Chapter 1: Foundation - PowerPoint PPT Presentation

About This Presentation
Title:

Chapter 1: Foundation

Description:

Security in Computing, 4th Ed, Pfleeger Chapter 2 Elementary Cryptography The University of Adelaide, School of Computer Science * Chapter 2 Instructions ... – PowerPoint PPT presentation

Number of Views:222
Avg rating:3.0/5.0
Slides: 93
Provided by: Mohammed73
Category:

less

Transcript and Presenter's Notes

Title: Chapter 1: Foundation


1
Security in Computing, 4th Ed, Pfleeger
Chapter 2
Elementary Cryptography
2
In this chapter
  • Concepts of encryption
  • Cryptanalysis how encryption systems are
    "broken"
  • Symmetric (secret key) encryption and the DES and
    AES algorithms
  • Asymmetric (public key) encryption and the RSA
    algorithm
  • Key exchange protocols and certificates
  • Digital signatures
  • Cryptographic hash functions

3
Cryptography
  • Cryptography (secret writing) is the strongest
    tool for controlling against many kinds of
    security threats.
  • Well-disguised data cannot be read, modified, or
    fabricated easily.
  • Cryptography is rooted in higher mathematics
  • Group and field theory, computational complexity,
    and even real analysis, not to mention
    probability and statistics.
  • Fortunately, it is not necessary to understand
    the underlying mathematics to be able to use
    cryptography.

4
Terminology and Background
  • Consider the steps involved in sending messages
  • from a sender, S
  • to a recipient, R
  • If S entrusts the message to T, who then delivers
    it to R, T then becomes the transmission medium.
  • If an outsider, O, wants to access the message
    (to read, change, or even destroy it), we call O
    an interceptor or intruder.
  • Encryption is a means of maintaining secure data
    in an insecure environment.

5
Terminology
  • Encryption is the process of encoding a message
    so that its meaning is not obvious
  • Decryption is the reverse process, transforming
    an encrypted message back into its normal,
    original form.
  • Alternatively, the terms encode and decode or
    encipher and decipher are used instead of encrypt
    and decrypt
  • A system for encryption and decryption is called
    a cryptosystem.

6
Terminology
  • The original form of a message is known as
    plaintext, and the encrypted form is called
    ciphertext.

7
Terminology
  • The original form of a message is known as
    plaintext, and the encrypted form is called
    ciphertext.

8
Terminology
  • For convenience, we denote a plaintext message P
    as a sequence of individual characters
  • P ltp1, p2, , pngt.
  • Similarly, ciphertext is written as
  • C ltc1, c2, , cmgt.
  • We write C E(P) and P D(C), where C
    represents the ciphertext, E is the encryption
    rule, P is the plaintext, and D is the decryption
    rule.
  • What we seek is a cryptosystem for which P
    D(E(P)). In other words, we want to be able to
    convert the message to protect it from an
    intruder, but we also want to be able to get the
    original message back so that the receiver can
    read it properly.

9
Encryption Algorithms
  • The cryptosystem involves a set of rules for how
    to encrypt the plaintext and how to decrypt the
    ciphertext.
  • The encryption and decryption rules, called
    algorithms, often use a device called a key,
    denoted by K, so that the resulting ciphertext
    depends on the original plaintext message, the
    algorithm, and the key value.
  • C E(K, P)

10
Encryption Algorithms
  • It would be very expensive for you to contract
    with someone to invent and make a lock just for
    your house.
  • Also, you would not know whether a particular
    inventor's lock was really solid or how it
    compared with those of other inventors.
  • A better solution is to have a few well-known,
    well-respected companies producing standard locks
    that differ according to the (physical) key
  • Then, you and your neighbor might have the same
    model of lock, but your key will open only your
    lock.
  • In the same way, it is useful to have a few
    well-examined encryption algorithms that everyone
    could use, but the differing keys would prevent
    someone from breaking into what you are trying to
    protect.

11
Encryption Algorithms
  • Sometimes the encryption and decryption keys are
    the same, so P D(K, E(K,P)). This form is
    called symmetric encryption because D and E are
    mirror-image processes.
  • At other times, encryption and decryption keys
    come in pairs. Then, a decryption key, KD,
    inverts the encryption of key KE so that
  • P D(KD, E(KE,P)). Encryption algorithms of
    this form are called asymmetric
  • An encryption scheme that does not require the
    use of a key is called a keyless cipher.

12
Encryption Algorithms
13
cryptology
  • Cryptography means hidden writing, and it refers
    to the practice of using encryption to conceal
    text.
  • Cryptanalyst studies encryption and encrypted
    messages, hoping to find the hidden meanings.

