. Guy Coward: Thank you all for making it despite plunking another short course during a time zone changes our speciality. Guy Coward: Before we begin the usual housekeeping for zoom doings we encourage questions, and these are chat during the webinar and we use two methods.
Guy Coward: Now, we ask that you direct all questions relevant, of course, content and Q amp a section and you send all administration type and I guess augmenting discussion comments to the chat function, and you can also talk about because details and resource of everybody, and so on we've had. Guy Coward: The please send me a chat to everyone, and everyone in the loop and. Guy Coward: I guess maximizes the chance of you getting a nice simple questions or or really fleshing out questions answered, I will have Q amp a sessions periodically. Guy Coward: And i'll interrupt matt is a particularly round of questions, and of course we'll have a q&a session at the end thanks for joining us in the in the.
Guy Coward: moderation role and forth, and after the course page learned it masters.edu or you so you can check out that page everyone see your readings and recordings and everything all the quizzes it's enough enemy, for now, please welcome matt how are you what tales of the week. Matt Constable: Thank you go I. Matt Constable: Welcome everyone. Matt Constable: Thank you guys for that introduction again you never cease to amaze me with the different ways, you come up with each time we do one of these courses each week to inflate my limited abilities. Guy Coward: And, and he and.
Matt Constable: He. Indeed. Matt Constable: Thank you for that you may have been made me laugh out loud so i'm glad oh actually was on mute.
Guy Coward: so good. Matt Constable: Just a note for everyone that Paul that. Matt Constable: Guy just put up there before they will be a question on the exam so it makes for.
Matt Constable: Definitely not going to be question on that. Matt Constable: they're probably someone similar. Matt Constable: Anyway, okay welcome, so this week to say another really positive roll up as well this week lots of people here to have a look at asymmetric encryption. Matt Constable: So last week, obviously we looked at symmetric encryption, now we go to it sort of slightly younger been bigger brother in asymmetric encryption. Matt Constable: So we're going to try and try and get through the boring part relatively quickly.
Matt Constable: And when I say boring it element it's interesting information is lots of really good information in there, but what we really want to get to. Matt Constable: is actually doing some hands on encryption and decryption with the RSI algorithm Okay, which you can actually do by hand i'm just going to do it. Matt Constable: on the screen this evening very, very simply, with very, very small prime numbers and i'll explain more when we get to that, but that's that's going to be the really interesting bit and hopefully will generate some questions but also.
Matt Constable: Get you enthusiastic for the activities that are available on moodle which i've done in the spreadsheet up there for you that's got some pre filled values in it. Matt Constable: And you can fiddle around putting some of your own point numbers in and and see how you can encrypt different messages, as I go along so it's quite interesting. Matt Constable: So without further ado let's crack on so he took a fee and are so so public key cryptography is built on a symmetric encryption public and private key stuff and RSA is one of the algorithms really the main algorithm that we use.
Matt Constable: Some tense public the stuff, we need to get some terminology and away from style and it's all reasonably straightforward, but nevertheless important to get a grip on. Matt Constable: So comparison to last week, where we had symmetric encryption, which had one single see that was shared between. Matt Constable: Center and recipient as a simple example, this week we talked about asymmetric fees which are located so there's two keys or to pay related involved in a symmetric encryption. Matt Constable: And they are related and I used to perform complimentary operation, so what that means is what you encrypt with one can decrypt with the other. Matt Constable: And this particular case, if you remember back the last week, I said that symmetric encryption, the key the symmetric key was vitally important to keep that secret. Matt Constable: Because if someone has That, then, and they have knowledge of the algorithm you're using and have been a cipher text, they can then bust open your encryption.
Matt Constable: With asymmetric encryption you only need to keep one of the keys in the key pair as secret and that's called the private key. Matt Constable: So the two keys in the pair recall the public and private key if I was to create my key pair. Matt Constable: I would take the public key and I would publish it on the Internet or send it to here if I wanted to make it publicly available and whoever wanted to encrypt something to me they would use that public key to encrypt and then they would send it to me. Matt Constable: My private key is the only thing that can decrypt what's been encrypted with the public key and that's why it's really important that I keep that private key secret, because if anyone's got that they can then decrypt the communications tonight. Matt Constable: If we think about the opposite way if I wanted to encrypt to someone who had my public key. Matt Constable: or even if I didn't know would send it to them over then encrypt with my private key and only my public key would be able to decrypt it so not only would it protect my communication, but it would also.
Matt Constable: validate that that communication was from me, because only my private key could have encrypted Now I know there'll be people that they're thinking uh huh. Matt Constable: How do we know, for example, that someone else hasn't generated a public private key P on my behalf, pretending to be me. Matt Constable: And that's something that we sort of look at in one of the later slides here, we can confirm him that private and public key here is actually have the identity that expresses to the. Matt Constable: Public a certificate okay we'll have a little bit of a look at these but not quite so much as we were actually will look at the actual asymmetric keys and an encryption algorithm shells particularly. A certificate.
Matt Constable: That has been issued and digitally signed by the private key have a certificate certification authority to bind to name of a subscriber to me that's a mouthful so there's a little bit to unpack them which i'll do in a second. Matt Constable: The certificates indicate subscriber identified in a certificate has sole control and access to the corresponding product Okay, so this is where we prove that our private, public keys, are in fact around we use a thing called a public page. Matt Constable: that's off of this thing called pk our infrastructure which we look at towards the back into the evening. Matt Constable: So the idea is that a certificate authority so that's a server or an organization that has a bunch of certificate authority servers. Matt Constable: And the job is to verify the creation of Public Private key pairs and they do this by asking a whole range of questions when you go to create a public private key. Matt Constable: And they asked her a whole heap of questions and they verify your identity through a range of different methods, some of which will look at shortly.
Matt Constable: Once they've done that they store the public key on their server and anyone can come and get that public key your public key from. Matt Constable: When I send out a public key they do what's called signer so they sign up using the private key of the actual issuing certificate authority. Matt Constable: And that that key those to those keys their their key pair the certificate authorities keep here so well known and trusted that it's taken as a big.
