Use of Public Key Cryptography in Wireless Devices

1
Use of Public Key Cryptography in Wireless Devices
Deepika David, April 4th 2005
2
Presentation Overview

• Wireless Devices
• Wireless Security
• Introduction to PKC
• RSA
• ECDH
• Outline of ECC in practice
• Conclusion

3
Handheld and wireless devices

• 36 of Internet users employ wireless devices
  for web access and
• 59 use non-PC devices, including PDAs for
  m-banking
• (source www.wired.com)
• Advantages of using handheld devices
• For individual and commercial customers adds
  convenience,
• mobility and choice.
• For businesses manufacturing these devices
  provides important revenue
• and market opportunities.
• Disadvantages
• Memory and processing constraints
• Security issues inherent in embedded and wireless
  environments

4
Wireless Security

• Wireless Transport Layer Security(WTLS) -
  similar to the TLS of the SSL
• Provides secure network connections in mobile
  devices
• It is used with the WAP transport protocols and
  has been optimized for use over narrow-band
  communication channels.
• WAP PROGRAMMING MODEL

5
WTLS IN THE WAP PROTOCOL STACK
WTLS INTERNAL ARCHITECTURE
6
WAP WTLS - Weaknesses

• WTLS allows for weak encryption algorithms
• With some WAP clients, users can even disable
  WTLS encryption entirely.
• Allowing anonymous connection to be established ?
  man-in-the-middle attacks.
• There could be a compromise of the WAP gateway.

7
Key exchange Systems

• Typical steps in a secure transaction
• Authentication, key exchange, encryption and
  integrity check.
• WTLS aims to provide this
• Two main categories of key exchange systems -
  symmetric key and asymmetric key systems.
• Symmetric or Private key systems Eg DES, IDEA,
  AES(Rijndael)
• Secret keys have to be exchanged over a secure
  channel
• Encryption and decryption keys are the same
• Generally not based on mathematically proven
  difficult problems
• Relatively faster
• Asymmetric or Public key cryptosystems
• Eg RSA, Diffie Hellman ,Elliptic Curve Diffie
  Hellman(ECDH)
• Public key published, private key kept secret
• Encryption and decryption keys are different
• Based on mathematically proven difficult problems
• Relatively slower

8
Introduction to PKC

• Sender encrypts the message with the public key
  of the receiver
• Receiver decrypts the message with his/her
  private key

9
RSA

• Key Generation
• Generate two large prime numbers, p and q
• Let n pq
• Let m (p-1)(q-1)
• Choose a small number e, coprime to m
• Find d, such that de m 1
• Publish e and n as the public key.Keep d and n
  as the secret key.
• Encryption C pe n
• Decryption P Cd n
• Most widely studied ? the most popular
• Based on the Integer Factorization Problem (IFP)
• Drawbacks
• -Needs key sizes larger than 512 bits for
  adequate security
• -Performance issues become acute at higher key
  sizes on handheld devices
• -Attacks against the IFP can run in
  sub-exponential time

10
Diffie Hellman Key Exchange

• Based on the DLP
• Choose large prime p
• Find generator of the field a
• KAax mod p
• KBay mod p
• KS(ax) y mod p(ay) xmod p
• Eg p541 a2

11
ECC

• Based on ECDLP given P and Q kP , it is hard
  to find k, where P and Q are points on a
  well-chosen elliptic curve.
• Attacks against the ECDLP ? exponential time
• ECC - cryptosystem with smaller key sizes,
  offers equivalent security.
• Smaller keys ? faster computations, lower power
  consumption , memory and bandwidth savings
  ideal for constrained devices.
• Eg 155-bit ECC uses 11,000 transistors while a
• 512-bit RSA implementation uses 50,000!!
  (where these two are equivalent in security)

12
Computationally Equivalent key sizes
13
Elliptic Curves and ECDH

• An elliptic curve is a set of points (x, y), for
  which it is true that
• y2 x3 ax b (over a prime field)
• Despite what the name suggests, the curves do not
  have an elliptic shape!!
• They are called elliptic because of their
  relationship with elliptic integrals,
• used to find the arc length of an ellipse.