14
cryptology
  • Both a cryptographer and a cryptanalyst attempt
    to translate coded material back to its original
    form. Normally, a cryptographer works on behalf
    of a legitimate sender or receiver, whereas a
    cryptanalyst works on behalf of an unauthorized
    interceptor.
  • Cryptology is the research into and study of
    encryption and decryption it includes both
    cryptography and cryptanalysis.

15
Cryptanalysis
  • A cryptanalyst's chore is to break an encryption.
  • cryptanalyst attempts to deduce the original
    meaning of a ciphertext message.
  • Better yet, he or she hopes to determine which
    decrypting algorithm matches the encrypting
    algorithm so that other messages encoded in the
    same way can be broken.

16
Cryptanalyst can attempt to do
  • Break a single message
  • Recognize patterns in encrypted messages, to be
    able to break subsequent ones by applying a
    straightforward decryption algorithm
  • Infer some meaning without even breaking the
    encryption, such as noticing an unusual frequency
    of communication or determining something by
    whether the communication was short or long

17
Cryptanalyst can attempt to do (cont.)
  • Deduce the key, to break subsequent messages
    easily
  • Find weaknesses in the implementation or
    environment of use of encryption
  • Find general weaknesses in an encryption
    algorithm, without necessarily having intercepted
    any messages

18
Information needed by a cryptanalyst
  • A cryptanalyst works with a variety of pieces of
    information encrypted messages, known encryption
    algorithms, intercepted plaintext, data items
    known or suspected to be in a ciphertext message,
    mathematical or statistical tools and techniques,
    properties of languages, computers, and plenty of
    ingenuity and luck.
  • Each piece of evidence can provide a clue, and
    the analyst puts the clues together to try to
    form a larger picture of a message's meaning in
    the context of how the encryption is done.

19
Attack models
  • Attack models for the cryptanalysis
  • Ciphertext-only
  • is an attack model for cryptanalysis where the
    attacker is assumed to have access only to a set
    of ciphertexts.
  • The attack is completely successful if the
    corresponding plaintexts can be deduced, or even
    better, the key.
  • Known-plaintext
  • is an attack model for cryptanalysis where the
    attacker has samples of both the plaintext and
    its encrypted version (ciphertext). These can be
    used to reveal further secret information such as
    secret keys.
  • Chosen-plaintext
  • is an attack model for cryptanalysis which
    presumes that the attacker has the capability to
    choose arbitrary plaintexts to be encrypted and
    obtain the corresponding ciphertexts.1 The goal
    of the attack is to gain some further information
    which reduces the security of the encryption
    scheme.

20
Breakable Encryption
  • An encryption algorithm is called breakable when,
    given enough time and data, an analyst can
    determine the algorithm.
  • However, an algorithm that is theoretically
    breakable may in fact be impractical to try to
    break.
  • Ex., consider a 25-character message that is
    expressed in just uppercase letters. A given
    cipher scheme may have 2625 (approximately 1035)
    possible decipherments
  • If your computer could perform on the order of
    1010 operations per second, finding this
    decipherment would require on the order of 1025
    seconds.
  • Infeasible to compute

21
Breakable Encryption
  • Two other important issues must be addressed when
    considering the breakability of encryption
    algorithms.
  • First, the cryptanalyst cannot be expected to try
    only the hard, long way.
  • ingenious approach might require only 1015
    operations. gt 1015 operations take slightly more
    than one day
  • Second, estimates of breakability are based on
    current technology.
  • Things that were infeasible in 1940 became
    possible by the 1950s
  • A conjecture known as "Moore's Law" asserts that
    the speed of processors doubles every 1.5 years,
    and this conjecture has been true for over two
    decades.
  • It is risky to pronounce an algorithm secure just
    because it cannot be broken with current
    technology, or worse, that it has not been broken
    yet.

22
Representing Characters
  • We begin with the encryption of messages written
    in the standard 26-letter English-alphabet, A
    through Z.
  • Convention plaintext is written in UPPERCASE
    letters, and ciphertext is in lowercase letters
  • Because most encryption algorithms are based on
    mathematical transformations, they can be
    explained or studied more easily in mathematical
    form.

23
Representing Characters
  • Consider performing arithmetic on the "letters"
    of a message
  • Expressions such as A 3 D or K - 1 J have
    their natural interpretation.
  • Arithmetic is performed as if the alphabetic
    table were circular (modular arithmatic)
  • every result of an arithmetic operation is
    between 0 and 25
  • Ex. Y 3 B (and B 3 Y)
  • Two simple forms of encryption
  • substitutions, in which one letter is exchanged
    for another
  • transpositions, in which the order of the letters
    is rearranged

24
Substitution Ciphers
  • The Caesar Cipher
  • ci E(pi) pi 3
  • A full translation chart of the Caesar cipher is
    shown here.
  • Using this encryption, the message
  • TREATY IMPOSSIBLE
  • would be encoded as
  • T R E A T Y I M P O S S I B L E
  • w u h d w b l p s r v v l e o h
  • The pattern pi 3 was easy to memorize and
    implement, however, it is easy break

25
Cryptanalysis of the Caesar Cipher
  • Many clues on the "TREATY IMPOSSIBLE ciphertext
  • the space between the two words is preserved in
    the ciphertext
  • double letters are preserved The SS is
    translated to vv
  • when a letter is repeated, it maps again to the
    same ciphertext as it did previously. So the
    letters T, I, and E always translate to w, l, and
    h.
  • These clues make this cipher easy to break.

