1 / 20

Spoiler Warning

Spoiler Warning. After listening to this talk, you may become disappointed with this book! Much of the book’s content is about cryptography, but those about modern cryptography is often inaccurate. Build Your Own Cryptosystem. Have you heard about any cryptosystem?

lanza
Télécharger la présentation

Spoiler Warning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spoiler Warning • After listening to this talk, you may become disappointed with this book! • Much of the book’s content is about cryptography, but those about modern cryptography is often inaccurate

  2. Build Your Own Cryptosystem • Have you heard about any cryptosystem? • Have you tried to design your own encryption algorithm? • Some software companies do this • But this is in fact very insecure • A cryptosystem can have many hidden flaws!

  3. A simple cryptosystem I used in F.1 • Substitute English alphabets with numbers • 01..26 <-> A..Z • 00 <-> Space • 27..99 <-> Nothing, added to obfuscate the eavesdropper • This is a kind of monoalphabetic substitution cipher • Example • HELLO WORLD • 08 05 48 37 36 12 12 15 00 23 61 15 18 12 04 95 • Problems?

  4. Classical Ciphers • Monoalphabetic Substitution Cipher • Example : Caesar, simple substitution • Substitutes every letter with a fixed letter • Very vulnerable to frequency analysis

  5. Classical Ciphers • Polyalphabetic Substitution Cipher • Example : Vigenere Cipher, Enigma • Substitution depends on position • Vulnerable to frequency analysis on collections of letters

  6. Classical Ciphers • Transposition Cipher • Example : Columnar transposition • Moves the position of letters around • Again vulnerable to frequency analysis

  7. Classical Ciphers • Hill Cipher • Based on matrix multiplication • Vulnerable to known plaintext attack

  8. Modern Cryptography • Cryptosystem • Key generation (an cryptosystem without key is useless) • Encryption • Decryption • Confusing Words • Cryptography is the study of cryptosystems and their applications • “Cipher” usually means the same thing as “Cryptosystem” • Plaintext / cleartext means un-encrypted data • Ciphertext / crypto-text means encrypted data

  9. Symmetric Ciphers (Private Key Cryptosystems) • Most famous : DES (Data Encryption Standard) • 64 bit Key (56 bit for encryption, 8 bit for error check) • In Digital Fortress, the brute force code breaking machine TRANSLTR can break DES in 10 minutes • However this is totally useless, because if we encrypt the data with 3 keys consecutively (this is called 3DES), it would take 256x2 x 10 minutes to break! • New algorithm : AES (Advanced Encryption Standard) • 128, 192 or 256 bit Key • Widely used • Main problem with symmetric ciphers • Key Distribution

  10. Asymmetric Cipher (Public Key Cryptosystem) • Most famous : RSA • A little number theory • n = p*q (p and q are large primes) • Choose e, d such that e*d = 1 (mod f(n)) • Encryption and Decryption • Public key is (n,e) • Private key is (n,d) • C = Me • M = Cd • To break RSA we need to factorize n • Current fastest algorithm : Number Field Sieve

  11. Why still use symmetric ciphers? • Symmetric ciphers are much faster than asymmetric ones • At least 100x • Key length of symmetric ciphers can be much shorter than asymmetric ciphers • AES key of 128 bit is roughly as strong as a RSA key of 2048 bit • Use asymmetric cipher to encrypt the keys of symmetric cipher! • Other well known algorithms • Symmetric : RC5, IDEA, BlowFish, … • Asymmetric : El-Gamal, Elliptic Curve Cryptography (ECC), XTR, …

  12. The One Time Pad • One Time Pad is the only form of “Perfectly Secure” cryptosystem • Length of Key must be at least length of Message • Vernam Cipher • Use bitwise XOR • Sometimes used by governments to transfer keys to embassies

  13. Digital Signatures • Many asymmetric encryption/decryption schemes are just mathematical functions, we can reverse the order • Dec(Enc(X)) = Enc(Dec(X)) = X • Therefore we can use them for “digital signature” • Example : RSA • If we send M to somebody, we also send s=Md • The other party can check M has not been altered by verifying se=M

  14. Public Key Infrastructure • Certificate Authorities (CA) • Store your public key in their server and verifies their authenticity • Hierarchy of Trust • Example scenario • When you send a message, you also send a certificate as well as signature signed with your private key • When the other party receive the message, it first go to the CA which issued your cert to verify it • Then it use your public key listed in the cert to verify the message

  15. The Real World • What I told you is INSECURE ! • Dolev-Yao Threat Model • Attackers control the whole network • Attackers can intercept, duplicate, replay, modify, or forge any message, but • Attackers cannot find the plaintext from a ciphertext without the key, and • Attackers cannot find the private key from a public key • Recall the BT incident • 90% of what the Customs did (mainly eavesdropping) can be done by everyone on the Internet

  16. Attack on RSA • Scenario • I eavesdropped an RSA-encrypted message for you (Me, where e is your public key) • I ask you to forward this message to someone else, but I lie to you that this is a unencrypted message • I also remind you to sign the message before forwarding • In fact, the other person is myself • Signature of Me = (Me)d = Med = M ! • In this scenario you acted as a “Decryption Oracle” and provided “Oracle Services” to me, the attacker

  17. Attack on RSA • A fix? • Check every message to see if it is actually encrypted • This is useless • Another scenario • When I eavesdropped Me, I compute Me Xe = (MX)e, where X is an integer I chose • I send (MX)e to you and ask you to sign it. When you try to decrypt it you get MX, which looks innoculous • Feeling safe, you sign it, and send MX back to me • I can compute MX X-1 to get M (taking multiplicative inverse is easy) • This is called the “Chosen Ciphertext Attack”

  18. Attack on RSA • A real solution is to apply cryptographic hash function before signing • Properties of cryptographic hash function • One way • Non-linear • Collision free • However, many other attacks are possible • Now, formal methods are used to model the attacks • A “really secure” version of RSA is the RSA-OAEP • Many research are ongoing

  19. Links • Cryptography A-Z • http://www.ssh.com/support/cryptography/index.html • Handbook of Applied Cryptography • http://www.cacr.math.uwaterloo.ca/hac/ • Wikipedia • http://www.wikipedia.org/

More Related