1 / 39

Cryptography

Cryptography. A simple example…. Text: U-M ASCII Encoded: 01010101 00101101 01001101 “Encoding” refers to convenient reformatting. No secrecy here. Call it plaintext. Let’s “Encrypt” it, i.e. hide its meaning from nosy 3 rd parties. A simple example….

whitney-grant
Télécharger la présentation

Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography

  2. A simple example… • Text: U-M • ASCII Encoded: 01010101 00101101 01001101 • “Encoding” refers to convenient reformatting. • No secrecy here. Call it plaintext. • Let’s “Encrypt” it, i.e. hide its meaning from nosy 3rd parties.

  3. A simple example… • Let’s generate 24 random bits, call it a key. • Say, by coin flips. • Tails  1. Heads  0 -------- -------- -------- 01010101 00101101 01001101 • For each bit, if the same, result is 0. If they’re different, result is 1. This is the XOR (exclusive OR) function.

  4. A simple example… _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ • The result is an encrypted string. Call it ciphertext. • This simple XOR method is unbreakable. • Even by the CIA or NSA or Microsoft. • Even by the most hard working hacker. • IF…

  5. Simple XOR • To decrypt, need to know: • That simple XOR is in use. • The key pattern. • Strength of the system depends on: • Secrecy of the key

  6. Encryption • Generally, you need to understand the process and have the key. • In the Practical Cryptography’s notation: c := E(Ke, m)

  7. Decrypting • Undoing the encryption is easy for this simple example. -------- -------- -------- -------- -------- -------- Once more: For each bit, if the same, result is 0. If they’re different, result is 1. This is the XOR (exclusive OR) function.

  8. Decryption • Generally, you need to understand the encryption method and have the key. • In the Practical Cryptography’s notation: m := D(Ke, c) • We have assumed the same key is used for encryption and decryption.

  9. Secrecy of XOR Example? • Unbreakable, if: • Key remains secret • Key never reused

  10. SKE • Using the same key for both encryption and decryption is called SKE: • Symmetric Key Encryption • Secret Key Encryption

  11. SKE – The Whole Thing

  12. PCs Changed The World • Evolution of encryption methods: • Pencil & paper • Machines, e.g. German Enigma • Computers, e.g. PC • Computers allow much more sophisticated methods. • Internet allows rapid dissemination of information, including computer code, algorithms, commentary, and analysis.

  13. Kerckhoffs’ Principle • Genuine security lies in keeping the key secret, not in keeping the process secret. • Why? • Public algorithms have public analysis. • Weaknesses are publicly exposed. • Analogous to open source software. • This is a machine era notion.

  14. How can I attack SKE? • For any encryption scheme there are two strategies: Brute Force and Analytic Attacks. • Brute Force • I know the algorithm, so I just try different keys until I get lucky. • Highly dependent on machine power. • The bigger the “key space” the more tries it takes to get lucky.

  15. Moore’s Law • Often quoted as “Computers double in speed every two years.” • Gordon Moore noted exponential growth in the # of transistors per integrated circuit. • 1965 • A brute force attack that takes 8 days with current technology will take 4 days in two years…?!? • Practical Cryptography suggests 50-year horizon…

  16. “Computationally Impractical” • You know what to do and can write a program to do it, but the program takes so long to run that it’s effectively useless.

  17. Analytic Attack • Instead of systematically trying all the keys, we attempt to determine the key based on: • The ciphertext • What we know about the plaintext • What we know about the algorithm

  18. Symmetric Key Encryption

  19. The Problem with SKE • The intended recipient must know the process and have the key. • A cracker seeks these, too. • The problem, then, is to get the key to the recipient. • Worse if you communicate with many people! • The Key Distribution Problem

  20. Some Key Distribution Solutions • “One time pads.” • Run out eventually. • Keep using the same key. • Every transmission provides data for crackers. • Transmit new keys using old keys. • Or have a special key used only for transmission of new keys.

  21. Some Key Distribution Solutions • Couriers • Can be intercepted/bribed. • Algorithmic key construction • Key based on day of month • Key based on readily available data • from newspapers? radio broadcast? • Special hardware for key construction

  22. Gotcha • If the key is secret, SKE can be made very secure. • long keys • complex processes • Weakness is the necessity to distribute the key.

  23. SKE & Big Five Attributes of Security • Availability – Need to make sure algorithm isn’t too computationally onerous. • Integrity – Will mostly handle separately. • If key uncompromised & algorithm chosen well: • Confidential – Sure. • Authenticated – Sure. • Non-repudiated – Sure.

  24. PKE - Public Key Encryption • Suppose we could encrypt and decrypt with different, but uniquely corresponding keys. • The public key is public – • Hand it out freely • Post it on web • Email it to your friends • The private key is private – • Guard it closely. • aka Asymmetric Key Encryption

  25. PKE, More Formally • The ciphertext is based on the recipient’s public key: • c := E(PBob, m) • The decryption process uses the recipient’s private key: • m := D(SBob, c) • This means: • m = D(SBob, E(PBob, m)) Always.

  26. PKE, Graphically

  27. The Secrecy Here . . . • . . . is in the keys. • Usually the processes themselves are publicly available. • Most commonly used: • RSA • Rivest, Shamir and Adleman

  28. Message Authentication • You can encrypt using either key of the pair. You then decrypt with its partner. • If you can decrypt using my public key, the encryption must have been done with my private key. • If I can decrypt using my private key, the encryption must have been done with my public key.

  29. Hash Functions • Consider this text: “John went to OSU.” • Count the occurrences of the letters. • a b c d e f g h i j k l m n

  30. Another simple example… • Text: U-M • ASCII Encoded: 01010101 00101101 01001101

  31. Another simple example… • Let’s XOR them sequentially: 01010101 00101101 01111000 01001101 00110101 • What’s the connection between “U-M” and 00110101? • Let’s call this function H for hash. • 00110101 = H(“U-M”)

  32. Another simple example… • It’s not unique. • Other strings give 00110101 as their H value. • Easy to find others. • Note: • There are 28 (= 256) 8-bit strings. • There are an infinite number of possible text strings.

  33. Another simple example… • It’s not reversible. • Given 00110101, it’s not possible to say “this came from ‘U-M’”. • Easy to find others.

  34. Suppose • H(“U-M”) = MD5(“U-M”) = c57b94ee2455d6932eae85efa2bfc091 • This is the MD5 function. • All input strings produce 16-byte output, usually written as hex string. • MD5(451 syllabus) = 86721e0212256155e170a413a899a76a • Not unique, but ‘computationally impractical’ to find others. • Not reversible except by trial & error.

  35. What Good Is It? • Error Detection • Transmit block of data, append MD5. • Recipient calculates MD5, compares.

  36. Suppose • We have a document: important, but not necessarily confidential. • I do this: • Compute the MD5 digest. • Encrypt the digest with my private PKE key. • Call the result a signature.

  37. Then you… • You get the document & signature. • You can… • Compute the MD5 digest of the file. • Decrypt the signature file using my public PKE key, yielding a message digest. • Compare the two. • This means… what?

  38. ITS 453 – Encrypted Communication • How, when, where to use encryption methods. • What protocol layer? • What specific encryption techniques? • Solving key distribution problems.

  39. ITS 453 – Encrypted Communication • Basics of encryption, hash functions. • NSA, RSA, etc. • PGP: encrypted files / digital signatures • Public Key Infrastructure • Trust arrangements • Digital certificates, etc. • Authentication • Kerberos • WEP / WPA wireless encryption

More Related