Introduction to Cryptography. --- Foundations of computer security ---

Similar documents
2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Overview. Public Key Algorithms I

Public Key Algorithms

EEC-484/584 Computer Networks

Computer Security 3/23/18

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Cryptography and Network Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Public Key Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Lecture 6: Overview of Public-Key Cryptography and RSA

Tuesday, January 17, 17. Crypto - mini lecture 1

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Cryptography MIS

Cryptographic Concepts

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CRYPTOGRAPHY & DIGITAL SIGNATURE

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Classical Cryptography. Thierry Sans

Study Guide to Mideterm Exam

Security: Cryptography

APNIC elearning: Cryptography Basics

Some Stuff About Crypto

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Lecture 1 Applied Cryptography (Part 1)

EEC-682/782 Computer Networks I

Chapter 3 Public Key Cryptography

CSCE 813 Internet Security Symmetric Cryptography

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Encryption. INST 346, Section 0201 April 3, 2018

Computer Security: Principles and Practice

CSC 474/574 Information Systems Security

Lecture 2 Applied Cryptography (Part 2)

Chapter 9. Public Key Cryptography, RSA And Key Management

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography (Overview)

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

1.264 Lecture 28. Cryptography: Asymmetric keys

Introduction to Cryptography. Vasil Slavov William Jewell College

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

CSC 774 Network Security

Public-key encipherment concept

Ref:

Chapter 3 Block Ciphers and the Data Encryption Standard

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CSC/ECE 774 Advanced Network Security

Cryptography and Network Security

CRYPTOGRAPHY. BY, Ayesha Farhin

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Public Key Cryptography

Technological foundation

LECTURE 4: Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Channel Coding and Cryptography Part II: Introduction to Cryptography

Public Key Algorithms

Chapter 9 Public Key Cryptography. WANG YANG

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

CPSC 467: Cryptography and Computer Security

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

ASYMMETRIC CRYPTOGRAPHY

Cryptography and Network Security. Sixth Edition by William Stallings

CSC 474/574 Information Systems Security

Introduction to Symmetric Cryptography

PGP: An Algorithmic Overview

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Cryptography Symmetric Encryption Class 2

Public Key Cryptography and the RSA Cryptosystem

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

CS61A Lecture #39: Cryptography

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

Basics of Cryptography

Cryptography Intro and RSA

Symmetric Cryptography. CS4264 Fall 2016

Chapter 30 Cryptography 30.1

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Public Key Cryptography and RSA

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Network Security Essentials Chapter 2

Number Theory and RSA Public-Key Encryption

Part VI. Public-key cryptography

Public Key Algorithms

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Uzzah and the Ark of the Covenant

Public Key (asymmetric) Cryptography

CCNA Security 1.1 Instructional Resource

Transcription:

Introduction to Cryptography --- Foundations of computer security ---

Related Chapters Cryptography CHAPTER 2, A Cryptography Primer CHAPTER 37, Data Encryption CHAPTER 39, Public Key Infrastructure CHAPTER 70, Advanced Data Encryption 2

Outline basic terms in cryptology classic secret key ciphers modern secret key ciphers DES (Data Encryption Standard) and AES (Advanced Encryption Standard) how do they work how to use DES and AES in practice 4 modes of operations 3

Basic Terms cryptology (to be very precise) cryptography --- designing cryptanalysis --- code breaking cryptologist cryptographer cryptanalyst encryption/encipherment scrambling data into unintelligible to unauthorised parties 4

Basic Terms (2) decryption/decipherment un-scrambling cipher/cryptosystem 5

A Short History dividing line is 1976/77 classic ~1976/77 1976: Diffie & Hellman discovered public key cryptography 1977: National Bureau of Standards published DES (Data Encryption Standard) modern 1976/77 ~ today 6

History (2) the word of cipher --- from Greek (secret writing) ancient Egypt, Julius Caesar,... WWII Enigma cipher machine broken by British team including Alan Turing Purple cipher broken by US, led to the death of Yamamoto Mainly for war, diplomacy & politics 7

Good Book on History of Crypto David Kahn, The Codebreakers, Macmillan, New York, 1972. PS: a revised edition was published in 1996 Not quite complete 8

Cryptography Goals Authentication: Alice sends a message to Bob. How can Bob verify that the message originated from Alice and not from Eve pretending to be Alice? Confidentiality: Alice sends a message to Bob. How can Bob be sure that the message was not read by Eve? For example, personal communications need to be maintained as confidential. 9

