1 / 18

Secure Communication: Symmetric Key Cryptography and Cipher Methods

Learn about symmetric key cryptography and different cipher methods like Caesar Cipher, Monoalphabetic Cipher, Polyalphabetic Cipher, and Block Cipher for secure communication. Understand the importance of secret keys, encryption algorithms, and security services.

drangel
Télécharger la présentation

Secure Communication: Symmetric Key Cryptography and Cipher Methods

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Plaintext Plaintext Encrypt with Decrypt with Security secret key secret key Ciphertext Cryptography Security algorithms services Public key c = memod n Private key m = cdmod n Secret Public Message Privacy Authentication Message key key digest integrity (e.g., DES) (e.g., RSA) (e.g., MD5) Network Security Cryptography Methods: Secret key (DES: Data Encryption Standard) Public key (RSA: Rivest, Shamir, Adleman) Message Digest – computes (hashes) cryptographic checksum (eg, MD5) (no keys) Security services Privacy: preventing unauthorized release of info Authentication: verifying identity of remote participant Integrity: making sure message has not been altered I

  2. KB KA a a z z b b y y c c x d d x w e e w v f v f g u u g h t t h i i s s j j r r q k k q l p l p m o o m n n Symmetric key or Secret key cryptography (and theCaesar Cipher) Suppose Bob and Alice want to do a secure communication and Trudy wants to intrude. Using the Secret Key or Symmetric Key method, Alice’s key, KA, is identical (symmetric) to Bob’s key, KB, and must be known by the two and no one else (secret) ahead of time. Let m be Alice’s original plaintext message and then KA(m) is Alice’s encrypted cipher text. Upon receiving the cipher text, Bob will apply his key to it to get the plaintext message, KB(KA(m)) = m. Caesar Cipher is a very old symmetric cipher which takes each letter and substitutes the letter that is k letters ahead in the alphabet (wrapping around at z). The number, k, is the secret key. So there are only 25 possible Caesar Ciphers – which makes it easy to break. k=3 example:m = bob, i love you. alice KA(m) = ere, l oryh brx. dolfh

  3. Plain a b c d e f g h i j k l m n o P q r s t u v w x y z Cipher m n b v c x z a s d f g h j k l p o i u y t r e w q Symmetric keycryptography (andMonoalphabetic Cipher) Again, Bob and Alice want to do a secure communication and Trudy wants to intrude. Alice’s key, KA, is identical (symmetric) to Bob’s key, KB, and must be known by the two and no one else (secret) ahead of time. m is Alice’s original plaintext message and KA(m) is Alice’s encrypted cipher text. Upon receiving the cipher text, Bob applies his key to it to get back the plaintext message. Monoalphabetic Cipher is an improvement on Ceasar’s symmetric cipher which takes each letter and substitutes a letter from a 1-to-1 table). The table is the secret key. There are 26! Monoalphabetic Ciphers – making it hard to break. Statistical analysis can help (which is a type of cipher-text-only attack e.g., e occurs ~13% and t ~9% of the time. In, it, the, ion, ing occur often). Knowing about the message can help (a type of known-plaintext-attack e.g., Trudy may know “bob” will be the 1st 3 characters). The 3rd type that can help intruders here are the chosen-plaintext-attacks (If Trudy could get Alice to send “the quick brown fox jumps over the lazy dog” the entire key (table) is revealed). k=3 example:m = bob, i love you. alice KA(m) = nkn, s gktc wky. mgsbc

  4. Symmetric keycryptography (andPolyalphabetic Cipher) Again, Bob and Alice want to do a secure communication and Trudy wants to intrude. Alice’s key, KA, is identical (symmetric) to Bob’s key, KB, and must be known by the two and no one else (secret) ahead of time. m is Alice’s original plaintext message and KA(m) is Alice’s encrypted cipher text. Upon receiving the cipher text, Bob applies his key to it to get back the plaintext message. Polyalphabetic Cipher is a symmetric key improvement which uses different ciphers to code different position (in the text) . The polyalphabetic key is composed of the individual cipher keys (i.e., tables if Monoalphabetic Ciphers are used and the k if Caesar Ciphers are used) and the position assignment scheme (text position of the letter – to – cipher key). E.g., if 2 Caesar ciphers C5 (k=5) and C19 (k=19) are used, repeating the positional pattern, C5, C19, C19, C5, C19 (the key is: Caesar 1,19,19,5,19 ) then we have: m = bob, i love you. KA(m) = ghu, n etox dhz.