Matt Constable: gold or big elephants name this is whatever comes from this certificate authority is on the level we know it's correct. Matt Constable: i'm sorry if I store my public key on that certificate authority when someone comes to get a certificate authority was on my behalf, and I will say. Matt Constable: bye verified that this is actually met constables public key and I can you can be sure that if you encrypt that public key family, he will be able to decrypt it but he's provocation.
Matt Constable: So that's where public key certificates and digital signatures are really, really important in keeping the integrity and the legitimacy of our asymmetric and symmetric system and they're peaking at the top level. Matt Constable: So public key or a symmetric cryptographic algorithm is simply an algorithm that facilitates encryption and decryption using a public case that really is difficult once again. Matt Constable: And then pick IRA or public key infrastructure is a set of policies processes from top to server platforms software and hardware, it says workstations basically hardware. Matt Constable: which is used to administer the certificates and public private key pairs that everyone generates and publishes to them.
Matt Constable: And this includes the ability to issue those public and private keys to maintain them and then revoke them in case something becomes broken with them, or they become compromised in some way. Matt Constable: that's sort of how everything fits together in an authentic way. Matt Constable: The concept of public key cryptography evolved from an attempted to attack, for the most difficult problems that are associated with. Matt Constable: The symmetric encryption which we spoke spoke about last week, firstly and we've already identified this through what we've spoken about already is, how do we secure communications in general, without having to trust, a key distribution Center with your pain, so in symmetric encryption. Matt Constable: We can either share it independently or we can use a key distribution Center now of course we have to have some sort of trust in that particular entity. Matt Constable: And we have to be assured that hasn't been compromised itself in order for that process to work and so asymmetric encryption deals with that particular problem.
Matt Constable: And the second one is digital signatures and that is how do we verify that a message. Matt Constable: intact from the clients and so, in other words, can we verify that a encrypted piece of software text me see actually comes from the person that we think it's confirmed. Matt Constable: And there are two really important problems with symmetric encryption asymmetric encryption addresses.
Matt Constable: A couple of fellows called Whitfield defeat Martin hellman who were lectures at Stanford uni achieved a breakthrough in 1976. Matt Constable: So what's a 45 years ago and they came up with a method, called the Helmand over them which we're going to get briefly towards in. Matt Constable: The dress, but these problems, and it was radically different from all the other previous approaches to that have been used to try and protect against these two things. Matt Constable: So, if he held it really important to remember those lines have been very significant. Matt Constable: Okay, like a systems, what are the ingredients of a public face system. Matt Constable: pretty simple, we have a plain text which is every one message we have an encryption algorithm which performs transformations on the plain text so can be a substitution, it could be a.
Matt Constable: Transposition it could be a combination of those, as we saw with, as you know, it does lots of different funky things with a piece of plain text in order to spit out software takes quite a metric then takes it to a different level again. Matt Constable: We then have a public thing which can be used as we said before for encryption encryption some of the private key we've got our key pair Public Private key. Matt Constable: is used for encryption decryption as well, but the product key to remain secret so that's, for instance, with my. Matt Constable: asymmetric system my private key is in my position or may no one else knows that the public doesn't matter, who knows them because it allows people to send me an encrypted message and. Matt Constable: We of course have the cipher text, which is a result of the combination of the plain text and the public or private key being passed to the encryption over them. Matt Constable: And then, of course, at the other end, we have to have encryption algorithm, which is, in effect, the time algorithm just run in reverse, if you want to think about it, logically, in that fashion.
Matt Constable: This is a little bit of a graphic which sort of gives you a bit of an idea of how it all hangs together and it's not actually different from symmetric encryption. Matt Constable: In terms of the overall process that simplified process, other than to say, of course, that there are now two keys rather than one. Matt Constable: We have a plain text and we put it into our encryption over them in this case, I would say.
Matt Constable: This is ball folks so Okay, so he puts his point texting to either side, and he adds alice's public feature because he wanted to send the communication Kerry Ellis. Matt Constable: As you can see here. Matt Constable: Bob has a number of public keys on his public hearing Alice is one of them who POPs Ellis into the encryption over them with a plan takes. Matt Constable: i'm saying with the software texts everybody two minutes about the formulas at the moment because we're going to see more detail shortly any transmits at the Alice, on the other end she passes it through the decryption algorithm which again is our selling. Matt Constable: Product key in this time and.
Matt Constable: it's a plain text out the other side. Matt Constable: So that's encryption with a public key Bob is encrypted with alice's public key and it allows can decrypt because she's the only one, with the product. Matt Constable: On the other side, we can also encrypt the private key. Matt Constable: So in this case up here.
Matt Constable: Only thing tells us that says from Bob is why the medium pretense and say let's say Bob emails emails an encrypted message to. Matt Constable: The only way that Alice knows it's from Bob is because it comes from bob's email address, for example, but there's nothing in the cryptography which suggests that it's come from Bob because he's just encrypted with her public key and send it to Alice. Matt Constable: In this communication down here bomb encrypts a plane ticket with his private key so ostensibly according to the rules if bob's been a good boy and kept this product, a product. Matt Constable: Then he's the only one that can use that private key to encrypt the message, so when it's transmitted through Ellis doesn't matter how. Matt Constable: Be from any generic email, it could be downloaded from a website got it by ftp whatever it doesn't matter.
Matt Constable: If she can decrypt with bob's public key and she's assured of the validity of that publicly then she knows that that communication must have originated with Bob and so proves that Bob sent the communication tool so there's a couple of different ways in which you can look at it. Matt Constable: Either way, though, the public and private key must be kept secret. Matt Constable: Right.
Matt Constable: Conventional so symmetric versus public a symmetric so symmetric versus asymmetric. Matt Constable: If we look at 10 mental or symmetric encryption, in order to work, we just need a single key and an algorithm that is used for both encryption and decryption. Matt Constable: authentication Okay, and the algorithm must be shared securely so what that means is, we have to notify recipients of what algorithm we're going to use this confidentially. Matt Constable: That doesn't mean it can't be guest Okay, because there's only a limited number of algorithms but, most importantly, it has to remain secret Okay, we already know that.