Cryptography Goals (2) Integrity: Alice sends a message to Bob. How does Bob verify that Eve did not intercept the message and change its contents? Nonrepudiation: Alice could send a message to Bob and later deny that she ever sent a message to Bob. In such a case, how could Bob ever determine who actually sent him the message? 10

Types of Ciphers private key cryptosystems/ciphers Also known as Secret key ciphers Single key ciphers Symmetric ciphers public key cryptosystems/ciphers Also known as asymmetric ciphers 11

Representation of Data By characters each character is represented by a 8-bit byte according to the ASCII table By binary bits (0 s and 1 s) eg. fax messages images digitalised voice data 12

Private Key Cipher Plain Text Cipher Text Cipher Text Original Plain Text E Network or Storage D Shared Secret Key Alice Shared Secret Key Bob 13

Concepts A private key cipher is composed of two algorithms encryption algorithm E decryption algorithm D The same key K is used for encryption & decryption K has to be distributed beforehand 14

Notations Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P) Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C) Note: P = D(K,C) = D(K, E(K,P)) 15

Classic Ciphers Substitution ciphers (also called shift/additive ciphers) Monoalphabetic ciphers Polyalphabetic ciphers Transposition (permutation) ciphers Product ciphers using both substitution, and transposition 16

The Caesar Cipher The Caesar cipher a substitution cipher, named after Julius Caesar. Operation principle: each letter is translated into the letter a fixed number of positions after it in the alphabet table. the fixed number of positions is a key both for encryption and decryption. 17

The Caesar Cipher (cnt d) Outer: plaintext Inner: ciphertext 18

The Caesar Cipher (cnt d) K=3 19

An Example for a key K=3, plaintext letter: ABCDEF...UVWXYZ ciphertext letter: DEF...UVWXYZABC Hence TREATY IMPOSSIBLE is translated into WUHDWB LPSRVVLEOH 20

An Exercise Using the Caesar cipher to encode the following message under a key K=3 WAR STARTS TOMORROW 21

Another substitution cipher example 22

Transposition Cipher It works by changing the location of characters (characters permutation). A cyclic group defines the permutation with a single key to encrypt, and the same key is used to decrypt the ciphered message. 23

Polyalphabetic Cipher Instead of one-to-one mapping (Cesar cipher), one-tomany mapping is used. A single letter can have multiple substitutes. A tableau is developed (see next slide). This tableau is a series of shift ciphers. The key is repeated over the plaintext. Then, using the tableau, the corresponding letter is used. The top row is used to look up the plaintext, and the leftmost column is used to reference the keyword. 24

25

Polyalphabetic Cipher Example Plaintext: Ask not what your country can do for you, key: rockerrooks. Plaintext A S K N O T W H A T Y O U R Key R O C K E R R O O K S R O C Ciphertext R G M X S K N V O D Q F I T Notice that A is encrypted to different letters. 26

Attacks Against Cryptography Ciphertext only attack: The cryptanalyst has an access to the ciphertext only. Frequency analysis is used to infer the key. Known plaintext attack: The cryptanalyst has an an access to both plaintext and the corresponding cipher text trying to find the key. Chosen plaintext attack: The cryptanalyst can encrypt plaintext of his choice and analyze the resulting cipher text. Chosen Ciphertext attack: The cryptanalyst can decrypt ciphertext of his choice to recover the key. 27

Breaking the Caesar Cipher by trial-and error by using statistics on letters frequency distributions of letters letter percent A 7.49% B 1.29% C 3.54% D 3.62% E 14.00%... with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks. The first computer designed by Alan Turing was used to break the Enigma cipher in WWII. 28

MODERN BLOCK CIPHERS 29

Block Ciphers Block ciphers provide the backbone algorithmic technology behind most modern-era ciphers It is a series of serial operations (rounds). In each round, a chunk of the input data is encrypted and fed to the next round. (chaining) Each output block is the same size as the input block. Each block uses a subkey permuted (derived) from the original key. 30

Modern Private Key Ciphers DES (US, 1977) key -- 56 bits, plaint/ciphertext -- 64 bits IDEA (Lai & Massey, Swiss, 1991) key -- 128 bits, plaint/ciphertext -- 64 bits LOKI (ADFA, Australia, 1989) key, plaint/ciphertext -- 64 bits FEAL (NTT, Japan, 1990) key -- 128 bits, plaint/ciphertext -- 64 bits AES (successor to DES, 2001) 31

