7/28/2019 Information security and cryptography
1/45
Instr.Dr. Nurdan Saran
Ceng 520
Information Security and Cryptography
7/28/2019 Information security and cryptography
2/45
Definitions
Computer Security - generic name for thecollection of tools designed to protect data and tothwart hackers
Network Security - measures to protect dataduring their transmission
Internet Security - measures to protect dataduring their transmission over a collection of
interconnected networks
7/28/2019 Information security and cryptography
3/45
Security Attack
any action that compromises the security of informationowned by an organization
information security is about how to prevent attacks, orfailing that, to detect attacks on information-based
systems often threat & attack used to mean same thing
have a wide range of attacks
can focus of generic types of attacks passive
active
7/28/2019 Information security and cryptography
4/45
Passive Attacks
7/28/2019 Information security and cryptography
5/45
Active Attacks
7/28/2019 Information security and cryptography
6/45
Classify Security Attacks as
passive attacks - eavesdropping on, or monitoring of,transmissions to:
obtain message contents, or
monitor traffic flows
active attacksmodification of data stream to:
masquerade of one entity as some other
replay previous messages
modify messages in transit denial of service
7/28/2019 Information security and cryptography
7/45
Security Services
Privacy
Authentication : verifies the identity of the source
Data Integrity : protects the data from modification
Non-repudiation : prevent a party from denying previousactions or aggreements.
Confidentiality : keep information secret to anyone but theintended recipients.
7/28/2019 Information security and cryptography
8/45
Greek:
kryptos + graphein hidden writing
7/28/2019 Information security and cryptography
9/45
Encryption
Convert normal, readable data into obscured, unreadable
data
Cankaya Encryption Algorithm absh?nwTbsdn
Cankaya Encryption Algorithm lsdsbsm288SSh
7/28/2019 Information security and cryptography
10/45
Decryption
Convert obscured, unreadable data into normal, readable
data
CankayaDecryption Algorithmabsh?nwTbsdn
CankayaDecryption Algorithmlsdsbsm288SSh
7/28/2019 Information security and cryptography
11/45
Terminology
plaintext - clear readable text
ciphertext - unreadable text
cipher - algorithm(s) for encryption and decryption
Cankaya Encryption Algorithm lsdsbsm288SSh
CankayaDecryption Algorithmlsdsbsm288SSh
7/28/2019 Information security and cryptography
12/45
Terminology
Key -- a secret piece of information that controls how the
encryption algorithm works
Different keys produce different encrypted results
Cankaya Encryption Algorithm ala;dfwij? 109291
Key: Ceng 435
Cankaya Encryption Algorithm jfasd;k2//ad398?
Key: Ceng 520
7/28/2019 Information security and cryptography
13/45
Symmetric Encryption
or conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms areprivate-key
was only type prior to invention of public-
key in 1970s and by far most widely used
7/28/2019 Information security and cryptography
14/45
Symmetric Cipher Model
7/28/2019 Information security and cryptography
15/45
Symmetric Key
Alice wants to send a private/confidentialmessage to Bob
Alice computes c=Ek
(p)
Sends c to Bob over unsecured wire
Bob computes p=Dk(c)
7/28/2019 Information security and cryptography
16/45
Requirements
two requirements for secure use of symmetricencryption:
a strong encryption algorithm
a secret key known only to sender / receiver
assume encryption algorithm is known
implies a secure channel to distribute key
Shared secret is great... but how do wedistribute it?
7/28/2019 Information security and cryptography
17/45
Asymmetric Key Cryptography
Instead of one key, have twopublic keyprivate key
Use one key to encode/encryptUse other key to decode/decrypt
Someone can know public key
Computing private key from public key isvery, very difficult (factoring hugenumber)
7/28/2019 Information security and cryptography
18/45
Application: Secrecy
Bob has Bob.pub, Bob.priv
Alice has Alice.pub, Alice.priv
Alice wants to send Bob a secret "I Love You" note
7/28/2019 Information security and cryptography
19/45
Application: Secrecy
Alice finds Bob.pub from his website
Alice computes c = E Bob.pub(p)
Sends c to Bob over unsecured wire
Bob computes p = D Bob.priv(c)
7/28/2019 Information security and cryptography
20/45
Advantages
Key distribution not a problem!
Anyone can send a message to
Bob
Only Bob can decrypt!
7/28/2019 Information security and cryptography
21/45
Application: Authenticity
Alice wants to tell Bob the message is reallyfrom her!
Digital signature
Alice computes c = E Alice.priv(p)
Alice sends c over unsecured wire
Anyone can check that Alice is the sender...by computing p = D Alice.pub(c)
7/28/2019 Information security and cryptography
22/45
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
I love you
7/28/2019 Information security and cryptography
23/45
Authenticity + Secrecy
I love you
B.pub
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
7/28/2019 Information security and cryptography
24/45
Authenticity + Secrecy
I love you
B.pub
This is from A
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
7/28/2019 Information security and cryptography
25/45
Authenticity + Secrecy
I love you
B.pub
This is from A
A.priv
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
7/28/2019 Information security and cryptography
26/45
Authenticity + Secrecy
I love you
B.pub
This is from A
A.priv
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
7/28/2019 Information security and cryptography
27/45
Authenticity + Secrecy
I love you
B.pub
This is from A
A.priv
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
7/28/2019 Information security and cryptography
28/45
Hash Functions
A cryptographic hash functionis a deterministic procedure that
takes an arbitrary block ofdata andreturns a fixed-sizebit string.
h = hash(data)
Every bit in input affects outputHash function is not invertible
http://en.wikipedia.org/wiki/Algorithmhttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Bithttp://en.wikipedia.org/wiki/Bithttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Algorithm7/28/2019 Information security and cryptography
29/45
Some properties of Hash Function
it is easy to compute the hash value for anygiven message,
it is infeasible to find a message that has a
given hash, it is infeasible to modify a message without
changing its hash,
it is infeasible to find two different messageswith the same hash.
http://en.wikipedia.org/wiki/Computational_complexity_theoryhttp://en.wikipedia.org/wiki/Computational_complexity_theoryhttp://en.wikipedia.org/wiki/Computational_complexity_theoryhttp://en.wikipedia.org/wiki/Computational_complexity_theoryhttp://en.wikipedia.org/wiki/Computational_complexity_theoryhttp://en.wikipedia.org/wiki/Computational_complexity_theory7/28/2019 Information security and cryptography
30/45
Error Checking
Alice wants to send a LONG message to Bob
Alice computes h=hash($LONG_MSG);
Sends data to Bob, includes relatively short h at
the end of message
Bob recomputes hash.
If match, great! Data's correct!
If not match, either hash or data was corrupted.Resend.
7/28/2019 Information security and cryptography
31/45
Authenticity + Secrecy
I love you
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
7/28/2019 Information security and cryptography
32/45
Authenticity + Secrecy
hash("I love you ...")
12fea90897bddc
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
I love you
7/28/2019 Information security and cryptography
33/45
Authenticity + Secrecy
I love you
This is from A
12fea90897bddc
A.priv
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
7/28/2019 Information security and cryptography
34/45
Authenticity + Secrecy
Bob.pub
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
I love you
This is from A
12fea90897bddc
A.priv
7/28/2019 Information security and cryptography
35/45
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
Bob.pub
I love you
This is from A
12fea90897bddc
A.priv
7/28/2019 Information security and cryptography
36/45
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
Bob.pub
I love you
This is from A
12fea90897bddc
A.priv
7/28/2019 Information security and cryptography
37/45
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
I love you
This is from A
12fea90897bddc
A.priv
7/28/2019 Information security and cryptography
38/45
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.privCarl & Eve
Bad People!
I love you
This is from A
12fea90897bddc
hash("I love you")
=?
7/28/2019 Information security and cryptography
39/45
Symmetric vs. Asymmetric
Symmetric faster but relies onshared secret
Asymmetric slower but solvesdistribution-of-keys problem
7/28/2019 Information security and cryptography
40/45
Characterization of Cryptographic
System
type of encryption operations used
substitution / transposition / product
number of keys usedsingle-key or private / two-key or
publicway in which plaintext is processed
block / stream
7/28/2019 Information security and cryptography
41/45
Important Properties
7/28/2019 Information security and cryptography
42/45
Cryptanalysis
objective to recover key not justmessage
general approaches:cryptanalytic attack
brute-force attack
7/28/2019 Information security and cryptography
43/45
Cryptanalytic Attacks
ciphertext onlyonly know algorithm & ciphertext, is statistical,
know or can identify plaintext
known plaintext
know/suspect plaintext & ciphertext
chosen plaintext
select plaintext and obtain ciphertext
chosen ciphertextselect ciphertext and obtain plaintext
chosen text
select plaintext or ciphertext to en/decrypt
7/28/2019 Information security and cryptography
44/45
More Definitions
unconditional securityno matter how much computer power or time is
available, the cipher cannot be broken since the
ciphertext provides insufficient information touniquely determine the corresponding plaintext
computational security
given limited computing resources (eg timeneeded for calculations is greater than age of
universe), the cipher cannot be broken
7/28/2019 Information security and cryptography
45/45
Brute Force Search
always possible to simply try every key
most basic attack, proportional to key size
assume either know / recognise plaintext
Key Size (bits) Number of Alternative
Keys
Time required at 1
decryption/s
Time required at 106
decryptions/s
32 232 = 4.3 109 231 s = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255 s = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127 s = 5.4 1024 years 5.4 1018 years
168 2168 = 3.7 1050 2167 s = 5.9 1036 years 5.9 1030 years
26 characters
(permutation)
26! = 4 1026 2 1026 s = 6.4 1012 years 6.4 106 years