Matt Constable: In terms of I symmetric encryption, we know we have a case and algorithms use for encryption and decryption so. Matt Constable: We don't really have two hours and we still use the same algorithm, but we have to keep things like and private and encryption and decryption as we just saw can be done with either one. Matt Constable: sender and receiver must each have a different one of them as period case so it's no good for example if I. Matt Constable: buy the equipment my public key and send it to you and you try to decrease my public key that's not going to work. Matt Constable: or vice versa, if I have my private key and you also and I send you my private key by mistake, you still you know you won't be able to do what on sending to you, so you must have my public key I must have my private key that has to be different, otherwise it won't work.
Matt Constable: In terms of what we need for security and symmetric encryption the secrecy, so the model, whereas I symmetric encryption, we need to secrecy in one case, in fact it doesn't work you've both keys are secret, but we must have secrecy of the private can. Matt Constable: With symmetric encryption an attacker or anyone. Matt Constable: know what is. Matt Constable: In the rhythm, so the symmetric encryption must be computationally and feasible at minimum to decrypt ciphertext so what that means is if someone doesn't know the key, it must be virtually impossible for them to decrypt ciphertext. Matt Constable: Whereas with a symmetric encryption, you have to know both keys so without knowing both keys the algorithm must be strong enough that it's virtually impossible to decrypt ciphertext. Matt Constable: And this case, they need a minimum both case in this one man and one code so there's obviously an elevated level of security.
Matt Constable: Knowledge of the algorithm plus the socket X not resolved in finding the case, so what that means is symmetric encryption must be written and the algorithm must be. Matt Constable: designed so that if you do have knowledge of the algorithm plus the ciphertext you can't reverse engineer it to find out what the key was. Matt Constable: Similarly, with asymmetric.
Matt Constable: If you have the algorithm one K, plus the ciphertext you can't take it all together somehow and come back and find the liquidity so so, for example, we know someone is intercepting in a transmission between myself and Guy. Matt Constable: They know we're using RSA they've got my public key which I know is going to be involved in it and they've got some ciphertext. Matt Constable: there's no way that they can put those three things together, and then find out what my private keys okay so that's why these systems are designed and if they don't meet those requirements, then their report and crunch and I. Matt Constable: thought, how do we apply this.
Matt Constable: In a little bit more detail, so these systems or asymmetric systems can be categorized as one of the following. Matt Constable: or use the one of the following ways really as one should be so we can encrypt or decrease, so this is the set a sender encrypted message with recipients public they. Matt Constable: And they encrypt it with a private key or vice versa, a encrypted with a provocation and recipient decrypted with the corresponding public. Matt Constable: They can also be used for digital signatures were a singer signed a message with their private Kenny. Matt Constable: And when the message gets to the other end that signature is compared or looked at within lot of the public key and if they match, then we know that that message is has been signed, and we can. Matt Constable: We can also use it for next time suicides cooperate to exchange a session key.
Matt Constable: Exchange, this is where we start to talk about using different hellman as an asymmetric algorithm to protect our symmetric key. Matt Constable: in transit, and this is actually what happens in St vpn you're going to say, and this all started getting really excited me, because this is my my first love really well on it from an IT perspective, and that is vpn tunnels okay we've got to Cisco routers we have vpn tunnel. Matt Constable: Now.
Matt Constable: With that tunnel first comes up but let's first, is that because tunnels can go up and down there, but the idea is, we want to keep it up all the time, but you know reboot happen interfaces go down is peace had failures, or some gems. Matt Constable: So sometimes it all has to come up again when that tunnel is first initiated defeat hellman in a lot of cannot all cases, but in other cases defeat hellman which is asymmetric is used to build take these symmetric a. Matt Constable: package package, it all up in a private message send it across to the other side, where the other side verifies that that symmetric so decrypted, if you like, the devi hellman looks at the symmetric key. Matt Constable: confirms that it's the same symmetric key that it has, and then the tunnel can come up on tech is great now that's really, really simplifying the process, but in a nutshell.
Matt Constable: that's what happens so deftly hellman is used to protect that exchange of a symmetric key. Matt Constable: In in that particular example and lots of other examples as well, so there's no need to you know shout out over a megaphone across the top of a building or send it by sneaker net. Matt Constable: Or you know carrier pigeon or smoke signals potential they have any product work now there is any right now it'd be able to decrypt them. Matt Constable: Is a number of different ways, you could potentially do it, that are not protected obviously lots of different words different home is one of the few ways that you can do it in a protective one.
Matt Constable: Some of our algorithms can be used for all three of these things here and others might only be used for one or two. Matt Constable: Okay, look at. Matt Constable: This nice little table here. Guy Coward: which gives before we do that man.
Guy Coward: First of all, my Morse code is terrible but I imagine that will be another one and. Guy Coward: we're getting a few people wondering if you can perhaps jiggle you might again we're having a few different experiences of your audio. Guy Coward: And I guess, I was, I can tell it's fine we'll see if we can just improve it a little bit.
Matt Constable: Okay i'll probably try to stay still. Matt Constable: On and you know i'll try save it till I get a meeting so. Guy Coward: I know it's and also people were very worried, is there, someone in the room, with you the recordings coming from the inside. Guy Coward: Was that siri.
Matt Constable: Now I know that was cheering. Matt Constable: Okay i'm actually yeah yes i'm actually turned off now. Matt Constable: Occasionally, for whatever reasons you. Matt Constable: know she pops up, so I turned off now sorry apologies to happen.
Guy Coward: that's fine something something in SA was in the chat so Tilbury. Matt Constable: they're not quite it's not quite as good as that might be. Guy Coward: Well, no. Matt Constable: I don't think I don't think i'd be looking at anything i'm doing well how. Matt Constable: We digress so if we have a little this table now, which shows for more common.