Encryption using DES a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2,..., K16) Encryption consists of 16 rounds, each using a different 48-bit subkey Both a plaintext & a ciphertext are 64 bits long 64-bit plaintext Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15,..., K2, K1) 64-bit ciphertext 56-bit key DES (Encryption) 56-bit key DES (Decryption) 64-bit ciphertext 64-bit plaintext 32

AES Family AES-128,AES-192, AES-256 128-bit plaintext 128-bit plaintext 128-bit plaintext 128-bit key AES- 128 192-bit key AES- 192 256-bit key AES- 256 128-bit ciphertext 128-bit ciphertext 128-bit ciphertext 33

Examples AES128 PLAINTEXT: 00112233445566778899aabbccddeeff KEY: 000102030405060708090a0b0c0d0e0f CIPHERTEXT: 69c4e0d86a7b0430d8cdb78070b4c55a AES256 PLAINTEXT: 00112233445566778899aabbccddeeff KEY: 000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f CIPHERTEXT: 8ea2b7ca516745bfeafc49904b496089 34

Use of A Private Key Cipher in Practice

4 Modes of Operation Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback Mode (CFB) Output Feedback Mode (OFB) (Use AES-128 as an example) 36

Electronic Code Book (ECB) Encryption mi, ci: 128 bits for AES K: 128 bits (or 192, 256 bits) plaintext (message) m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 E E E E E E E E E E K c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 ciphertext (scrambled message) 37

Electronic Code Book (ECB) Decryption ciphertext (message) c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 D D D D D D D D D D K m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 plaintext (original message) 38

Electronic Code Book (ECB) Encryption plaintext (message) m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 K E E E E E E E E E E c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 ciphertext (scrambled message) ciphertext (message) Decryption c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 D D D D D D D D D D K m1 m2 m3 m4 m5 m6 m7 m8 m9 m10 plaintext (original message) 39

Padding If the length of a plaintext is not a multiple of 128bits, extra bits (0 s or 1 s) are padded to the end of the original message, so that the last block is 128 bits. Padded bits are discarded after decryption. 40

Examples of ECB Mode AES128, Encryption, 16 bytes KEY = 10a58869d74be5a374cf867cfb473859 PLAINTEXT = 00000000000000000000000000000000 CIPHERTEXT = 6d251e6944b051e04eaa6fb4dbf78465 AES256, Decryption, 16 bytes KEY = 07eb03a08d291d1b07408bf3512ab40 c91097ac77461aad4bb859647f74f00ee CIPHERTEXT = 47cb030da2ab051dfc6c4bf6910d12bb PLAINTEXT = 00000000000000000000000000000000 Source: NIST AES Test Data 41

ECB, AES128 Plaintext, 128 X 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 128 bits 2b7e151628aed2a6abf7158809cf4f3c Ciphertext 3ad77bb40d7a3660a89ecaf32466ef97 f5d3d58503b9699de785895a96fdbaaf 43b1cd7f598ece23881b00e3ed030688 7b0c785e27e8ad3f8223207104725dd4 42

Bit-Wise Exclusive OR (XOR) XOR Table 0 0 = 0 1 1 = 0 0 1 = 1 1 0 = 1 P 1 0 0 1 0 0 1 0 K 0 1 0 1 1 1 1 1 C 1 1 0 0 1 1 0 1 Useful properties: P K C C K P In Java, C & C++: C = P ^ K; P = C ^ K; 43

Cipher Block Chaining (CBC) Encryption m1 m2 m3 m4 IV E E E E K c1 c2 c3 c4 44

Cipher Block Chaining (CBC) Decryption m1 m2 m3 m4 IV D D D D K c1 c2 c3 c4 45

Cipher Block Chaining (CBC) --- Another way to look at decryption Decryption c1 c2 c3 c4 D D D D IV K m1 m2 m3 m4 46

Cipher Block Chaining (CBC) Encryption m1 m2 m3 m4 IV E E E E K c1 c2 c3 c4 c1 c2 c3 c4 Decryption IV D D D D K m1 m2 m3 m4 47

CBC, AES256 Plaintext, 128 X 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 256 bits 603deb1015ca71be2b73aef0857d7781 1f352c073b6108d72d9810a30914dff4 IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext f58c4c04d6e5f1ba779eabfb5f7bfbd6 9cfc4e967edb808d679f777bc6702c7d 39f23369a9d9bacfa530e26304231461 b2eb05e2c39be9fcda6c19078c6a9d1b 48

Cipher Block Chaining (CBC) with Interleave Factor = 2 Encryption Agreed values m1 m2 m3 m4 IV E E E E K c0 c1 c2 c3 c4 49

Cipher Block Chaining (CBC) with Interleave Factor = 2 Decryption Agreed values m1 m2 m3 m4 IV D D D D K c0 c1 c2 c3 c4 50

Cipher Block Chaining (CBC) with Interleave Factor = 2 Encryption m1 m2 m3 m4 IV E E E E K c0 c1 c2 c3 c4 c0 c1 c2 c3 c4 Decryption IV D D D D K m1 m2 m3 m4 51

Higher Order Bits & Lower Order Bits The left The right b 127 128-bit register/storage b 0 Higher order bits Lower order bits (Note: in line with Java, C, and C++) 52

Cipher Feedback Mode (CFB) Encryption 128-bit register 128-bit shift register (to the left by t bits) K ki: t higher order bits mi t bits (3) (1) E (2) t bits (4) Copy & Feedback t bits ci 53

Blocks, Key & Initial Vector for CFB Long data is divided into blocks, each having t bits. Typically, t=8. Key & initial vector Sender & receiver need to agree on 2 pieces of information beforehand: key K (has to be kept secret) an initial vector for the shift register it does NOT have to be kept secret! a 128-bit all-0 vector may be chosen 54

Cipher Feedback Mode (CFB) Decryption 128-bit shift register (to the left by t bits) (3)... K (1) E (4) Copy & Feedback t bits ki: t higher order bits ci mi t bits (2) t bits 55

Cipher Feedback Mode (CFB) Encryption Decryption 128-bit shift register (to the left by t bits) (3) (1) K E (4) 128-bit register K 128-bit shift register (to the left by t bits) (3)... (4) (1) E ki: t higher order bits mi (2) ci ci ki: t higher order bits mi t bits t bits t bits (2) t bits 56

4 Sub-steps in CFB Decryption encrypt (with, say, AES) XOR Shift (to the left/higher order bit positions) Feedback (to the lower order bit positions) 57

CFB with t=1, AES128 Plaintext, 16 bits 6bc1 (=0110 1011 1100 0001 2 ) Key, 128 bits 2b7e151628aed2a6abf7158809cf4f3c IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 16 bits 68b3 (=0110 1000 1011 0011 2 ) 58

CFB with t=8, AES256 Plaintext, 18 bytes (=144 bits) 6bc1bee22e409f96e93d7e117393172aae2d Key, 256 bits 603deb1015ca71be2b73aef0857d7781 1f352c073b6108d72d9810a30914dff4 IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 18 bytes dc1f1a8520a64d655fcc8ac554844e889700 59

Output Feedback Mode (OFB) Encryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits ki: t higher order bits Note : mi ci m i k i c i t bits (2) t bits 60

Output Feedback Mode (OFB) Decryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits ki: t higher order bits Note c i m i k : i ( m ( k i i k k i ) i ) k i ci t bits (2) mi t bits m i 0 0 m i 61

Output Feedback Mode (OFB) Encryption 128-bit shift register (initially IV) Decryption 128-bit shift register (initially IV) K (1) E (3) Feedback all 128 bits K (1) E (3) Feedback all 128 bits ki: t higher order bits ki: t higher order bits mi ci ci mi t bits (2) t bits t bits (2) t bits 62

OFB, AES128 Plaintext, 128 x 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 128 bits 2b7e151628aed2a6abf7158809cf4f3c IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 128 x 4 bits 3b3fd92eb72dad20333449f8e83cfb4a 7789508d16918f03f53c52dac54ed825 9740051e9c5fecf64344f7a82260edcc 304c6528f659c77866a510d9c1d6ae5e 63

OFB, AES192 Plaintext, 128 x 4 bits 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710 Key, 192 bits 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b IV, 128 bits 000102030405060708090a0b0c0d0e0f Ciphertext, 128 x 4 bits cdc80d6fddf18cab34c25909c99a4174 fcc28b8d4c63837c09e81700c1100401 8d9a9aeac0f6596f559c6d4daf59a5f2 6d9f200857ca6c3e9cac524bd9acc92a 64

Which Mode to Use? electronic code book (ECB) suffers various potential attacks, including block-replacing attack, it should NOT be used! Use one of the other 3 modes cipher block chaining (CBC) cipher feedback mode (CFB) output feedback mode (OFB) 65

