1 / 28

Cryptography

Cryptography. CS 472 Fall 2006 . What is Cryptography?. Encrypting data so that unauthorized users cannot know the contents Purpose: Encryption of messages/data Integrity checking (Has the content been changed?) Authentication (Who had sent the message/data?).

kelly-shelton
Télécharger la présentation

Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography CS 472 Fall 2006

  2. What is Cryptography? • Encrypting data so that unauthorized users cannot know the contents • Purpose: • Encryption of messages/data • Integrity checking (Has the content been changed?) • Authentication (Who had sent the message/data?)

  3. Types of Cryptographic Functions • Secret key cryptography: Data is encrypted and decrypted using a single key; the same key is shared by the sender/receiver • Secret key cryptography is useful for: • Sending data over an insecure channel • Secure storage on insecure media • Authentication • Integrity check (MAC or MIC)

  4. Types of Cryptographic Functions (cont.) • Public key cryptography: Here, we have public key and corresponding private key. The encryption is done using public key and the decryption is done using private key. • It is used for: • Transmitting over an insecure channel • Secure storage on insecure media • Authentication • Digital signatures (for non-repudiation; similar to MAC)

  5. Hash Algorithms • Message digest or one-way transformations • h(m) has the following properties: • Relatively easy to compute h(m) • Given h(m), there is no way to find m • It is computationally infeasible to find two messages m and m’ that have the same hash value. • Uses of hashing: Password hashing, message integrity, message fingerprint • Example: If the message digest/hash/fingerprint of a program is known, then it would be easy to check if a program has been changed (since that hash was created). Typically, the message digest may be the one that is encrypted with the sender’s private key. • If a message digest has m bits, then it would take at most 2m/2 random messages prior to finding a message with the same hash. • SHA-1, MD2, MD4, MD4, MD5 are some example algorithms.

  6. Hash Algorithms (cont.) • Use of hashing: • Authentication • Computing a MAC with a Hash (by concatenating a shared secret key) HMAC • Encryption with a message digest • Using secret key for hash --- UNIX uses a secret key to compute hash of passwords---(i) Convert password into a key (ii) Use this key to encrypt the number 0.

  7. Secret Key Cryptography • Notes

  8. Public Key Cryptography • Notes • RSA Demo-1 • RSA Demo-2

  9. Hashes and Message Digests • Hash and Message Digest or synonymous • It takes an input message (variable length) and produces a fixed size digest or hash. • NIST: SHA-1 • RSA: MD2, MD4, MD5 • A message digest is cryptographically secure if: (i) it is computationally infeasible to find a message that has a given message digest (ii) it should be impossible to find to messages with the same message digest

  10. Birthday Problem • Probability that any two persons in a group have the same birthday (not year). • If n inputs are mapped to k outputs, probability that any one pair has the same output=(k)(1/k)(1/k)=1/k • So if we have k/2 pairs, probability is 50% that two inputs will have the same output. • Since there are (n)(n-1)/2 possible inputs, (n)(n-1)/2> k/2 or n > k1/2 • E.g., if message digest is m bits, there are 2m (i.e., k= 2m) possible outputs. So if we generate 2m/2 random messages, there is 50% or better chance that they result in the same output.

  11. Threat Example • Suppose a message m has been created, its digest D(m) computed, and cryptographically sign the digest. • If an intruder can find another message m’ such that D(m) = D(m’), then the intruder can switch messages m and m’ and still send the same cryptographically signed digest.

  12. MAC and Hash • Given a message m, anyone can compute a message digest MD(m). • On the other hand, MAC can be computed and verified by only those who share the secret key. • For MAC, using hash functions:Compute MD(KAB|m). However, due to weakness of some MD algorithms, this could be broken. • Solutions: (i) Compute MD(m|K) as MAC (ii) Use only half the message digest as MAC. (iii) Compute MD(K|m|K) and use as MAC

  13. Generating a one-time Pad with a message digest • Compute MD(KAB) to obtain a bit stream b1. • Compute MD(KAB|b1) to obtain b2. • A uses b1, b2, etc to encrypt and B uses them to decrypt since it too can create the stream b1, b2, …

  14. Hashing Large Messages • Divide the message into k-bit chunks m1, m2, … • Use m1 as a key to encrypt a constant (say 0) • Use m2 to encrypt the output of earlier step • And so on, finally resulting in a fixed size hash.

  15. Hashes and Message Digests • Notes • Demo-1 • Open SSL demo

  16. Modes of Operation Chapter 4

  17. Electronic Code Book (ECB) • Each block of the message is encrypted with the same secret key • Problems: If two identical blocks are in the same message, cipher text would be identical. • Cipher blocks can be rearranged to alter the message

  18. Cipher Block Chaining (CBC) • This over come the repeated message block problem. • Initially, a random initialization vector IV is Modulo-2 ORed with the 1st message block and then encrypted with secret key. • The encrypted output of block 1 is then used in place of IV in step 1; and so on. • CBC Threat 1: Modifying Ciphertext Blocks: (i) Modifying cn would have predictable effect on mn+1, and so on. • CBC Threat 2: Rearranging Ciphertext blocks: By rearranging the ciphertext, the message can be changed.

  19. Output Feedback Mode (OFB) • Stream cipher • Mod-2 OR the message with the one-time pad generated by OFB • Generate a random number, encrypt it with secret key; call it b0; use any part of b0 and mod-2 OR with the message to get ciphertetx. • For next block of message, use b0 instead of IV; and so on. • Problems: If the plaintext and ciphertext are known by a bad guy, he can modify the plaintext into anything he wants by simply OR-ing the ciphertext with the known plaintext, and OR-ing the result with whatever message he wants to transmit.

  20. Cipher Feedback Mode (CFB) • Similar to OFB---k bits are generated and ORed with the message block. • But the input to the next block is the cipher output of the current block. • Less subject to tampering than CBC or OFB.

  21. Counter Mode (CTR) • Similar to OFB • A one-time pad is generated and modulo-2 ORed with the data • But the random bits are generated by incrementing the IV and encrypting it with the secret key

  22. Comparison

  23. Generating MACs • (i) Ensuring privacy and integrity together: Use CBC where the ciphertext of the last block is also used as the MAC; preferable to use two different keys for CBC for privacy and integrity separately.

  24. Multiple Encryption 3DES • Two keys are used: k1 and K2 m  Encrypt with K1  Decrypt with K2  Encrypt with K1  ciphertext

  25. Diffie-Hellman • To generate a shared key between two parties (say Alice and Bob) • Alice picks SA at random. Bob picks SB at random • Alice computes TA=gSA mod p. Bob computes TB=gSB mod p • Alice and Bob exchange TA and TB • Alice computes TBSA mod p. Bob computes TASB mod p. • Both come up with the same answer (the shared key) because TBSA = (gSB)SA = gSBSA = (gSA)SB

  26. Example • Let p =5; g=3 • Let Alice pick SA=2 and Bob pick SB=4 • TA = 32 = 9 mod 5 = 4; TB=34 = 81 mod 5 = 1; • Alice and Bob exchange TA and TB • Alice computes 12 = 1; Bob computes 44 = 16 mod 5 = 1; so both Alice and Bob have 1 as a secret key.

  27. Man-in-the middle attack • If there is a man in the middle between Alice and Bob, and neither of them know about it, there could be a problem. • So: Alice ------  Intruder ---- Bob • Since p and g are known publicly, they are known to all • Due to the intruder receiving the messages from Alice, it establishes a shared key with Alice. Similarly, it establishes a shared secret with Bob. So the Intruder can get information from both Alice and Bob and also can manipulate the messages.

  28. Defenses against Man-in-the-Middle Attack • Let each publish their gSx so that no one can modify it. Of course, p and g are already publicly known. • This way the intruder can’t change the gSA and gSB generated by A and B. • Alternately, if Alice and Bob either share a pre-shared secret key or know each others public key and their own private key. • How could they be used? Guess.

More Related