250 likes | 514 Vues
Cryptography. OverviewQuick History, Fundamentals, Threats
E N D
1. [3ICT1] Security- Cryptography - Karl Quinn
2. Cryptography Overview
Quick History, Fundamentals, Threats & Attacks.
Cryptographic Algorithms
Symmetric
Asymmetric
Cryptographic Ciphers
Cipher Block Chaining
Stream Cipher
Cryptographic Attacks
Brute Force
Chosen Plaintext
Man-in-the-middle
3. Cryptography History Ancient History
Polybios; Polybios square
Ceasar; simple shifting substitution.
More Current
Pre-WWII
Scherbius; Enigma Machine
1970s
Feistel; Feistel Ciphers (Pre-cursor to DES, 3DES)
Rivest, Shamir, and Adleman; RSA
WWW - Age
Schneiders Applied Cryptography
Published algorithms w/ source code.
4. Fundamentals Why use cryptography
Confidentiality
msg contents remain secret.
Integrity
msg contents not tampered/altered/etc.
Authentication
msg recipient/sender is who they
states they are.
5. Threats & Methods of Attacks Security Threats
Leakage; unauthorised acquisitions.
Tampering; unauthorised alterations.
Vandalism; interference without gain.
Methods of Attack
Eavesdropping; Acquiring msg w/out authority.
Masquerading; fraudulent use of identity for comms.
Message Tampering; intercept, alter, and resend.
Replaying; storing msgs and resending later.
Denial of Service; flood a channel to
deny legitimate access.
6. Cryptographic Key Two main approaches for successful encryption, with a hybrid third option.
(1) Shared Key Encryption [Symmetric]
Sender and recipient share knowledge of a secret key that is used to encrypt plaintext messages as cipher-text.
(2) Public/Private Key Encryption [Asymmetric]
Sender uses the recipients public key to encrypt plaintext messages, which are then decrypted by the recipient using the corresponding private key.
(3) Hybrid Public/Private w/ Shared
Distribute shared via public/private key.
7. Cryptographic Terminology #1 Protagonists in security protocols
Alice; First participant
Bob; Second participant
Carol; participant in 3 or 4 party
Dave; participant in 4 party
Eve; eavesdropper
Mallory; Malicious attacker
Sara; A server
8. Cryptographic Terminology #1 Cryptographic Notation
KA : Alices Secret Key.
KB : Bobs Secret Key.
KAB : Shared Key between Alice and Bob.
KApriv : Alices Private Key
KApub :Alices Public Key
{M}K : Message M encrypted with key K
[M]K : Message M signed with key K
9. Shared Key Encryption Communications between Alice and Bob using the shared key KAB
(1) Alice uses KAB and the encryption function E(KAB,M) to encrypt messages for Bob.
(2) Bob decrypts the cipher text using D(KAB, {M}K).
10. Shared Key Encryption Problems with previous example;
(1) How can Alice send the secret key to Bob securely?
(2) How can Bob know that the messages contents werent tampered with?
(3) How does Bob know that a message
hasnt just been replayed?
11. Shared Key Examples Tiny Encryption Algorithm (TEA)
Simple, 128-bit key.
Uses rounds of integer addition, XOR, and bitwise logical shifts to achieve plaintext diffusion and confusion.
Void encrypt(unsigned long k[], unsigned long text[]){
unsigned long y = text[0], z = text[1];
unsigned long delta = 0x9e3779b9, sum = 0; int n;
for(n = 0; n < 32; n++){
sum+=delta;
y += ((z<<4)+k[0])^(z+sum)^((z>>5)+k[1]);
z += ((y<<4)+k[2])^(y+sum)^((y>>5)+k[3]);
}
text[0] = y; text[1] = z;
}
12. Shared Key Examples Data Encryption Standard (DES)
US encryption standard for years, 56-bit-key.
Triple-DES (3DES) applies DES three times with two keys. Therefore, 112-bit key.
International Data Encryption Algorithm (IDEA)
All round option, successor to DES. 128-bit key.
Encrypts/Decrypts ~3 times faster than DES.
Advanced Encryption Standard (AES)
Widely used symmetric encryption algorithm.
AKA Rijndael, AES is fast, relatively easy to implement, and requires little memory.
13. Public Key Encryption Communications between Alice and Bob using Bobs Public key KBpub
(1) Alice uses KBpub to encrypt message M, E(KBpub, M).
(2) Bob receives the encrypted message and decrypts its contents using KBpriv.
D(KBpriv, {M}K ).
14. Public Key Encryption Problems with previous example?
(1) How/Where does Alice get Bobs public key?
(2) Can require 100 to 1000 times more processing power than shared key encryption.
15. Public Key Examples. Rivest, Shamir, Adelman (RSA)
Uses trap-door functions, which is a one way function with a secret exit it is easy to compute in one direction but infeasible to compute the inverse unless secret is known.
To find a key pair e, d
Choose 2 large prime numbers P and Q to form
N = P x Q
Z = (P-1) x (Q-1)
For d, chose any number relatively prime with Z.
To find e, solve e x d = 1 mod Z.
Function to encrypt; Me mod N.
E(KE, M) = {M}K
Function to decrypt; Cd mod N.
D(KD, {M}K) = M
16. Public Key Examples. RSA with workable numbers
(1) Let P = 13, and Q = 17,
Using N = P x Q, N = 221
Z = (P-1) x (Q-1), Z = 192.
(2) Chose d = 5.
Solving e x d = 1 mod 192 = 1, 193, 385,
385 is divisible by d,
Therefore, e = 385/5 = 77.
Function to encrypt; M77 mod 221.
Function to decrypt; C5 mod 221.
17. Public Key Examples Elliptical Curve Cryptography
Public Key not shared.
Generates key through the properties of elliptic curve equations not based on difficulties associated with factoring large numbers.
Shorter keys are secure.
Lower processing overhead than RSA.
18. Hybrid Key Encryption In e-commerce public key security needs no secure key distribution mechanism.
Public key encryption as a large computational overhead in relation to shared key encryption.
Therefore, one can use public key encryption to authenticate a party and to also encrypt secret keys for secure distribution.
This securely distributed secret key is then used for all subsequent transaction. See SSL.
19. Cryptographic Ciphers Block Ciphers
Most encryption algorithms work with fixed sized blocks of data, 64-bits is popular.
A message is divided into 64-bit blocks w/ padding on the last block if necessary.
Each block is encrypted independently.
Simple block cipher can allow pattern recognition between the ciphertext and plaintext.
Integrity of message is not guaranteed.
Cipher Block Chaining overcomes above weaknesses.
20. Cryptographic Ciphers Plaintext blocks
Ciphertext blocks
21. Cryptographic Ciphers
plaintext
stream
22. Confusion and Diffusion Shannons principle of confusion and diffusion conceals content of ciphertext.
(1) Confusion
XOR and circular shifting to combine plaintext blocks with a key to produce pattern that obscures the relationship between encrypted and unencrypted blocks.
(2) Diffusion
Dissipates repetition patterns and redundancy that are found in plaintext.
Unavailable to stream ciphers as they
dont use blocks.
23. Cryptographic Attacks Brute Force Attack
Try every possible mathematical value of K in computing E(K, M) until result matches {M}K.
Chosen Plaintext Attack
Try to guess ciphertext by using a public key to encrypt known plaintext and hope they match.
Man-in-the-middle
Mallory positioned between Alice and Bob, and substitutes a known shared key.
24. Summary Summary of main concepts
(1) Cryptographic Algorithms
Symmetric
Asymmetric
(2) Cryptographic Ciphers
Cipher Block Chaining
Stream Cipher
(3) Cryptographic Attacks
Brute Force
Chosen Plaintext
Man-in-the-middle
25. Reference Coukouris, G., Dollimore, J., Kindberg, T., Distributed Systems, Concepts and Designs, Addison-Wesley, Third Edition, 2001.