14
Finite Fields, Elliptic Curves!

• Field Set F with and . satisfying certain
  arithmetic properties.
• Speed of the cryptosystem ? Field arithmetic
• Eg
• P1P2 ( ((m2-x1-x2 ), (m(x1-x3)-y3))
• (where m y2-y1/x2-x1)
• 2P((3x12a/2y1)2-2x1),(-y1(3x12a)/2y1)(x1-x3))
• -P(x,-y) ( for prime fields)
• Commutativity P1P2P2P1 for all P1,P2 on E
• Existence of Identity P?P for all P on E
• Existence of inverses PP ?

15
What does this mean in practice?

• Prime Field Fp Elementsintegers from 0 to (p-1)
  ( NIST p192, p224,p256,p384,p521)
• Binary Field F2m Elements polynomials of degree
  atmost m-1 with m coefficients (NISTp2163, p2233
  , p2283 , p2409, and p2571 .) eg(x1,x21)
  (0011,0101)
• OEF Fpm p is a pseudo-Mersenne prime
  f(z)zm-? is the irreducible polynomial
• Eg prime p 2192 - 264 1 i.e
•   6,277,101,735,386,680,763,835,789,423,207, 
  666,416,083,908,700,390,324,961,279
• For y2 x3 Ax B (mod p)
• Eg A - 3, Bb 0x 64210519 E59C80E7 0FA7E9AB
  72243049 FEB8DEEC C146B9B1

16
Elliptic curves and ECDH

• Key feature of ECC - for any point F on the
  curve, all multiples of this point are also on
  the curve.
• Scalar multiplication - most important
  operation in ECC
• Other operations involved - point addition,
  polynomial multiplication, reduction, squaring
  and inversion (most time consuming operation)
• ECDH large random integer k private key,
• k curves base point P corresponding
  public key. k PPP.k times

17
ECDH Example

• ECDH PAkAB PBkBB
• PskA(kBB)kB(kAB)
• Eg Consider the curve E(a2,b,1) over F5
• E E2,1 y2 x3 2x 1
• E(F5) P? (0, 1) (1, 3) (3, 3) (3, 2)
  (1, 2) (0, 4)
• P0 P1 P2 P3
  P4 P5 P6
• Let BP1
• A chooses the secret key kA 2
• As public key PA 2P1 P1 P1 P2 (1, 3)
  (using point addition formulae)
• B chooses the secret key kB 3
• Bs public key PB 3P1 P1 P1 P1 P3
  (3, 3)
• Common secret key is
• SAB 2PB 2P3 P6 i.e (0,4) (as computed by
  A)
• SAB3PA 3P2 P6 (as computed by B)

18
Finite fields for Elliptic curves

• ECC - built upon large finite fields, which
  serve as a major part of their security.
• For use in ECDH, NIST has standardized elliptic
  curves generated over
• -Prime Fields ( Fp)
• -Binary Fields ( F(2m))
• - Pseudo Mersenne primes( to be included in
  the new
• draft)
• Concept of point arithmetic - almost easy to
  understand
• Methods to generate suitable curves and for
  efficient point multiplication and field
  inversion - extremely complex.

19
Parameters Required for ECDH

• ECDH
• PAkAB PBkBB
• PskA(kBB)kB(kAB)
• Choose Field
• Choose Curve
• Choose Base Point
• If Field has q elements then P has q1 bits.
• Eg consider the field (228-165)6
• q168
• Curve parameters a, b 338 bits
• Point P x co-ord 1 bit for y co-ord 169 bits
• Public key Q 169 bits
• Provide suitable Arithmetic processes for
  manipulation

20
Conclusion

• Public key cryptography not meant to replace
  private key cryptography
• Generally not used to encrypt messages
• ECDH resistant to passive attacks such as
  eavesdropping but not to active attacks
• Commercial use of Quantum cryptography gt could
  mean that existing crypto schemes will fall apart

21
Questions?!