. CIS 3500 1 Cryptographic Concepts Chapter #26: Cryptography and Public Key Infrastructure Chapter Objectives n Identify the different types of cryptography n Learn about current cryptographic methods n Understand how cryptography is applied for security n Given a scenario, utilize general cryptography concepts n Compare and contrast basic concepts of cryptography Cryptographic Concepts 2 Cryptographic Concepts n Cryptography is the science of encrypting, or hiding, information n These complicated methods are cryptographic algorithms, also known as ciphers n The word “cipher” comes from the Arabic word sifr, meaning empty or zero Cryptographic Concepts 3 General Cryptographic Concepts n Historical ciphers were simple to use, simple to break n More advanced transposition and substitution ciphers n Ciphers were automated (electro)mechanical device n German Enigma machine from World War II n When setting up a cryptographic scheme, it is important Cryptographic Concepts 4
11
Embed
CIS 3500 1 - Metropolitan State University of Denverrowdysites.msudenver.edu/~fustos/cis3500/pdf/chapter26.pdf · CIS 3500 2 General Cryptographic Concepts nPlaintext needs to be
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
.
CIS 3500 1
Cryptographic Concepts
Chapter #26:
Cryptography and Public Key Infrastructure
Chapter Objectives
n Identify the different types of cryptography
n Learn about current cryptographic methods
n Understand how cryptography is applied for security
n Given a scenario, utilize general cryptography concepts
n Compare and contrast basic concepts of cryptography
Cryptographic Concepts2
Cryptographic Concepts
n Cryptography is the science of encrypting, or hiding,
information
n These complicated methods are cryptographic algorithms,
also known as ciphers
n The word “cipher” comes from the Arabic word sifr,
meaning empty or zero
Cryptographic Concepts3
General Cryptographic Concepts
n Historical ciphers were simple to use, simple to break
n More advanced transposition and substitution ciphers
n Ciphers were automated (electro)mechanical device
n German Enigma machine from World War II
n When setting up a cryptographic scheme, it is important
Cryptographic Concepts4
.
CIS 3500 2
General Cryptographic Concepts
n Plaintext needs to be protected – it is encrypted into ciphertext
n We use an algorithm and a key
n Cryptanalysis – attempt to return the encrypted message to its
original form
n Differential cryptanalysis – comparing the input plaintext to the
output ciphertext to try to determine the key
n Linear cryptanalysis – uses both plaintext and ciphertext, puts the
plaintext through a simplified cipher to try to deduce what the key
is likely to be in the full version
Cryptographic Concepts5
Fundamental Methods
n The choice of algorithm depends on the type of cryptographic operation
that is desired
n Choice of key is then tied to the specific algorithm
n Cryptographic operations include
n encryption for the protection of confidentiality
n hashing for the protection of integrity
n digital signatures to manage non-repudiation, and
n specialty operations such as key exchanges
n Mathematical specifics can be very complex
n Data is characterized by its usage: data-in-transit, data-at-rest, or data-
in-use; block form or stream form
Cryptographic Concepts6
Cryptographic Concepts
Algorithms
n Encryption schemes are based upon an algorithm
n step-by-step problem-solving procedure
n made up of mathematical steps for encrypting and decrypting
information
n They are designed to use a key – a special piece of data used in
both the encryption and decryption processes
n The algorithms are the same, but every implementation uses a
different key
7
Symmetric Algorithms
n Usually use same key for encryption and decryption
n Require sender and receiver to agree on a key before they
communicate securely
n Security lies with the key
n Also called secret key algorithms, single-key algorithms, or
one-key algorithms
Cryptographic Concepts8
.
CIS 3500 3
Modes of Operation
n In symmetric or block algorithms, there is a need to deal
with blocks of identical data to prevent multiple blocks of
ciphertext that would identify the blocks of identical input
n There are five common algorithmic modes that are detailed
in NIST SP 800-38A, Recommendation for Block Cipher
Modes of Operation: Methods and Techniques
n Electronic Code Book (ECB), Cipher Block Chaining (CBC),
Cipher Feedback Mode (CFB), Output Feedback Mode
(OFB), and Counter Mode (CTR)Cryptographic Concepts9 Cryptographic Concepts
Asymmetric Algorithms
n Use different keys for encryption and decryption
n Decryption key cannot be calculated from the encryption
key
n Anyone can use the key to encrypt data and send it to the
host; only the host can decrypt the data
n Also known as public key algorithms
n RSA, Diffie-Hellman, ECC, and ElGamal are asymmetric
protocols
10
Cryptographic Concepts
ECC (Elliptic Curve Cryptography)
n ECC works on the basis of elliptic curves
n y2 = x3 + ax2 + b
n They have a special property — you can add two points on
the curve together and get a third point on the curve
n Users agree on a curve and a fix point
n With a secret random number calculate a public key
n That can be used to encrypt messages
11 Cryptographic Concepts
Symmetric vs. Asymmetric
Type of Algorithm Advantages Disadvantages
Symmetric Single key
Faster
Less computation
Requires sender and receiver to agree on a
key before transmission of data
Security lies only with the key
High costs
Asymmetric Encryption and decryption keys
are different
Decryption key cannot be
calculated from encryption key
Security of keys can be compromised when
malicious users post phony keys
Slower
Lots of computing power needed
12
.
CIS 3500 4
Hashing
n Hashing algorithm is a special mathematical function that performs one-
way encryption – no feasible way to retrieve the plaintext
n There is no feasible way to generate two different plaintexts that compute
to the same hash value
n Store computer passwords - the hash value is reproducible
n Can be compromised with a collision attack, in which an attacker finds
two different messages that hash to the same value
n Hash algorithms: Secure Hash Algorithm (SHA) series, the RIPEMD
algorithms, and the Message Digest (MD) hash of varying versions (MD2,
MD4, MD5)
Cryptographic Concepts13
Salt, IV, Nonce
n The term salt refers to addition of a high-entropy piece of
data concatenated with the material being hashed
n Salts are useful when the text is short and low in entropy
n An initialization vector, or IV, is used in several ciphers,
particularly in the wireless space
n IVs can add randomness and are used in block ciphers
n A nonce is similar to a salt or an IV, but it is only used
once
Cryptographic Concepts14
Weak/Deprecated Algorithms
n The challenge is understanding which algorithms have fallen to
attacks and avoiding their use
n Hash algorithms, such as MD5, should be considered inappropriate -
manufactured collisions have been achieved
n Even newer hash functions have issues, such as SHA-1 and soon SHA-
256
n The Data Encryption Standard, DES and 3DES, have fallen from favor
n There new forms of these functions are widely available, e.g. AES
that are computationally efficient
Cryptographic Concepts15
Key Exchange
n Cryptographic mechanisms use an algorithm and a key
n In symmetric encryption, the secrecy depends upon the secrecy of the key
n Key exchange is the central foundational elemen
n In asymmetric systems, the key exchange problem is one of key
publication
n Early key exchanges were performed by trusted couriers
n The Diffie-Hellman key exchange is one example of secure key exchange
n It depends upon two random numbers, each chosen by one of the parties
and kept secret
Cryptographic Concepts16
.
CIS 3500 5
Cryptographic Objectives
n Cryptographic methods exist for a purpose: to protect the
integrity and confidentiality of data
n There are many associated elements to enable a system-
wide solution
n Perfect forward secrecy, non-repudiation, key escrow, and