  5. InputOutput 000 110 001 111 010 101 011 100 100 011 101 010 110 000 111 001 Symmetric keycryptography (andBlock Cipher) (which includes PGP used in secure email; SSL in securing TCP connections; IPsec for securing network-layer transport) Block Cipher is a symmetric key improvement which encrypts in blocks of k-bits. If k=64, the message is broken into 64-bit blocks, and each block is encrypted independently. To encode a block, the cipher uses a 1-to-1 mapping to map the k-bit block of cleartext to a k-bit block of ciphertext. E.g., with k=3, and mapping at right ( (23)!=40,320 different keys ): To thwart attacks, larger k’s are used (e.g., (264)! is too LARGE to thwart!), but it is hard to exchange and maintain the key (the table) for large k (e.g., for k=64, the table has 264 rows). Instead, Block Ciphers typically use functions instead of tables. E.g., Kaufman’s function breaks a 64-bit block into 8-bit chunks each of which is processed by an 8-bit table and reassembled. The resulting 64-bit block is then scrambled (permuted) and re-cycled as input again. This is repeated for n rounds or cycles (so that each bit affects all 64. If one round were used each bit would affect only 8.). Assuming the scramble algorithms is publicly known, the block cipher key is composed of the eight 8-bit tables. These keys are usually encoded to make them small and easily exchanged. The encoding scheme is different for different block ciphers (e.g., DES uses 64-bit blocks with a 56-bit encoded key. AES (Adv. Encryption Standard) uses 128-bit blocks and can operate with 128, 192, or 256 bit keys.

  6. Initial permutation Plaintext Plaintext Rnd 1 Encrypt with Decrypt with secret key secret key Ciphertext Rnd 2 64-bit block of plaintext 56-bit key … Rnd 16 64-bit key (56 + 8-bit parity) Final Permutation (inverse of original) DES (Data Encryption Standard) Keys are identical and need to be secret but not the algorithm itself. Keys are the product of two large primes (computationally costly – at least it was!) DES makes the algorithm so complex that none of the structure of the plaintext remains in the ciphertext (attacker must get the key) DES derives its security from complexity (but it’s only marginally secure these days) DES can be broken if the attacker finds the factors of a number which is the product of two large primes (computationally costly – or at least it was!)

  7. InputOutput 000 110 001 111 010 101 011 100 100 011 101 010 110 000 111 001 CBC: Cipher Block Chaining Repeat for large messages Block Initialization Vector Block Block Block 2 3 4 1 + + + + IV DES DES DES DES Cipher Cipher Cipher Cipher 1 2 3 4 Cipher-Block Chaining (CBC) In Computer Networking apps, there is typically a need to encrypt long messages (or long streams of data). When applying a block cipher by simply chopping up m into k-bit blocks and independently encrypting each block; identical cleartext in 2 or more blocks (e.g., HTTP/1.1) will produce identical cyphertext. To address this problem, randomness can be introduced. Let m(i) be the ith plaintext block, c(i) the ith ciphertext block,  be exclusive or (XOR), KSthe block-cipher encryption key. The sender creates a random k-bit number, r(i) , for the ith block and calculates c(i) = KS ( m(i)  r(i) ) and sends c(1), r(1), c(2), r(2), and so on. The receiver uses m(i) = KS ( c(i)  r(i) ) (Note the need to send twice as much). CBC solves this by: Before encrypting m, sender generates and sends a random k-bit string, the initialization vector, c(0), in cleartext. For the ith block, sender sends c(i) = KS( m(i)  c(i-1) ). The receiver calculates s(i) = m(i)  c(i-1) and since he/she knows c(i-1) and m(i) = s(i)  c(i-1). E.g., let m=010010001 and IV=c(0)=001. Sender calculates c(1) = KS ( m(1)  c(0) ) = KS ( 010  001 ) = KS(011) = 100 Sender calculates c(2) = KS ( m(2)  c(1) ) = KS ( 010  100 ) = KS(110) = 000 Sender calculates c(3) = KS ( m(3)  c(2) ) = KS ( 001  000 ) = KS(001) = 111 Receiver calculates s(1) = KR(c(1)) = KR(100) = 011 and then m(1) = s(1)  c(0) = 011  001 = 010 Receiver calculates s(2) = KR(c(2)) = KR(000) = 110 and then m(2) = s(2)  c(1) = 110  100 = 010 Receiver calculates s(3) = KR(c(3)) = KR(111) = 001 and then m(2) = s(3)  c(2) = 001  000 = 001

  8. Public Key Encryption For more than 2,000 years since the Caesar Cipher encrypted communication required that the two communicating parties share a common secret (key). This required secure communication in order to facilitate secure communication. In 1976, with the Diffie and Hellman Key Exchange algorithm, public key methods developed. These methods are also useful for authentication and digital signatures. Bob and Alice want to do a secure communication and Trudy wants to intrude. Bob has a (known to the whole world) public key, K+B and a (known only to Bob) private key, K-B In order to communicate, Alice fetches Bob’s public key, then encrypts the message, m, with it producing K+B(m). Bob computes m = K-B( K+B(m) ). It is noteworthy that m = K+B( K-B(m) ) also. CONCERNS about Public Key Encryption so far: Trudy can mount a Chosen-Plaintext-Attack (Trudy knows Bob’s publickey and Alice’s algorithm). There is an authentication problem, namely, anyone claiming to be Alice can send a secure message to Bob (a digital signature is needed to bind a sender to a message.

  9. RSA (Ron Rivest, Adi Shamir, Len Adleman) addresses Public Key Cryptography concern.There are two interrelated components of RSA; the choice of publickey (usually uses 512-bit keys) and the encryption/decryption algorithm.Keeping in mind that messages (m=plaintext or c=encrypted) are just bit patterns (= integers), To generate the public and private RSA keys, Bob performs: • Take 2 large primes, p and q (larger  harder to break, but slower to encode/decode) • Compute n = p * q and z = (p-1) * (q-1) (m<n) • Choose e < n having no common factors withz • and d:e * d - 1 is divisible (no remainder) by z( i.e., e*d modz = 1 ) • K+B = ( n, e ). K-B = ( n, d ) The encryption (of m) by Alice and the decryption (of c) by Bob are done as follow: Alice computes c = me modn ( requires only Bob’s public key, (n, e) ) Bob computes m = cd modn ( requires Bob’s private key, (n, d) )

  10. RSA example Example: p=7 q=11 n=77 (p-1)(q-1) = 60 Choose e = 7 Need 7*d = 1mod60 (i.e., 7*d = 61, 121, 181, 241, 301,… Taking d = 301 / 7 = 43. Public key is <7,77>. Private key is <43,77> 97 mod77 = 37 3743 mod77 = 9 Encryption: c = memod n Decryption: m = cdmod n Where d, eandnare: • Choose two large prime numbers p and q (each roughly 1024 bits) • Multiply p and q together to get n (n must exceed the message, m, as an integer) • Choose encryption key e ( actually, (e,n) ) so that e and z=(p-1)*(q-1) are relatively prime • Choose decryption key d (actually, (d,n) ) so 1 = (e * d) mod(p - 1) * (q - 1) • Construct public key as (e, n) • Construct private key as (d, n) • Encrypt with me modn • Decrypt with cd modn

  11. RSA issues The exponentiation in RSA is time-consuming. By contrast, DES can be ~100 times faster in software and can be ~10,000 times faster in hardware. As a result, symmetric key encryption is often used in combination with RSA. E.g., Alice could efficiently send Bob a large amount of encrypted data as follows: 1st Alice chooses a (secret, symmetric) key, KS, to encode the data itself ( KS = the session key) Alice informs Bob of KS(shared, secret, symmetric key) using Bob’s RSA public key ( i.e., Alice sends the RSA encrypted session key, c=(KS)emodn which Bob decrypts). Now Bob knows the session key that Alice will use for subsequent DES transfers.

  12. Why does RSA work? Because encryption followed by decryption gives you back your message, that is: K-B(K+B(m)) = m or (memodn)dmodn = m First some facts: For binary operators (on non-negative integers, Z0+ ), exponentiation and modn commute. modn distributes over binary operators, addition, subtraction, multiplication. Fermat's little thm: if p is prime, then for any integer, a, ap−a will be evenly divisible by p. This can be expressed as: ap = a modp A variant: if p is a prime and a is an integer coprime to p, then ap−1= 1 modp . This is the basis for the Fermat primality test: If we want to test if p is prime, then we can pick random a<p and see if the equality holds. If the equality does not hold for a value of a, then p is composite. If the equality does hold for many values of a, then we can say that p is probably prime, or a pseudoprime. It might be in our tests that we do not pick any value for a such that the equality fails. When n is composite is known as a Fermat liar. If we do pick an a where it works, then a is known as a Fermat witness for the compositeness of n.

  13. Proof RSA works Because encryption followed by decryption gives you back your message, that is: K-B(K+B(m)) = m or (memodn)dmodn = m PROOF: So exp-ing memodn by d, then applying modn = applying modn then exp-ing by d: ( memodn)d )modn = med modn modn , since modn is idempotent (modn modn = modn ) , = med modn Kaufman’s theorem: p,q primes, n=p*q, N=[p-1]*[q-1] (xy)modn = ( x( y modN ) ) modn or (xy)modpq = ( x( y mod[p-1][q-1] )) modpq So with x=m y=ed x y modn = ( m ed modN ) modn = m1 modn = m or m ed modpq = ( m ed modN ) modn = m1 modn = m

  14. Message Digest • Cryptographic checksum • just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message. • One-way function • given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum. • Relevance • if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.

  15. Message Integrity and End-Point Authentication In the previous slides we say how encryption can be used to provide confidentiality to the two communicating entities. Now we turn to the equally important cryptography topic of providing message integrity (AKA: message authentication. E.g., needed in the OSPF link-state routing algorithm). Along with message integrity are the topics, digital signatures and end-point authentication. The Message Integrity Problem: Suppose Bob receives a message that he believes came from Alice. To authenticate the message, Bob needs to verify: • The message indeed originated from Alice. • The message was not tampered with on its way to Bob. Next we will introduce Cryptographic Hash Functions, which are used in a popular solution to the Message Integrity Problem (explained later).

  16. Cryptographic Hash Functions A cryptographic hash function, H(m), is required to have the following additional property: It is computationally infeasible to find two messages, x and y, such that H(x)=H(y). MD5 (Ron Rivest) computes a 128-bit hash in 4 steps: • (padding) 1, then enough 0’s so the length satisfies certain conditions. • (append) a 64-bit representation of the message length before padding. • (initialization) of an accumulator • (looping) to process the message’s 16-word blocks (mangled) in 4 rounds. Secure Hash Algorithm (SHA-1) produces a 160-bit message digest.

  17. Message Authentication Code The following is intrudable (by Trudy): 1. Alice creates message, m, calculates H(m) (e.g., using SHA-1). 2. Alice appends H(m) to the message, m; then sends (m, H(m)) to Bob. • Bob receives an extended message (m,h). If H(m)=h, Bob concludes that the message is authentic. Trudy can send (as if she is Alice) (m’,H(m’)), which would check out also. Bob and Alice need to share a (secret) authentication key, s, then 1. Alice creates message, m, concatenates s, calculates H(m+s), using SHA-1? H(m+s) is called the Message Authentication Code or MAC. 2. Alice appends MAC=H(m+s) to, m; then sends (m,H(m+s)) to Bob. • Bob receives an extended message (m,h) and knowing s, calculates the MAC=H(m+s). If H(m+s)=h, Bob concludes that the message is authentic. Popular MACs today include, HMAC, which uses MD5 or SHA-1. MACs can be distributed phyiscally or by using the public key method.

  18. Digital Signatures The

More Related