1. COEN 350: Network Security Overview of Cryptography

2. Overview of Cryptography Table of contents • Introduction • Cryptographic Security • One Way Functions • Secret Key Cryptography • Public Key Cryptography • Message Authentication Codes • Zero Knowledge Proofs • Diffie Hellman Key Exchange

3. Cryptography • Traditional use of cryptography • Encrypt a plain text into cypher • Only people with the right knowledge can recover plain text. • Secret Key (Symmetric) Cryptography • Encryption and decryption use secret key c. • Public Key (Asymmetric) Cryptography • Encryption and decryption use two different keys.

4. Cryptography • Other uses of cryptography • Secure data while stored. • Authenticate entities. • Ensure integrity of data. • Sign statements so that signature cannot be repudiated.

5. Cryptography • Other uses of cryptography • Fast file destruction: • Encrypt files with a secret key. • Destroy secret key to securely delete the file. • E-cash

6. Hash Functions • Given an object, create a hash (short bit-string) of the object. • Hashs differ  Objects differ • Objects differ with overwhelming prob. Hashes differ • Cryptographically secure hash: • Given a hash, cannot find object with that hash.

7. Hash Functions • Tripwire • Protect OS against trojans. • Maintain hashes of all system libraries in a secure area. • Check hash against known hash periodically.

8. Overview of Cryptography Table of contents • Introduction • Cryptographic Security • One Way Functions • Secret Key Cryptography • Public Key Cryptography • Message Authentication Codes • Zero Knowledge Proofs • Diffie Hellman Key Exchange

9. Cryptographic Security • Leverage in cryptography comes from functions that are hard to compute without special knowledge. • “Hard to compute” difficult to substantiate

10. Cryptographic Security • “Hard to compute” = NP complete • Problem is P: can be solved deterministically in polynomial time. • Problem is NP: solution can be verified in polynomial time. • Central Conjecture: NP  P. • NP-complete: If this problem can be solved in polynomial time then all NP problems can be solved in polynomial time. • NP-complete problems: Intrinsically difficult problems to solve on a computer. • But: NP completeness is tendency. • Instances of NP-complete problems can be easy to solve. • Knapsack problem.

11. Cryptographic Security • “Computationally hard” = “Takes n years to solve on best machine.” • Breaking codes is usually parallelizable. Use distributed attack. • SETI@home • Moore’s law: Computers double in speed every 16 months.

12. Cryptographic Security • UNIX password cracking • UNIX passwords are 8 characters long. • Assume 102 printable characters in a password. • 1016 possible passwords. • 10000 password attempts a second takes 1012/2 seconds to find random password. • 16,000 years to find password • Dictionary attacks take much less.

13. Cryptographic Security • DES Data encryption standard • Published in 1977 by National Bureau of Standards. • Uses 56 bit key • Brute-Force attack succeeds after ~1016 tries. • 1977: Diffie Hellman: • Spend $20,000,000.- to build parallel machine that can find key in 12 hours. • 1998: Electronic Frontier Association • Build DES cracker for $250,000.- that could break a key in 4 days. • $150,000.- for second cracker

14. Cryptographic Security • Security of Algorithms • Fundamental Security Paradigm • "If a lot of smart people have tried to crack a paradigm for a long time, then it is impossible to crack the paradigm."

15. Cryptographic Security Models for evaluating security • Unconditional Security • Adversary has unlimited computational resources, but there is not enough information available to defeat the system. • Example: One Time Pad • Complexity Theoretic Security • Defines an appropriate model of computation • Adversaries can mount attacks that use space and time polynomial resources. • These attacks might be in practice impossible. • True attacks might be non-polynomial.

16. Cryptographic Security Models for evaluating security • Provable Security • Difficulty of defeating a protocol is at least as hard as another (supposedly difficult) problem. • Computational Security • Measures the amount of effort (using the best methods available now) required to defeat a system.

17. Overview of Cryptography Table of contents • Introduction • Cryptographic Security • One Way Functions • Secret Key Cryptography • Public Key Cryptography • Message Authentication Codes • Zero Knowledge Proofs • Diffie Hellman Key Exchange

18. One-Way Functions • One way function • Easy to compute • Hard to invert. • “Hard” means computationally infeasible.

19. One-Way Functions • Example • X = {1, 2, ... , 16} • Define f: X → X, x → x3 mod 17. • This function is reasonably easy to compute. • Surprisingly hard to calculate logarithms in a finite field. • Use the following table.

20. One-Way Functions • Pre-image resistance: • Given a possible image y, it is computationally impossible to find any preimage x such that f (x) = y. • Second pre-image resistance: • Given a pre-image x, it is computationally infeasible to find another preimage z, z  x, such that f (x) = f (z).

21. One-Way Functions • Collision resistant: • It is computationally infeasible to find any two distincts inputs x, x', x'  x such that f(x) = f(x').

22. One-Way Functions Definition: A function f is a strong one-way hash function (also known as a collision resistant (one-way) hash function) if and only if • f is easily computable, that is, given x, it is easy to calculate f(x). • f is pre-image resistant. • f is second pre-image resistant. • f is collision resistant.

23. One-Way Functions • One-Way function with trapdoors • Much in cryptography is based on being able to do a difficult thing when possessing a secret. • There are one-way functions that are easy to invert if one knows a secret.

24. One-Way Functions • Choose • p = 48611(a prime) • q = 53993 (a prime) • n = p·q. • Define f • f (x) = x 3 mod n. • f is one way, if we only know n. • If we know the secret that n = pq, then there is an algorithm that solves x 3 = y mod n for given y and unknown x.

25. One-Way Functions • One-way function with trapdoor • Family of functions fiwhere i  I, an index set. • Each fi is one-way. • There exists functions hi and a secret s such that • hi (s, .) is easy to compute • fi (hi (s, y)) = y. • That is, hi (s, .) is the inverse function of fi

26. Overview of Cryptography Table of contents • Introduction • Cryptographic Security • One Way Functions • Secret Key Cryptography • Public Key Cryptography • Message Authentication Codes • Zero Knowledge Proofs • Diffie Hellman Key Exchange

27. Secret Key Cryptography • Conventional encryption uses a secret to convert plaintext to cipher and the same secret to convert cipher to plaintext. • A Greek general tattoos the message into the crown of the head of a slave who then lets his hair grow again. When the slave reaches the destination, the recipient reads the message after the slave has shaven his head again. • One-time pad • Caesar’s cypher

28. Secret Key Cryptography • Encryption uses an algorithm publicly known. • Sender and receiver use a secret key.

29. Secret Key Cryptography • Generic recipe: • Take the plain text. • Apply a transformation (based on secret, reversible with secret). • Repeat until result is sufficiently disguised • Product cipher • Use first one transformation, then another one.

30. Secret Key Cryptography • Substitution Permutation Network • Each state involves substitutions and permutations. • Substitutions: • Take an input, replace it by an output. • Often implemented as a table. • Input needs to be small.

31. Secret Key Cryptography • Permutations • Take the bits and reorder them.

32. Secret Key Cryptography • Substitution Permutation Network • Encode from top to bottom • Decode from bottom to top

33. Secret Key Cryptography • Iterated block cipher • Made up of rounds. • In each round, apply an transformation with a separate key (the round key). • Feistel Cipher

34. Secret Key Cryptography • Feistel Cipher • Iterated Block cipher • Block size is 2t. • Each round: • Breaks input into left half L(n) and right half R(n) • L(n+1) = R(n). • R(n+1) = Mangler(R(n), Kn)  L(n) • Kn is round key.

35. Secret Key Cryptography Feistel round for encryption (left) and decryption (right)

36. Secret Key Cryptography • DES (1977) • uses a 64b key with a parity check, so that effective key size is 56b. • Derives 16 round keys of 48b each. • Works on input of size 64. • Uses 16 round Feistel algorithm • IDEA (1991) • Uses a 128b key • Uses 8 computationally identical rounds based on generalized Feistel algorithm • Additional beginning and ending transformation.

37. Secret Key Cryptography • Typical block code takes 64b plaintext and changes it to 64b cipher text. • Electronic Code Book: • Break plain text into 64b-blocks. • Encrypt all blocks. • Vulnerable to attacks • Two identical text blocks are encrypted the same way. • Allows guessing contents. • Reordering of plain text = Reordering of cipher text. • Change meaning of cipher text.

38. Secret Key Cryptography • Example: • Database contains employee and salary information. • Encrypted:

39. Secret Key Cryptography • Switch portion of cipher text • Resulting plaintext

40. Secret Key Cryptography Cipher Block Chaining Encryption and Decryption

41. Secret Key Cryptography • Cipher Block Chaining • If we do not mind to mangle some data, we can switch bits. • How? Your turn.

42. Secret Key Cryptography • Assume we want to flip bit 3 in m4 • We switch bit 3 in c3 • This probably mangles m3 • But has the desired effect on m4

43. Secret Key Cryptography • Second thread to CBC: • Assume attacker knows plain text and cipher, i.e. m1, m2, …, c1, c2, …, IV • Attacker can calculate D(c1), D(c2), … • Can build library of ci  D(ci) and use it for other attacks.

44. Secret Key Cryptography • Output Feedback modes • Same idea, but prevents these types of attacks. Output Feed Back Cipher Feed Back

45. Secret Key Cryptography • One-Time Pad • Only proven secure cryptographic method • But the pad needs to be transmitted between sender and receiver. • XORing with a short string is not secure. • See projects

46. Secret Key Cryptography • RC4 • One time pad generated by random number generator, seeded with key • Considered still secure (if you let the RNG run for a few hundred rounds) • If plain-text can be guessed, vulnerable to bit flipping • How? (Your turn)

47. Secret Key Cryptography • Message Authentication Code • Can be calculated with cipher block chaining or similar method. • c6 is the MAC

48. Overview of Cryptography Table of contents • Introduction • Cryptographic Security • One Way Functions • Secret Key Cryptography • Public Key Cryptography • Message Authentication Codes • Zero Knowledge Proofs • Diffie Hellman Key Exchange

49. Public Key Cryptography • Asymmetric Key Cryptograpy. • Use one key for encryption, another for decryption. • E(e,.) encryption with key e • D(d,.) is decryption with key d • D(d,E(e,m)) = E(e,D(d,m)) = m for all messages m. • Note: Not all public key systems have this commutativity between D and E.

50. Public Key Cryptography • Keep one key public, the other one private. • Use public key to encrypt, give Bob secret key to decrypt.