Matt Constable: My key systems, so we have RSA elliptical curve which Ferrara so we're going to talk about a lot more data elliptical curve, not so much, but you know that gives us room to expand with maybe another course around and the trackball leaves open to explore ITC five 930. Matt Constable: Different helmet we can have a quick look at and DSS which we don't look at. Matt Constable: And if you look at these things here, you can see the RSA can be used for all three of those purposes so encryption and decryption digital signatures and clicks down so it's an.
Matt Constable: elliptical curve as aside the helmet is only used for cake stage, like the example today and then DSS is only used for. Matt Constable: symptoms with sort of is given away by the fact that it yes. Matt Constable: Okay requirements now we're starting to get into a little bit of heavy stuff for the next couple of slides just get into the formulas and that, until we actually get to the good stuff I promise it's coming. Matt Constable: So what are, what must we have an isometric asymmetric encryption system, first of all, it has to be computationally easy generate a key pair so we've got to be able to generate a key beers easily without too much issue otherwise what's important. Matt Constable: Is the computation easy for a sender know as a public IP and the message to be encrypted then generate the corresponding soccer text so you've got to be able to if you've got a public game you've got a plain text message you want to crypto is going to be easy for you to encrypt it.
Matt Constable: It also has to be completely isolated easy for the receiver to then that's architects and using their public and the private key to decrypt it to recover the original message was. Matt Constable: pretty obvious, so there was you don't have that communication of it that it all goes patient. Matt Constable: However, it also needs to be competently and feasible for an adversary or attack or hacker or whatever you want to call them that if they know the public key then determine the private thing, and that was his back to what we just said on a couple of slides previously.
Matt Constable: It also must be computationally in feasible for an adversary tackle or hacker who knows the public B and has ciphertext then recover the original message, or indeed work out what the what the private key is again going back read just reiterating what we said a couple of slides back. Matt Constable: Of course it's important that both keys can be employed in either order so that is, we can recruit can encrypt with the kid doesn't matter. Matt Constable: Okay, in terms of attacking them.
Matt Constable: Public encryption scheme is vulnerable brute force attacks, so the countermeasure to this and you'll you'll see this sort of come down a little bit and Madonna. Matt Constable: enemies of this is us large case and the longer the key length more difficult it is to crack and then dude I think I might mention of a challenge in a few slides time and if I don't bring it up anyway, which will sort of illustrate what. Matt Constable: The case is has to be small enough, however, for practical encryption and decryption. Matt Constable: All this encryption decryption with a symmetric algorithms is based on prime numbers now, and you know, we know that numbers can go from the images can go from zero to infinity and beyond, to paraphrase number. Matt Constable: And so prime numbers can get massively huge and trying to put a couple of prime numbers together to encrypt something that you know results in the requirement for a lot of processing power and a lot of speed in your hardware or software in order to make that happen.
Matt Constable: So we have to have a case size it's small enough to still enable current systems to be able to do that well being large enough to prevent people from being able to close. Matt Constable: The case so as as that have been proposed resolving encryption decryption spades use life in general purpose here so it's not necessarily something you would use a. Matt Constable: In a building a vpn tunnel, because you don't want all that information you don't want RSI a slow RSI, for example. Matt Constable: i'm slowing down your transmissions across a vpn tunnel because it's having to encrypt and decrypt using these massive numbers for protection. Matt Constable: And that's why we use asymmetric encryption to hide the secrecy of a symmetric keys, but then, when we build a vpn tunnels, we use symmetric encryption because it's a heck of a lot quicker.
Matt Constable: Public encryption is currently confined to Kim anytime and signature application so we don't generally use it for our real time transmission protection of traffic. Matt Constable: So, in other words vpn talk technologies we don't generally use it, because it's just too slow, we can certainly use it to say encrypted emails or to encrypt files. Matt Constable: Or we can say he's a key management so giving hellman in that regard to our site or we're using it to provide digital signatures absolutely but for real time transmission of data, not so good to see.
Matt Constable: A lot of former of attack is to find some way to compute the private key given the public key. Matt Constable: Eight it hasn't been mathematically proven that form of attack is in feasible for particularly public key algorithms so. Matt Constable: it's possible but very, very unlikely hasn't been proven that doesn't seem feasible but it's it's difficult very difficult. Matt Constable: And then lastly there's a probable message attack, which is is just about having an understanding of what could be in the message and using that as a bit like they did with enigma and using that as a way to try to.
Matt Constable: I guess, if you like, or or break down the actual encryption and again this is, this is a pretty difficult thing to do. Matt Constable: Now, but its water, as I say, lovely well its water by a pending random bit too simple messages, so I just put pending basically on the end to fill out things to make it seem more difficult actually means. Matt Constable: So the RSI your algorithm in closer to the good stuff these three gentlemen here are in fact the are the S and the eye so Shamir arriviste Shamir and element. Matt Constable: factoring is important content within the RSA algorithm, so we need to think about from there, if we take 24 as an example. Matt Constable: How many different ways, can we factor 24 so if we just divided by two for staff we come up with 12 1224 divided by two is 1231 factor. Matt Constable: Within divided by two again and we get six so this time we've done to devolve by to divide by two to six divided by two divided by two by two again gives us three we divide by two by two by two and then by three and we left with one.
Matt Constable: Yes, this down here now represents what's called a prime factorization because it's as far as we can go, we can only ever go to 1000 God, so in this case 24 can be affected in this particular life. Matt Constable: There are otherwise we can divide by 644 can also do that at the end, we were always going to arrive at one so that's one particular way, we can fact the 24th. Matt Constable: Book spin off laser pointer.
There we go. Matt Constable: Okay let's take a larger number. Matt Constable: Six Day. Matt Constable: Let me get through the same process of factorization divided by two we're left with 128 we divide that by two. Matt Constable: divide that by two equally split of all by through we give us know and we divided by three again you get the three by three again we get one Okay, so that then gets to our prime factorization a tour in six days or 12345 and six steps yeah, of course, we can do the same. Matt Constable: Again, to our numbers, you know millions billions trillions it just takes more time.
Matt Constable: What about 4193 okay now i'm not gonna sit here and do it because you will fall asleep but it's it's supposed to say it's not so easy when we can do it because it's only 4193 and we can see them, we could go through developer to. Matt Constable: divide by one of the biggest factors first and why we go, so we can do it, but it would be. Matt Constable: difficult.
