1 / 31

320 likes | 450 Vues

15-349 Introduction to Computer and Network Security. Iliano Cervesato 24 August 2008 – Introduction to Cryptography. Where we are. Course intro Cryptography Intro to crypto Modern crypto Symmetric encryption Asymmetric encryption Beyond encryption Cryptographic protocols

Télécharger la présentation
## 15-349 Introduction to Computer and Network Security

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.
Content is provided to you AS IS for your information and personal use only.
Download presentation by click this link.
While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

**15-349Introduction to Computer and Network Security**Iliano Cervesato 24 August 2008 – Introduction to Cryptography**Where we are**• Course intro • Cryptography • Intro to crypto • Modern crypto • Symmetric encryption • Asymmetric encryption • Beyond encryption • Cryptographic protocols • Attacking protocols • Program/OS security & trust • Networks security • Beyond technology**Outline**• Basic concepts • Protecting information • Goals of cryptography • Brief history • Cryptographic toolbox (preview) • Cryptanalysis • Traditional attack models • Side-channel attacks • Early ciphers • Substitution ciphers • Transposition ciphers**E**D Confidentiality of Communication Implement a virtualtrusted channel over an insecure medium**Confidentiality of storage**Implement a virtualtrusted safebox over an insecure storage medium E**Insecure Channels**External observer can • Read traffic • Interception • Inject new traffic • Fabrication • Block traffic … (sometimes) • Interruption • Modify traffic … (sometimes) • Modification Passive attack Active attack**Representing Data**• Divide data into blocks • Character, records, … • Represent each block by a number • E.g., ASCII • Why? • Cryptography is based on mathematics**Encryption and Decryption**Encryption Decryption Encrypted message (ciphertext) Encrypted message (ciphertext) E, D realize a virtual trusted channel E X D X Message (cleartext, plaintext) Message (cleartext, plaintext)**Keys**What are E and D? • Channel-specific algorithm • Requires a lot ofalgorithms • Hard • Universal algorithms • Parameterized by key • Easier • 1 algorithm • Large space of keys E m s k E m s**Classical Cryptography**Encryption Decryption Encrypted message (ciphertext) Encrypted message (ciphertext) E, D realize a virtual trusted channel, given key E X D X Message (cleartext, plaintext) key key Message (cleartext, plaintext)**Goals of Cryptography**Not just about confidentiality! • Integrity • Digital signatures • Hash functions • Non-repudiation, fair exchange • Contract signing • Anonymity • Electronic cash • Electronic voting • … Non-goals • Denial of service**A Brief History of Cryptography**• ~2000 years ago: Substitution ciphers • A few centuries later:Transposition ciphers • Renaissance: Polyalphabetic ciphers • 1844: Mechanization • 1976:Public-key cryptography**A V**B E C Z D C E W F G G O H L I Q J N K H L F M A N B O S P R Q I R D S U T Y U K V X W M X T Y J Z P A C B E D F … X A Y B Z C Substitution Ciphers Caesar’s cipher: Replace each letter with another • Key: substitution table • How to break it? • Brute force? 26! possibilities (= 4x1026) • Count the frequencies of letters, pairs, … • Koran was tabulated by 1412 • Ciphertext is enough: ciphertext-only attack • Example: QVAQBCWZQRLWDVEFW IAMINDECIPHERABLE**+**(mod 26) Renaissance Ciphers Use message and key letters for cipher • Key: a word (CRYPTO) • Example: • Polyalphabetic cipher: • Encryption of letter is context-dependent • Seed of modern cryptography WHATANICEDAYTODAY CRYPTOCRYPTOCRYPT ZZZJUCLUDTUNWGCQS**+**(mod 26) Book Ciphers Same thing but with very long key • Key: a poem, a book, …(TOBEORNOTTOBETHATISTHEQUESTION…) • Example: • … there are not all that many famous books, poems, etc. WHATANICEDAYTODAY TOBEORNOTTOBETHAT PVBXOEVQXWOZXHKAR**+**(mod 26) One-Time Pad Same thing, but now key is a infinite random string • Example: • This is a perfect cipher • How to remember/transmit the key?? • Short key stretched by means of a random number generator • Vernam cipher • Use (xor) to combine key and message WHATANICEDAYTODAY YKSUFTGOARFWPFWEL ZZZJUCLUDTUNWGCQS**Book Ciphers**• Same thing, but now use a very long key**1 2 3 4 5**3 5 4 1 2 Transposition Ciphers k = Switch letters around by a permutation • Example: HELLOWORLD • Key: permutation • Breakable with ciphertext-only attack LOLHERDLWO**More transposition**• Write code in rows and read it in columns • A very regular type of permutation THEGOALOFSUBSITUTIONISCONFUSIONXXXX THE GOAL OF SUBSITUTION IS CONFUSION TOTSIHFUCOESTONGUINXOBOFXASNUXLIISX**Confusion**Replace symbol with another Diffusion Mix up symbols Confusion and Diffusion WHATANI WHATANI ZZZJUCL ANWIHAT Modern ciphers are a combination**We willexaminein somedetail**Mechanization The Enigma • 1844: invention of telegraph • Beginning of civilian crypto • Rotor machines • Key: initial position of rotors • Culminate in WW II • 1975: DES • 1996-2000 AES • 1976: Public key cryptography**Cryptographic Toolbox**• Encryption • Symmetric • Asymmetric • Digests • Hashing • Digital signatures • Certificates**Symmetric Encryption**Encryption box Decryption box Encrypted message (ciphertext) Encrypted message (ciphertext) Dk(Ek(m)) = m E M X D M X k Message (cleartext) Message (cleartext) Secret key**Asymmetric Encryption**Encryption box Decryption box Ciphertext Ciphertext Dk (Ek(m)) = m E M X D M X Cleartext k-1 k Cleartext Public data k Public key Private key -1**Digital Signatures**Signature box Verification box Signature Signature Vk (m,s) = S M, s M V M, s M Message k-1 k Message Public data k signature key Verification key true if s =Sk(m) false otherwise -1**Certificates**How do you know this public key is mine? • Certificate • Binding between key and owner • Certified by authority • Who is the authority? • Public-key infrastructure**Message Digests**• Short message to certify integrity • Un-keyed • Checksums, hashes • No crypto • Anybody can calculate/modify it • Keyed • MACs • Based on a secret key • Only owners can calculate/modify it**Cryptanalysis**The art science of breaking a cipher • Try all possible plaintext corresponding to a ciphertext • Plain silly! • Try all possible keys for an encryption algorithm • Algorithm must be known • Enormous space of keys • Exploit weaknesses, regularities, shortcuts • Side-channel attacks • E.g., basic substitution cipher**What is “breaking a cipher”?**• Recover the key k • Hard • Often not needed! • Decipher a single message • Decipher all messages • Modify messages • “Attack at dawn” “attack at dusk” • Exploit properties of the cipher**Attack Models**Random Random Ek(m) Good ciphers resist all attack models x m, x Ciphertext Only Known Plaintext Chosen Ek(m) Chosen Dk(x) m, x x, m Chosen Plaintext Chosen Ciphertext**Differential Power Analysis on DES**Sneaky Attacks 1 2 3 4 5 6 7 8 9 10 11 1213141516 Detail: Round 2 Round 3 From http://www.cryptography.com/dpa/technical • Obtain the key somehow • Network sniffers, worms, backup tapes, … • Blackmail, bribery, torture, … • Side-channel cryptanalysis • Power consumption • Encryption time • Radiation Be careful! off-peak computation random noise physical shielding Better implementation and design

More Related