COMP4109 : Applied Cryptography

Similar documents
Lecture 1: Perfect Security

CSE 127: Computer Security Cryptography. Kirill Levchenko

ISA 562: Information Security, Theory and Practice. Lecture 1

COMP4109 : Applied Cryptography

Computer Security CS 526

Goals of Modern Cryptography

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Lecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Lecture 2. Cryptography: History + Simple Encryption,Methods & Preliminaries. Cryptography can be used at different levels

COMP4109 : Applied Cryptography

CPSC 467: Cryptography and Computer Security

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Cryptography. Andreas Hülsing. 6 September 2016

CSC 580 Cryptography and Computer Security

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Introduction to Cryptography. Lecture 1. Benny Pinkas. Administrative Details. Bibliography. In the Library

Introduction to Cryptography. Lecture 1

Information Security CS526

Traditional Symmetric-Key Ciphers. A Biswas, IT, BESU Shibpur

Information Security CS526

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi

2 What does it mean that a crypto system is secure?

Information Security

Introduction to Cryptology. Lecture 2

symmetric cryptography s642 computer security adam everspaugh

Shared Secret = Trust

B) Symmetric Ciphers. B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers

Cryptography III: Symmetric Ciphers

2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

Computational Security, Stream and Block Cipher Functions

CPSC 467b: Cryptography and Computer Security

1 One-Time Pad. 1.1 One-Time Pad Definition

CSC 474/574 Information Systems Security

Symmetric Cryptography

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Making and Breaking Ciphers

2 Secure Communication in Private Key Setting

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Cryptography Introduction to Computer Security. Chapter 8

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

CSCE 813 Internet Security Symmetric Cryptography

Lecture 1 Applied Cryptography (Part 1)

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Cryptography. Lecture 03

Practical Aspects of Modern Cryptography

Cryptography CS 555. Topic 1: Course Overview & What is Cryptography

Crypto: Symmetric-Key Cryptography

Cryptography (cont.)

Cryptography Functions

CS 161 Computer Security

Cryptography Part II Introduction to Computer Security. Chapter 8

CPS2323. Block Ciphers: The Data Encryption Standard (DES)

CPSC 467b: Cryptography and Computer Security

7. Symmetric encryption. symmetric cryptography 1

2.1 Basic Cryptography Concepts

Symmetric Cryptography

CS 332 Computer Networks Security

OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Private-Key Encryption

Stream Ciphers. Koç ( ucsb ccs 130h explore crypto fall / 13

Classic Cryptography: From Caesar to the Hot Line

Introduction to Symmetric Cryptography

Cryptography III: Symmetric Ciphers

Lecture 07: Private-key Encryption. Private-key Encryption

Worksheet - Reading Guide for Keys and Passwords

CPSC 467: Cryptography and Computer Security

Outline Basics of Data Encryption CS 239 Computer Security January 24, 2005

symmetric cryptography s642 computer security adam everspaugh

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Classical Cryptography. Thierry Sans

CPSC 467b: Cryptography and Computer Security

Stream Ciphers An Overview

1 Achieving IND-CPA security

Introduc)on to Cryptography. Credits: Slide credits to David Brumley, Dan Boneh (ß has a MOOC)

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Classical Encryption Techniques. CSS 322 Security and Cryptography

18-642: Cryptography 11/15/ Philip Koopman

Cryptography BITS F463 S.K. Sahay

Defining Encryption. Lecture 2. Simulation & Indistinguishability

Cryptography. Historical Encoding. Encryption Media. Intro to Encryption 8/24/2010. COMP620 Information Privacy & Security 1

Public Key Cryptography

Stream Ciphers. Çetin Kaya Koç Winter / 13

CPSC 467b: Cryptography and Computer Security

Senior Math Circles Cryptography and Number Theory Week 1

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Unit 8 Review. Secure your network! CS144, Stanford University

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

Lecture 2: Secret Key Cryptography

Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016

Security: Cryptography

Encryption Details COMP620

Authenticated encryption

Transcription:

COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University

Applied Cryptography Day 4 (and 5 and maybe 6) secret-key primitives symmetric-key encryption security notions and types of attacks one-time pad stream ciphers block ciphers MACs PRGs modes of operation 2

Symmetric-Key Encryption a symmetric-key encryption scheme is a ve-tuple (P,C,K,E,D), such that P is the plaintext or message space C is the ciphertext space K is the keyspace for each k K, there is an encryption rule e k E, e k : P C a decryption rule d k D, d k : C P such that d k (e k (x)) = x for every plaintext x P note: we might use e k (m), Enc(k,m) or Enc(m) 3

