1 / 47

CSCE 727 Cryptography

CSCE 727 Cryptography. Insecure communications. Confidential. Insecure channel. Sender. Recipient. Secure communications. confidential. Insecure channel. Sender. Recipient. Terminology. Plaintext , cleartext : an “unhidden” message Encryption : transform a message to hide its meaning

tam
Télécharger la présentation

CSCE 727 Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCE 727Cryptography

  2. Insecure communications Confidential Insecure channel Sender Recipient www.applebuz.com

  3. Secure communications confidential Insecure channel Sender Recipient www.applebuz.com

  4. Terminology • Plaintext, cleartext: an “unhidden” message • Encryption: transform a message to hide its meaning • Ciphertext, cyphertext: an encrypted message • Cipher: cryptographic algorithm. Mathematical function used for encryption (encryption algorithm) and decryption (decryption algorithm). • Decryption: recovering plaintext from ciphertext • Cryptography: art and science of keeping messages secure • Cryptanalysis: art and science of breaking ciphertext • Cryptology: study of both cryptography and cryptanalysis www.applebuz.com

  5. Cryptosystem requirements • Enciphering and deciphering algorithms must be efficient for all keys • Coding and decoding at the time of transmission  may be bottleneck • System must be easy to use • Ease of finding key with an invertible transformation • Security should depend on the the secrecy of the keys not on the secrecy of the algorithms • Algorithms must be inherently strong, i.e., encryption cannot be broken by simply knowing the method of encryption www.applebuz.com

  6. What makes a good cryptosystem? • A good cryptosystem is one whose security does not depend upon the secrecy of the algorithm. This is why cryptographers are so unhappy about NSA's refusal to release details of SkipJack (Clipper). • From Schneier: • “Good cryptographers rely on peer review to separate the good algorithms from the bad.'' www.applebuz.com

  7. Breakable v.s. Practically Breakable • Unconditionally secure: impossible to decrypt. No amount of ciphertext will enable a cryptanalyst to obtain the plaintext without restrictions on technology • Computationally secure: an algorithm that is not breakable in practice based on worst case scenario (based on the best known methods) and current technology • Breakable: all algorithms (except one-time pad) are theoretically breakable www.applebuz.com

  8. Cryptanalysis Cryptanalyst’s goal: • Break message • Break key • Break algorithm www.applebuz.com

  9. Security requirements • Computationally infeasible to systematically determine the deciphering transformation for a given cipher, even if the corresponding plaintext is known • Prevents decoding additional ciphertexts • Computationally infeasible to systematically determine plaintext for a given cipher • Prevents decoding the given ciphertext www.applebuz.com

  10. Authenticity requirements • Computationally infeasible to systematically determine enciphering transformation for a given cipher, even if the corresponding plaintext is known • Prevents creating false ciphertext • Computationally infeasible to find ciphertext such that it deciphers into a valid plaintext • Prevents cipher substitution www.applebuz.com

  11. Taxonomy of Attacks • Ciphertext-only attack: attacker has ciphertext for messages encrypted with E. • Known plaintext attack: attacker additionally knows the plaintext of the messages. • Chosen plaintext attack: attacker can select the encrypted plaintext for at least some messages. • Chosen ciphertext attack: attacker can obtain decrypted (plaintext) versions of selected ciphertext. www.applebuz.com

  12. Cryptosystems • Conventional (symmetric-key) cryptosystem • Public-key (asymmetric-key) cryptosystem • Quantum cryptosystem • Hash Functions www.applebuz.com

  13. Conventional (Secret Key) Cryptosystem Plaintext M Ciphertext C Plaintext M Encryption Decryption Sender Recipient K K Secure channel C=E(K,M) M=D(K,C) Key source www.applebuz.com

  14. Secret Key Cryptosystem Vulnerabilities (1) Passive Attacker (Eavesdropper) • Obtain and/or guess key and cryptosystem use these to decrypt messages • Capture text in transit and try a ciphertext-only attack to obtain plaintext. www.applebuz.com

