1 / 51

IS 302: Information Security and Trust Week 2: Encryption Basics

IS 302: Information Security and Trust Week 2: Encryption Basics. 2012. Treasure Hunter’s Parchment.

dexter-rios
Télécharger la présentation

IS 302: Information Security and Trust Week 2: Encryption Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS 302: Information Security and TrustWeek 2: Encryption Basics 2012

  2. Treasure Hunter’s Parchment •       “53‡‡†305))6*;4826)4‡);806*;48†8      ¶60))85;I‡(;:‡*8†83(88)5*†;46(;88*96      *?;8)*‡(;485);5*†2:*‡(;4956*2(5*-4)8      ¶8*;4069285);)6†8)4‡‡;I(‡9;48081;8:8‡      I;48†85;4)485†528806*81(‡9;48;(88;4      (‡?34;48)4‡;161;:188;‡?;”

  3. Confidentiality • How to protect message from adversary? Mallory The secret is… Bob Alice plaintext

  4. Cryptography • Use a language that only Alice and Bob can understand Mallory Nz dsfejr dbse ovncds jt… ciphertext Bob Alice

  5. Concepts • Cryptography – hidden writing • Encryption – encode or encipher • Decryption – decode or decipher • Cryptosystem – a system for encryption and decryption • Cryptographer – anyone who invents encryption algorithms • Cryptanalyst – anyone who attempts to break encryption algorithms • Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis

  6. Cryptosystem • Algorithms with a parameter – key K Plaintext Ciphertext Plaintext Encryption Algorithm E Decryption Algorithm D P C P

  7. Jeff Moser: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  8. Encryption Input: plaintext and key Output: ciphertext Encryption Plaintext Encryption Function

  9. Decryption Input: ciphertext and a key Output: original plaintext Decryption Decryption Function Plaintext

  10. Symmetric Cryptosystem • C=E(P,K) • P=D(C,K) Plaintext Ciphertext Plaintext Encryption Algorithm E Decryption Algorithm D P C P Secret channel K K

  11. Cryptanalysis (Attacks) • Cryptanalyst (Mallory) • E and D are public • Given ciphertext, find plaintext • What else Mallory knows?

  12. Classical Ciphers • Caesar cipher • Vigenére cipher • Zimmerman cipher • Vernam cipher

  13. Caesar Cipher • Shifting alphabet • How many possible keys?

  14. Discussion • Follow me with CrypTool • Observation: • The break between two words is preserved • Repeated letters are mapped to repeated letters • Decrypt the following Caesar cipher • Wklv phvvdjh lv qrw wrr kdug wr euhdn • Hints: Observe the following patterns • Wrr, wr • Wklv, lv

  15. “Unbreakable” cipher: Vigenére Tableau • Same letters are not mapped to the same letters • Encrypt • Keyword: hothot (repeat: row) • Plaintext: attack (column) • ciphertext: hhmhqd • Decrypt • Keyword: hothot (repeat: column) • Ciphertext: hhmhqd (from that column find c letter) • Plaintext: attack (the index of row)

  16. Discussion • Follow me with CrypTool • How “unbreakable” is Vigenére cipher?

  17. Codebook/Zimmermann Cipher • A codebook is literally a dictionary-like book containing words and their corresponding codewords. • Zimmerman Telegram Februar 13605 fest 13732 finanzielle 13850 folgender 13918 Frieden 17142 Friedenschluss 17149 • What is the key? • Compare it with Vigenére cipher w.r.t key size • How secure is Zimmermann cipher?

  18. Zimmerman Telegram Decrypted

  19. Perfect Cipher

  20. Plaintext Ciphertext Plaintext Exclusive OR Exclusive OR P C P Secret channel K K 1 0 =1; 0 1=1 0 0 =0; 1 1=0 Vernam Cipher • The only unbreakable stream cipher • K: a long, non-repeating sequence of random numbers

  21. Vernam Cipher • An example of Vernam Cipher • Alice: • Bob: 1 0 =1; 0 1=1 0 0 =0; 1 1=0 P: 100 010 111 011 110 001… K: 010 011 101 101 010 111… C: 110 001 010 110 100 110… C: 110 001 010 110 100 110… K: 010 011 101 101 010 111… P: 100 010 111 011 110 001…

  22. Discussion • Follow me with CrypTool • Why is Vernam cipher perfectly secure?

  23. Modern Ciphers • Basic ideas: confusion and diffusion • Combinations • Evaluation

  24. Confusion • Permutation operations • First remove spaces • A legitimate receiver can breakmostmessagesintowordsfairlyeasily • Then break messages arbitrarily into blocks of a uniform size (e.g., every five letters) • Map each plaintext letter to a unique ciphertext letter (usually in the same alphabet) • How many keys for permuting 26 English letters?

  25. Caveat • All permutation ciphers are subject to • ciphertext only attack • not to mention known plaintext attack,chosen plaintext and chosen ciphertext attacks

  26. Frequency Attack source: http://knight.cis.temple.edu/~jfiore/2006/fall/386/handouts/ch2/ch2_part2_4ups.pdf

  27. Diffusion • Spread out the message by re-arranging letters

  28. Product Cipher Combinations of confusion and diffusion operations in many rounds • DES (56 bits) 16 rounds • AES (128, 192, 256) 9, 11, 13 rounds • Deterministic vs non-deterministic

  29. Evaluation • Shannon’s characteristics of good ciphers • Amount of secrecy (key size) determines amount of labor • Set of keys and enciphering algorithm are simple • Implementation is simple • Errors do not propagate • Size of ciphertext is no larger than original message

