Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Similar documents
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Public-key encipherment concept

Public Key Cryptography

Public Key Cryptography and RSA

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Encryption Algorithms

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Computer Security 3/23/18

CSC 474/574 Information Systems Security

Lecture IV : Cryptography, Fundamentals

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Some Stuff About Crypto

Encryption Details COMP620

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Chapter 9. Public Key Cryptography, RSA And Key Management

Public Key Algorithms

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

CSC 474/574 Information Systems Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

CSC 474/574 Information Systems Security

LECTURE 4: Cryptography

2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

Overview. Public Key Algorithms I

Chapter 9 Public Key Cryptography. WANG YANG

Public Key Algorithms

Cryptography and Network Security 2. Symmetric Ciphers. Lectured by Nguyễn Đức Thái

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public Key Algorithms

CS669 Network Security

Cryptography and Network Security. Sixth Edition by William Stallings

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Security: Cryptography

Lecture 6: Overview of Public-Key Cryptography and RSA

Topics. Number Theory Review. Public Key Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2018

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography Intro and RSA

Math236 Discrete Maths with Applications

Chapter 3 Public Key Cryptography

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

RSA. Public Key CryptoSystem

Goals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010

A nice outline of the RSA algorithm and implementation can be found at:

CS61A Lecture #39: Cryptography

EEC-484/584 Computer Networks

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Secret Key Cryptography

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Security. Communication security. System Security

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Classical Encryption Techniques. CSS 322 Security and Cryptography

S. Erfani, ECE Dept., University of Windsor Network Security. 2.3-Cipher Block Modes of operation

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Other Topics in Cryptography. Truong Tuan Anh

Cryptographic Concepts

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

ENGR/CS 101 CS Session Lecture 5

Study Guide to Mideterm Exam

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Lecture 2 Applied Cryptography (Part 2)

CRYPTOGRAPHY. BY, Ayesha Farhin

Public Key Cryptography and the RSA Cryptosystem

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Modern Cryptography Activity 1: Caesar Ciphers

Math236 Discrete Maths with Applications

Tuesday, January 17, 17. Crypto - mini lecture 1

Enhanced Asymmetric Public Key Cryptography based on Diffie-Hellman and RSA Algorithm

What did we talk about last time? Public key cryptography A little number theory

RSA (algorithm) History

Classical Encryption Techniques

CRYPTOGRAPHY Thursday, April 24,

An overview and Cryptographic Challenges of RSA Bhawana

Nature Sunday Academy Lesson Plan

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

LECTURE NOTES ON PUBLIC- KEY CRYPTOGRAPHY. (One-Way Functions and ElGamal System)

Public Key Cryptography

CSCE 813 Internet Security Symmetric Cryptography

Chapter 3. Principles of Public-Key Cryptosystems

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Analysis of Cryptography and Pseudorandom Numbers

Encryption. INST 346, Section 0201 April 3, 2018

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Introduction to cryptography

ECE Lecture 2. Basic Concepts of Cryptology. Basic Vocabulary CRYPTOLOGY. Symmetric Key Public Key Protocols

Block Encryption and DES

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

1-7 Attacks on Cryptosystems

IMPORTANCE OF NUMBER THEORY IN CRYPTOGRAPHY

Transcription:

Cryptographic Techniques Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Outline Data security Cryptography basics Cryptographic systems DES RSA C. H. HUANG IN CML 2

Cryptography Cryptography is the science of secret writing. A cipher is a secret method of writing, where by plaintext (cleartext) is transformed into a ciphertext. The process of transforming plaintext into ciphertextis called encipherment or encryption. The reverse process of transforming ciphertext into plaintext is called decipherment or decryption. Encryption and decryption are controlled by cryptographic keys. C. H. HUANG IN CML 3

Secret Writing Encryption Plaintext Key Ciphertext Decryption C. H. HUANG IN CML 4

