Why%20Computer%20Security - PowerPoint PPT Presentation

About This Presentation
Title:

Why%20Computer%20Security

Description:

Why Computer Security The past decade has seen an explosion in the concern for the security of information Malicious codes (viruses, worms, etc.) caused over $28 ... – PowerPoint PPT presentation

Number of Views:300
Avg rating:3.0/5.0
Slides: 106
Provided by: feiyan
Category:

less

Transcript and Presenter's Notes

Title: Why%20Computer%20Security


1
Why Computer Security
  • The past decade has seen an explosion in the
    concern for the security of information
  • Malicious codes (viruses, worms, etc.) caused
    over 28 billion in economic losses in 2003 and
    67 billion in 2006!
  • Security specialists markets are expanding !
  • Salary Premiums for Security Certifications
    Increasing (Computerworld 2007)
  • Up to 15 more salary
  • Demand is being driven not only by compliance and
    government regulation, but also by customers who
    are "demanding more security" from companies
  • US Struggles to recruit compute security experts
    (Washington Post Dec. 23 2009)

2
Why Computer Security (contd)
  • Internet attacks are increasing in frequency,
    severity and sophistication
  • The number of scans, probes, and attacks reported
    to the DHS has increased by more than 300 percent
    from 2006 to 2008.
  • Karen Evans, the Bush administration's
    information technology (IT) administrator, points
    out that most federal IT managers do not know
    what advanced skills are required to counter
    cyberattacks.

3
Why Computer Security (contd)
  • Virus and worms faster and powerful
  • Cause over 28 billion in economic losses in
    2003, growing to over 75 billion in economic
    losses by 2007.
  • Code Red (2001) 13 hours infected gt360K machines
    - 2.4 billion loss
  • Slammer (2003) 15 minutes infected gt 75K
    machines - 1 billion loss
  • Spams, phishing
  • New Internet security landscape emerging BOTNETS
    !
  • Conficker/Downadup (2008) infected gt 10M
    machines
  • MSFT offering 250K reward

4
Outline
  • History of Security and Definitions
  • Overview of Cryptography
  • Symmetric Cipher
  • Classical Symmetric Cipher
  • Modern Symmetric Ciphers (DES and AES)
  • Asymmetric Cipher
  • One-way Hash Functions and Message Digest

5
The History of Computing
  • For a long time, security was largely ignored in
    the community
  • The computer industry was in survival mode,
    struggling to overcome technological and economic
    hurdles
  • As a result, a lot of comers were cut and many
    compromises made
  • There was lots of theory, and even examples of
    systems built with very good security, but were
    largely ignored or unsuccessful
  • E.g., ADA language vs. C (powerful and easy to
    use)

6
Computing Today is Very Different
  • Computers today are far from survival mode
  • Performance is abundant and the cost is very
    cheap
  • As a result, computers now ubiquitous at every
    facet of society
  • Internet
  • Computers are all connected and interdependent
  • This codependency magnifies the effects of any
    failures

7
Biological Analogy
  • Computing today is very homogeneous.
  • A single architecture and a handful of OS
    dominates
  • In biology, homogeneous populations are in danger
  • A single disease or virus can wipe them out
    overnight because they all share the same
    weakness
  • The disease only needs a vector to travel among
    hosts
  • Computers are like the animals, the Internet
    provides the vector.
  • It is like having only one kind of cow in the
    world, and having them drink from one single pool
    of water!

8
The Spread of Sapphire/Slammer Worms
9
The Flash Worm
  • Slammer worm infected 75,000 machines in lt15
    minutes
  • A properly designed worm, flash worm, can take
    less than 1 second to compromise 1 million
    vulnerable machines in the Internet
  • The Top Speed of Flash Worms. S. Staniford, D.
    Moore, V. Paxson and N. Weaver, ACM WORM Workshop
    2004.
  • Exploit many vectors such as P2P file sharing,
    intelligent scanning, hitlists, etc.

10
The Definition of Computer Security
  • Security is a state of well-being of information
    and infrastructures in which the possibility of
    successful yet undetected theft, tampering, and
    disruption of information and services is kept
    low or tolerable
  • Security rests on confidentiality, authenticity,
    integrity, and availability

11
The Basic Components
  • Confidentiality is the concealment of information
    or resources.
  • E.g., only sender, intended receiver should
    understand message contents
  • Authenticity is the identification and assurance
    of the origin of information.
  • Integrity refers to the trustworthiness of data
    or resources in terms of preventing improper and
    unauthorized changes.
  • Availability refers to the ability to use the
    information or resource desired.

12
Security Threats and Attacks
  • A threat/vulnerability is a potential violation
    of security.
  • Flaws in design, implementation, and operation.
  • An attack is any action that violates security.
  • Active adversary
  • An attack has an implicit concept of intent
  • Router mis-configuration or server crash can also
    cause loss of availability, but they are not
    attacks

13
Friends and enemies Alice, Bob, Trudy
  • well-known in network security world
  • Bob, Alice (lovers!) want to communicate
    securely
  • Trudy (intruder) may intercept, delete, add
    messages

Alice
Bob
data, control messages
channel
secure sender
secure receiver
data
data
Trudy
14
Eavesdropping - Message Interception (Attack on
Confidentiality)
  • Unauthorized access to information
  • Packet sniffers and wiretappers
  • Illicit copying of files and programs

B
A
Eavesdropper
15
Integrity Attack - Tampering With Messages
  • Stop the flow of the message
  • Delay and optionally modify the message
  • Release the message again

B
A
Perpetrator
16
Authenticity Attack - Fabrication
  • Unauthorized assumption of others identity
  • Generate and distribute objects under this
    identity

B
A
Masquerader from A
17
Attack on Availability
  • Destroy hardware (cutting fiber) or software
  • Modify software in a subtle way (alias commands)
  • Corrupt packets in transit
  • Blatant denial of service (DoS)
  • Crashing the server
  • Overwhelm the server (use up its resource)

18
Classify Security Attacks as
  • Passive attacks - eavesdropping on, or monitoring
    of, transmissions to
  • obtain message contents, or
  • monitor traffic flows
  • Active attacks modification of data stream to
  • masquerade of one entity as some other
  • replay previous messages
  • modify messages in transit
  • denial of service

19
Group Exercise
  • Please classify each of the following as a
    violation of confidentiality, integrity,
    availability, authenticity, or some combination
    of these
  • John copies Marys homework.
  • Paul crashes Lindas system.
  • Gina forges Rogers signature on a deed.

20
Outline
  • Overview of Cryptography
  • Symmetric Cipher
  • Classical Symmetric Cipher
  • Modern Symmetric Ciphers (DES and AES)
  • Asymmetric Cipher
  • One-way Hash Functions and Message Digest

21
Basic Terminology
  • plaintext - the original message
  • ciphertext - the coded message
  • cipher - algorithm for transforming plaintext to
    ciphertext
  • key - info used in cipher known only to
    sender/receiver
  • encipher (encrypt) - converting plaintext to
    ciphertext
  • decipher (decrypt) - recovering ciphertext from
    plaintext
  • cryptography - study of encryption
    principles/methods
  • cryptanalysis (codebreaking) - the study of
    principles/ methods of deciphering ciphertext
    without knowing key
  • cryptology - the field of both cryptography and
    cryptanalysis

22
Classification of Cryptography
  • Number of keys used
  • Hash functions no key
  • Secret key cryptography one key
  • Public key cryptography two keys - public,
    private
  • Type of encryption operations used
  • substitution / transposition / product
  • Way in which plaintext is processed
  • block / stream

23
Secret Key vs. Secret Algorithm
  • Secret algorithm additional hurdle
  • Hard to keep secret if used widely
  • Reverse engineering, social engineering
  • Commercial published
  • Wide review, trust
  • Military avoid giving enemy good ideas

24
Unconditional vs. Computational Security
  • Unconditional security
  • No matter how much computer power is available,
    the cipher cannot be broken
  • The ciphertext provides insufficient information
    to uniquely determine the corresponding plaintext
  • Computational security
  • The cost of breaking the cipher exceeds the value
    of the encrypted info
  • The time required to break the cipher exceeds the
    useful lifetime of the info

25
Brute Force Search
  • Always possible to simply try every key
  • Most basic attack, proportional to key size
  • Assume either know / recognise plaintext

Key Size (bits) Number of Alternative Keys Time required at 1 decryption/µs Time required at 106 decryptions/µs
32 232 4.3 ? 109 231 µs 35.8 minutes 2.15 milliseconds
56 256 7.2 ? 1016 255 µs 1142 years 10.01 hours
128 2128 3.4 ? 1038 2127 µs 5.4 ? 1024 years 5.4 ? 1018 years
168 2168 3.7 ? 1050 2167 µs 5.9 ? 1036 years 5.9 ? 1030 years
26 characters (permutation) 26! 4 ? 1026 2 ? 1026 µs 6.4 ? 1012 years 6.4 ? 106 years
26
Outline
  • Overview of Cryptography
  • Classical Symmetric Cipher
  • Substitution Cipher
  • Transposition Cipher
  • Modern Symmetric Ciphers (DES and AES)
  • Asymmetric Cipher
  • One-way Hash Functions and Message Digest

27
Symmetric Cipher Model
28
Requirements
  • Two requirements for secure use of symmetric
    encryption
  • a strong encryption algorithm
  • a secret key known only to sender / receiver
  • Y EK(X)
  • X DK(Y)
  • Assume encryption algorithm is known
  • Implies a secure channel to distribute key

29
Classical Substitution Ciphers
  • Letters of plaintext are replaced by other
    letters or by numbers or symbols
  • Plaintext is viewed as a sequence of bits, then
    substitution replaces plaintext bit patterns with
    ciphertext bit patterns

30
Caesar Cipher
  • Earliest known substitution cipher
  • Replaces each letter by 3rd letter on
  • Example
  • meet me after the toga party
  • PHHW PH DIWHU WKH WRJD SDUWB

31
Caesar Cipher
  • Define transformation as
  • a b c d e f g h i j k l m n o p q r s t u v w x y
    z
  • D E F G H I J K L M N O P Q R S T U V W X Y Z A B
    C
  • Mathematically give each letter a number
  • a b c d e f g h i j k l m
  • 0 1 2 3 4 5 6 7 8 9 10 11 12
  • n o p q r s t u v w x y Z
  • 13 14 15 16 17 18 19 20 21 22 23 24 25
  • Then have Caesar cipher as
  • C E(p) (p k) mod (26)
  • p D(C) (C k) mod (26)

32
Cryptanalysis of Caesar Cipher
  • Only have 25 possible ciphers
  • A maps to B,..Z
  • Given ciphertext, just try all shifts of letters
  • Do need to recognize when have plaintext
  • E.g., break ciphertext "GCUA VQ DTGCM
  • How to make it harder?

33
Monoalphabetic Cipher
  • Rather than just shifting the alphabet
  • Could shuffle (jumble) the letters arbitrarily
  • Each plaintext letter maps to a different random
    ciphertext letter
  • Key is 26 letters long
  • Plain abcdefghijklmnopqrstuvwxyz
  • Cipher DKVQFIBJWPESCXHTMYAUOLRGZN
  • Plaintext ifwewishtoreplaceletters
  • Ciphertext WIRFRWAJUHYFTSDVFSFUUFYA

34
Monoalphabetic Cipher Security
  • Now have a total of 26! 4 x 1026 keys
  • Is that secure?
  • Problem is language characteristics
  • Human languages are redundant
  • Letters are not equally commonly used

35
English Letter Frequencies
Note that all human languages have varying letter
frequencies, though the number of letters and
their frequencies varies.
36
Example Cryptanalysis
  • Given ciphertext
  • UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
  • VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
  • EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
  • Count relative letter frequencies (see text)
  • Guess P Z are e and t
  • Guess ZW is th and hence ZWP is the
  • Proceeding with trial and error finally get
  • it was disclosed yesterday that several informal
    but
  • direct contacts have been made with political
  • representatives of the viet cong in moscow

37
Transposition Ciphers
  • Now consider classical transposition or
    permutation ciphers
  • These hide the message by rearranging the letter
    order, without altering the actual letters used
  • Any shortcut for breaking it?
  • Can recognise these since have the same frequency
    distribution as the original text

38
Rail Fence Cipher
  • Write message letters out diagonally over a
    number of rows
  • Then read off cipher row by row
  • E.g., write message out as
  • m e m a t r h t g p r y
  • e t e f e t e o a a t
  • Giving ciphertext
  • MEMATRHTGPRYETEFETEOAAT

39
Product Ciphers
  • Ciphers using substitutions or transpositions are
    not secure because of language characteristics
  • Hence consider using several ciphers in
    succession to make harder, but
  • Two substitutions make another substitution
  • Two transpositions make a more complex
    transposition
  • But a substitution followed by a transposition
    makes a new much harder cipher
  • This is bridge from classical to modern ciphers

40
Outline
  • Overview of Cryptography
  • Classical Symmetric Cipher
  • Modern Symmetric Ciphers (DES/AES)
  • Asymmetric Cipher
  • One-way Hash Functions and Message Digest

41
Block vs Stream Ciphers
  • Block ciphers process messages in into blocks,
    each of which is then en/decrypted
  • Like a substitution on very big characters
  • 64-bits or more
  • Stream ciphers process messages a bit or byte at
    a time when en/decrypting
  • Many current ciphers are block ciphers, one of
    the most widely used types of cryptographic
    algorithms

42
Block Cipher Principles
  • Most symmetric block ciphers are based on a
    Feistel Cipher Structure
  • Block ciphers look like an extremely large
    substitution
  • Would need table of 264 entries for a 64-bit
    block
  • Instead create from smaller building blocks
  • Using idea of a product cipher

43
Ideal Block Cipher
44
Feistel Cipher Structure
  • Process through multiple rounds which
  • partitions input block into two halves
  • perform a substitution on left data half
  • based on round function of right half subkey
  • then have permutation swapping halves

45
Feistel Cipher Decryption
46
DES (Data Encryption Standard)
  • Published in 1977, standardized in 1979.
  • Key 64 bit quantity8-bit parity56-bit key
  • Every 8th bit is a parity bit.
  • 64 bit input, 64 bit output.

64 bit M
64 bit C
DES Encryption
56 bits
47
DES Top View
56-bit Key
64-bit Input
48-bit K1
Generate keys
Permutation
Initial Permutation
48-bit K1
Round 1
48-bit K2
Round 2
...
48-bit K16
Round 16
Swap 32-bit halves
Swap
Final Permutation
Permutation
64-bit Output
48
DES Summary
  • Simple, easy to implement
  • Hardware/gigabits/second, software/megabits/second
  • 56-bit key DES may be acceptable for non-critical
    applications but triple DES (DES3) should be
    secure for most applications today
  • Supports several operation modes (ECB CBC, OFB,
    CFB) for different applications

49
Avalanche Effect
  • Key desirable property of encryption alg
  • Where a change of one input or key bit results in
    changing more than half output bits
  • DES exhibits strong avalanche

50
Strength of DES Key Size
  • 56-bit keys have 256 7.2 x 1016 values
  • Brute force search looks hard
  • Recent advances have shown is possible
  • in 1997 on a huge cluster of computers over the
    Internet in a few months
  • in 1998 on dedicated hardware called DES
    cracker by EFF in a few days (220,000)
  • in 1999 above combined in 22hrs!
  • Still must be able to recognize plaintext
  • No big flaw for DES algorithms

51
DES Replacement
  • Triple-DES (3DES)
  • 168-bit key, no brute force attacks
  • Underlying encryption algorithm the same, no
    effective analytic attacks
  • Drawbacks
  • Performance no efficient software codes for
    DES/3DES
  • Efficiency/security bigger block size desirable
  • Advanced Encryption Standards (AES)
  • US NIST issued call for ciphers in 1997
  • AES was selected in Oct-2000

52
AES
  • Private key symmetric block cipher
  • 128-bit data, 128/192/256-bit keys
  • Stronger faster than Triple-DES
  • Provide full specification design details
  • Evaluation criteria
  • Security effort to practically cryptanalysis
  • Cost computational efficiency and memory
    requirement
  • Algorithm implementation characteristics
    flexibility to apps, hardware/software
    suitability, simplicity

53
AES Shortlist
  • After testing and evaluation, shortlist in
    Aug-99
  • MARS (IBM) - complex, fast, high security margin
  • RC6 (USA) - v. simple, v. fast, low security
    margin
  • Rijndael (Belgium) - clean, fast, good security
    margin
  • Serpent (Euro) - slow, clean, v. high security
    margin
  • Twofish (USA) - complex, v. fast, high security
    margin
  • Then subject to further analysis comment

54
Outlines
  • Symmetric Cipher
  • Classical Symmetric Cipher
  • Modern Symmetric Ciphers (DES and AES)
  • Asymmetric Cipher
  • One-way Hash Functions and Message Digest

55
Private-Key Cryptography
  • Private/secret/single key cryptography uses one
    key
  • Shared by both sender and receiver
  • If this key is disclosed communications are
    compromised
  • Also is symmetric, parties are equal
  • Hence does not protect sender from receiver
    forging a message claiming is sent by sender

56
Public-Key Cryptography
  • Probably most significant advance in the 3000
    year history of cryptography
  • Uses two keys a public a private key
  • Asymmetric since parties are not equal
  • Uses clever application of number theoretic
    concepts to function
  • Complements rather than replaces private key
    crypto

57
Public-Key Cryptography
  • Public-key/two-key/asymmetric cryptography
    involves the use of two keys
  • a public-key, which may be known by anybody, and
    can be used to encrypt messages, and verify
    signatures
  • a private-key, known only to the recipient, used
    to decrypt messages, and sign (create) signatures
  • Asymmetric because
  • those who encrypt messages or verify signatures
    cannot decrypt messages or create signatures

58
Public-Key Cryptography
59
Public-Key Characteristics
  • Public-Key algorithms rely on two keys with the
    characteristics that it is
  • computationally infeasible to find decryption key
    knowing only algorithm encryption key
  • computationally easy to en/decrypt messages when
    the relevant (en/decrypt) key is known
  • either of the two related keys can be used for
    encryption, with the other used for decryption
    (in some schemes)
  • Analogy to delivery w/ a padlocked box

60
Public-Key Cryptosystems
  • Two major applications
  • encryption/decryption (provide secrecy)
  • digital signatures (provide authentication)

61
RSA (Rivest, Shamir, Adleman)
  • The most popular one.
  • Support both public key encryption and digital
    signature.
  • Assumption/theoretical basis
  • Factoring a big number is hard.
  • Variable key length (usually 1024 bits).
  • Plaintext block size.
  • Plaintext must be less or equal than the key.
  • Ciphertext block size is the same as the key
    length.

62
What Is RSA?
  • To generate key pair
  • Pick large primes (gt 512 bits each) p and q
  • Let n pq, keep your p and q to yourself!
  • For public key, choose e that is relatively
    prime to ø(n) (p-1)(q-1), let pub lte,ngt
  • For private key, find d that is the
    multiplicative inverse of e mod ø(n), i.e., ed
    1 mod ø(n), let priv ltd,ngt

63
RSA Example
  • Select primes p17 q11
  • Compute n pq 1711187
  • Compute ø(n)(p1)(q-1)1610160
  • Select e gcd(e,160)1 choose e7
  • Determine d de1 mod 160 and d lt 160 Value is
    d23 since 237161 101601
  • Publish public key KU7,187
  • Keep secret private key KR23,17,11

64
How Does RSA Work?
  • Given pub lte, ngt and priv ltd, ngt
  • encryption c me mod n, m lt n
  • decryption m cd mod n
  • signature s md mod n, m lt n
  • verification m se mod n
  • given message M 88 (nb. 88lt187)
  • encryption
  • C 887 mod 187 11
  • decryption
  • M 1123 mod 187 88

65
Is RSA Secure?
  • Factoring 1024-bit number is very hard!
  • But if you can factor big number n then given
    public key lte,ngt, you can find d, hence the
    private key by
  • Knowing factors p, q, such that, n pq
  • Then ø(n) (p-1)(q-1)
  • Then d such that ed 1 mod ø(n)
  • Threat
  • Moores law
  • Refinement of factorizing algorithms
  • For the near future, a key of 1024 or 2048 bits
    needed

66
Symmetric (DES) vs. Public Key (RSA)
  • Exponentiation of RSA is expensive !
  • AES and DES are much faster
  • 100 times faster in software
  • 1,000 to 10,000 times faster in hardware
  • RSA often used in combination in AES and DES
  • Pass the session key with RSA

67
Outline
  • History of Security and Definitions
  • Overview of Cryptography
  • Symmetric Cipher
  • Classical Symmetric Cipher
  • Modern Symmetric Ciphers (DES and AES)
  • Asymmetric Cipher
  • One-way Hash Functions and Message Digest

68
Confidentiality gt Authenticity ?
  • Symmetric cipher ?
  • Shared key problem
  • Plaintext has to be intelligible/understandable
  • Asymmetric cipher?
  • Too expensive
  • Plaintext has to be intelligible/understandable
  • Desirable to cipher on a much smaller size of
    data which uniquely represents the long message

69
Hash Functions
  • Condenses arbitrary message to fixed size
  • h H(M)
  • Usually assume that the hash function is public
    and not keyed
  • Hash used to detect changes to message
  • Can use in various ways with message
  • Most often to create a digital signature

70
Hash Functions Digital Signatures
71
Requirements for Hash Functions
  • Can be applied to any sized message M
  • Produces fixed-length output h
  • Is easy to compute hH(M) for any message M
  • Given h is infeasible to find x s.t. H(x)h
  • One-way property
  • Given x is infeasible to find y s.t. H(y)H(x)
  • Weak collision resistance
  • Is infeasible to find any x,y s.t. H(y)H(x)
  • Strong collision resistance

72
Birthday Problem
  • How many people do you need so that the
    probability of having two of them share the same
    birthday is gt 50 ?
  • Random sample of n birthdays (input) taken from k
    (365, output)
  • kn total number of possibilities
  • (k)nk(k-1)(k-n1) possibilities without
    duplicate birthday
  • Probability of no repetition
  • p (k)n/kn ? 1 - n(n-1)/2k
  • For k366, minimum n 23
  • n(n-1)/2 pairs, each pair has a probability 1/k
    of having the same output
  • n(n-1)/2k gt 50 ? ngtk1/2

73
How Many Bits for Hash?
  • m bits, takes 2m/2 to find two with the same hash
  • 64 bits, takes 232 messages to search (doable)
  • Need at least 128 bits

74
General Structure of Secure Hash Code
  • Iterative compression function
  • Each f is collision-resistant, so is the
    resulting hashing

75
MD5 Message Digest Version 5
input Message
Output 128 bits Digest
  • Until recently the most widely used hash
    algorithm
  • in recent times have both brute-force
    cryptanalytic concerns
  • Specified as Internet standard RFC1321

76
MD5 Overview
77
MD5 Overview
  • Pad message so its length is 448 mod 512
  • Append a 64-bit original length value to message
  • Initialise 4-word (128-bit) MD buffer (A,B,C,D)
  • Process message in 16-word (512-bit) blocks
  • Using 4 rounds of 16 bit operations on message
    block buffer
  • Add output to buffer input to form new buffer
    value
  • Output hash value is the final buffer value

