Chapter 5 Cryptography Protecting principals communication in systems
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Chapter 5
Cryptography
Protecting principals communication in systems
Cryptography
Security engineering meets mathCryptography science and art of
designing ciphersCryptanalysis science and art of
breaking themCryptology is bothInput is plaintext output is ciphertext
Historical background
Early stream cipher Vigenere
Early block cipher Playfair
One-Way functions Protect integrity and authenticity or message Test key
Asymmetric primitives Public and Private key
Random Oracle Model
Elf is in a box with following items:Scroll (infinite length) to store previously
provided resultsDie for randomness
Random Function
Accepts input string of any length, outputs a random string of fixed lengthUseful for storing passwordsCreates a message digest (hash value)
Useful for sending digital signature, since digital signature is long, it can stand for the signature.
Same as hashing as learned in databaseSame string always produces same output
string
Random function
One-wayGiven string can produce output stringGiven hash value very difficult to produce
original imageTo attack must keep feeding in input strings until
get lucky and match output string, even then not definate.
Collisions can occur but hard to find in a true pseudorandom function
Random Generator
Stream Cipher Short input, long output Also know as key stream Go to key stream generator, enter a key, get a long
string of characters to xor with Good for encrypting back-up data for instance Must know key to get proper key stream Do not re-use key, or can decrypt
Can prevent this by using a seed with each subsequent message
Random permutations
Block Ciphers Input output fixed sizeGiven plaintext and key output cipher textGiven Cipher text and key output plaintextGiven plaintext and cipher text do nothing
Public key Encryption
Elf will encrypt message for anyone, but will decrypt only for key owner.
So I can give away my public key and anyone can encrypt to me, but only I can decrypt.
Digital signature
Can be created by only one person, but checked by anyone.
So these are the basic primitives of symmetric crypto schemes
5.4 Symmetric crypto primitives
Block ciphers confusion and diffusionS-box
Maps numbers (look-up table)Cipher must be wide enoughMust have enough “rounds”S-boxes of good designAdvanced Encryption Standard (AES)
DES
Used widely for banking government etc56 bits keyAlways a weakness14,000 Pentium machines on the net
broke a challenge in 4 monthsMachine built that can do it in 3 daysCurrently inadequate
Modes of operation
Electronic code book (ECB)Cipher Block Chaining (CBC)Output feedback (OFB)Cipher Feedback (CFB)
Asymmetric Cypto Primitives
Public key encryptionDigital signaturesBased on number theory
Prime numbersRSA current algorithm based on
factoringUsed in SSL
Asymmetric Cypto Primitives
PGPGovernment systems
Based on discrete logarithmsDSA Digital Signature Algorithm
AKA Digital Signature Standard (DSS)
Certification
We can do public key encryption and digital signatures
Now must bind keys to usersCA Certification Authority can do that
Signs users public encryptionVerifies signatureThird party trusted source
Discussion topics
Breaks of RijndaelCurrent uses of PGPCurrent uses of certificates and digital
signatures.
List of resources
Cryptography http://en.wikipedia.org/wiki/Cryptography
Random Oracle Model http://en.wikipedia.org/wiki/Random_oracle_model http://www-cse.ucsd.edu/users/mihir/papers/ro.pdf
Public Key http://en.wikipedia.org/wiki/Public-key_cryptography
Block ciphers http://www.rsasecurity.com/rsalabs/node.asp?id=21
68
List of resources
S boxeshttp://en.wikipedia.org/wiki/S-box
AEShttp://en.wikipedia.org/wiki/Advanced_Encry
ption_StandardDES
http://www.rsasecurity.com/rsalabs/node.asp?id=2226
List of resources
Modes of operationhttp://www.faqs.org/faqs/cryptography-faq/
part01/See 5.14
http://en.wikipedia.org/wiki/Padding_(cryptography)
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci344947,00.html
List of resources
Asymmetrichttp://searchsecurity.techtarget.com/
sDefinition/0,,sid14_gci836964,00.htmlDSA DSS
http://www.rsasecurity.com/rsalabs/node.asp?id=2239
Certificateshttp://www.verisign.com/products-services/
security-services/index.html
Related Documents