Symmetric-Key Encryption to achieve condentiality of data (see diagram) Alice and Bob share a secret key (k R K ) they both know k, Enc(k,m) = e k (m), and Dec(k,c) = d k (c) how do they do this? (need a secure channel) Alice computes the ciphertext y = Enc(k,m) for plaintext m Alice sends y to Bob over an insecure channel Bob recovers the plaintext message m = Dec(k,y) from the ciphertext Eve can watch the channel 4

Symmetric-Key Encryption consider the shift cipher (Caesar Cipher) P = C = K = Z 26 (Z 26 = {0,1,2...,25}) for k K (a number between 0 and 25), E k (m) = (m + k) mod 26 D k (c) = (c k) mod 26 when k = 4, if we map a = 0, b = 1, c = 2, etc a b c d e f g h i j k l m D E F G H I J K L M N O P n o p q r s t u v w x y z Q R S T U V W X Y Z A B C ROT-13 is a shift cipher with k = 13 5

Symmetric-Key Encryption consider the substitution cipher P = C = A (A = {a,b,c,...,x,y,z}) K is the set of all permutations of A for π K (a permutation), for example Eπ(m) = π(m) Dπ(m) = π 1 (m) a b c d e f g h i j k l m X N Y A H P O G Z Q W B T n o p q r s t u v w x y z S F L R C V M U E K J D I 6

Symmetric-Key Encryption are these secure? what it does secure mean? what are Eve's goals? what are Eve's computational powers? how does Eve interact with Alice and Bob? 7

Attack Models Passive attacks ciphertext-only attack given c = Enc k (m) known-plaintext attack given m and c = Enc k (m) Active attacks chosen plaintext attack chooses m and given c = Enc k (m) chosen-ciphertext attack chooses c and given m such that c = Enc k (m) Other attacks side-channel attacks social engineering attacks 8

Security Levels Information-theoretic security Eve has no limits to her computational resources Complexity-theoretic security Eve has a polynomial-time Turing machine at her disposal Computational security Eve has n real computers at her disposal (computationally bounded) 9

Goals of the Adversary determine the secret key k determine plaintext from ciphertext determine some information about the plaintext from the ciphertext if Eve can nd k or systematically decrypt ciphertexts then the encryption scheme is totally broken (or totally insecure) if Eve cannot determine any partial information about the plaintext (other then the length), the encryption scheme is semantically secure 10

Symmetric-Key Encryption a security model states the level of security assuming certain computational capabilities of the adversary and how the adversary interacts with the communicating parties a symmetric-key encryption scheme is said to be secure if it is semantically secure against chosen-plaintext attacks by a computationally bounded adversary 11

Symmetric-Key Encryption practically speaking, the following properties are desireable for a symmetric-key encryption scheme Enc k () and Dec k () should be ecient k should be small but big enough to thwart brute-force guessing it should be secure it should be secure against the designer of the system 12

Caesar Cipher chosen-plaintext attack totally breaks it known-plaintext attack totally breaks it ciphertext-only attack totally breaks it brute-force attack (exhaustive search) unicity distance Substitution Cipher chosen-plaintext attack totally breaks it known-plaintext attack reveals partial information ciphertext-only attack totally breaks it exhaustive search ( 2 88 keys) (does not break it) frequency analysis! (breaks it) 13

Caesar / Substitution Ciphers what of the plaintext was only one letter? ciphertext-only attack reveals nothing any plaintext/ciphertext pair reveals key what of the key was changed (independently) for each letter that was encrypted? ciphertext-only attack reveals nothing any plaintext/ciphertext pair reveals key what if we didn't use the key again? 14

One-Time Pad Vernam (1917) for telegraphs P = C = K = {0,1} m k K is random binary string for m = m 1 m 2 m n and k = k 1 k 2 k n, ciphertext c = c 1 c 2 c n is computed as bitwise XOR of m and k. (c = m k) what if the same key is used twice? the key can only be used one (hence, one-time!) the one-time pad is unconditionally secure the one-time pad provides perfect secrecy it is semantically secure against ciphertext-only attacks by an adversary with innite computational resources 15

One-Time Pad perfect secrecy can be formally proven (Shannon 1949) all schemes with perfect secrecy have keylength message length P = K = m for one-time pad needs lots of long keys impractical 16

Crypto Today Freedom to Tinker Schneier on Security Whetever you may think of the NSA, so far the cryptography it has published has been quite decent. Ferguson, Schneier, Kohno Cryptography Engineering, Wiley, 2010 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback