1 / 40

Crypto Landscape overview

An overview of network security and cryptography, including concepts like encryption, decryption, key exchange, authentication, signatures, hashing, and certificates. Learn about symmetric and asymmetric encryption schemes, block and stream ciphers, and the use of public and private keys.

edmundmoss
Télécharger la présentation

Crypto Landscape overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CryptoLandscape overview Gene Itkis: BU CAS 591(458) - Network Security

  2. Definitions and Concepts Gene Itkis: BU CAS 591(458) - Network Security

  3. What is Cryptography? • It all started with • Encryption/Decryption -plaintext “attack at midnight” - ciphertext “buubdl bu njeojhiu” Gene Itkis: BU CAS 591(458) - Network Security

  4. bla-bla bla-bla Encryption / Decryption (cont.) Shared Key ciphertext msg decoder (ciphertext in - plaintext out) encoder (plaintext in - ciphertext out) cmb-cmb eavesdropper (should understand nothingabout the msg) Gene Itkis: BU CAS 591(458) - Network Security

  5. Crypto tools • Encryption/decryption – to hide info • Key exchange - to establish shared key • Authentication – to establish shared key with the party you really meant to • public • private • Signatures • Hashing • Certificates, PKI Gene Itkis: BU CAS 591(458) - Network Security

  6. Alice Bob Key exchange • Alice and Bob want to establish a shared secret (key) when other people (eavesdroppers) are listening • Passive – just looking • Active – may change msgs Gene Itkis: BU CAS 591(458) - Network Security

  7. Alice Bob Key exchange: man-in-the-middle • Key exchange without Authentication • Subject to Man-in-the-Middle attack • Attacker translates between the keys, reading and/or modifying the messages • Authentication afterwards will not help! Shared w/Alice Shared w/Bob Gene Itkis: BU CAS 591(458) - Network Security

  8. Alice Bob Authentication M Alice sends a msg to Bob Bob wants to be sure the msg is really from Alice Gene Itkis: BU CAS 591(458) - Network Security

  9. Alice Bob Verify(M, SigM, …) Signatures = (M, SigM) SAlice SigM= Sign(M, SAlice ) Gene Itkis: BU CAS 591(458) - Network Security

  10. Alice Bob Authentication:“public” • checks • contracts • love letters ??? Gene Itkis: BU CAS 591(458) - Network Security

  11. Alice Bob = (M, SigM) SAlice SigM= Sign(M, SAlice ) Public Key Signatures PAlice • Public Key • Secret Key Verify(M, SigM, PAlice ) Gene Itkis: BU CAS 591(458) - Network Security

  12. PAlice CA Certificates Alice Charlie, CA PAlice • “This public key PAlice really belongs to Alice. Signed by Charlie, Certification Authority” • Certificates can be public! • Who’s Charlie?!? SAlice • Public Key • Secret Key Gene Itkis: BU CAS 591(458) - Network Security

  13. Public Key Infrastructures (PKI) • Root CA public key • Obtained out-of-band • Certifies other Public Keys (of CAs, or users) • Certification Chains • Grain of salt: so, you have a certificate… • To be continued… Gene Itkis: BU CAS 591(458) - Network Security

  14. Alice Bob Verify(M, SigM, …) Signatures = (M, SigM) SAlice SigM= Sign(M, SAlice ) Gene Itkis: BU CAS 591(458) - Network Security

  15. Alice Bob = (M, SigM) SAlice SigM= Sign(M, SAlice ) Authentication: “private” Message Authentication Code (MAC) Sign(M, SAlice )=Hash(M, SAlice ) SAlice Verify(M, SigM, SAlice ) : Check SigM= Sign(M, SAlice ) MAC = “Shared Secret Sig” = Symmetric Sig (Sign=Verify) Gene Itkis: BU CAS 591(458) - Network Security

  16. Hashing Hash y x1 Crypto Hash: collisions may exist, but arehard to find • Given y hard to find x, s.t. Hash(x)=y Used for: • Symmetric signatures • “Fingerprint” for Public Key signatures collision x2 Gene Itkis: BU CAS 591(458) - Network Security

  17. Alice Bob Another setting Gene Itkis: BU CAS 591(458) - Network Security

  18. Details and constructions Gene Itkis: BU CAS 591(458) - Network Security

  19. Outline • Block vs. Stream ciphers • Symmetrical vs. Asymmetrical (public key) • Tool: Pseudo-Random Number Generators • Complexity (what is hard?) • Public Key Crypto • Diffie-Hellman • Rabin’s encryption • RSA Gene Itkis: BU CAS 591(458) - Network Security

  20. Block vs. Stream Ciphers Cipher= Encoder; or Encryption/Decryption scheme Streamcipher encodes/decodes char by char Blockcipher encodes/decodes block by block Stream cipher ~ Block cipher with block size of 1 char (+state) Chaining (Modes of Operation) – • make block encryption depend on the past blocks • “make block ciphers more like stream ciphers” Gene Itkis: BU CAS 591(458) - Network Security

  21. Symmetric & Asymmetric schemes • Symmetric: • decryption as easy as encryption(and vice versa) i.e. if you can encrypt then you can decrypt (and vice versa) (DES, AES/Rijndael are symmetric block ciphers) • Asymmetric: • may not be able to decrypt even if can encrypt (and vice versa) e.g. RSA Gene Itkis: BU CAS 591(458) - Network Security

  22. Symmetric cipher - example Caesar's cipher • the letters of the alphabet are shifted (*) e.g. “a” is replaced with “b”, “b” with “c”, etc. so msg “attack at midnight” is encrypted as “buubdl bu njeojhiu” (*)the shift can be by one (as in our example) or more encryption and decryption are equally easy (too easy, in fact) Gene Itkis: BU CAS 591(458) - Network Security

  23. One-time pad For each character of the future msg indicate the shift: pad(key)  msg (plaintext) ciphertext (encrypted msg) Gene Itkis: BU CAS 591(458) - Network Security

  24. One-time random pad (cont.) • Symmetric • Pad is selected at random • Perfectly secure, but... • One time only so sending the pad is just as hard as sending the msg Gene Itkis: BU CAS 591(458) - Network Security

  25. PRBS (long) 1010010110.... 01101 seed (short) Pseudo-random pad Pseudo-random bit string (PRBS) generator: PRBS= Hard to guess a bit (after seeing many others) Gene Itkis: BU CAS 591(458) - Network Security

  26. Complexity: what is “hard”? measure hardness in terms of size of input easy = polynomial; hard = exponential • Easy problems: • Finding max of n numbers - O(n) • Sortingn elements - O(n lg n) • Hard problems: • Factoring N=pq (n bits long) - current best (?) Gene Itkis: BU CAS 591(458) - Network Security

  27. Other hard problems Let N=pq, where p,q are large primes • Square root mod N • given x,N find y= modN, i.e. y2=xmodN (equivalent to factoring N) • Discrete log • given b,N and x, find y = How hard are these problems really? • One-way functions: easy to compute hard to invert • Trap-door: a secret making inverting a owf easy Gene Itkis: BU CAS 591(458) - Network Security

  28. Public-Key Crypto • Key exchange -Diffie-Hellman • PK Encryption -Rabin, RSA • e-Signatures -Rabin, RSA;ElGamal (a la DH); DSA; Fiat-Shamir Gene Itkis: BU CAS 591(458) - Network Security

  29. Diffie-Hellman: key exchange p, g Bob Alice a b mb gbmod p ma gamod p ma mb mabmod p mbamod p = gabmod p = shared secret key! Gene Itkis: BU CAS 591(458) - Network Security

  30. Rabin’s scheme • to encrypt msg m simply square it mod N • if p,q (such that pq=N) are known, then decryption (finding m given x) is easy (using Chinese Reminder Theorem) mod N ciphertext plaintext Gene Itkis: BU CAS 591(458) - Network Security

  31. RSA Let N=pq, and find e,d such that • Encryption: • Decryption: ciphertext plaintext Gene Itkis: BU CAS 591(458) - Network Security

  32. Public Key Cryptography • Encryption and Decryption are different • i.e. use different keys (asymmetric): • RSA • Public: N,e(needed to encrypt) • Private: d(needed to decrypt, can be computed from p,q) • Rabin’s • Public: N • Private: p,q Gene Itkis: BU CAS 591(458) - Network Security

  33. Identification, Authentication, Signature schemes • Signatures=SI(m) of a msg m • only I can sign, i.e. computes, fromIandm • given s,I, and m,everyone can verify that s=SI(m) • Message Authentication • like Signature, but only the receiver of the msg is required to be able to verify it • Identification • only I can prove that he is I Gene Itkis: BU CAS 591(458) - Network Security

  34. Identification, Authentication, Signature schemes (cont.) • Signaturecan be used for Authentication • Signature and Authentication can be used for Identification • useinteraction: • two players • Prover P - e.g. user, who wants to prove that he is I • Verifier V - e.g. wants to verify that Pis reallyI Gene Itkis: BU CAS 591(458) - Network Security

  35. Identification (cont.) • must consider all the scenarios: • both P and V are honest • both P and V are dishonest • V is honest but P is dishonest • Pis honest, but V is dishonest note: an eavesdropper (observer) should learn little from witnessing the P-V dialog • usual password scheme - bad! Gene Itkis: BU CAS 591(458) - Network Security

  36. Fiat-Shamir Identification scheme(simplified) LetN=pq, wherep,qare large primes; usingp,q,computes, suchthats2 I = 1 (mod N) public (P,V have): N(and I) private (only I has): s also, production center has p,q Gene Itkis: BU CAS 591(458) - Network Security

  37. Fiat-Shamir (cont.) P (user) V (e.g., system) N,I, s N pick random r; set x=r2 mod N I,x query= 0 1 check: r2=x mod N (rs)2I=x mod N r rs modN Gene Itkis: BU CAS 591(458) - Network Security

  38. Fiat-Shamir (cont.) • Proof (of P knowing s) • after k rounds the probability of mistake (i.e. P cheating without being caught) is (1/2)k • Zero-Knowledge • if query is known in advance: • for query=0, select r, and x=r2 mod N • for query=1, select z, and x=z2I mod N (z “pretends” to be rs mod N) Gene Itkis: BU CAS 591(458) - Network Security

  39. Security of Fiat-Shamir Relies on • hardness of factoring: • an algorithm “cracking” Fiat-Shamir yields an algorithm for factoring N • randomness: • of r for Zero-Knowledge • of query - to prevent P from cheating Gene Itkis: BU CAS 591(458) - Network Security

  40. Identification and Signatures • Identification scheme can be turned into Signature: • Replace Verifier with a hash function Gene Itkis: BU CAS 591(458) - Network Security

More Related