Top Banner

Click here to load reader

Introduction to Cryptography INFSCI 1075: Network Security – Spring 2013 Sam T. Zargar

Dec 18, 2015

ReportDownload

Documents

  • Slide 1
  • Introduction to Cryptography INFSCI 1075: Network Security Spring 2013 Sam T. Zargar
  • Slide 2
  • 2 Security Features and Mechanisms Security Features (Security Services) Measures intended to counter security attacks by employing security mechanisms Take on functions of physical documents and procedures like signatures, identity cards, endorsements, etc. Typical services: Confidentiality, integrity, authentication, non- repudiation, and availability. Security Mechanisms Prevent, detect, and recover from security attacks No single security mechanism can provide all the security services
  • Slide 3
  • 3 Remarks Not all security services can be provided by a single security mechanism Cryptography, if used cleverly and correctly, can provide several of the security services Cryptography is the backbone of most security mechanisms SSL, SSH, IPSec, WPA, Kerberos, VPNs, Dial-up, etc. Cryptography: using encryption and decryption principles/methods to conceal information
  • Slide 4
  • 4 Limitations of Cryptography Cryptography is not a complete solution in itself Systems and networks are not secure today Not because of the mathematics behind cryptography The math is sound Implementation of the cryptosystems and usage of cryptography in protocols are occasionally flawed The human factor Why you need to study cryptography An important component of information security today Awareness of what is used where and why it works Sense of why crypto in itself is not enough, but you need things around it to make networks and systems secure
  • Slide 5
  • History For thousands of years people have used methods of concealing information Concealing Ciphering or Encryption Examples Writing concealed information from the illiterate Mirrors were used in India Tattoo messages on scalps and allow hair to grow Biblical times (500 BC) Substitution of one alphabet by another in a systematic way Sparta (500 BC) Scytale (sitaali) http://en.wikipedia.org/wiki/Scytale http://en.wikipedia.org/wiki/Scytale 5
  • Slide 6
  • 6 History (2) Caesar Cipher (50 BC) Described by Julius Caesar Example of a Shift Cipher World War I Creation of many new ciphers ADFGVX code by the German military in World War 1 A product cipher Cryptography and Mathematics Linkages started in the 1920s Extended to World War II Information Theory played a role in 1949 when Shannon defined perfect secrecy
  • Slide 7
  • 7 Modern Times Data Encryption Standard (DES)(1977) Opened up a new area of research for securing digital information All encryption algorithms from BC till 1976 were secret key algorithms Also called private key algorithms or symmetric key algorithms Public key algorithms were introduced in 1976 by Whitfield Diffie and Martin Hellman (asymmetric)
  • Slide 8
  • Some Basic Terminology 8 Plaintext - original message Ciphertext - coded message Cipher - algorithm for transforming plaintext to ciphertext Key - info used in cipher known only to sender/receiver Encipher (encrypt) - converting plaintext to ciphertext Decipher (decrypt) - recovering plaintext from ciphertext
  • Slide 9
  • Definitions 9 Cryptography using encryption and decryption principles/methods to conceal information Cryptanalysis (code breaking) - study of principles/ methods of deciphering ciphertext without knowing the key Cryptology study of both cryptography and cryptanalysis Encryption Conventional (symmetric) encryption Public-key (asymmetric) encryption
  • Slide 10
  • 10 Cryptology CRYPTOLOGY CRYPTOGRAPHYCRYPTANALYSIS Private Key (Secret Key) Public Key Block CipherStream CipherInteger Factorization Discrete Logarithm PROTOCOLS
  • Slide 11
  • Cryptography 11 Can characterize cryptographic system by: Type of encryption operations used Substitution / transposition / product Number of keys used Single-key or private / two-key or public Way in which plaintext is processed block / stream
  • Slide 12
  • 12 Block vs. Stream Ciphers Block ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters 64-bits or more Stream ciphers process messages a bit or byte at a time when en/decrypting Many current ciphers are block ciphers Broader range of applications
  • Slide 13
  • Cryptanalysis 13 The science/art of breaking an encryption scheme Objective is to recover key not just message General approaches: Cryptanalytic attack May rely on: Nature of encryption algorithm Characteristics of the plaintext Some plaintext-cipher text pairs Brute-force attack Try every key time and space complexity! On average, half of all possible keys must be tried to achieve success.
  • Slide 14
  • Cryptanalytic Attacks 14 Ciphertext only Cryptanalyst has only Ciphertext of possibly many messages. Known plaintext Access to both plain and ciphertext of several messages, probable words. Chosen plaintext Attacker can select plaintext and obtain its ciphertext. Chosen ciphertext Attacker has access to decrypting box, objective is deduce the key, have the corresponding plaintext. The HUMAN factor Rubber hose attack -- threaten, torture, blackmail for the key Purchase-key attack -- bribery (or burglary) Scam attack excuse me, could you tell me your password? Im stupid attack easy to guess key (name, birthdate, phone number, .)
  • Slide 15
  • Encryption scheme is: 15 Unconditionally secure if: No matter how much computer power or time is available, the cipher cannot be broken since the cipher-text provides insufficient information to uniquely determine the corresponding plaintext \ e.g., one-time pad (later) Computationally secure if: Given limited computing resources (e.g. time needed for calculations is greater than age of universe), the cipher cannot be broken and it is costly!
  • Slide 16
  • Brute Force Search 16 Always possible to simply try every key Most basic attack, proportional to key size Assume either know / recognize plaintext Key Size (bits)Number of Alternative Keys Time required at 1 decryption/s Time required at 10 6 decryptions/s 32 2 32 = 4.3 10 9 2 31 s= 35.8 minutes2.15 milliseconds 56 2 56 = 7.2 10 16 2 55 s= 1142 years10.01 hours 128 2 128 = 3.4 10 38 2 127 s= 5.4 10 24 years5.4 10 18 years 168 2 168 = 3.7 10 50 2 167 s= 5.9 10 36 years5.9 10 30 years 26 characters (permutation) 26! = 4 10 26 2 10 26 s= 6.4 10 12 years6.4 10 6 years
  • Slide 17
  • Symmetric Encryption 17 OR conventional / private-key / single-key Sender and receiver share a common key All classical encryption algorithms ( from BC till 1976) Was only type prior to invention of public-key in 1976 and by far most widely used
  • Slide 18
  • Symmetric Cipher Model 18
  • Slide 19
  • Conventional Encryption Model 19 Key Source Insecure channel Oscar EncryptDecrypt AliceBob y xx k k Secure Channel
  • Slide 20
  • Requirements 20 Two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver Mathematically have: Y = e k (X) X = d k (Y) The functions e k () and d k () must be inverses of one another e k (d k (y)) = ? d k (e k (x)) = ? e k (d k (x)) = ? Assume encryption/decryption algorithm is known, strength is in key Implies a secure channel to distribute key
  • Slide 21
  • Substitution Ciphers 21
  • Slide 22
  • Classical Substitution Ciphers where letters of plaintext are replaced by other letters or by numbers or symbols or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
  • Slide 23
  • Shift Ciphers Idea Represent the capital letters of the English alphabet by integers Encryption e k (x) = (x + k) mod 26 Decryption d k (y) = (y k) mod 26 ABCDEFGHIJKLM 0123456789101112 NOPQRSTUVWXYZ 13141516171819202122232425 23
  • Slide 24
  • Caesar Cipher earliest known substitution cipher by Julius Caesar (50 BC) first attested use in military affairs replaces each letter by 3rd letter on example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB
  • Slide 25
  • Set of Residues: Z n 25 The result of the modulo operation with modulus n is always an integer between 0 and n-1. Modulo operation creates a set, which in modular arithmetic is referred to as the set of least residues, modulo n, or Z n E.g. Z 2 ={0,1} Z 6 ={0,1,2,3,4,5} Z 10 ={0,1,2,3,4,5,6,7,8,9}
  • Slide 26
  • The modulo operation (Quick review) 26 What is 27 mod 5? Quotient? 5 Divisor 5 27 Dividend - 25 Remainder? 2 What is -27 mod 5? Quotient? -6 Divisor 5 -27 Dividend - (-30) Remainder? 3
  • Slide 27
  • Examples 27 36 mod 9 = 0 4 9 36 -36 0 -45 mod 9 = 0 -5 9 -45 -(- 45) 0
  • Slide 28
  • Shift Ciphers Cipher-text: HCEGDQQM K: C What is the plain-text? Encryption e k (x) = (x + k) mod 26 Decryption d k (y) = (y k) mod 26 ABCDEFGHIJKLM 0123456789101112 NOPQRSTUVWXYZ 13141516171819202122232425 28
  • Slide 29
  • Cryptanalysis of Caesar Cipher only have 26 possible ciphers A maps to A,B,..Z could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do n