  30. How Secure is Secure It takes your computer at least 1000 years to break my cipher!! Computational security No matter how powerful your computer is, you don’t have enough information to defeat the system !! Unconditional security

  31. However…

  32. Hands-On Exercise • Installation: • Download LabPrep.doc and follow its instructions to install • OpenSSL (Win32openSSL-0_9_8d.exe) • HHD HexEditor (http://www.asciitable.com/) • JCE (jdk-1_5_0_08-windows-i586-p.exe) • Mac computers have already these tools pre-installed

  33. Hands-On Exercise • Testing: • Download LabTest.doc • Follow its instructions in section 2.1 to test openSSL • Follow its instructions in section 2.2 to test JCE

  34. Introduction to OpenSSL • OpenSSL is an open source toolkit to ensure secure communication. • Symmetric key (secret key) encryption • Asymmetric key (public key) encryption • Message Digests and digital signatures • Certificates

  35. Example 1: Keys Generation openssl genrsa -des3 -out privkey.pem 2048 • genrsa – Generates RSA Key • des3 – Password protects the key using triple DES encryption • out <filename>– Save the key in a file. In this example, its privkey.pem • <key size> -Size of the key generated. In this example, its 2048 bits

  36. Example 2: Certificate Request openssl req -new -key privkey.pem -out cert.csr • req - Generate certificate request. • new –New certificate request. • key <file name> - Specify the file to read the private key from. In this example, its privkey.pem • out <file name> - Save the request in a file. In this example, its cert.csr

  37. Example 3: Encryption openssl des3 -salt -in file.txt -out file.des3 • des3 – Encrypt using the TripleDES algorithm • salt - Use a salt in the key derivation routines • in <file name> - Input file with the clear message • out <file name> - Output file with the encrypted message • Users will be prompted to enter a password to complete the encryption

  38. Example 4: Decryption openssl des3 -d -salt -in file.des3 -out file.txt • des3 – Use the TripleDES algorithm • d – decrypt the file • salt - Use a salt in the key derivation routines • in <file name> - Input file with the encrypted message • out <file name> - Output file with the decrypted message • Users will be prompted to enter a password to complete the decryption

  39. Introduction to JCA and JCE • Java Cryptography Architecture (JCA) is part of Java 2 run-time environment.  java.security.* • Java Cryptography Extension (JCE) is an extension to JCA and is integrated into Java 2 SDK since the 1.4 release.  javax.crypto.*

  40. JCE Core Classes • Cipher Class • Provide the functionality of encryption and decryption • KeyGenerator Class • Generate secret keys for encryption and decryption • The SealedObject Class • Create an object and protect its confidentiality • The Mac Class • Provide integrity protection with Message Authentication Code (MAC). Reference: http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html

  41. Class: java.crypto.KeyGenerator Methods: • getInstance(String algorithm) • Creates an instance of KeyGenerator for a specific algorithm such as • “AES”,“DES”,”HMACSHA1” • generateKey() • Generate a key for the algorithm specified in the KeyGenerator instance

  42. Example: Key Generation • The following example generate a SecretKey object using AES. //Create an instance of KeyGenerator with algorithm AES KeyGenerator kg = KeyGenerator.getInstance(“AES"); //Generate the secret key SecretKey mykey = kg.generateKey();

  43. Secure Key Storage • JCA provides an extensible architecture to manage keys through KeyStore. • A KeyStore object maintains an in-memory table of key and certificate entries, indexed by aliasstrings, allowing retrieval, insertion and deletion of entries. • Keystorefiles are usually password protected.

  44. Class: java.security.KeyStore Methods: • getInstance (String type) • Create an instance of KeyStore of the specified type. • load(InputStream stream, char[] password)) • Open keystore with password and load keys from keystore file to memory • getKey(String alias, char[] password) • Access the keystore with password and get the key based on a given key alias • setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) • Set a new key entry in the keystore • store(OutputStream stream, char[] password) • Store this keystore to the given output stream, and protect its integrity with the given password.

  45. Example:Create a null KeyStore object • The following sample creates null KeyStore object with password protection. //Create an instance of KeyStore of type “JCEKS”. //JCEKS refers the KeyStore implementation from SunJCE provider ks = KeyStore.getInstance("JCEKS"); //Load the null Keystore and set the password to “changeme” ks.load(null, "changeme".toCharArray());

  46. Example:Set Key Entry • The following sample sets the generated key “mykey” in the KeyStore. //Create an instance of KeyStore.SecretKeyEntry using “mykey” KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mykey); //Get key alias name from user input. String alias=args[0]; //Create KeyStore Password KeyStore.PasswordProtection password; password = new KeyStore.PasswordProtection("changeme".toCharArray()); //Set the key entry in the key store with an alias. ks.setEntry(alias, skEntry, password);

  47. Example:Store KeyStore object in file • The following sample writes the KeyStore object into a file for storage. //Create a new file to store the KeyStore object java.io.FileOutputStream fos = new java.io.FileOutputStream("keystorefile.jce"); //Write the KeyStore into the file ks.store(fos, "changeme".toCharArray()); //Close the file stream fos.close();

  48. Example:Retrieving Keys from KeyStore • The following sample retrieves keys from a KeyStore file. //Open the KeyStore file FileInputStream fis = new FileInputStream("keystorefile.jce"); //Create an instance of KeyStore of type “JCEKS” ks = KeyStore.getInstance("JCEKS"); //Load the key entries from the file into the KeyStore object. ks.load(fis, "changeme".toCharArray()); fis.close(); //Get the key with the given alias. String alias=args[0]; Key k = ks.getKey(alias, "changeme".toCharArray());

More Related