1 / 71

Cryptography Basics

Cryptography Basics. Objectives. Explain general cryptography concepts Explain basic hashing concepts. Basic encryption concepts. Explain and implement protocols Explain core concepts of public key cryptography. Cryptography. Cryptography – science of encrypting information.

palmer
Télécharger la présentation

Cryptography Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography Basics

  2. Objectives • Explain general cryptography concepts • Explain basic hashing concepts. • Basic encryption concepts. • Explain and implement protocols • Explain core concepts of public key cryptography

  3. Cryptography • Cryptography – science of encrypting information. • “scrambles” data so only authorized parties can “unscramble” and read data using two methods • Can substitute – change one letter with a different letter • Can transpose – scramble the order of letters, without actually changing one for another. • The best cryptosystems both substitute and transpose.

  4. Basic Idea

  5. Cryptographic Terminology • Cryptography - a method of storing and transmitting data in a form only intended for authorized parties to read or process. • Cryptanalysis- science of studying, breaking, and reverse engineering algorithms and keys. • Encryption – the method of transforming data (plaintext) into an unreadable format. • Plain text– the format (usually readable) of data before being encrypted • Cipher text – the “Scrambled” format of data after being encrypted

  6. Cryptographic Terminology • Decryption – the method of turning cipher text back into plain text • Encryption algorithm – a set or rules or procedures that dictates how to encrypt and decrypt data. Also called an encryption “cipher” • Key – (crypto variable) a values used in the encryption process to encrypt and decrypt

  7. Cryptographic Terminology • Key space – the range of possible values used to construct keys • example: • if a key can be 4 digits (0-9) • key space = 10,000 (0000 – 9999) • if it can be 6 digits • key space = 1,000,000 (000,000 – 999,999) • Key Clustering – Instance when two different keys generate the same cipher text from the same plaintext • Work factor – estimated time and resources to break a cryptosystem

  8. Cryptography History • Romans used a shift cipher called a “CEASAR” cipher. Shift Ciphers simply shift characters in an alphabet.

  9. ROT13 / shift cipher - http://www.rot13.com

  10. Transposition Cipher • Jumbles up the ordering of characters in a message. The Spartans of Greece used a form of this called the “Scytale” Cipher.

  11. Transposition Cipher

  12. Scytale

  13. Steganography • Hiding one message in another • “Meet the mini me that ate later.” • “Meet me later.”

  14. Vigenere Cipher • The Vigenère cipher is named for Blaise de Vigenère, although Giovan Battista Bellaso had invented the cipher earlier. Vigenère did invent a stronger autokey cipher. • Vigenèrecipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution. • This cipher is well known because while it is easy to understand and implement, it often appears to beginners to be unbreakable.

  15. Vigenere Table (tabula recta)

  16. Vigenere Cipher • For example, suppose that the plaintext to be encrypted is: ATTACKATDAWN • The person sending the message chooses a keyword and repeats it until it matches the length of the plaintext, for example, the keyword "LEMON": LEMONLEMONLE • The first letter of the plaintext, A, is enciphered using the alphabet in row L, which is the first letter of the key. This is done by looking at the letter in row L and column A of the Vigenère square, namely L. The rest of the plaintext is enciphered in a similar fashion. • Plaintext: ATTACKATDAWN • Key: LEMONLEMONLE • Ciphertext: LXFOPVEFRNHR

  17. Encryption Modes – Block • Take the message and break it up into fixed sized blocks, encrypt each block using the given key.

  18. Block (ECB encryption)

  19. Block Encryption Problems

  20. Solving Block Encryption Problems • Often with block encryption, we include a value in addition to the key that changes for each block, so we don’t get repetitive cipher text blocks. This is called Cipher Block Chaining (see next slide) • Initialization Vectors are used with the first block in CBC

  21. Cipher Block Chaining

  22. XORing • XORing is a Boolean mathematical “function” which creates an output bit based on two input bits. It outputs a 1 IF and ONLY if one bit of input is 1 and the other is a 0. INPUT1 INPUT 2 XOR OUTPUT --------------------------------------------------------------------------- 0 0 = 0 0 1 = 1 1 0 = 1 1 1 = 0

  23. Stream Encryption • The “key” is used as a key stream generator, which creates a series of bits each are is mathematically combined with the bit stream of plaintext to produce cipher text. This is done for small pieces of information, or information not in blocks. • Keyboard input • Morse code • Any input that arrives one bit or byte at a time

  24. Stream Encryption Plain Text Bit Keystream Bit Output Bit 0 1 1 1 1 0 0 1 1 XOR 1 = 0 • Cipher text = 0

  25. Stream Encryption Plain Text Bit Keystream Bit Output Bit 0 1 1 1 1 0 0 XOR 1 = 1 • Cipher text = 0 1

  26. Stream Encryption Plain Text Bit Keystream Bit Output Bit 0 1 1 1 1 XOR 0 = 1 • Cipher text = 0 1 1

  27. Stream Encryption Plain Text Bit Keystream Bit Output Bit 0 1 1 XOR 1 = 0 • Cipher text = 0 1 1 0

  28. Stream Encryption Plain Text Bit Keystream Bit Output Bit 0 XOR 1 = 1 • Cipher text = 0 1 1 0 1

  29. One Time Pad • 1011 – plain text • 0101 – pad • ------ XOR • 1110 – cipher text • In a one time pad you use a different key/pad each time you send a message