26
Cryptanalysis of the Caesar Cipher
  • Suppose you are given the following ciphertext
    message, and you want to try to determine the
    original plaintext.
  • Ciphertext wklv phvvdjh lv qrw wrr kdug wr
    euhdn
  • 27-symbol alphabet A through Z plus the "blank"
    character
  • Start with small words English has relatively
    few small words, such as am, is, to, be, he, we,
    and, are, you, she, and so on.
  • substitute known short words at appropriate
    places in the ciphertext until you have something
    that seems to be meaningful.
  • Once the small words fall into place, you can try
    substituting for matching characters at other
    places in the ciphertext.
  • There is a strong clue in the repeated r of the
    word wrr.
  • two very common three-letter words having the
    pattern xyy are see and too. other less common
    possibilities are add, odd, and off

27
Cryptanalysis of the Caesar Cipher
  • Note that the combination wr appears in the
    ciphertext
  • if wrr is SEE, wr would have to be SE, which is
    unlikely
  • However, if wrr is TOO, wr would be TO, which is
    quite reasonable.
  • Substituting T for w and O for r, the message
    becomes
  • The OT could be cot, dot, got, hot, lot, not,
    pot, rot, or tot a likely choice is not.
    Unfortunately, q N does not give any more clues
    because q appears only once in this sample.
  • The word lv is also the end of the word wklv,
    which probably starts with T.
  • Likely two-letter words that can also end a
    longer word include so, is, in, etc.
  • However, so is unlikely because the form T-SO is
    not recognizable
  • IN is ruled out because of the previous
    assumption that q is N
  • A more promising alternative is to substitute IS
    for lv throughout, and continue to analyze the
    message in that way.
  • By now, you might notice that the ciphertext
    letters uncovered are just three positions away
    from their plaintext counterparts.

28
Cryptanalysis of the Caesar Cipher
  • The cryptanalysis described here is ad hoc, using
    deduction based on guesses instead of solid
    principles.
  • But you can take a more methodical approach,
    considering
  • which letters commonly start words
  • which letters commonly end words
  • which prefixes and suffixes are common
  • Cryptanalysts have compiled lists of common
    prefixes, common suffixes, and words having
    particular patterns.
  • (For example, sleeps is a word that follows the
    pattern abccda.)

29
Other Substitutions
  • In substitutions, the alphabet is scrambled, and
    each plaintext letter maps to a unique ciphertext
    letter.
  • mathematical way description
  • permutation is a reordering of the elements of a
    sequence
  • For instance, we can permute the numbers l to 10
    in many ways, including
  • p1 1, 3, 5, 7, 9, 10, 8, 6, 4, 2 and p2 10,
    9, 8, 7, 6, 5, 4, 3, 2, 1
  • A permutation is a function, so we can write
    expressions such as p1(3) 5
  • meaning that the letter in position 3 is to be
    replaced by the fifth letter
  • If the set is the first ten letters of the
    alphabet, p1(3) 5 means that C is transformed
    into e

30
Other Substitutions
  • Alternative to using the permutation (p)
  • One way to scramble an alphabet is to use a key
  • a word that controls the permutation
  • For instance, if the key is word, the sender or
    receiver first writes the alphabet and then
    writes the key under the first few letters of the
    alphabet.
  • The sender or receiver then fills in the
    remaining letters of the alphabet, in some
    easy-to-remember order, after the keyword.

31
Complexity of Substitution Encryption and
Decryption
  • An important issue in using any cryptosystem is
    the time it takes to turn plaintext into
    ciphertext, and vice versa.
  • it is essential that the scrambling and
    unscrambling not deter the authorized parties
    from completing their missions
  • The timing is directly related to the complexity
    of the encryption algorithm
  • encryption and decryption with substitution
    ciphers can be performed by direct lookup in a
    table illustrating the correspondence
  • Transforming a single character can be done in a
    constant amount of time, so we express the
    complexity of the algorithm by saying that the
    time to encrypt a message of n characters is
    proportional to n ( O(n) )

32
Cryptanalysis of Substitution Ciphers
  • The techniques described for breaking the Caesar
    cipher can also be used on other substitution
    ciphers
  • Short words, words with repeated patterns, and
    common initial and final letters all give clues
    for guessing the permutation.
  • breaking the code is a lot like working a
    crossword puzzle. You try a guess and continue to
    work to substantiate that guess until you have
    all the words in place or until you reach a
    contradiction
  • Using brute force attack, the cryptanalyst could
    try all 26! permutations of a particular
    ciphertext message
  • We can use our knowledge of language to simplify
    this problem. For example, in English, some
    letters are used more often than others. The
    letters E, T, O, and A occur far more often than
    J, Q, X, and Z, for example.
  • Encryption, even in a simple form, will deter the
    casual observer.

33
The Cryptographer's Dilemma
  • An encryption algorithm must be regular for it to
    be algorithmic and for cryptographers to be able
    to remember it. Unfortunately, the regularity
    gives clues to the cryptanalyst
  • There is no solution to this dilemma

34
One-Time Pads
  • A one-time pad is sometimes considered the
    perfect cipher
  • large, nonrepeating set of keys is written on
    sheets of paper, glued together into a pad.
  • if the keys are 20 characters long and a sender
    must transmit a message 300 characters in length
  • the sender would tear off the next 15 pages of
    keys
  • The sender would write the keys one at a time
    above the letters of the plaintext and
  • encipher the plaintext with a prearranged chart
    (called a Vigenère tableau) that has all 26
    letters in each column, in some scrambled order

35
One-Time Pads
  • The one-time pad method has two problems
  • the need for absolute synchronization between
    sender and receiver, and
  • the need for an unlimited number of keys.

key
Plaintext
ciphertext
because row M column i is u, row A column a is a,
and so on.
36
Transpositions (Permutations)
  • The goal of substitution is confusion
  • the encryption method is an attempt to make it
    difficult for a cryptanalyst or intruder to
    determine how a message and key were transformed
    into ciphertext.
  • A transposition (permutation) is an encryption in
    which the letters of the message are rearranged.
  • the cryptography aims for diffusion

37
Columnar Transpositions
  • rearrangement of the characters of the plaintext
    into columns
  • The following set of characters is a five-column
    transposition.

38
Columnar Transpositions
  • For instance, suppose you want to write the
    plaintext message THIS IS A MESSAGE TO SHOW HOW A
    COLUMNAR TRANSPOSITION WORKS. We arrange the
    letters in five columns
  • The resulting ciphertext would then be read down
    the columns as

39
Encipherment/Decipherment Complexity
  • This cipher involves no additional work beyond
    arranging the letters and reading them off again.
  • Therefore, the algorithm requires a constant
    amount of work per character, and the time needed
    to apply the algorithm is proportional to the
    length of the message.
  • we cannot produce output characters until all the
    message's characters have been read. This
    restriction occurs because all characters must be
    entered in the first column before output of the
    second column can begin, but the first column is
    not complete until all characters have been read.
  • Thus, the delay associated with this algorithm
    also depends on the length of the message, as
    opposed to the constant delay we have seen in
    previous algorithms

40
Digrams, Trigrams, and Other Patterns
  • Just as there are characteristic letter
    frequencies, there are also characteristic
    patterns of pairs of adjacent letters, called
    digrams.
  • Letter pairs such as -re-, -th-, -en-, and -ed-
    appear very frequently.

41
Cryptanalysis by Digram Analysis
  • The first step in analyzing the transposition is
    computing the letter frequencies.
  • If we find that in fact all letters appear with
    their normal frequencies, we can infer that a
    transposition has been performed.
  • The problem is to find where in the ciphertext a
    pair of adjacent columns lies and where the ends
    of the columns are

42
Cryptanalysis by Digram Analysis
  • Assume the block being compared is seven
    characters
  • The first comparison is c1 to c8, c2 to c9, , c7
    to c14. Then, we try a distance of eight
    characters, and so the window of comparison
    shifts and c1 is compared to c9, c2 to c10, and
    continuing..
  • For each window position, we ask two questions.
    First, do common digrams appear, and second, do
    most of the digrams look reasonable?

43
Combinations of Approaches
  • Substitution and transposition can be considered
    as building blocks for encryption.
  • A combination of two ciphers is called a product
    cipher.
  • Product ciphers are typically performed one after
    another, as in E2(E1(P,k1), k2)

44
Making "Good" Encryption Algorithms
  • What Makes a "Secure" Encryption Algorithm?
  • What does it mean for a cipher to be "good"?
  • The meaning of good depends on the intended use
    of the cipher
  • A cipher to be used by military personnel in the
    field has different requirements from one to be
    used in a secure installation with substantial
    computer support
  • In this section, we look more closely at the
    different characteristics of ciphers

45
Shannon's Characteristics of "Good" Ciphers
  • The amount of secrecy needed should determine the
    amount of labor appropriate for the encryption
    and decryption.
  • reiteration of the principle of timeliness from
    Chapter 1
  • The set of keys and the enciphering algorithm
    should be free from complexity
  • If the process is too complex, it will not be
    used
  • we should restrict neither the choice of keys nor
    the types of plaintext on which the algorithm can
    work
  • For instance, an algorithm that works only on
    plaintext having an equal number of A's and E's
    is useless.
  • Similarly, it would be difficult to select keys
    such that the sum of the values of the letters of
    the key is a prime number.
  • Furthermore, the key must be transmitted, stored,
    and remembered

46
Shannon's Characteristics of "Good" Ciphers
  • The implementation of the process should be as
    simple as possible
  • formulated with hand implementation in mind
  • A complicated algorithm is prone to error or
    likely to be forgotten
  • With the development and popularity of digital
    computers, algorithms far too complex for hand
    implementation became feasible
  • Still, the issue of complexity is important.
    People will avoid an encryption algorithm whose
    implementation process severely hinders message
    transmission
  • And a complex algorithm is more likely to be
    programmed incorrectly.

47
Shannon's Characteristics of "Good" Ciphers
  • Errors in ciphering should not propagate and
    cause corruption of further information in the
    message
  • One error early in the process should not throw
    off the entire remaining ciphertext
  • For example, dropping one letter in a columnar
    transposition throws off the entire remaining
    encipherment
  • The size of the enciphered text should be no
    larger than the text of the original message
  • ciphertext that expands dramatically in size
    cannot possibly carry more information than the
    plaintext
  • it gives the cryptanalyst more data from which to
    infer a pattern
  • longer ciphertext implies more space for storage
    and more time to communicate

48
Properties of "Trustworthy" Encryption Systems
  • When we say that encryption is "commercial
    grade," or "trustworthy," we mean that it meets
    these constraints
  • It is based on sound mathematics
  • It has been analyzed by competent experts and
    found to be sound
  • It has stood the "test of time.
  • Three algorithms are popular in the commercial
    world and meet the above criteria DES (data
    encryption standard), RSA (Rivest Shamir Adelman,
    named after the inventors), and AES (advanced
    encryption standard).

49
Symmetric and Asymmetric Encryption Systems
  • Two basic kinds of encryptions symmetric (also
    called "secret key") and asymmetric (also called
    "public key")
  • Symmetric
  • One key for enrcyption and decryption
  • Usually, the decryption algorithm is closely
    related to the encryption one
  • Ex., Caesar cipher encryption Pi 3
    decryption Ci - 3
  • provide a two-way channel to their users
  • A and B share a secret key, and they can both
    encrypt information to send to the other as well
    as decrypt information from the other
  • the system also provides authentication proof
    that a message received was not fabricated by
    someone other than the declared sender

50
Symmetric Encryption Systems
  • The symmetry of this situation is a major
    advantage of this type of encryption
  • But, has key distribution problem
  • How do A and B obtain their shared secret key?
  • In general, n users who want to communicate in
    pairs need
  • n (n - 1)/2 keys
  • By the nature of the public key approach, you can
    send a public key in an e-mail message or post it
    in a public directory
  • Only the corresponding private key, which
    presumably is kept private
  • So, for all encryption algorithms, key management
    is a major issue
  • involves storing, safeguarding, and activating
    keys

51
Stream and Block Ciphers
  • Most of the ciphers we have presented so far are
    stream ciphers
  • convert one symbol of plaintext immediately into
    a symbol of ciphertext
  • The exception is the columnar transposition
    cipher
  • The transformation depends only on the symbol,
    the key, and the control information of the
    encipherment algorithm
  • skipping a character in
  • the key during encryption,
  • affect the encryption of all
  • future characters

52
Stream and Block Ciphers
  • A block cipher encrypts a group of plaintext
    symbols as one block
  • Ex., The columnar transposition
  • entire message is translated as one block
  • Block ciphers work on blocks of plaintext and
    produce blocks of ciphertext

53
Confusion and Diffusion
  • Two additional important concepts are related to
    the amount of work required to perform an
    encryption
  • An algorithm providing good confusion has a
    complex functional relationship between the
    plaintext/key pair and the ciphertext
  • it will take an interceptor a long time to
    determine the relationship between plaintext,
    key, and ciphertext
  • Ex1 Caesar cipher is not good for an analyst who
    deduces the transformation of a few letters can
    also predict the transformation of the remaining
    letters, with no additional information
  • Ex2 one-time pad is good because one plaintext
    letter can be transformed to any ciphertext
    letter at different places in the output

54
Confusion and Diffusion
  • Two additional important concepts are related to
    the amount of work required to perform an
    encryption
  • Confusion
  • Diffusion distributing the information from
    single plaintext letters over the entire output

55
Cryptanalysis Breaking Encryption Schemes
  • Assume that the attacker knows the
    encryption/decryption algorithm then she may use
    three types of attacks
  • Ciphertext only attack
  • The attacker has only the ciphertext and wants to
    know the plaintext (and the key if possible)
  • Known plaintext attack
  • The attacker has both the plaintext and its
    corresponding ciphertext. The goal is to find the
    key
  • Chosen plaintext attack
  • The attacker may ask that specific plaintexts be
    enciphered and she is given the corresponding
    ciphertexts. Her goal is to find the key that was
    used

56
The Data Encryption Standard (DES)
  • developed for the U.S. government
  • 1976
  • intended for use by the general public
  • accepted as a cryptographic standard both in the
    United States and abroad
  • many hardware and software systems have been
    designed with the DES
  • However, recently its adequacy has been questioned

57
The Data Encryption Standard (DES)
  • Overview
  • combination of two fundamental building blocks of
    encryption substitution and transposition
  • derives its strength from repeated application of
    these two techniques
  • one on top of the other, for a total of 16 cycles
  • Hard to trace a single bit through 16 iterations
  • The algorithm begins by encrypting the plaintext
    as blocks of 64 bits
  • The key is 64 bits long
  • in fact it is only 56-bit (the other bits are
    used to check digits)

58
The Data Encryption Standard (DES)
  • Overview
  • Leverages the two techniques Shannon identified
    to conceal information confusion and diffusion
  • ensuring that the output bits have no obvious
    relationship to the input bits and spreading the
    effect of one plaintext bit to other bits in the
    ciphertext
  • Substitution provides the confusion, and
    transposition provides the diffusion

59
The Data Encryption Standard (DES)
 A Cycle in the DES.
60
DES (Cont.)
Types of Permutations.
61
DES (Cont.)
Details of a Cycle.
62
DES (Cont. )
63
The Data Encryption Standard (DES)
  • Double and Triple DES
  • the DES 56-bit key length is not long enough for
    some people to feel comfortable
  • Computing power has increased dramatically
  • some researchers suggest using a double
    encryption for greater secrecy
  • Take two keys, k1 and k2
  • perform two encryptions, one on top of the other
    E(k2, E(k1,m)).
  • Does this make the key as powerful as 112-bit
    key? NO
  • the cryptanalyst works plaintext and ciphertext
    toward each other
  • It only becomes 57-bit key
  • However, a simple trick does indeed enhance the
    security of DES
  • The so-called triple DES procedure is C E(k3,
    E(k2, E(k1,m))).
  • This process gives a strength equivalent to a
    112-bit key
  • differential and linear cryptanalysis (self study)

64
The Advanced Encryption Standards(AES)
  • To solve the DES security problems
  • Contest to develop a new algorithm
  • Rijndael (pronounced RINE dahl) algorithm
  • Won the contest and became the AES
  • Key lengths are 128, 192, 256 (and possibly
    more) bits
  • 1999
  • the U.S. government has approved AES for
    protecting Secret and Top Secret classified
    documents

65
Public Key Encryption
  • In 1976, Diffie and Hellman proposed a new kind
    of encryption system
  • Each user has two keys
  • One is public and the other is private
  • Also, use one to encrypt and the other to decrypt
  • In symmetric key system, each pair of users needs
    a separate key

66
Public Key Encryption
  • In a public key or asymmetric encryption system,
    each user has two keys
  • a public key and a private key.
  • The user may publish the public key freely
  • The keys operate as inverses
  • one key undoes the encryption provided by the
    other key
  • Ex. let kPRIV be a user's private key, and let
    kPUB be the corresponding public key
  • we can write the relationship as
  • P D(kPRIV, E(kPUB, P)) D(kPUB, E(kPRIV, P))

67
Rivest Shamir Adelman (RSA) Encryption
  • Public key system
  • RSA has been the subject of extensive
    cryptanalysis no serious flaws have yet been
    found
  • Based on an underlying hard problem
  • Determining the prime factors of a large number
  • An area of mathematics known as number theory
  • mathematicians study properties of numbers such
    as their prime factors
  • Operates with arithmetic mod n

68
Rivest Shamir Adelman (RSA) Encryption
  • The two keys used in RSA, d and e, are used for
    decryption and encryption
  • They are actually interchangeable
  • Either can be chosen as the public key (the other
    must be kept private)
  • P E(D(P)) D(E(P))
  • Any plaintext block P is encrypted as Pe mod n
  • factoring Pe to uncover the encrypted plaintext
    is difficult
  • legitimate receiver who knows d simply computes
    (Pe)d mod n P and recovers P without having to
    factor Pe.

69
Rivest Shamir Adelman (RSA) Encryption
  • Here is how it works
  • take two large primes, p and q, and compute their
    product n pq
  • n is called the modulus
  • Choose a number, e, less than n and relatively
    prime to (p-1)(q-1)
  • i.e., e and (p-1)(q-1) have no common factors
    except 1
  • Find another number d such that (ed - 1) is
    divisible by (p-1)(q-1)
  • The values e and d are called the public and
    private exponents, respectively.
  • The public key is the pair (n, e) the private
    key is (n, d).
  • The factors p and q may be destroyed or kept with
    the private key.
  • It is currently difficult to obtain the private
    key d from the public key (n, e).
  • If one could factor n into p and q, then one
    could obtain the private key d.
  • Example Suppose Alice wants to send a message m
    to Bob. Alice creates the ciphertext c by
    exponentiating c me mod n, where e and n are
    Bob's public key. She sends c to Bob. To decrypt,
    Bob also exponentiates m cd mod n the
    relationship between e and d ensures that Bob
    correctly recovers m. Since only Bob knows d,
    only Bob can decrypt this message.

70
RSA Example
  • Choose p 3 and q 11
  • Compute n p q 3 11 33
  • Compute f(n) (p - 1) (q - 1) 2 10 20
  • the number of positive integers less than n that
    are co-prime to n
  • i.e., no common factors with n except 1
  • 1 is included
  • Choose e such that 1 lt e lt f(n) and e and n are
    co-prime. Let e 7
  • Compute a value for d such that (d e) f(n)
    1. One solution is d 3 (3 7) 20 1
  • Public key is (e, n) gt (7, 33)
  • Private key is (d, n) gt (3, 33)
  • The encryption of m 2 is c 27 33 29
  • The decryption of c 29 is m 293 33 2

71
Rivest Shamir Adelman (RSA) Encryption
  • http//www.rsa.com/rsalabs/node.asp?id2214
  • http//www.rsa.com/rsalabs/node.asp?id2189

72
The Uses of Encryption
  • Cryptographic Hash Functions
  • Key Exchange
  • Digital Signatures
  • Certificates

73
The Uses of Encryption
  • Encryption implements protected communications
    channels
  • it can also be used for other duties/applications
  • Cryptographic Hash Functions, Key Exchange,
    Digital Signatures, Certificates
  • Public key algorithms are useful only for
    specialized tasks
  • very slow take 10,000 times as long to perform
    as a symmetric encryption
  • underlying modular exponentiation depends on
    multiplication and division
  • slower than the bit operations (addition,
    exclusive OR, substitution, and shifting) on
    which symmetric algorithms are based
  • symmetric encryption is the cryptographers'
    "workhorse," and public key encryption is
    reserved for specialized, infrequent uses, where
    slow operation is not a continuing problem

74
Cryptographic Hash Functions
  •  

75
Cryptographic Hash Functions
  • The most widely used cryptographic hash functions
    are
  • MD4, MD5 (where MD stands for Message Digest)
  • MD5 is an improved version of MD4
  • Any message will have 128-bit digest
  • SHA/SHS (Secure Hash Algorithm or Standard).
  • it produces a 160-bit digest
  • http//md5-hash-online.waraxe.us
  • http//sha1-hash-online.waraxe.us/
  • cryptanalysis attacks on SHA, MD4, and MD5
  • For SHA, the attack is to find two plaintexts
    that produce the same hash digest (collision)
  • 263 steps, far short of the 280 steps that would
    be expected of a 160-bit hash function

76
Birthday Attack
  • In probability theory, the birthday problem or
    birthday paradox concerns the probability that,
    in a set of n randomly chosen people, some pair
    of them will have the same birthday.
  • By the pigeonhole principle, the probability
    reaches 100 when the number of people reaches
    367 (since there are 366 possible birthdays,
    including February 29).
  • However, 99 probability is reached with just 57
    people, and 50 probability with 23 people.
  • These conclusions are based on the assumption
    that each day of the year (except February 29) is
    equally probable for a birthday.
  • The mathematics behind this problem led to a
    well-known cryptographic attack called the
    birthday attack, which uses this probabilistic
    model to reduce the complexity of cracking a hash
    function.

77
Birthday Attack
  • A list of 23 people, comparing the birthday of
    the first person on the list to the others allows
    22 chances for a matching birthday, the second
    person on the list to the others allows 21
    chances for a matching birthday, third person has
    20 chances, and so on. Hence total chances are
    222120....1 253, so comparing every person
    to all of the others allows 253 distinct chances
    (combinations) in a group of 23 people there are
    (23 22) / 2 253 pairs.

78
Key Exchange
  • We talk about symmetric keys here
  • The problem is almost circular To establish an
    encrypted session, you need an encrypted means to
    exchange keys.

79
Key Exchange
  • Public key cryptography can help
  • To see how, suppose S and R want to derive a
    shared symmetric key
  • kPRIV-S, kPUB-S, kPRIV-R, and kPUB-R, are the
    private and public keys for S and R, respectively
  • S chooses any symmetric key K
  • S sends E(kPRIV-S,K) to R
  • R takes S's public key, removes the encryption,
    and obtains K
  • Ooops, any eavesdropper who can get S's public
    key can also obtain K
  • let S send E(kPUB-R, K) to R. Then, only R can
    decrypt K
  • Ooops, R has no assurance that K came from S
  • The solution is for S to send to R
  • E(kPUB-R, E(kPRIV-S, K))

80
Key Exchange
81
Key Exchange
  • Another key exchange approach
  • Diffie-Hellman key exchange protocol
  • S and R use some simple arithmetic to exchange a
    secret
  • They agree on a field size n and a starting
    number g
  • they can communicate these numbers in the clear
  • Each thinks up a secret number, say, s and r.
  • S sends to R gs and R sends to S gr
  • S computes (gr)s and R computes (gs)r ,which are
    the same, so grs gsr becomes their shared
    secret
  • computations are done over a field of integers
    mod n (omitted for simplicity)
  • http//dkerr.home.mindspring.com/diffie_hellman_ca
    lc.html
  • Diffie-Hellman, however, does NOT provide
    authentication
  • You can not be sure if you are talking to the
    right person

82
Digital Signatures
  • A digital signature is a protocol that produces
    the same effect as a real signature
  • It is a mark that only the sender can make
  • but other people can easily recognize as
    belonging to the sender

83
Digital Signatures
  • Two conditions
  • It must be unforgeable
  • If person P signs message M with signature
    S(P,M), it is impossible for anyone else to
    produce the pair M, S(P,M)
  • It must be authentic If a person R receives the
    pair M, S(P,M) purportedly from P, R can check
    that the signature is really from P
  • Only P could have created this signature, and the
    signature is firmly attached to M

84
Digital Signatures
85
Digital Signatures
  • Two more properties
  • It is not alterable. After being transmitted, M
    cannot be changed by S, R, or an interceptor.
  • It is not reusable. A previous message presented
    again will be instantly detected by R.

86
Digital Signatures
  • Public Key Protocol
  • ideally suited to digital signatures.
  • E use the public key in transformation
  • D use the private key in transformation

87
Certificates
  • A public key and user's identity are bound
    together in a certificate, which is then signed
    by someone called a certificate authority,
    certifying the accuracy of the binding.

88
Certificates
  • The algorithms to generate a matched pair of
    public and private keys are publicly known, and
    software that does it is widely available.
  • So if Alice wanted to use a public key cipher,
    she could generate her own pair of public and
    private keys, keep the private key hidden, and
    publicize the public key.
  • But how can she publicize her public key assert
    that it belongs to herin such a way that other
    participants can be sure it really belongs to her?

89
Certificates
  • A complete scheme for certifying bindings between
    public keys and identities what key belongs to
    whois called a Public Key Infrastructure (PKI).
  • A PKI starts with the ability to verify
    identities and bind them to keys out of band. By
    out of band, we mean something outside the
    network and the computers that comprise it, such
    as in the following scenarios.
  • If Alice and Bob are individuals who know each
    other, then they could get together in the same
    room and Alice could give her public key to Bob
    directly, perhaps on a business card.

90
Certificates
  • If Bob is an organization, Alice the individual
    could present conventional identification,
    perhaps involving a photograph or fingerprints.
  • If Alice and Bob are computers owned by the same
    company, then a system administrator could
    configure Bob with Alices public key.
  • A digitally signed statement of a public key
    binding is called a public key certificate, or
    simply a certificate

91
Certificates
  • One of the major standards for certificates is
    known as X.509. This standard leaves a lot of
    details open, but specifies a basic structure. A
    certificate clearly must include
  • the identity of the entity being certified
  • the public key of the entity being certified
  • the identity of the signer
  • the digital signature
  • a digital signature algorithm identifier (which
    cryptographic hash and which cipher)

92
Certificates
  • Certification Authorities
  • A certification authority or certificate
    authority (CA) is an entity claimed (by someone)
    to be trustworthy for verifying identities and
    issuing public key certificates.
  • There are commercial CAs, governmental CAs, and
    even free CAs.
  • To use a CA, you must know its own key. You can
    learn that CAs key, however, if you can obtain a
    chain of CA-signed certificates that starts with
    a CA whose key you already know.
  • Then you can believe any certificate signed by
    that new CA
Write a Comment
User Comments (0)
About PowerShow.com