Other modes Counter mode (CTR) Combined modes CTR + CFB CTR + OFB 66

Counter Mode (CTR) Encryption 128-bit counter (initialized to 0) K (1) Counter E (3) Increase counter by 1 ki: t higher order bits Note : mi ci m i k i c i t bits (2) t bits 67

Counter Mode (CTR) Decryption 128-bit counter (initialized to 0) K (1) Counter E (3) Increase counter by 1 ki: t higher order bits Note : ci mi c i k i m i t bits (2) t bits 68

How Long a Key should Be to Be Secure 56 bits (DES) -- too short 64 bits -- OK for a few months 80 bits -- OK for non-critical applications 128 bits -- OK for all applications 256 bits OK for applications requiring the highest level of security 69

How to Get Long Keys use ciphers that support long keys: IDEA (128 bits) AES (128, 192, 256 bits) use triple DES results in a key of 112 bits encrypt using K1 decrypt using K2 encrypt again using K1 70

Triple DES (~2030) --- Option 1 Encrypt m K1 E D E c K2 K3 c D E D m Decrypt K1 K2 K3 Source: NIST SP800-67 rev1, 1/2012 71

Triple DES (~2030) Option 2 Encrypt m E D E c K1 K2 c D E D m Decrypt K1 K2 72

ONE-WAY HASH 73

One-Way Hash Algorithm A document (of any length) A condensed, short, fixed length output (say of 160 bits) 74

One-Way Hash Algorithm a one-way hash algorithm hashes an input document into a condensed short output (say of 160 bits) One-wayness Given an output, it is infeasible for any one to find an input document which is hashed to that specific output! Collision resistance it is infeasible for any one to find two or more input documents which are hashed to the same condensed output! 75

Criteria of Hash Functions Preimage resistance: Given a message m and the hash function hash, if the hash value h = hash(m) is given, it should be hard to find any m such that h = hash(m). Second preimage resistance (weak collision resistance): Given input m 1, it should be hard to find another message m 2 such that hash(m 1 ) = hash(m 2 ) and that m 1 m 2 Strong collision resistance: It ought to be hard to find two messages m 1 m 2 such that hash(m 1 ) = hash(m 2 ). 76

Finding collision is infeasible I, Bob, will pay $1,000 to Alice. I, Bob, will pay $10,000 to Alice. (same condensed output) 77

Confetti Shredder as 1-Way Hash Shredding a newspaper into very fine pieces Pick & keep only 20 random pieces out of all those fine pieces & burn off the rest It s 1-way Infeasible for one to recover the original newspaper from the 20 fine pieces It s collision-resistant Infeasible for one to find 2 different newspapers that are shredded to the same set of 20 pieces 78

Examples of 1-Way Hashing SHA Family SHA-1 (output: 160 bits) SHA-224 (output: 224 bits) SHA-256 (output: 256 bits) SHA-324 (output: 324 bits) SHA-512 (output: 512 bits) MD5 (broken, should no longer be used) 79

SECURE TWO-WAY COMMUNICATION 80

Secure 1-Directional Communication Plain Text Cipher Text Cipher Text Original Plain Text E Network or Storage D Shared Secret Key Alice Shared Secret Key Bob 81

Secure Bi-Directional Communication Plain Text Cipher Text Cipher Text Plain Text E Open Network D Pair of Shared Secret Keys: K A B & K B A Alice Pair of Shared Secret Keys: K A B & K B A Bob 82

PUBLIC KEY CRYPTOGRAPHY (ASYMMETRIC CRYPTOGRAPHY) 83

Public Key Cryptosystem Bob s Public Key (for encryption) Public Key Directory Plain Text Cipher Text Cipher Text Plain Text E Open Network D Alice Bob Secret Key (for decryption) 84

Public Key Encryption/Decryption Process 85

Main Differences with AES The public encryption key is different from the secret decryption key. Infeasible for an attacker to find out the secret decryption key from the public encryption key. No need for Alice & Bob to distribute a shared secret key beforehand! Only one pair of public and secret keys is required for each user! 86

Digital Signature Public Key Directory Bob s Public Verification Key Bob Cathy Message signature generation algorithm H 256 bits 1-way hash S Signature Secret Signing Key Open Network Signature Message + signature verification H 256 bits V Accept if satisfied Public Key 87

Digital Signature Operations 88

Applications of Digital Signature Authentication Non-repudiation Digital certification E-Commerce Digital certificates for servers, clients & users Secure communication Digital credentials Certified software applications (apps, drivers, APIs etc) Digital money 89