  30. One Time Pad • A “perfect cryptosystem” • Unbreakable if implemented properly • The key is a series of bits (0 and 1) • The plain text is converted to bits • The message is XORed with the pad/key to generated the cipher text • (more)

  31. One Time Pad considerations • The pad must be used only one time • The pad must be shared by both sides. • The pad must be as long as the message • The pad must be securely distributed • The pad must be used up of truly random values

  32. Symmetric Encryption • Idea same key is used to BOTH encrypt and decrypt data!

  33. Symmetric Encryption • Called Symmetric or “Private Key encryption” • Must securely distribute keys to both parties. • Chicken in the egg situation with networks • Anyone with the key can either encrypt or decrypt • Very Fast to encrypt or decrypt • Key Management is the big issue

  34. Key Management • n: number of parties who want to securely communicate • # keys = (n*(n-1)) / 2 • 5 = (5*4)/2 = 10 keys • 10 = (10*9)/2 = 45 keys • 100 = (100*99)/2 = 4950 keys • 1000 = (1000*999)/2 = 499500 keys

  35. Symmetric Algorithms – DES • Data Encryption Standard • Developed from at NIST request for an encryption standard • Chosen algorithm was called “Lucifer” from IBM • Block Cipher • Fixed sized blocks of 64 bits • Key size 64 bits, effective size is 56 bits • 16 rounds of substitution and transposition • DES is no longer considered strong enough, can be broken easily with distributed computing.

  36. Triple DES • Nothing but DES 3 times • 3DES – EEE3 • 3DES – EDE3 • 3DES – EEE2 • 3DES – EDE2 • Since it’s 3 x DES, 48 rounds of substitution and transposition.

  37. AES • Developed as a replacement to DES • Actual algorithm is called “Rinjdael” • Block cipher • 128 bit blocks • Key sizes of 128,192, 256 • Rounds depend on key size • 9: for 128 keys • 11: for 192 keys • 13: for 256 bit keys

  38. RC5 • Block cipher • Block size 32, 64, 128 • Key Size up to 2048 bits • Rounds up to 255, minimum of 12 recommended

  39. RC6 • Block cipher based on RC5 • Same attributes as RC5 • Developed to be a AES candidate • Faster that RC5

  40. RC4 • Stream cipher – what was that again? • Was proprietary, but released on Internet in 1994, “ARC4” is the “open version of RC4” • Key length 8 – 2048 bits • Used in SSL and WEP communication

  41. Blowfish • Block cipher • 64 bit blocks • Keys 32 - 448 bits • 16 rounds is the “full version” • Free algorithm

  42. IDEA • International Data Encryption Algorithm • Proposed AES candidate • Block cipher • 64 bit blocks • 128 bit keys • Not free, Patent expires soon though • Used in PGP

  43. Symmetric • That’s Symmetric Encryption • Understand the concept (shared keys) • Understand it’s strengths (fast for bulk encryption and decryption) • Understand it’s weaknesses (key management, non-repudiation) • Understand the different algorithm “properties” on the slides.

  44. Enter Non-Repudiation • Non-Repudiation – being able to definitively prove someone said or wrote something. • Proves they actually sent a message • Proves the message was not altered • How do we provide non-repudiation? We’ll see soon after we talk about hashes, and asymmetric encryption.

  45. Asymmetric Encryption • Use 2 keys, public key to encrypt a message, private key can decrypt

  46. Asymmetric Encryption • Called Public key encryption • Requires 2 related keys • Public key – given to anyone • Private key – kept secret • Public key is used to encrypt message • Private key is used to decrypt message • Private key is used to sign messages • Public key is used to validate signed messages

  47. Asymmetric Encryption • Key exchange is simple! • Asymmetric Encryption is SLOW, not suitable for encrypting large amounts of data • What is a problem with Asymmetric Encryption and key exchange? (MiM) • Can be used to “digitally sign” a message (in a few slides) • Provides integrity • Provides non-repudiation • Can anyone see a use to Asymmetric encryption already?* (very important)

  48. Diffie-Hellman • The original Asymmetric algorithm • Used with SSL, VPNs, ssh • Used ONLY for key exchange • Generates session keys for secure SYMETRIC encryption communications

  49. Asymmetric Algorithms – RSA • Can be 100 times slower than DES • Can be used for encryption, key exchange and digital signatures • Security based on difficulty of factoring large numbers. • Was patented, has expired

  50. El-Gamal • Encryption or digital signatures • Free • Can be used for encryption, key exchange and digital signatures • Slow • Based on / extended Diffie-Hellman

More Related