78
Processing of Block mi - 4 Passes
mi
MDi
ABCDfF(ABCD,mi,T1..16)
A
C
D
B
ABCDfG(ABCD,mi,T17..32)
ABCDfH(ABCD,mi,T33..48)
ABCDfI(ABCD,mi,T49..64)




MD i1
79
Secure Hash Algorithm
  • SHA is specified as the hash algorithm in the
    Digital Signature Standard (DSS), NIST, 1993
  • Input message must be lt 264 bits
  • not really a problem
  • Message is processed in 512-bit blocks
    sequentially
  • Message digest is 160 bits

80
SHA-1 verses MD5
  • Brute force attack is harder (160 vs 128 bits for
    MD5)
  • A little slower than MD5 (80 vs 64 steps)
  • Both work well on a 32-bit architecture
  • Both designed as simple and compact for
    implementation
  • Cryptanalytic attacks
  • MD4/5 vulnerability discovered since its design
  • SHA-1 no until recent 2005 results raised
    concerns on its use in future applications

81
Revised Secure Hash Standard
  • NIST have issued a revision in 2002
  • Adds 3 additional hash algorithms
  • SHA-256, SHA-384, SHA-512
  • Collectively called SHA-2
  • Designed for compatibility with increased
    security provided by the AES cipher
  • Structure detail are similar to SHA-1
  • Hence analysis should be similar, but security
    levels are rather higher

82
Backup Slides
83
Cryptanalysis Scheme
  • Ciphertext only
  • Exhaustive search until recognizable plaintext
  • Need enough ciphertext
  • Known plaintext
  • Secret may be revealed (by spy, time), thus
    ltciphertext, plaintextgt pair is obtained
  • Great for monoalphabetic ciphers
  • Chosen plaintext
  • Choose text, get encrypted
  • Pick patterns to reveal the structure of the key

84
One-Time Pad
  • If a truly random key as long as the message is
    used, the cipher will be secure - One-Time pad
  • E.g., a random sequence of 0s and 1s XORed to
    plaintext, no repetition of keys
  • Unbreakable since ciphertext bears no statistical
    relationship to the plaintext
  • For any plaintext, it needs a random key of the
    same length
  • Hard to generate large amount of keys
  • Have problem of safe distribution of key

85
Rotor Machines
  • Before modern ciphers, rotor machines were most
    common complex ciphers in use
  • Widely used in WW2
  • German Enigma, Allied Hagelin, Japanese Purple
  • Implemented a very complex, varying substitution
    cipher

86
Substitution-Permutation Ciphers
  • Substitution-permutation (S-P) networks Shannon,
    1949
  • modern substitution-transposition product cipher
  • These form the basis of modern block ciphers
  • S-P networks are based on the two primitive
    cryptographic operations
  • substitution (S-box)
  • permutation (P-box)
  • provide confusion and diffusion of message

87
Confusion and Diffusion
  • Cipher needs to completely obscure statistical
    properties of original message
  • A one-time pad does this
  • More practically Shannon suggested S-P networks
    to obtain
  • Diffusion dissipates statistical structure of
    plaintext over bulk of ciphertext
  • Confusion makes relationship between ciphertext
    and key as complex as possible

88
Bit Permutation (1-to-1)
1 2 3 4 32
.

0 0 1 0 1
Input
1 bit
..
Output
1 0 1 1 1
22 6 13 32 3
89
Per-Round Key Generation
Initial Permutation of DES key
C i-1
D i-1
28 bits
28 bits
Circular Left Shift
Circular Left Shift
One round
Round 1,2,9,16 single shift Others two bits
Permutation with Discard
48 bits Ki
C i
D i
28 bits
28 bits
90
A DES Round
32 bits Ln
32 bits Rn
E
One Round Encryption
48 bits
Mangler Function
48 bits Ki
S-Boxes
P
32 bits
32 bits Ln1
32 bits Rn1
91
Mangler Function
The permutation produces spread among the
chunks/S-boxes!
92
Bits Expansion (1-to-m)
1 2 3 4 5 32
.
Input

0 0 1 0 1 1
Output
..
1 0 0 1 0 1 0 1
1 0
1 2 3 4 5 6 7 8
48
93
S-Box (Substitute and Shrink)
  • 48 bits gt 32 bits. (86 gt 84)
  • 2 bits used to select amongst 4 substitutions for
    the rest of the 4-bit quantity

94
S-Box Examples
Each row and column contain different numbers.
0 1 2 3 4 5
6 7 8 9. 15
0 14 4 13 1 2
15 11 8 3
1 0 15 7 4 14
2 13 1 10
2 4 1 14 8 13
6 2 11 15
3 15 12 8 2 4
9 1 7 5
Example input 100110 output ???
95
Padding Twist
  • Given original message M, add padding bits 10
    such that resulting length is 64 bits less than a
    multiple of 512 bits.
  • Append (original length in bits mod 264),
    represented in 64 bits to the padded message
  • Final message is chopped 512 bits a block

96
Why Does RSA Work?
  • Given pub lte, ngt and priv ltd, ngt
  • n pq, ø(n) (p-1)(q-1)
  • ed 1 mod ø(n)
  • xe?d x mod n
  • encryption c me mod n
  • decryption m cd mod n me?d mod n m mod n
    m (since m lt n)
  • digital signature (similar)

97
Using Hash for Authentication
  • Assuming share a key KAB
  • Alice to Bob challenge rA
  • Bob to Alice MD(KABrA)
  • Bob to Alice rB
  • Alice to Bob MD(KABrB)
  • Only need to compare MD results

98
Using Hash to Encrypt
  • One-time pad with KAB
  • Compute bit streams using MD, and K
  • b1MD(KAB), biMD(KABbi-1),
  • ? with message blocks
  • Is this a real one-time pad ?
  • Add a random 64 bit number (aka IV)
    b1MD(KABIV), biMD(KABbi-1),

99
MD5 Process
  • As many stages as the number of 512-bit blocks in
    the final padded message
  • Digest 4 32-bit words MDABCD
  • Every message block contains 16 32-bit words
    m0m1m2m15
  • Digest MD0 initialized to A01234567,B89abcdef,C
    fedcba98, D76543210
  • Every stage consists of 4 passes over the message
    block, each modifying MD
  • Each block 4 rounds, each round 16 steps

100
Different Passes...
  • Each step i (1 lt i lt 64)
  • Input
  • mi a 32-bit word from the message
  • With different shift every round
  • Ti int(232 abs(sin(i)))
  • Provided a randomized set of 32-bit patterns,
    which eliminate any regularities in the input
    data
  • ABCD current MD
  • Output
  • ABCD new MD

101
MD5 Compression Function
  • Each round has 16 steps of the form
  • a b((ag(b,c,d)XkTi)ltltlts)
  • a,b,c,d refer to the 4 words of the buffer, but
    used in varying permutations
  • note this updates 1 word only of the buffer
  • after 16 steps each word is updated 4 times
  • where g(b,c,d) is a different nonlinear function
    in each round (F,G,H,I)

102
MD5 Compression Function
103
Functions and Random Numbers
  • F(x,y,z) (x?y)?(x ? z)
  • selection function
  • G(x,y,z) (x ? z) ?(y ? z)
  • H(x,y,z) x?y? z
  • I(x,y,z) y?(x ? z)

104
Basic Steps for SHA-1
  • Step1 Padding
  • Step2 Appending length as 64 bit unsigned
  • Step3 Initialize MD buffer 5 32-bit words
  • Store in big endian format, most significant bit
    in low address
  • ABCDE
  • A 67452301
  • B efcdab89
  • C 98badcfe
  • D 10325476
  • E c3d2e1f0

105
Basic Steps...
  • Step 4 the 80-step processing of 512-bit blocks
    4 rounds, 20 steps each.
  • Each step t (0 lt t lt 79)
  • Input
  • Wt a 32-bit word from the message
  • Kt a constant.
  • ABCDE current MD.
  • Output
  • ABCDE new MD.
Write a Comment
User Comments (0)
About PowerShow.com