Digital Signature in epassport epassport an embedded RFID chip that contains information about the owner Digitally signed --- good! Data may be encrypted with a key derived from user info --- not secure at all! Ref: ICAO Doc 9303, Machine Readable Travel Documents RFID chip and antenna is embedded in the cover e-passport symbol 90

Symmetric Key Encryption (summary) One Key. Pre-distribution of the key is needed. Fast. Not scalable (you need a key for each sender/receiver). Not suitable for broadcasting messages. 91

Asymmetric Key Encryption (summary) Two Keys (public and private). Pre-distribution of the key is NOT needed. Slow. Private key can not be derived from public key. Scalable (you need one pair of keys for each user). Suitable for broadcasting messages. 92

Using Both Symmetric and Asymmetric Crypto Symmetric keys are used to encrypt sessions between users (fast). Asymmetric keys are used to distribute the symmetric keys (more secure). 93

Notable Public Key Encryption and Digital Signature Public Key Encryption Based on Integer Factorization RSA Based on Discrete Logarithm ElGamal Diffie-Hellman Based on Elliptic Curves Elliptic curve Diffie-Hellman Based on Lattices NTRU Digital Signature Based on Integer Factorization RSA signature Based on Discrete Logarithm Schnorr DSS Based on Elliptic Curves EC-DSS Based on Lattices NTRU signature 94

Signcryption (signature+encryption) Simultaneously provides the functions of digital signature unforgeability & non-repudiation public key encryption confidentiality with a significantly smaller computational & communication overhead Cost (signcryption) Ref: << Cost (signature) + Cost (encryption) ISO/IEC 29150:2011, Information technology -- Security techniques Signcryption, International Organization for Standardization, 12/2011. www.signcryption.org 95

RSA Algorithm

Public key Cryptography Developed to address two issues: key distribution how to have secure communications in general without having to trust a KDC with your own key. digital signatures to verify a message coming intact from the intended sender. Uses two keys, private and public key. 97

RSA Invented by Rivest, Shamir and Adleman in 1977 It is based on exponentiation over integers modulo a prime It uses large integers (to make it hard to break) Its security due to cost of factoring large numbers 98

Prime Numbers Prime numbers have only two divisors, 1 and it self. It can t be written as multiplication of other numbers. Eg. 2,3,5,7 are prime numbers; 4,6,8,9,10 are not. List of prime numbers less than 100 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 99

Prime Factorization Given a number n, factoring n is to write it as multiple of other numbers; n = x * y * z. Prime factorization is to write a number n as a product of prime numbers. Eg. 91 = 7 * 13 100

Fermat s Little Theorem a p-1 mod p = 1, where p is prime and gcd(a,p)=1 In other words, if p is a prime number, and a is any integer, then a p -a is an integer multiple of p Eg. a=2, p=7, 2 7 =128, 128-2=126, 126=7*18, 126 is multiple of 7. 101

Relatively Prime Numbers (Coprimes) Two numbers (a and b) are relatively prime if they have no common divisors other than 1 eg. 8 & 9 are relatively prime since factors of 8 are 1,2,4,8 and factors of 9 are 1,3,9 and 1 is the only common factor In other words, relatively prime numbers have a greatest common divisor (GCD) of 1. 102

Euler Totient Function ø(n) Is an arithmetic function that calculates the number of relatively prime numbers (<= n) to a given number n. Examples: ø(1) = 0. ø(10) = 4 // {1,3,7,9} ø(p) = p-1, if p is prime. ø(p e ) = p e - p e-1, if p is prime. ø(m*n) = ø(m) * ø(n), if m and n are coprimes 103

RSA Key Generation 1. choose two distinct prime numbers, p and q 2. compute n = p*q. 3. find ø(n) = ø(p) * ø(q) = (p-1)*(q-1). 4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 e is the public key 5. calculate d as d*e 1 (mod φ(n)) d is the private key 104

RSA Example 1. Select primes: p=17 & q=11 2. Compute n = pq =17 11=187 3. Compute ø(n)=(p 1)(q-1)=16 10=160 4. Select e : gcd(e,160)=1; choose e=7 5. Determine d: d*e=1 mod 160 and d < 160 Value is d=23 since 23 7=161= 10 160+1 6. Publish public key{7,187} 7. Keep secret private key{23,17,11} 105

RSA Example cont sample RSA encryption/decryption is: given message M = 88 encryption: C = 88 7 mod 187 = 11 decryption: M = 11 23 mod 187 = 88 106

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback