Encryption Nicolaus Moeller Introduction Motivation Problem Cryptography Definition Cryptosystems Modern examples CSS DVD Symmetric Ciphers Disk-encryption Summary Bibliography Encryption Nicolaus Moeller Studiengang Informatik Universit¨ at Hamburg June 10, 2015 1 / 26
50
Embed
Encryption - wr.informatik.uni-hamburg.de€¦ · Cryptography De nition Cryptosystems Modern examples CSS DVD Symmetric Ciphers Disk-encryption Summary Bibliography Encryption Nicolaus
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Encryption
Nicolaus Moeller
Studiengang InformatikUniversitat Hamburg
June 10, 2015
1 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Contents
1 Introduction
2 Cryptography
3 Modern examples
4 Summary
5 Bibliography
2 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Motivation
• Privacy is important for ...
• democracy.• the control of our lives.
• Cryptography can be...
• complex.• a lot of fun!
3 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Problem
Figure : [26, p.5]
4 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Problem
Figure : [26, p.5]
4 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Cryptology
Figure : [26, p.3 and 10]
5 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
What is a cipher?
DefinitionA cipher defined over (K,M, C) is a pair of efficient algorithms(E,D) where
E : K ×M 7→ C and D : K × C 7→M
• Efficient: polynomial time
• M : Plain-text space
• C : Cipher- ” ”
• K : Key space
Question: What is a good cipher?
6 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
What is a cipher?
DefinitionA cipher defined over (K,M, C) is a pair of efficient algorithms(E,D) where
E : K ×M 7→ C and D : K × C 7→M
• Efficient: polynomial time
• M : Plain-text space
• C : Cipher- ” ”
• K : Key space
Question: What is a good cipher?
6 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Substitution cipher
• Substitute character of the alphabet for another character.
• A particular example: Caesar cipher
Figure : [26, p.9]
7 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Substitution cipher cont.
• Brute force attack: |K| = 26! ≈ 288
• Letter frequency attack:
Figure : [26, p.9]
• Very unsecure!
8 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Substitution cipher cont.
• Brute force attack: |K| = 26! ≈ 288
• Letter frequency attack:
Figure : [26, p.9]
• Very unsecure!
8 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Substitution cipher cont.
• Brute force attack: |K| = 26! ≈ 288
• Letter frequency attack:
Figure : [26, p.9]
• Very unsecure!
8 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher
• Encrypt using modular arithmetic
A 0B 1C 2... ...
Example: : R → 17 X → 23
(17 + 23) ≡ 40
≡ 14 mod 26
Result: O → 14
• Decryption:
(14− 23) ≡ −9
≡ 17 mod 26
9 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher
• Encrypt using modular arithmetic
A 0B 1C 2... ...
Example: : R → 17 X → 23
(17 + 23) ≡ 40
≡ 14 mod 26
Result: O → 14
• Decryption:
(14− 23) ≡ −9
≡ 17 mod 26
9 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher
• Encrypt using modular arithmetic
A 0B 1C 2... ...
Example: : R → 17 X → 23
(17 + 23) ≡ 40
≡ 14 mod 26
Result: O → 14
• Decryption:
(14− 23) ≡ −9
≡ 17 mod 26
9 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher
• Encrypt using modular arithmetic
A 0B 1C 2... ...
Example: : R → 17 X → 23
(17 + 23) ≡ 40
≡ 14 mod 26
Result: O → 14
• Decryption:
(14− 23) ≡ −9
≡ 17 mod 26
9 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher cont.
• Key: KEY Message: SECRET TEXT
• Still vulnerable to analytical attacks.
• Question: Does an invulnerable cipher exist?
10 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher cont.
• Key: KEY Message: SECRET TEXT
K E Y K E Y K E Y K
S E C R E T T E X T
• Still vulnerable to analytical attacks.
• Question: Does an invulnerable cipher exist?
10 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher cont.
• Key: KEY Message: SECRET TEXT
K E Y K E Y K E Y K
S E C R E T T E X T
C I A B I R D I V D
• Still vulnerable to analytical attacks.
• Question: Does an invulnerable cipher exist?
10 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher cont.
• Key: KEY Message: SECRET TEXT
K E Y K E Y K E Y K
S E C R E T T E X T
C I A B I R D I V D
• Still vulnerable to analytical attacks.
• Question: Does an invulnerable cipher exist?
10 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Vigenere cipher cont.
• Key: KEY Message: SECRET TEXT
K E Y K E Y K E Y K
S E C R E T T E X T
C I A B I R D I V D
• Still vulnerable to analytical attacks.
• Question: Does an invulnerable cipher exist?
10 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy
Claude Shanon (1949):
DefinitionA cipher (E,D) defined over (K,M, C) has perfect secrecy if
∀m0,m1 ∈M ∀c ∈ C |m0| = |m1| :
P[ c = E (k ,m0) ] = P[ c = E (k ,m1) ]
where random variable k is uniform in K
11 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy
Claude Shanon (1949):
DefinitionA cipher (E,D) defined over (K,M, C) has perfect secrecy if
∀m0,m1 ∈M ∀c ∈ C |m0| = |m1| :
P[ c = E (k ,m0) ] = P[ c = E (k,m1) ]
where random variable k is uniform in K
11 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy
Claude Shanon (1949):
DefinitionA cipher (E,D) defined over (K,M, C) has perfect secrecy if
∀m0,m1 ∈M ∀c ∈ C |m0| = |m1| :
P[ c = E (k ,m0) ] = P[ c = E (k,m1) ]
where random variable k is uniform in K
11 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy of One-time-pad
One-time-pad has perfect secrecy.Preliminaries:
P[ c = E (k,m) ] =| { k ∈ K | E (k ,m) = c } |
|C|
⊗ : Vigenere encription operation. � : V. decription op.
Proof.For the One-time-pad the following holds:
E (k,m) = c ⇒ k ⊗m = c ⇒ k = m � c
| { k ∈ K | E (k ,m) = c } | = 1 ∀m ∈M ∀c ∈ C
12 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy of One-time-pad
One-time-pad has perfect secrecy.Preliminaries:
P[ c = E (k,m) ] =| { k ∈ K | E (k ,m) = c } |
|C|
⊗ : Vigenere encription operation. � : V. decription op.
Proof.For the One-time-pad the following holds:
E (k,m) = c ⇒ k ⊗m = c ⇒ k = m � c
| { k ∈ K | E (k ,m) = c } | = 1 ∀m ∈M ∀c ∈ C
12 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy of One-time-pad
One-time-pad has perfect secrecy.Preliminaries:
P[ c = E (k,m) ] =| { k ∈ K | E (k ,m) = c } |
|C|
⊗ : Vigenere encription operation. � : V. decription op.
Proof.For the One-time-pad the following holds:
E (k,m) = c ⇒ k ⊗m = c ⇒ k = m � c
| { k ∈ K | E (k ,m) = c } | = 1 ∀m ∈M ∀c ∈ C
12 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy of one time padcont
• Let cipher-text c be ”DFHL”. What’s the message m?
• Could m be ”EVIL”, because:
”EVIL”⊗ ”ZKZA” = ”DFHL” ?
• ... but couldn’t m be ”GOOD”, because:
”GOOD”⊗ ”XRTI ” = ”DFHL” ?
13 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy of one time padcont
• Let cipher-text c be ”DFHL”. What’s the message m?
• Could m be ”EVIL”, because:
”EVIL”⊗ ”ZKZA” = ”DFHL” ?
• ... but couldn’t m be ”GOOD”, because:
”GOOD”⊗ ”XRTI ” = ”DFHL” ?
13 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Perfect secrecy of one time padcont
• Let cipher-text c be ”DFHL”. What’s the message m?
• Could m be ”EVIL”, because:
”EVIL”⊗ ”ZKZA” = ”DFHL” ?
• ... but couldn’t m be ”GOOD”, because:
”GOOD”⊗ ”XRTI ” = ”DFHL” ?
13 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Playfair Cipher
m = CIA BIRD k=PASSWORD
14 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Playfair Cipher
m = CIA BIRD
m = CI AB IR DX
k=PASSWORD
p a s w or d b c ef g h i jk l m n qt u v x yz
14 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Playfair Cipher
m = CIA BIRD
m = CI AB IR DX
k=PASSWORD
p a s w or d b c ef g h i jk l m n qt u v x yz
14 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Playfair Cipher
m = CIA BIRD
m = CI AB IR DX
c = IN · · · · · ·
k=PASSWORD
p a s w or d b c ef g h i jk l m n qt u v x yz
14 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Playfair Cipher
m = CIA BIRD
m = CI AB IR DX
c = IN · · · · · ·
k=PASSWORD
p a s w o
r d b c e
f g h i jk l m n q
t u v x yz
14 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Playfair Cipher
m = CIA BIRD
m = CI AB IR DX
c = IN · · · · CU
k=PASSWORD
p a s w o
r d b c e
f g h i jk l m n q
t u v x yz
14 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Playfair Cipher
m = CIA BIRD
m = CI AB IR DX
c = IN SD FC CU
k=PASSWORD
p a s w or d b c ef g h i jk l m n qt u v x yz
14 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Kerckhoff’s principle
Kerckhoff’s principle:
A cryptosystem should be secure even if the attacker knows alldetails about the system (except secret key).
15 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
DVD content protection
• Used to:
• protect against piracy• enforce regional restrictions
• Streamcipher
• Key length: 40 bits.
• Broken without a brute-force approach.
16 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Famous Symmetric ciphers
• DES (Data Encryption Standard 1970 )
• 3DES (1998)
• AES (Advanced Encryption Standard) 2001
• RC6• Mars• Serpent• Twofish• Rijandel → AES
17 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
AES
• Key lengths: 128, 192 or 256 bits.
• Efficient in software and hardware.
• High degree of diffusion and confusion.
• No efficient attacks have been found...
• ...yet!
18 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Encryption modes
• ECB (Electronic Code Book)
Figure : [9]
19 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Encryption modes
• CBC (Chipher Block Chaining)
Figure : [8]
19 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Hardware-based encryption
• No performance overhead.
• Transparency.
• HDD/SDDs vendors: disk controller.
• IBMs: Secure Blue
• Encrypt entire boot disk and MBR.
20 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Software-based encryption
• TrueCrypt forks. → VeraCrypt
• Bitlocker
• FileVault
• dm-crypt (with LUKS)
21 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Summary
• Kerckhoff’s Principle
• Encryption done right depends on:
• Keyspace• Good algorithm (cipher)• Implementation
• A secure cipher uses...
• Confusion• Diffusion
22 / 26
Encryption
NicolausMoeller
Introduction
Motivation
Problem
Cryptography
Definition
Cryptosystems
Modernexamples
CSS DVD
SymmetricCiphers
Disk-encryption
Summary
Bibliography
Bibliography I
[1] Cryptography in home entertainment a look at content scrambling indvds,http://www.math.ucsd.edu/~crypto/Projects/MarkBarry/.
[2] Disk encryption,http://en.wikipedia.org/wiki/Disk_encryption.
[3] Disk encryption theory,http://en.wikipedia.org/wiki/Disk_encryption_theory.
[4] Hardware-based full disk encryption, http://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption.
[5] Luks and cryptsetup,https://gitlab.com/cryptsetup/cryptsetup.
[6] Performance analysis of data encryption algorithms, http://www.cse.wustl.edu/~jain/cse567-06/ftp/encryption_perf/.
[7] en. wikipedia. org/ wiki/ Information_ theory .