Matt Constable: And this is. Matt Constable: This is the reason, this one is so difficult looking at different example, the reason, this one is so difficult because. Matt Constable: For all night three is actually the product of two phone numbers up 4799 so previous technique would take a while to work out. Matt Constable: Okay, it just we couldn't do it to send a list of all of my to my survival is kind of odd for 183123 you can try for where you could try follow the controller six eventually you're going to get the 47. Matt Constable: And you're going to do it it's the first time you're actually going to be able to respond. Matt Constable: So you could eventually do it, but it will take us a while to work through that unless of course you just happen to guess let's talk 47 old startup it, you know, on and there's probably people listening, who may have excellent straight away, and if you have my back down to.
Matt Constable: Doing therefore isn't as easy as it seems, and this is where the strength in RSA laws. Matt Constable: And because they use massive problem numbers, so a prime number, remember, is a number that. Matt Constable: is only really divisible by itself or one.
Matt Constable: evenly so nothing else can develop. Matt Constable: Until using those really large prime numbers mike's factorization of the keys. Matt Constable: very, very, very difficult. Matt Constable: But you think if, for example, we were trying to generate these that using prime numbers, then things would fall apart very easily and do be quite easy to use use basic mathematics and anyone can do to be able to find out what was going on. Matt Constable: Here, this is going to talk about our site challenge which ranking morning, only one to 2007 the guys that came up with RSA decided that it was a little bit of tones and say. Matt Constable: what's the longest possible key length that we could use and all that sort.
Matt Constable: They defined a number of different carrier legs quite a lot of key links and send to people right see if you can break those so I can't remember what the key link started at but, for example, RSA 200 as a publicly 200 pages long, because he said 200. Matt Constable: Is 10 digits long cortices you've converted into barner as we spoke about last week to be able to factor. Matt Constable: Our say 200 actually uses these two prime numbers here.
Matt Constable: As you can see, and really they're not even phone numbers that are really happy okay they're not really they're huge. Matt Constable: But I will say 200 was successful in Bergen someone actually work out how to factor worked out the two numbers that will multiply together get that public key pretty impressive. Matt Constable: So that was 200 digits on. Matt Constable: Our site 2048 so 2048 is the number but it's 617 digits long.
Matt Constable: So that's basically it then there was a 200 zero missing $100,000 us would offer to anyone who could break that. Matt Constable: And that is still affected the end of the challenge in 2007 and in fact it's still on track that down and no one has been able to. Matt Constable: factor is this particular looking for haven't been able to find out what the prime numbers, we used create this publicly. Matt Constable: So it's pretty impressive that's been since 1991 that's 30 years and still no one has been on the browser.
Matt Constable: And as we've I think we've said in week one and secure today does not mean secure for him, but it's doing a pretty good job, as it is now. Matt Constable: Alright, so our service Jimmy has been built in 77 at the Massachusetts Institute of Technology and is now the most widely used general purpose approach the public key encryption. Matt Constable: it's a thought, from which plain text, and so it takes that into choose between zero and a minus one for some number of him, and also look at what that sort of means is we get on next few pages.
Matt Constable: Typical software in is 1024 bits at a typical he saw us for 309 digits realistically, though, if we're using Monty was less than 2048 it seemed to be not secure, but if it's 2014 is greater than seem to be secure current on with current technology. Matt Constable: Now I say makes use of an expression with a financials. Matt Constable: And we'll see what that means you're paying taxes encrypted in block block having a binary value less than some numbers so m must be list in, and this is important for later, when we look at our example, and when you look at the example in the spreadsheet but i've got up on moodle because. Matt Constable: there's certain cases in which now i'll do a demonstration, later on, but there's certain cases and we see encryption will break down if your number is not larger than the message itself, and this is not an all exploding more data what that means, when we get the table.
Matt Constable: Encryption and decryption I one of the following form so for some plain text called em and a software called see. Matt Constable: The cipher text equals a plain text rise to the encryption key mode in. Matt Constable: Okay, so we're doing a module and mathematics again where we're dividing by this key length and whatever the remainder is is what the cipher text is. Matt Constable: plain text message if you want to get that back equals the cipher text raised to the decryption key could be the public or private, depending on what which way you're going to do. Matt Constable: module again, which then factors out to m ED mode in. Matt Constable: The sender and receiver mustang value events they're going to be using the same piece on.
Matt Constable: The tender knows the value of the encryption key whether that's public or private and receiving those value of the again the decryption key public or private, depending on which way we can. Matt Constable: So a public key encryption algorithm the public key of per year equals been product your PR equals dance all that saying is D is, in this case and talking about the product T isn't talking about the public can. Matt Constable: be useful encryption, it must be possible to find the values of the dnn fact that. Matt Constable: The message rice, the pair of encryption and decryption cream bought in is equal to the message being less than in again just show you what that means in a second. Matt Constable: It also has to be relatively relatively simple to calculate both encrypted plain text Madame and encryption mode in of the cyber text for all values.
Matt Constable: Of message text which are less than, and so what that basically means is it's going to be simple to encrypt and decrypt all the valid values of in. Matt Constable: Is it feasible to determine the decryption key given the encryption key and the algorithm for that they became. Matt Constable: Okay. Matt Constable: Which we've already spoken about. Matt Constable: degeneration okay before the application, the public key crypto system each participant mass general appear as we need to determine. Matt Constable: Fine, to prime numbers perfectly really big one, and we call them paying to within select either the encryption or decryption key and we calculate the other and we'll see in our example we do that.
Matt Constable: The value of n equals a times Q will be known to any potential adversary chosen problems must be from a sufficiently large set. Matt Constable: And we know that in will equal P times queue up we don't have to sufficiently if we have two tiny numbers tiny prime numbers, it becomes really easy to break and guess. Matt Constable: The methods for 48 large PRIMES must be efficient and we've got to be really efficient and being able to generate these large phones. Matt Constable: So this is sort of a bit of a nutshell, on what we're what we've spoken about, so if I was wants to generate a case, yes to select into which are both porn and pay cannot equal to, so we don't use the same problem number three, for example, we wouldn't use three times through. Matt Constable: That would be ridiculous within calculate the value of their, which is the multiplication of the two phone numbers together. Matt Constable: We then calculate something called the four number, which is basically.
Matt Constable: A modest one multiplied by coupons one and we'll see where that comes in a minute. Matt Constable: We then select the integer or the encryption key. Matt Constable: Based on the following parameters okay so five in an e equals must equal one, and he has to be greater than one but less than the five him if it's not. Matt Constable: it's not going to mathematics, are going to work within calculate out about it, based on this particular formula here, and then we end up at the public and private key, which of course is a, that is what this through this formula here and in. Matt Constable: Here the private keys be calculated here and in calculated update.
Matt Constable: Their encryption by Bob with alice's public key important thing to remember is that what if Bob encrypts, it must be less than the value of aim and we'll see why that's important in a minute. Matt Constable: So perfect formula is there became will go through that in our example and we decrypt using the opposite method. Matt Constable: Okay, the security of our side let's get through this quickly, there are four other possible approaches to attacking our side.
Matt Constable: So they are hardware thought buys to text, which involves actually introducing hardware faults, you can to the machine or the device that is generating the digital signatures. Matt Constable: We can do the chosen to architects attack, so in this case we are trying to exploit visit the actual algorithm so we can do a brute force attack which in trials involves trial small product case you've got to be prime numbers, good luck, without attacking. Matt Constable: Is mathematical tax several approaches, but all equivalent in effort to trying to fact that the public key into it separate problems so trying to find out what the result what P into you are basically.
Matt Constable: And then the timing X, which is really dependent on how long it takes for the algorithm to decrypt ciphertext and making some assumptions or finding out some information about killington algorithm us based on. Matt Constable: The timing of the actual decryption process, which again is quite a complex thing to try and. Matt Constable: Breaking our say classical computing. Matt Constable: stuff confused, we have now systems that we have now would potentially take around 300 trillion, he is to break our say 2048, what do you think about that brings new meaning to the Fries computation and feasible 300 trillion years. Matt Constable: No, not at all. Guy Coward: I was gonna say its advantage, those that accepted mortality at 90.
Matt Constable: Does he do he might actually lead to see the breaking in our day to. Day. Matt Constable: Apparently, apparently, theoretically, a quantum computer with. Matt Constable: Perfectly stable cubits codebreaker RSA to fit in 10 seconds, however, unfortunately we don't ever call them computer this anywhere near that. Matt Constable: in existence at the moment, so. Matt Constable: it's kind of evolved it's less than 82 bits I think it's around about 76 or 78 or something like that.
Matt Constable: So it's now we nia and and, in addition, these cubits are not perfectly stable, which I would have to be in order for us to break it in this 10 second time. Matt Constable: But certainly there are also additional year issues which coherence time, but we were talking about some stuff with way out of the scope of this course, and indeed way of escape of the capacity of my cranium. Matt Constable: So let's have this is going to be interesting, I just hope this works or how about I miss something up here so we're going to try and do some RSA by hand, and this is what. Matt Constable: You guys actually going to try to attend using a spreadsheet and tough on me and also how this works and, hopefully, you find it fascinating because it's quite interesting, even if you're not in the math. Matt Constable: Right we're going to generate a key right So the first thing we need to do, you need to put. Matt Constable: Some problem numbers and normally we want these to be as big as possible but because my brain is small and I can't comprehend using massive problems i'm going to use small problems so three and 11.
Matt Constable: yeah i've got the note on purity want from me, by the way, point primitive what was the generation of random numbers Okay, and this is what we use random generation numbers for generate these crohn's because as humans, we would take a very long time to come up with tons. Matt Constable: of terrorism three and eight to 11. Matt Constable: And we multiply these get as you saw in the previous formulas to get to pay for him, three times 1133 okay pretty easy right within if they calculate this thing called the five function or less question. Matt Constable: And we simply do that by. Matt Constable: clicking on this one multiply by two minus one so it's been more point here so three minus one is to 11 minus one is 10 little positive together and you're left with 24 your father function.
Matt Constable: right if the various tasks give you more interesting. Matt Constable: When you have to calculate air encryption key, but we have to. Matt Constable: Think about it in two ways there's two things we have to do first of all, we have to choose and encryption key is greater than one because it was one that would be a pretty easy you know mathematic thing. Matt Constable: But it's also going to be less than. Matt Constable: The foreign function it's going to be less than 20 in this particular case, but.
Matt Constable: In addition, it has to be time with in the five the five things that has to be current problem with the 33 and 22 What this means is numbers a coupon if they don't share common factor for them one because everything can be divided by one. Matt Constable: And then, this nice little table to the right here till their veins that because l five function. Matt Constable: Is 20% in all the values between one and 20 pretty straightforward and this is another reason why we use small numbers in these examples so we've got to pick the encryption or not so much looking for encryption key now because i've already got another one. Matt Constable: and its current prime we've in which is 33 and the father function, which is 20, we have to find a number that doesn't share any common factors other than one with 33 and 20 from these failures here.
Matt Constable: Right Kevin one obviously common. Matt Constable: Read numbers i've done the work for you, not a problem so that is these big numbers share some fact out with the the 33 or 21 I mean so, for example, for you. Matt Constable: obviously shares by an additional factor of one with 20, which is of course itself. Matt Constable: Only three, it is a factor itself with 33 for me divisible term which, of course, is the fact that also 20 the red numbers rule and children. Matt Constable: Were numbers, whoever is what we're looking for the other numbers that are on there, the numbers you don't share any common factor with 33 or 20 i'm just thinking.
Matt Constable: that's how it is wrong. Matt Constable: About a mistake, it was mistaken right but. Matt Constable: To make things simple for ourselves and we're going to use Center because it's the last number, we can pick and therefore mike's Ms really easy because I don't want us to sit here and. Matt Constable: calculate. Guy Coward: yeah and we're getting some people saying 11 should be read.
Matt Constable: Well that's all we're thinking 11 should be read as well because it's yes indeed yeah because that's what I was thinking now so 713 seven in annoyed so Mr on their bodies, but seven is definitely Cobra. Matt Constable: And that's the one we're going to use. Matt Constable: Because it's easier for me to the next slide. Matt Constable: You know, we have to nearly have to choose the decryption key so we've got a in which is 33 we've got an encryption cave which we picked from seven based on the fact that it has to be last one and listen for them and also has to be co prime eccentric cetera etc. Matt Constable: And then we have to choose to the kitchen case that's that's the mode for n equals one. Matt Constable: Okay, so what that basically means is, we have to find do so, we have to transpose this particular formula.
Matt Constable: down in the spreadsheet for you, but I haven't done a few yeah basically this table here is a value is all the values of. Matt Constable: for doing based on these values here seven and the five, in which is 20. Matt Constable: Okay, so this is the time which is going to all those numbers bring in there, and hopefully what you'll notice is that they repeat.
Matt Constable: At a certain stage they start to repeat we've got 07481 815 296 and 310 you can read, but you can see that at some stage when they get back to zero, they will then start to repeat. Matt Constable: And that's a mathematical function, based on the values that will change, based on the values that you for your Prime numbers. Matt Constable: Obviously, if you've got some really large prime numbers it's going to have a lot of values in between the repeat, so it becomes more difficult to factor into an was even from that perspective. Matt Constable: Now we're going to keep it simple again and we will choose number three Now I know which is we're saying three it's a third position but and numbering starts at zero.
Matt Constable: So we've got position 0123 square number three will come from so first one is in the third position, assuming that numbers start zero and in this case i've gone up and down columns are going from top to bottom, rather than left around. Matt Constable: So public be in becomes be in which is seven which returns on the last slide and 33 and our private key becomes three, which is chosen and 33, which is in the now we're ready to encrypt and decrypt. Matt Constable: enough now is pretty simple my previous slides, we know that encryption uses this formula encryption uses this formula, and we also now have the required case so let's get on with it. Matt Constable: We have the plain text or m equals two secret now, before we can encrypt it, though, we need to convert. Matt Constable: numbers, so we need to convert our sacred decimal numbers, so if we just really simply and we run it off of it. Matt Constable: And then underneath it we assign them each individual numbers secret becomes.
Matt Constable: As becomes 19 he becomes for say become three so on and so forth, so in some all we have 1943 18 five and 20 is our plain text message. Matt Constable: Now of course in in real encryption algorithms and then convert that the binary and and do a post on that, but we're just going to keep it simple because we work better in decimal. Matt Constable: Now we can encrypt. Matt Constable: And we do that, using this we use the formula ciphertext equals the plain text raise to the power of encryption key more N, like the or encryption keys second and third, and so our encryption looks like this.
Matt Constable: We have an alphanumeric code again secret, we have our plain text. Matt Constable: decimal digits we could just come up with within have the decimal digits race apparently encryption key. Matt Constable: And then we do a module and mathematics within so what that saying is we're dividing this value by 33 because that's in value and we're writing down what the remainder is so this number. Matt Constable: divided by 33 leaves 13 behind and so on this number divided by 33 lives 14 this number divided by 33 leaves no stone circle and then this value becomes airsoft protect going to solve it takes then becomes 3049 614 and 26 so that secret. Matt Constable: In ciphertext further than to go back and compare that the values now. Matt Constable: off the table so here within for that, if we come up with something nonsensical that would make sense to.
Matt Constable: So that's pretty easy. Matt Constable: And I had a bit of a tricky up. Matt Constable: The good thing about using. Matt Constable: they'll say I think in the. Matt Constable: altar you know momentum, so I think in the spreadsheet or use different values and actually comes up with an end, one of the days or years came up with an end of.
Matt Constable: Our camera was on the 20 anyone, and so the encryption once the plain text gets above whatever it is, then the encryption actually bronx. Matt Constable: And in So if you play around in the spreadsheet you'll actually see that happening so that's what I do have a small problems but it's good to give us the you know, the idea of what's going on. Matt Constable: So for now encrypt. Matt Constable: So we've got secret or Alpha and we've got now we've transposed from this table, and so it takes and we put it into this column here. Matt Constable: Within rise itself, it takes to the pair of the decryption key in this case three we divided by 33 and then, whatever the remainder is is what we've got left Okay, so we were 97. Matt Constable: divided by 33 losers who's 19 so on and so forth.
Matt Constable: long story short, what we end up with is this. Matt Constable: All in one place, so we start with secret we encrypt. Matt Constable: Sorry we're going to apply in tech space we can do it in the decimal, which would then also everything would be obviously converting the binary for the algorithm itself. Matt Constable: that's what we get we pass it to the encryption algorithm rising it a pair of encryption key and use a module Smith and we get the further text.
Matt Constable: Within passing through addiction, using a decryption key and we yield the same plain text again condoning it from decimal back into alphanumeric Alpha and we get the same message approves now encryption and decryption works from a mathematical view. Matt Constable: Right nice simple example that actually works. Matt Constable: Well, that was huge problem numbers and you don't have a lot more trouble doing it by hand. Matt Constable: So now Lastly, I just want to call before we get on to some other stuff just talk quickly about defeat hellman. Matt Constable: Because spoke about our assignment done Samira say not to prove that that algorithm actually works different hellman's a different asymmetric encryption over that we know from our table we're going to run in the session saying that it's only really used for key management.
Matt Constable: It was in fact the first published public key algorithms so before, because it was 76 before RSA 77. Matt Constable: And there are still there are lots of commercial products that use this as a cage stands system, so any other sort of worked on Cisco routers before and vpn tunnels, in particular, if you hellman is one of the ways, one of the more popular ways of doing this exchange keys. Matt Constable: And the purpose of it is to enable the security kind of symmetric keys.
Matt Constable: and be used for symmetric encryption and this case we're building a vpn tunnel near symmetric encryption because it's faster are now asymmetric encryption is slow, but we use defeat hellman and this goes to protect their symmetric key while we are sharing it because I link. Matt Constable: over them itself if he held him, that is, is limited clicks turned in secret values Okay, so we encrypt something we exchange it decrypt it Ted. Matt Constable: Talk that each thing that's looking to us for just cage Downs and effectiveness on of it depends on the difficulty of computing screwed logarithms okay sounds a logarithmic based over.
Matt Constable: In a quick example using good ol Bob analysis again allison bomb share a prime and an alpha starts at the Alpha is less than Q and alpha is a primitive root of Q, which is a pretty complex way of thinking medically putting something. Matt Constable: Anyway, we're sharing these two numbers to alpha. Matt Constable: have to worry too much about the math of it really because we're looking at home and told my. Matt Constable: boss generates product at X, to the I said X I is less than two.
Matt Constable: allison calculator wiki why that's that alpha the X, I want you a multiple of i'm not. Matt Constable: Saying and then Center. Matt Constable: But basically goes through the same process sentence Alice Alice then okay like to shared secret a Bob calculates the same shared secret key and they've got their secret okay so exchange it's a it's been decrypted it understood everyone's happy.
Matt Constable: So that's I mean that's a pretty complex way of putting it but that's why works. Matt Constable: If we have a man in the middle of town spoke RON Paul he's always getting a bad rap he actually wasn't that bad so office in between else Bob. Matt Constable: And what he's showing as he's trying to grab hold of these caves and he's trying to basically perform some sort of crypt analysis attack on the point is, you know all the time he finds it.
Matt Constable: it's completely feasible, being an isometric algorithm now the properties that you can also require it to be easy to generate keys, but really difficult to find keys or factor all is, if you know we know, even if we know one K, plus a song or text or any combination of the algorithm. Matt Constable: But this is basically deciding that office sitting there in the middle into sips of keys think it hit the timeline of them because it's just too difficult he hasn't got. Guy Coward: sucked into.
Matt Constable: that's exactly right. Matt Constable: He hasn't got. Matt Constable: These quantum computer with 4099 stable cubits he just can't do it in less than.
Matt Constable: 300 trillion Elijah exactly. Matt Constable: And you think a man who was capable of running the death star. Matt Constable: would be able to come up with a quantum computer with 4000 tickets, but, alas, he didn't get that far. Matt Constable: But because of that.
Matt Constable: he's in a whole world of pain, he can't find it, you might as well, is probably better off going to the you know, protect animals for Bob and trying to find out what their messages because he's sure as heck not doing it for crypt analysis. Matt Constable: All right, let's define hellman really simple term so. Matt Constable: The key the key a heart isn't really again the point to get out of that. Matt Constable: Is that it's an isometric algorithm that's used just for K sense that's all it does it's not useful for anything else you can encrypt and decrypt messages with it. Matt Constable: You can't use it for installing sending to you can only use it to protect to use more your symmetric keys, while you're sharing that's it that's it for me that's what's best. Matt Constable: Okay, all right, however, you said, it is a great technologies or secure communications using asymmetric public key encryption.
Matt Constable: It provides us with confidentiality and encryption integrity through passing. Matt Constable: authentication so that is it's confirmation of parties in the communication through our digital signatures and housing insurance. Matt Constable: And non repudiation also from, so it is because not affiliation means that a singer or a receiver of the message cannot deny that the visa sent or received it in the future, because of the fact that we use these teenagers. Matt Constable: As a quick little video here we're going to play for you and it gives you a real break down really good break in a page a la be five minutes, so all. Matt Constable: funky quiet and hopefully my share I have shared this out, so you should be able to hear this video now what if you care and already started so five minutes just have a listen to this explanation here.
Guy Coward: The KPI or public key infrastructure is defined as a framework for managing digital certificates encryption keys and everything in between it's, the most important term in the cyber security world let's take a closer look at it, to understand why in this. This video will take a look at the basics of public key cryptography how it works and the role digital certificates play in enabling pk I. The primary role of pk Ai is to establish identity and encrypt data flowing across the network god's protecting sensitive information from being accessed.
Guy Coward: test by unauthorized parties public key cryptography is the system that makes this possible. Guy Coward: It does so by employing a two cases dumb that makes it possible for both parties to verify each other's identities and then establish an encrypted connection between each other. Guy Coward: you'll understand this better with an example assume you're trying to connect to a website from your computer. Guy Coward: what actually happens here is your browser attempts to establish a connection with the Web server that hosts the website. Guy Coward: However, your browser must first verify the authenticity of the Web server to ensure that the website is truly what it claims to be after all you don't want to end up on an illegitimate copy of a website that could be. Guy Coward: Your personal information, the authentication process relies on asymmetric encryption, which is where the two key system comes into play.
Guy Coward: Any entity on the network which leverages encryption possesses a public key and a private key. Guy Coward: You can think of a key as an encryption tool, something that transforms plain text to ciphers and vice versa. Guy Coward: In the case of asymmetric encryption anything encrypted using a public key can only be decrypted with the corresponding private key and not with a copy of the same public key. Guy Coward: let's take a look at how they work in our browser web server example. Guy Coward: First, your browser request the server to present its public key public key information is accessible online and is not secret.
Guy Coward: The server complies by sending the browser a copy of its public key and the browser uses it to encrypt a temporary session key which it sends back to the server. Guy Coward: Now, if the Web server is legitimate, it will possess a secret private key that corresponds to its public key which can be used to decrypt the session King once it informs the. Matt Constable: or just the interrupter on that one so that's talking about well could typically talking about our assign this particular example but that's exactly what if you help us as well there's encrypted session. Matt Constable: browser that it has succeeded in doing so the browser takes it as a confirmation that it is legitimate and opens up an encrypted communication Channel with it. Matt Constable: This entire process ensures that any unauthorized third party cannot intercept this communication channel without possessing the designated keys. Matt Constable: However, there's a loophole in this system, what if a hacker was masquerading as the Web server after somehow obtaining its public and private keys or your browser would be incapable.
Matt Constable: of verifying ownership of the initial private key transaction without some additional information to do s
2021-10-08