1 / 44

Outline

Outline. Overview of Cryptography Symmetric Cipher Classical Symmetric Cipher Modern Symmetric Ciphers (DES and AES) Asymmetric Cipher One-way Hash Functions and Message Digest. Basic Terminology. plaintext - the original message ciphertext - the coded message

alcina
Télécharger la présentation

Outline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Outline • Overview of Cryptography • Symmetric Cipher • Classical Symmetric Cipher • Modern Symmetric Ciphers (DES and AES) • Asymmetric Cipher • One-way Hash Functions and Message Digest

  2. Basic Terminology • plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key • cryptology - the field of both cryptography and cryptanalysis

  3. Classification of Cryptography • Number of keys used • Hash functions: no key • Secret key cryptography: one key • Public key cryptography: two keys - public, private • Type of encryption operations used • substitution / transposition / product • Way in which plaintext is processed • block / stream

  4. Secret Key vs. Secret Algorithm • Secret algorithm: additional hurdle • Hard to keep secret if used widely: • Reverse engineering, social engineering • Commercial: published • Wide review, trust • Military: avoid giving enemy good ideas

  5. Unconditional vs. Computational Security • Unconditional security • No matter how much computer power is available, the cipher cannot be broken • The ciphertext provides insufficient information to uniquely determine the corresponding plaintext • Only one-time pad scheme qualifies • Computational security • The cost of breaking the cipher exceeds the value of the encrypted info • The time required to break the cipher exceeds the useful lifetime of the info

  6. Brute Force Search • Always possible to simply try every key • Most basic attack, proportional to key size • Assume either know / recognise plaintext

  7. Outline • Overview of Cryptography • Classical Symmetric Cipher • Substitution Cipher • Transposition Cipher • Modern Symmetric Ciphers (DES and AES) • Asymmetric Cipher • One-way Hash Functions and Message Digest

  8. Symmetric Cipher Model

  9. Requirements • Two requirements for secure use of symmetric encryption: • a strong encryption algorithm • a secret key known only to sender / receiver Y = EK(X) X = DK(Y) • Assume encryption algorithm is known • Implies a secure channel to distribute key

  10. Block vs Stream Ciphers • Block ciphers process messages in into blocks, each of which is then en/decrypted • Like a substitution on very big characters • 64-bits or more • Stream ciphers process messages a bit or byte at a time when en/decrypting • Many current ciphers are block ciphers, one of the most widely used types of cryptographic algorithms

  11. DES (Data Encryption Standard) • Published in 1977, standardized in 1979. • Key: 64 bit quantity=8-bit parity+56-bit key • Every 8th bit is a parity bit. • 64 bit input, 64 bit output. 64 bit M 64 bit C DES Encryption 56 bits

  12. DES Top View 56-bit Key 64-bit Input 48-bit K1 Generate keys Permutation Initial Permutation 48-bit K1 Round 1 48-bit K2 Round 2 …... 48-bit K16 Round 16 Swap 32-bit halves Swap Final Permutation Permutation 64-bit Output

  13. DES Summary • Simple, easy to implement: • Hardware/gigabits/second, software/megabits/second • 56-bit key DES may be acceptable for non-critical applications but triple DES (DES3) should be secure for most applications today • Supports several operation modes (ECB CBC, OFB, CFB) for different applications

  14. Avalanche Effect • Key desirable property of encryption alg • Where a change of one input or key bit results in changing more than half output bits • DES exhibits strong avalanche

  15. Strength of DES – Key Size • 56-bit keys have 256 = 7.2 x 1016 values • Brute force search looks hard • Recent advances have shown is possible • in 1997 on a huge cluster of computers over the Internet in a few months • in 1998 on dedicated hardware called “DES cracker” by EFF in a few days ($220,000) • in 1999 above combined in 22hrs! • Still must be able to recognize plaintext • No big flaw for DES algorithms

  16. DES Replacement • Triple-DES (3DES) • 168-bit key, no brute force attacks • Underlying encryption algorithm the same, no effective analytic attacks • Drawbacks • Performance: no efficient software codes for DES/3DES • Efficiency/security: bigger block size desirable • Advanced Encryption Standards (AES) • US NIST issued call for ciphers in 1997 • Rijndael was selected as the AES in Oct-2000

  17. AES • Private key symmetric block cipher • 128-bit data, 128/192/256-bit keys • Stronger & faster than Triple-DES • Provide full specification & design details • Evaluation criteria • Security: effort to practically cryptanalysis • Cost: computational efficiency and memory requirement • Algorithm & implementation characteristics: flexibility to apps, hardware/software suitability, simplicity

  18. Outlines • Symmetric Cipher • Classical Symmetric Cipher • Modern Symmetric Ciphers (DES and AES) • Asymmetric Cipher • One-way Hash Functions and Message Digest

  19. Private-Key Cryptography • Private/secret/single key cryptography uses one key • Shared by both sender and receiver • If this key is disclosed communications are compromised • Also is symmetric, parties are equal • Hence does not protect sender from receiver forging a message & claiming is sent by sender

  20. Public-Key Cryptography • Probably most significant advance in the 3000 year history of cryptography • Uses two keys – a public & a private key • Asymmetric since parties are not equal • Uses clever application of number theoretic concepts to function • Complements rather than replaces private key crypto

  21. Public-Key Cryptography • Public-key/two-key/asymmetric cryptography involves the use of two keys: • a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures • a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures • Asymmetric because • those who encrypt messages or verify signatures cannot decrypt messages or create signatures

  22. Public-Key Cryptography

  23. Public-Key Characteristics • Public-Key algorithms rely on two keys with the characteristics that it is: • computationally infeasible to find decryption key knowing only algorithm & encryption key • computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known • either of the two related keys can be used for encryption, with the other used for decryption (in some schemes) • Analogy to delivery w/ a padlocked box

  24. Public-Key Cryptosystems • Two major applications: • encryption/decryption (provide secrecy) • digital signatures (provide authentication)

  25. RSA (Rivest, Shamir, Adleman) • The most popular one. • Support both public key encryption and digital signature. • Assumption/theoretical basis: • Factoring a big number is hard. • Variable key length (usually 1024 or 2048 bits). • Variable plaintext block size. • Plaintext must be “smaller” than the key. • Ciphertext block size is the same as the key length.

  26. Is RSA Secure? • Factoring 512-bit number is very hard! • But if you can factor big number n then given public key <e,n>, you can find d, hence the private key by: • Knowing factors p, q, such that, n= p*q • Then ø(n) =(p-1)(q-1) • Then d such that e*d = 1 mod ø(n) • Threat • Moore’s law • Refinement of factorizing algorithms • For the near future, a key of 1024 or 2048 bits needed

  27. Symmetric (DES) vs. Public Key (RSA) • Exponentiation of RSA is expensive ! • AES and DES are much faster • 100 times faster in software • 1,000 to 10,000 times faster in hardware • RSA often used in combination in AES and DES • Pass the session key with RSA • SSL/TLS handshaking

  28. Outline • History of Security and Definitions • Overview of Cryptography • Symmetric Cipher • Classical Symmetric Cipher • Modern Symmetric Ciphers (DES and AES) • Asymmetric Cipher • One-way Hash Functions and Message Digest

  29. Confidentiality => Authenticity ? • Symmetric cipher ? • Shared key problem • Plaintext has to be intelligible/understandable • Asymmetric cipher? • Too expensive • Plaintext has to be intelligible/understandable • Desirable to cipher on a much smaller size of data which uniquely represents the long message

  30. Hash Functions • Condenses arbitrary message to fixed size h = H(M) • Usually assume that the hash function is public and not keyed • Hash used to detect changes to message • Can use in various ways with message • Most often to create a digital signature

  31. Hash Functions & Digital Signatures

  32. Requirements for Hash Functions • Can be applied to any sized message M • Produces fixed-length output h • Is easy to compute h=H(M) for any message M • Given h is infeasible to find x s.t. H(x)=h • One-way property • Given x is infeasible to find y s.t. H(y)=H(x) • Weak collision resistance • Is infeasible to find any x,y s.t. H(y)=H(x) • Strong collision resistance

  33. How Many Bits for Hash? • m bits, takes 2m/2 to find two with the same hash • 64 bits, takes 232 messages to search (doable) • Need at least 128 bits

  34. General Structure of Secure Hash Code • Iterative compression function • Each f is collision-resistant, so is the resulting hashing

  35. MD5: Message Digest Version 5 input Message Output 128 bits Digest • Until recently the most widely used hash algorithm • in recent times have both brute-force & cryptanalytic concerns • Specified as Internet standard RFC1321

  36. MD5 Overview

  37. Secure Hash Algorithm • Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993 • SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST

  38. General Logic • Input message must be < 264 bits • not really a problem • Message is processed in 512-bit blocks sequentially • Message digest is 160 bits • SHA design is similar to MD5, a little slower, but a lot stronger

  39. SHA-1 verses MD5 • Brute force attack is harder (160 vs 128 bits for MD5) • A little slower than MD5 (80 vs 64 steps) • Both work well on a 32-bit architecture • Both designed as simple and compact for implementation • Cryptanalytic attacks • MD4/5: vulnerability discovered since its design • SHA-1: no until recent 2005 results raised concerns on its use in future applications

  40. Revised Secure Hash Standard • NIST have issued a revision FIPS 180-2 in 2002 • Adds 3 additional hash algorithms • SHA-256, SHA-384, SHA-512 • Collectively called SHA-2 • Designed for compatibility with increased security provided by the AES cipher • Structure & detail are similar to SHA-1 • Hence analysis should be similar, but security levels are rather higher

  41. Backup Slides

  42. What Is RSA? • To generate key pair: • Pick large primes (>= 256 bits each) p and q • Let n = p*q, keep your p and q to yourself! • For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = <e,n> • For private key, find d that is the multiplicative inverse of e mod ø(n),i.e., e*d = 1 mod ø(n), let priv = <d,n>

  43. RSA Example • Select primes: p=17 & q=11 • Computen = pq =17×11=187 • Computeø(n)=(p–1)(q-1)=16×10=160 • Select e : gcd(e,160)=1; choose e=7 • Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1 • Publish public key KU={7,187} • Keep secret private key KR={23,17,11}

  44. How Does RSA Work? • Given pub = <e, n> and priv = <d, n> • encryption: c = me mod n, m < n • decryption: m = cd mod n • signature: s = md mod n, m < n • verification: m = se mod n • given message M = 88 (nb. 88<187) • encryption: C = 887 mod 187 = 11 • decryption: M = 1123 mod 187 = 88

More Related