  15. Secret Key Cryptosystem Vulnerabilities (2) Active Attacker • Break communication channel (denial of service) • Obtain and/or guess key and cryptosystem and use these to send false messages www.applebuz.com

  16. Inherent Weaknesses of Symmetric Cryptography • Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) • Need a key for each pair of users • n users need n*(n-1)/2 keys • If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages www.applebuz.com

  17. Classical Encryption Techniques • Steganography • Substitution • Permutation • Combinations and iterations of these www.applebuz.com

  18. Steganography • Conceals the existence of secret message • Needs: • Carrier medium: text, picture, etc. • Encoding schema: defines how to insert message into the carrier medium • Not efficient – good for small messages only www.applebuz.com

  19. Steganography Examples Before computers: • Character markings: selected letters of printed or typewritten text are overwritten in pencil • Invisible ink: not visible until some chemical reactions take place • Pin punctures: tiny punctures on selected letters Computer aided: • Modification of digital carrier, e.g., digital image, sound, etc. • Supported by secret key • Digital watermarking www.applebuz.com

  20. Substitution Techniques • Simple substitution • Monoalphabetic cipher • Multiple letter encryption • Polyalphabetic cipher www.applebuz.com

  21. Simple Substitution: Caesar Cipher • C=E(K,M), e.g., C=(M+n) mod 26 plaintext: A B C D E … ciphertext: A B C D E F … e.g., M=CAB C =ECD • Advantages: simple to implement • Disadvantages: easy to break (25 possibilities for English alphabet) www.applebuz.com

  22. Monoalphabetic Substitution • Arbitrary substitution for each plaintext symbol, e.g., C E, A C, B  D • M=CAB • C =ECD • Advantages: large key space 26! • Disadvantages: trivially broken for known plaintext attack www.applebuz.com

  23. Polyalphabetic Substitution • A set of related monoalphabetic substitution rules is used • A key determines which particular rule is chosen for a given transformation • Example: Vigenere cipher – based on 26 Caesar ciphers • Advantages: there are multiple ciphertext for a plaintext letter • Disadvantages: periodic nature of key makes it breakable with statistical cryptanalysis www.applebuz.com

  24. One-Time Pad • Perfect Secrecy! • Large, non-repeating set of keys • Key is larger than the message • Advantages: immune to most attacks • Disadvantages: • Need total synchronization • Need very long, non-repeating key • Key cannot be reused www.applebuz.com

  25. Transposition • Letters of the message are rearranged • Break patterns e.g., columnar transposition Plaintext: this is a test t h i s i s a t tiehssiatst! e s t ! • Advantages: easy to implement • Disadvantages: • Easy to recognize – same letter frequency as the original plaintext • Trivially broken for known plaintext attack • Easily broken for cipher only attack • Multiple encipherment does not help www.applebuz.com

  26. Product Ciphers • Substitution followed by permutation, followed by substitution, followed by permutation… • One encryption applied to the result of the other En(En-1(…(E1(M))) • Broken for • Chosen plaintext www.applebuz.com

  27. Data Encryption Standard • Mathematics to design strong product ciphers is classified • Breakable by exhaustive search for known plaintext, chosen plaintext and chosen ciphertext attacks • Security: computational complexity of computing the key under the above scenarios www.applebuz.com

  28. Data Encryption Standard (DES) • DES is a product cipher • 56 bit key size • 64 bit block size for plaintext and cipher text • Developed by IBM and adopted by NIST with NSA approval • Encryption and decryption algorithms are public but the design principles are classified www.applebuz.com

  29. Advanced Encryption Standard (AES) • Adopted by NIST to replace DES • January 2, 1997: NIST announces the initiation of an effort to develop the AES (62 FR 93) • Based on Rijndael algorithm www.applebuz.com

  30. Rijndael Algorithm • Chosen for: security, performance, efficiency, ease of implementation, and flexibility • Block cipher (variable block and key length) • Federal Information Processing Standard (FIPS) www.applebuz.com

  31. Rijndael • Symmetric, block cipher • Key size: 128, 192, or 256 bits • Block size: 128 • Processed as 4 groups of 4 bytes (state) • Operates on the entire block in every round • Number of rounds depending on key size: • Key=128  9 rounds • Key=192  11 rounds • Key=256  13 rounds www.applebuz.com

  32. International Data Encryption Algorithm (IDEA) • Designed by X. Lai and J. Massey Swiss Federal Institute of Technology, 1990 • 64 bit block cipher • Key size: 128 bits • Used by Pretty Good Privacy (PGP) to encrypt electronic mail www.applebuz.com

  33. Other Secret Key Algorithms • DESX: modification of DES • Blowfish: fast, compact and simple block cipher. Variable key length up to 448 bits • RC2: block cipher. Variable key length up to 2048 bits • RC4: stream cipher. Variable key length up to 448 bits • RC5: block cipher. Allows user defined key length, data block size, and number of encryption rounds. www.applebuz.com

  34. Public-Key Encryption • Two keys – one is private one is public • Solves the key distribution problem (but need reliable channel) • Provides electronic signatures • Slower than secret-key encryption www.applebuz.com

  35. Public-Key Encryption • Needed for security: • One of the keys must be kept secret • Impossible (at least impractical) to decipher message if no other information is available • Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key www.applebuz.com

  36. Public Key Cryptosystem Insecure channel Ciphertext Plaintext Plaintext Encryption Alg. Decryption Alg. B Recipient A Sender B’s private key B’s public key (need reliable channel) www.applebuz.com

  37. RSA • Public key: (n,e) • Secret key: (n,d) • n is a 200 digit number • C = Me mod n • M = Cd mod n www.applebuz.com

  38. RSA versus DES Key size: • RSA: selected by user (usually n is 154 digit (512 bits) so key is 1024 bits) • DES: 64 bits (56 effective) www.applebuz.com

  39. Digital Signatures in RSA • RSA Property: encryption and decryption are commutative • Encryption followed by decryption yields the original message (Me mod n)d mod n = M • Decryption followed by encryption yields the original message (Md mod n)e mod n = M • Cryptosystems that preserve message length have this property www.applebuz.com

  40. Digital Signatures in RSA Insecure channel Sign Verify Plaintext Signed plaintext Plaintext Decryption Alg. Encryption Alg. B A A’s private key A’s public key (need reliable channel) www.applebuz.com

  41. Signature and Encryption B Encrypted Signed Plaintext A Signed Plaintext Signed Plaintext Plaintext Plaintext D E D E B’s public key A’s public key B’s private key A’s private key www.applebuz.com

  42. Hash Functions • Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression) • Given h and x, h(x) is easy to compute (ease of computation) www.applebuz.com

  43. Hash functions • Preimage resistant (one-way): if for all specified outputs, it is computationally infeasible to find any input that hashes to that output • Second-preimage resistent (weak collision resistant): if it is computationally infeasible to find any second input which has the same output as any specified input • Collision resistant (strong collision resistant): if it is computationally infeasible to find any distinct inputs that has the same output www.applebuz.com

  44. Hash Functions • Message digest • Used for authenticity and integrity purposes • Algorithms: • SHA-1MD2,MD4, • MD5 www.applebuz.com

  45. MD5 Message Digest Algorithm • Input of arbitrary length • Output: 128 bits • Block size: 512 bits www.applebuz.com

  46. Secure Hash Algorithm • SHA was developed by National Institute of Standards and Technology • 1993: Published as Federal Information Processing Standard (FIPS PUB 180) • Input: maximum length 264 bits • Output: 160-bit digest • Block size: 512-bit www.applebuz.com

  47. MD5 v.s. SHA • Very similar • Security: SHA’s digest is 32 bits longer  without algorithm flows SHA is more secure • Speed:SHA has more steps and produces 160-bit buffer  SHA slower • Simplicity and compactness: MD5 has more internal steps with varying buffer modification  SHA is simpler www.applebuz.com

More Related