RSA

RSA is a best known and widely used public-key scheme by Rivest, Shamir
and Adleman of MIT in 1977.
The RSA scheme is a cipher in which the plaintext and ciphertext are integers
between 0 and n - 1 for some n. A typical size for n is 1024 bits. Encryption is
denoted by E and decryption is denoted by D, plain text is denoted by M and
ciphertext is denoted by D.
Public key:
PU={e,n} Private
key: PR={d,n}
Both the sender and receiver must know ‘n’. The sender knows ‘e’ amd the receiver
knows ‘d’.
The requirements to be satisfied by the algorithm are
(i) It is possible to find values of e,d and n such that Med = M mod n for all
M<n.
(ii) It is easy to calculate t Me and Cd for all values of M<n
(iii) It is infeasible to determine d given e and n.

Key Generation
Select two prime numbers p and q,
where p ≠ q Calculate n = p*q
Calculate φ(n) = (p – 1)(q – 1)
Select e such that e is relatively prime to φ(n) and less than φ(n).
Calculate d such that de ≡ 1 mod f(n) and d<f(n). d is calculated using
extended Euclid’s algorithm.
Encryption
Plaintext: M<n
Ciphertext: C = Me (mod
n) Decryption
Plaintext: M = Cd (mod n)

Example:
 Choose p = 3 and q = 11
 Compute n = p * q = 3 * 11 = 33
 Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
 Choose e such that 1 < e < φ(n) and e and n are coprime. Let e = 7
 Compute a value for d such that (d * e) % φ(n) =
1. One solution is d = 3 [(3 * 7) % 20 = 1]
 Public key is (e, n) => (7, 33)
 Private key is (d, n) =>
(3, 33) The encryption c=
𝑚𝑒mod n
 M=2
C = 27 % 33 = 29
The decryption
M=𝐶𝑑mod n
C = 29
M = 293 % 33 = 2
 DIFFIE – HELLMAN KEY EXCHANGE
The purpose of the algorithm is to enable two users to securely exchange a key
that can then be used for subsequent symmetric encryption of messages. The
algorithm itself is limited to the exchange of secret values.
Alice and Bob share a prime Alice and Bob share a prime
number q and an integer α, such number q and an integer α, such
that α <q and α is a primitive root that α <q and α is a primitive root
of q of q

Alice generates a private key Bob generates a private key

XA such that XA<q XB such that XB<q

Alice calculates public key YA = αXA mod q Bob calculates public key YB = αXB mod q

Alice receives Bobs public key YB in plain text Bob receives Bobs public key YA in plain text

Alice calculates rhe shared secret Bob calculates rhe shared secret
key K = (YB)XA mod q key K = (YA)XB mod q

For this scheme, there are two publicly known numbers: a prime number q and an
integer that is a primitive root of q.
Suppose the users A and B wish to exchange a key, user A selects a random
integer XA < q and computes YA = αXA mod q.
Similarly, user B independently selects a random integer XB < q and computes
YB=αXB mod q. Each side
keeps the X value private and makes the Y value available publicly to the other
side. User A computes the key as K = (YB)XA mod q
User B computes the key as K = (YA)XB mod q.

These two calculations produce identical

results K = (YB)XA mod q
= (αXB mod q) XA mod q
= (αXB) XA mod q
= αXBXA mod q
= (αXA)XB mod q
= (αXA mod q)
= (αXA mod q)XB mod q
= (YA)XB mod q
 Example:
Prime number, q=353
ὰ=3
A’s private key, XA =
97 B’s private key,
XB = 233
A computes its public key, YA = 397
mod 353 = 40. B computes its public key,
YB = 3233 mod 353 = 248.

After they exchange public keys, each can compute the

common secret key: A computes secret key, K = (YB)XA
mod 353 = 24897 mod 353 =160.
B computes K = (YA)XB mod 353 = 40233 mod 353 = 160.

Man-in-the-Middle Attack
The protocol is insecure against a man-in-the-middle attack. Suppose Alice and
Bob wish to exchange keys, and Darth is the adversary. The attack proceeds as
follows:
1.
Darth prepares for the attack by generating two random private keys XD1
and XD2 and then computing the corresponding public keys YD1 and YD2.
2.
Alice transmits YA to Bob.
3.
Darth intercepts YA and transmits YD1 to Bob. Darth also calculates
K2=(YA)XD2 modq.
4.
Bob receives YD1 and calculates K1 =
(YD1)XB mod q. 5.Bob transmits XA to Alice.
6.
Darth intercepts XA and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1
mod q.
7.
Alice receives YD2 and calculates K2 = (YD2)XA mod q.
At this point, Bob and Alice think that they share a secret key, but instead
Bob and Darth share secret key K1 and Alice and Darth share secret key
K2.

All future communication between Bob and Alice is compromised in the following
way:
1.
Alice sends an encrypted message M: E(K2, M).
2.
Darth intercepts the encrypted message and decrypts it, to recover M.
3.
Darth sends Bob E(K1, M) or E(K1, M'), where M' is any message. In the
first case, Darth simply wants to eavesdrop on the communication without
altering it. In the second case, Darth wants to modify the message going to
Bob.

This vulnerability can be overcome with the use of digital signatures and public-key
Certificates.
 ELLIPTIC CURVE CRYPTOGRAPHY [ECC]
Elliptic curve cryptography [ECC] is a public-key cryptosystem. Every user has a
public and a private key.
– Public key is used for encryption/signature verification.
– Private key is used for decryption/signature
generation. Elliptic curves are used as an extension to other
current cryptosystems. ECC- Algorithm
Both parties agree to some publicly-known data items
Therefore, the elliptic curve equation y2 = x3 + ax + b
mod p and values of a and b such that 4a3 + 27 b2 ≠ 0
The elliptic group is computed from the elliptic curve equation A base
point, G, taken from the elliptic group
Each user generates their public/private key pair
Private Key = an integer, x selected from the interval [1, p-1]
Public Key = product of private key
and base point (Product = x*G)
Example :
• Suppose Alice wants to send to Bob an encrypted message.
– Both agree on a base point, G.
– Alice and Bob create public/private keys.
Alice : Private Key = nA
Public Key = PA =
nA * G Bob : Private
Key = nB
Public Key = PB = nB * G
Alice takes plaintext message, M, and encodes it onto a point, PM, from the elliptic
group.
Encryption : Alice choose another random k value from { 1,2,
… p-1 } Cipher text : Cm = { KG, Pm + KPB }
Decryption : by Bob
Take the first point from Cm - KG
Multiply KG and private key of Bob : Product = nB KG
Take the second point from Cm and subtract the
product from it Pm + KPB - nB KG
Substitute PB = nB * G
Then Pm + K nB * G - nB KG = Pm

ECC is particularly beneficial for application where:

• computational power is limited (wireless devices, PC cards)
• integrated circuit space is limited (wireless devices, PC cards)
• high speed is required.
• intensive use of signing, verifying or authenticating is required.
• signed messages are required to be stored or transmitted
(especially for short messages).
bandwidth is limited .
 X.509 AUTHENTICATION SERVICE

ITU-T recommendation X.509 is part of the X.500 series of

recommendations that define a directory service. X.509 defines a framework for
the provision of authentication services by the X.500 directory to its users. The
directory may serve as a repository of public-key certificates of the type.
Each certificate contains the public key of a user and is signed with the
private key of a trusted certification authority. X.509 certificate format is used
in S/MIME, IP Security, and SSL/TLS and SET.
X.509 is based on the use of public-key cryptography and digital signature
algorithms. Figure illustrates the generation of public key.

Certificates
Figure shows the general format of a certificate, which includes the following
elements: Version:
Differentiates among successive versions of the certificate format; the default is
version 1.
Serial number: An integer value, unique within the issuing CA, that is
unambiguously associated with this certificate.
Signature algorithm identifier: The algorithm used to sign the certificate,
together with any associated parameters

Issuer name: X.500 name of the CA that created and signed this certificate.
Period of validity: Consists of two dates: the first and last on which the certificate
is valid. Subject name: The name of the user to whom this certificate refers. That
is, this certificate certifies the public key of the subject who holds the
corresponding private key.
 Subject's public-key information: The public key of the subject, plus an identifier
of the algorithm for which this key is to be used, together with any associated
parameters.
Issuer unique identifier: An optional bit string field used to identify uniquely the
issuing CA in the event the X.500 name has been reused for different entities.
Subject unique identifier: An optional bit string field used to identify
uniquely the subject in the event the X.500 name has been reused for different
entities.
Extensions: A set of one or more extension fields.
Signature: This field includes the signature algorithm identifier.

The standard uses the following notation to define a

certificate: CA<<A>> = CA {V, SN, AI, CA, TA, A,
Ap}
The CA signs the certificate with its private key. If the corresponding
public key is known to a user, then that user can verify that a certificate signed
by the CA is valid.
Obtaining a Certificate
User certificates generated by a CA have the following characteristics:

Any user with access to the public key of the CA can verify the user
public key that was certified.
No party other than the certification authority can modify the certificate
without this being detected. Because certificates are unforgeable, they can be
placed in a directory without the need for the directory to make special efforts
to protect them.

Certificate Revocation
Certificates have a period of validity.
May need to revoke before expiry, eg:
 User's private key is compromised
 User is no longer certified by this CA
 CA's certificate is compromised

CA maintain a list consisting of all revoked but not expired certificates

issued by that CA, including both those issued to users and to other CAs.
Each certificate revocation list (CRL) posted to the directory is signed by
the issuer. When a user receives a certificate in a message, the user must
determine whether the certificate has been revoked. The user could check
the directory each time a certificate is received.

Entity Authentication Protocols

Entity authentication in today’s IT [W11] security industry is used as
one part of a security system to verify that an entity actually is who or what
they claim to be prior to allowing them access to secured information or into
a secured area. Entity authentication, whether cryptographic, biometric or
otherwise, is a major part of today’s IT security industry. As a result, there is
much development in the field, leading simultaneously to both rapid
advances and a pronounced need for IT security standards focusing on
interoperability and the latest secure mechanisms.
The simplest example of this is when somebody fills out a username
and password to log into their account on a website. Their username is a
claim to an identity and their password, presumably known only to them,
serves to verify their claim. While this appears simple to the user, there is
quite a lot going on behind the scenes. Accommodating this variety within
the IT security industry, different IT security standards have been published
to address different implementations of cryptographic entity authentication.
Entity authentication protocol mainly deals with the password,
biometric and challenge- response based schemes. Where password
authentication is a conventional scheme and it has a ‘user id’ and a
‘password’. User id acts like a claim and password as evidence supporting
the claim. Biometric features [SARA11] like fingerprint and iris etc. are also
used to provide security to the network users. Challenge-response scheme
[CHALL] is a family of protocols in which one party presents a question
(‘challenge’) and another party must provide a valid answer (‘response’) to
be authenticated.

Password-Based Authentication Protocol

 Password system [ADAM99] is the oldest and the most popular
authentication scheme used in the modern world. Authentication systems
work with password systems to make sure the users are who they say they
are. Depending on the kind of password system used in authentication
systems, the password files containing the master list of all passwords on an
intranet can be plain text or encrypted.
Most attacks occur because an unauthorized person has managed to
discover an authorized person’s user name and password. However,
making it hard for users to use passwords iscounterproductive and
leads to increased vulnerability. The passwords of systems administrators or
super users require special care, since if these passwords were
compromised, the intruder would have full access to an intranet and all its
corporate riches.
New servers often come with standard default passwords. However, it
is really the fault of the systems administrators who fail to change the
defaults. Similarly, care must be taken when, due to necessary technical
work being done, technicians require root access or load custom utilities.
Sometimes the default passwords are changed, and you think you are safe,
but at some point during a disaster recovery process old users and / or
passwords are loaded back in place.
Most systems require that passwords be changed periodically so that
even if passwords are discovered or given out, there is only a limited
window of vulnerability. People, of course, might try to circumvent this by
changing their password and then changing it right back again. However,
this can be prevented by systems requiring that when users change their
passwords they must choose a password that they have not used before.
The logical extension of this “never before used” password requirement
is the single -use

password. There are several methods of generating these passwords,

including software and hardware methods. The software method still
requires a truly secret password but it is used to generate a number of one-
time variations that are used without encryption. The software method is still
fundamentally a “something you know” type of protection. Hardware
solutions add a “something you have” component, a physical device that
generates single use passwords.
Biometric-Based Authentication Protocol
The growth and development [SARA11] of the Internet in the recent
years has been very significant. But, the security and authentication is still a
challenging problem. The security and authentication of the users in the
Wireless LANs is also a serious issue. Hence the security of the network
users has become a vital factor. There are various techniques available in the
literature which make use of passwords, smart cards etc., to provide network
related security. But these conventional authentication systems have lot of
limitations. Most recently biometric features like fingerprint and iris are also
used to provide security to the network users. These biometric features are
very reliable compared to the traditional methods. Biometrics refers to the
automatic identification of a person based on his/her physiological or
behavioral characteristics. This method of identification is preferred over
traditional methods involving passwords and PIN numbers for various
reasons:
 The person to be identified is required to be physically present at the point-
of-identification.
 Identification based on biometric techniques obviates the need to
remember a password or carry a token.
The Biometric based user authentication [RAJE08] systems are very
much secured and efficient to use and place total trust on the authentication
server where biometric verification data are stored in a central database.
This biometrics based user authentication system improves the network
security. Some of the most extensively used biometric are hand geometry,
face, fingerprint, retina, iris, DNA, signature and voice.
Biometrics is the knowledge [GUNA06] of measuring and
statistically analyzing Biological data can be used to recognize different
body parts like the eyes, fingerprints, facial characteristics, voice, iris etc.
Thus, it takes security to the next level by not just confining it to
authenticating passwords, iris matching techniques.
A conventional biometric authentication [YANS11] system consists
of two phases: enrollment and verification is represented in Figure 1.6.
During the enrollment phase, a biometric feature set is extracted from user’s
biometric data and a template is created andstored.
Challenge-Response Authentication Protocol
Challenge-Response Authentication [W8] is a method for proving
your identity over an insecure medium without giving any information out
to eavesdroppers that may enable them to identify themselves as you. It uses
a cryptographic protocol [W9] that allows proving that the user knows the
password without revealing the password itself. Using this method, the
application first obtains a random challenge from the server. It then
computes the response by applying a cryptographic hash function to the
server challenge combined with the user’s password. Finally, the application
sends the response along with the original challenge back to the server.
Because of the “one-way” properties of the hash function, it is impossible to
recover the password from the response sent by the application.
Upon receiving the response, the server applies the same hash
function to the challenge combined with its own copy of the user’s
password. If the resulting value matches the response sent by the
application, this indicates with a very high degree of probability that the user
has submitted the correct password.
Mutual authentication [W10] is performed using a challenge-response
handshake in both directions; the server ensures that the client knows the
secret, and the client also ensures that the server knows the secret, which
protects against a rogue server impersonating the real server.
Challenge-response authentication can help solve the problem of
exchanging session keys from encryption. Using a key derivation function,
the challenge value and the secret may be combined to generate an
unpredictable encryption key for the session.