Attacks against Ciphers Cryptanalysis is the science and study of methods of breaking ciphers. A cipher is breakable if it is possible to determine the plaintext or key from the ciphertext, or to determine the key from plaintext-ciphertext pairs. Attacks Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack C. H. HUANG IN CML 5

Cryptographic Systems A cryptographic system has five components: A plaintext message space, M A ciphertext message space, C A key space, K A familiyof enciphering transformations E k :M C A family of deciphering transformations D k :C M C. H. HUANG IN CML 6

Cryptographic Systems (cont.) M E k C D k M plaintext ciphertext plaintext D k (E k (m))=m,for a key k Cryptosystem requirements: Efficient enciphering/deciphering Systems must be easy to use The security of the system depends only on the keys, not the secrecy of E or D C. H. HUANG IN CML 7

Secure Cipher Unconditionally secure A cipher is unconditionally secure if no matter how much ciphertextis intercepted, there is not enough information in the ciphertext to determine the plaintext uniquely. Computationally secure A cipher is computationally infeasible to break. C. H. HUANG IN CML 8

Secrecy Requirements M It should be computationally infeasible to systematically determine the deciphering transformation D k from intercepted c, even if corresponding m is known. It should be computationally infeasible to systematically determine m from intercepted c. protected E k C D k M disallowed M C. H. HUANG IN CML 9

Authenticity requirements It should be computationally infeasible to systematically determine the enciphering transformation given c, even if corresponding m is known. It should be computationally infeasible to systematically find c such that D k (c ) is a valid plaintext in M. M E k C D k M protected M disallowed C. H. HUANG IN CML 10

Key-distribution cryptosystem Message Source P Encryption C Decryption P Receiver Secure key transmission Encrypting &decrypting are closely tied together. The sender and the receiver must agree on the use of a common key before any message transmission takes place. A safe communication channel must exist between sender and receiver C. H. HUANG IN CML 11

Public-key Cryptosystem Message Source P Encryption C Decryption P Receiver Key source 1 E k Key source 2 D k In a public key cryptosystem, each participant is assigned a pair of inverse keys E and D. Different functions are used for enciphering and deciphering, one of the two keys can be made public, provided that it is impossible to generate one key from the other. E can be made public, but D is kept secret. The normal key transmission between senders and receivers can be replaced by an open directory of enciphering keys, containing the keys E for all participants. C. H. HUANG IN CML 12

Using Public-Key Cryptosystem to Transfer Messages Secretly When a person A wishes to send a message to a person B, the receiver s enciphering key E B is used to generate the ciphertext E B (m). Since the key E B is freely available, anyone can then encipher a message destined for B. However, only the receivers B with access to the decipher key D B can regenerate the original text by performing the inverse transform D B (E B (m)). C. H. HUANG IN CML 13

Digital Signature Guaranteeing authenticity. Let B be the recipient of a message m signed by A. Then A s signature must satisfy: 1. B must be able to able to validate A s signature on m. 2. It must be impossible to forge A s signature 3. If A disavow signing a message, a third party must be able to resolve the distribute. C. H. HUANG IN CML 14

Using Public-key Systems to Implement Digital Signatures 1. A signs m by computing c=d A (m) 2. B validates A s signature by checking E A (c) =m 3. A dispute can be judged by checking whether E A (c) restores M in the same ways as B. Requirements: D k (E k (m))=e k (D k (m))=m C. H. HUANG IN CML 15

Secrecy and Authenticity in A Public-Key System m D A (m)=s E B (S)=C D B (C)=S E A (S)=m m Transformations applied by sender Transformations applied by receiver E A (D B (C))=E A (D B (E B (D A (M)))) =E A (D A (M)) =M C. H. HUANG IN CML 16

Reference Cryptography and Data Security, D. Elizabeth and R. Denning, Purdue University, 1998 FAQ about Today s Cryptography, RSA Laboratory, (found in www.rsa.com) The reference listed in course handout. C. H. HUANG IN CML 17

