1 / 32

Cryptography Terminology in Computer Networks

Learn the basic terminology of cryptography in computer networks, including encryption, decryption, symmetric encryption, asymmetric encryption, and substitution and transposition ciphers.

katrinaw
Télécharger la présentation

Cryptography Terminology in Computer Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EEC-484/584Computer Networks Lecture 15 Wenbing Zhao wenbing@ieee.org

  2. Outline • Reminder: • Wiki page peer review due tonight (4/23) • Quiz#4 results • Introduction to cryptography EEC-484/584: Computer Networks

  3. Quiz#4 Result • Max: 96 • Min: 64 • Average: 84.5 • Q1 avg: 40/50 • Q2 avg: 19/20 • Q3 avg: 6.8/10 • Q4 avg: 18.7/20 EEC-484/584: Computer Networks

  4. Cryptography Terminology • Encryption is the process of encoding a message so that its meaning is not obvious • Equivalent terms: encode, encipher • Encryption addresses the need for confidentiality of data • Encryption can also be used to ensure integrity (i.e., unauthorized change can be detected) • Encryption is the basis of protocols that enable us to provide security while accomplishing system or network tasks EEC-484/584: Computer Networks

  5. Cryptography Terminology • Decryptionis the reverse process, transforming an encrypted message back into its normal, original form • Equivalent terms: decode, decipher • A system for encryption and decryption is called acryptosystem EEC-484/584: Computer Networks

  6. Cryptography Terminology • The encryption and decryption rules are called encryption and decryptionalgorithms • Encryption/decryptions algorithms often use a device called a key, denoted by K, so that the resulting ciphertext depends on the original plaintext message, the algorithm, and the key value • An encryption scheme that does not require the use of a key is called a keyless cipher EEC-484/584: Computer Networks

  7. Cryptography Terminology • Plaintext: message to be encrypted • Ciphertext: encrypted message • DK(EK(P)) = P EEC-484/584: Computer Networks

  8. Symmetric Encryption • The encryption and decryption keys are the same, so P = D(K, E(K,P)) • D and E are closely related. They are mirror-image processes • The symmetric systems provide a two-way channel to their users • The symmetry of this situation is a major advantage of this type of encryption, but it also leads to a problem: key distribution EEC-484/584: Computer Networks

  9. Asymmetric Encryption • Encryption and decryption keys come in pairs. The decryption key, KD, inverts the encryption of key KE, so that P = D(KD, E(KE,P)) • Asymmetric encryption systems excel at key management EEC-484/584: Computer Networks

  10. Cryptology • Cryptologyis the research into and study of encryption and decryption; it includes both cryptography and cryptanalysis • Cryptography– art of devising ciphers • Comes from Greek words for“secret writing”. It refers to the practice of using encryption to conceal text • Cryptanalysis–art of breaking ciphers • Study of encryption and encrypted messages, hoping to find the hidden meanings EEC-484/584: Computer Networks

  11. Basic Encryption Methods • Substitutionciphers: one letter is exchanged for another • Transpositionciphers: order of letters is rearranged EEC-484/584: Computer Networks

  12. Substitution Ciphers • Idea: each letter or group of letters is replaced by another letter or group of letters • Caesar cipher – circularly shift by 3 letters • a -> D, b -> E, … z -> C • More generally, shift by k letters, k is the key • Monoalphabetic cipher – map each letter to some other letter • A b c d e f … w x y z • Q W E R T Y … V B N M <= the key EEC-484/584: Computer Networks

  13. Substitution Ciphers • Not difficult to determine the key using frequencies of letters, pairs of letter etc., or by guessing a probable word or phrase • Most frequently occurred • Letters: e, t, o, a, n, … • Digrams: th, in, er, re, an, … • Trigrams: the, ing, and, ion, ent • Words: the, of, and, to, a, in, that, … EEC-484/584: Computer Networks

  14. Transposition Ciphers • Transposition cipher – reorders (rearrange) symbols but does not disguise them. It is also called permutation • Transpositions try to break established patterns • Both substitution and transport ciphers can be broken using language statistical information EEC-484/584: Computer Networks

  15. Columnar Transposition • Plaintext written in rows, number of columns = key length • Key is used to number the columns • Ciphertext read out by columns, starting with column whose key letter is lowest EEC-484/584: Computer Networks

  16. Columnar Transposition • A transposition cipher example EEC-484/584: Computer Networks

  17. One-Time Pads • One-time pad: construct an unbreakable cipher • Choose a random bit string as the key • Convert the plaintext into a bit string • Compute the XOR of these two strings, bit by bit • The resulting ciphertext cannot be broken, because in a sufficiently large sample of ciphertext, each letter will occur equally often => there is simply no information in the message because all possible plaintexts of the given length are equally likely EEC-484/584: Computer Networks

  18. One-Time Pads Original one-time pad used I L O V E Y O U . E L V I S L I V E S If someone tries to decrypt using another one-time pad EEC-484/584: Computer Networks

  19. One-Time Pads • Disadvantages • The key cannot be memorized, both sender and receiver must carry a written copy with them • Total amount of data can be transmitted is limited by the amount of key available • Sensitive to lost or inserted characters EEC-484/584: Computer Networks

  20. Stream Ciphers • Stream ciphers: convert one symbol of plaintext immediately into a symbol of ciphertext • The transformation depends only on the symbol, the key, and the control information of the encryption algorithm EEC-484/584: Computer Networks

  21. Block Ciphers • Block cipher: encrypts a group of plaintext symbols as one block • Block ciphers work on blocks of plaintext and produce blocks of ciphertext • The columnar transposition is an example of block ciphers EEC-484/584: Computer Networks

  22. Cryptanalysis –Breaking Encryption Schemes • Ciphertext-only: cryptanalyst has a quantity of ciphertext and no plaintext • Known plaintext: cryptanalyst has some matched ciphertext and plaintext • Chosen plaintext: cryptanalyst has the ability to encrypt pieces of plaintext of his own choosing EEC-484/584: Computer Networks

  23. Symmetric-Key Algorithms • DES – The Data Encryption Standard • AES – The Advanced Encryption Standard • Cipher Modes • Other Ciphers EEC-484/584: Computer Networks

  24. Data Encryption Standard • Developed by IBM. US standard for unclassified info(1977) • Same key for encryption as for decryption • Encrypts in 64-bit blocks • Uses 56-bit key • Has 19 stages, 16 parameterized by different functions of the key EEC-484/584: Computer Networks

  25. Triple DES • Triple DES – effectively increases the key length. It uses two keys and three stages • In first stage, the plaintext is encrypted using DES in the usual way with K1 • In second stage, DES is run in decryption mode, using K2 as the key • In third stage, another DES encryption is done with K1 Triple DES encryption Triple DES decryption EEC-484/584: Computer Networks

  26. AES – The Advanced Encryption Standard • AES is a result of a cryptographic contest • Organized by NIST in 1997 • Rules for AES proposals • The algorithm must be a symmetric block cipher • The full design must be public • Key lengths of 128, 192, and 256 bits supported • Both software and hardware implementations required • The algorithm must be public or licensed on nondiscriminatory terms • Winner: Rijndael (from two Belgian cryptographers: Joan Daemen and Vincent Rijmen) EEC-484/584: Computer Networks

  27. AES • Creating of the state and rk arrays EEC-484/584: Computer Networks

  28. Cipher Modes • Despite all the complexity, AES and DES (or any block cipher) is basically a monoalphabetic substitution cipher using big characters • Whenever the same plaintext block goes in the front end, the same ciphertext block comes out the back end • If you encrypt the plaintext abcdefgh 100 times with same DES key, you get the same ciphertext 100 times • An intruder can exploit this property to help subvert the cipher EEC-484/584: Computer Networks

  29. Electronic Code Book Mode • In ECB mode, each plaintext block is encrypted independently with the block cipher • ECB allows easy parallelization to yield higher performance. However, no processing is possible before a block is seen EEC-484/584: Computer Networks

  30. Electronic Code Book Mode - Problems • In ECB, plaintext patterns are not concealed • Each identical block of plaintext gives an identical block of ciphertext. The plaintext can be easily manipulated by removing, repeating, or interchanging blocks • Example EEC-484/584: Computer Networks

  31. Cipher Block Chaining Mode • To avoid the ECB mode problem: replacing a block will cause the plaintext decrypted starting at the replaced to become garbage • Exclusive OR the encrypted text with the next block of plaintext before encryption: C0 = E(P0 XOR IV), C1 = E(P1 XOR C0), etc. • Drawback: must wait until full 64-bit (128-bit) block to arrive to decrypt EEC-484/584: Computer Networks

  32. Cipher Block Chaining Mode • Exclusive OR the encrypted text with the next block of plaintext before encryption: C0 = E(P0 XOR IV), C1 = E(P1 XOR C0), etc. Initialization Vector Encryption Decryption EEC-484/584: Computer Networks

More Related