Conventional Cryptosystems Using substitution transform and permutation transform Substitution Ciphers Running Key Ciphers Transposition Ciphers (Permutation ciphers) Stream Ciphers C. H. HUANG IN CML 18

Substitution Ciphers Replace bits, characters, or blocks of characters with substitutes. Example: Caesar cipher which shift each letter in the English forward by K positions (shifts past Z cycle back to A) A simple substitution cipher is easy to solve by performing a frequency analysis. C. H. HUANG IN CML 19

Running Key Ciphers The security of a substitution cipher generally increases with the key length. In a running key cipher, the key length is equal to the plaintext message.(not using a fixed key alphabet) E.g. use the text in a book as the key sequence. The cipher may be breakable by Friedman s method based on the observation that both plaintext and key letters are high frequency ones in natural language. C. H. HUANG IN CML 20

Permutation Ciphers Rearrange bits or characters in the data. INFORMATION TECHNIQUES FOR IPR I R I T N E R N O M T O E H I U S O I R F A N C Q F P IRITNERNOMTOEHIUSOIRFANCQFP What is the key? Attacks: frequency analysis of characters. C. H. HUANG IN CML 21

Product Cipher A product cipher is the composition of functions F 1,,F t, where each F i may be a substitution or permutation. Examples of product ciphers DES S P S P S C. H. HUANG IN CML 22

Data Encryption Standard (DES) The National Bureau of Standards announced DES to be used in unclassified U.S. Government applications. DES enciphers 64-bit blocks with a 56-bit key. C. H. HUANG IN CML 23

DES An input block T is first transposed under an initial permutation IP, giving T 0 =IP(T). E.g. t 1 t 2 t 64 t 58 t 50 t 7 Then T 0 is passed through 16 iterations of function f. Finally, it is transposed under the inverse permutation IP -1 to give the final result. C. H. HUANG IN CML 24

DES (cont.) Let T i denote the result of the ithiteration, and let L i and R i denote the left and right halves of T i. Then L i =R i-1 R i =L i-1 f(r i-1, K i ) where is the exclusive-or operation and K is a 48-bit key. After the last iteration, the left and right halves are not changed, but instead passed to IP -1. C. H. HUANG IN CML 25

DES (cont.) Calculate the function F(R i-1, K i ): 1. Using bit-selection Table E to expand 32-bit R i-1 to a 48-bit block E(R i-1 ). (Similar to permutation) 2. Calculate the exclusive-or of E(R i-1 ) and K i. Then break the result into 8 6-bit blocks B 1,, B 8. 3. Use each 6-bit B j b 1 b 2 b 3 b 4 b 5 b 6 as input to a selection (substitution ) and return a 4-bit block S j (B j ). b 1 b 6 row b 2 b 3 b 4 b 5 column C. H. HUANG IN CML 26

DES (cont.) Key calculation Each iteration i uses a different 48-bit key K i derived from the initial key K, which is input as a 64-bit block with 8 parity bits in positions 8, 16,, 64. PC-1 discards the parity bits and transposes the remaining 56-bit bits to obtain PC-1(K). PC-1(K) is then split to C and D of 28-bits each, and circular shifted by LS. C i =LS i (C i-1 ), D i =LS i (D i-1 ) K i =PC-2(C i D i ). C. H. HUANG IN CML 27

DES (cont.) Deciphering The same algorithm is used, except that the order of key for each iteration is reversed. E.g. K 16 is used in 1 st iteration, K 15 is used in 2 nd iteration. C. H. HUANG IN CML 28

Disputes about DES 56-bit key length should be doubled? A special purpose machine containing a million LSI chips could try 2 56 keys in 1 day. The cost of this machine is about $ 20 million. Amortized over 5 years, the cost per day would be $10,000. The same level of security could be obtained using multiple encryption scheme. The S-box may have hidden trapdoors. The analysis is still classified. C. H. HUANG IN CML 29

Stream Ciphers A random number generator (typically LFSR) may be used to generate a stream of key characters, each character of the key being added to a character of the input stream to produce an output character. Message stream Shift register Cipher stream Key stream C. H. HUANG IN CML 30

Cipher Based on Computationally Difficult Problems One-way function: C=f(P) P f: computationally simple C f -1 :computationally difficult except in special cases when supplementary information (keys) is available exponentiation and logarithm multiplication/factoring review of number theory NP-complete problems A systematic deterministic solution is likely to require exponential time in the number of inputs. C. H. HUANG IN CML 31

DiffieHellman s public-key cryptosystem Each user i in the system has a pair of keys X i and Yi, where Y i =α Xi mod q, 1 X i q-1, 1 α q-1, q: prime number X i is kept secret, but Y i is made public. Sender i generates the key K ij = Y j Xi mod q = α XiXj mod q from receiver j s public key Y j and his own private key X i. Receiver j obtains K ij similarly from Y i and X j. C. H. HUANG IN CML 32

Security of DiffieHellman s System To generate the key K ij, one of the private keys X i or X j must be known. To generate the K ij from Y i and Y j, a form of logarithm below must be computed: K ij =Y i (log Yj) mod q which is computationally difficult. C. H. HUANG IN CML 33

The RSA Algorithm Each user selects two large prime numbers P and Q at random, and multiplies them to obtain N=P Q. N should be about 200 digits long and can be made public P and Q are kept secret. C. H. HUANG IN CML 34

The RSA Algorithm (cont.) Using P and Q, the user computes the Euler totientfunction Φ(N), representing the number of positive integers relatively prime to N. Φ(N)=Φ(P)Φ(Q) = (P-1) (Q-1) The user then chooses a quantity E less than N and relatively prime to Φ(N). The quantity E is made public. C. H. HUANG IN CML 35

The RSA Algorithm (cont.) Given a message M to be enciphered, M is broken down into a sequence of quantities M 1, M 2,, M p, where each component M i is represented by an integer between 0 and N-1. The enciphering is now done separately on each block M i using the public information E and N to generate a cryptogram C i as C i =M ie mod N at most 2.Log 2 (N) multiplications are required C. H. HUANG IN CML 36

The RSA Algorithm (cont.) Using the secret informationφ(n), the user can easily compute a quantity D such that E.D=1 modφ(n) (deciphering key). I E.D=1 modφ(n)=kφ(n)+1 D=KΦ(N)+1/E. C. H. HUANG IN CML 37

The RSA Algorithm (cont.) By Fermat s theorem: M Φ(N) mod N =1 mod N, or M KΦ(N)+1 mod N =M mod N. Deciphering procedure: C id mod N = M i ED mod N = M i KΦ(N)+1 mod N = M i mod N = M i C. H. HUANG IN CML 38

Using RSA Suppose user A want to send a message m to user B. User A creates the ciphertextc by c = m E mod N, where E and N are user B s public key. User A sends c to user B. User B decrypts c by calculate m = c D mod N. The relation bewteen D and E ensures that B correctly recovers m. Since only B knows D, only B can decrypt the message. C. H. HUANG IN CML 39

Attacks against RSA Attacks to recover all messages for a given key Factor the public modulus N to P and Q.With P,Q, and E, the attacker can easily compute D. Attacks to recover a message Guessed-plaintext attacks. This attacks can be defeated by appending random bits. C. H. HUANG IN CML 40

Security of RSA The size of a key in the RSA algorithm typically refers to the size of the modulus N. The two primes P and Q should be roughly equal length. The longer the key size, the greater the security, but also the slower the RSA algorithm. The 512-bit RSA-155 was factored in seven month during 1999. The RSA lab currently recommends key sizes of 1024 bits for corporate use. C. H. HUANG IN CML 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback