Introduction to Cryptography. Ramki Thurimella

Similar documents
ECEN 5022 Cryptography

Public-key Cryptography: Theory and Practice

What did we talk about last time? Public key cryptography A little number theory

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Cryptographic Protocols 1

CSE 127: Computer Security Cryptography. Kirill Levchenko

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

2.1 Basic Cryptography Concepts

UNIT - IV Cryptographic Hash Function 31.1

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Authentication Part IV NOTE: Part IV includes all of Part III!

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CSC 474/574 Information Systems Security

CS 161 Computer Security

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

David Wetherall, with some slides from Radia Perlman s security lectures.

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

1.264 Lecture 28. Cryptography: Asymmetric keys

CSC 482/582: Computer Security. Security Protocols

Introduction to Cryptography

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Kurose & Ross, Chapters (5 th ed.)

Chapter 11 Message Integrity and Message Authentication

Security: Cryptography

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Diffie-Hellman. Part 1 Cryptography 136

CSC 774 Network Security

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Cryptographic Checksums

18-642: Cryptography 11/15/ Philip Koopman

Cryptography (Overview)

CS 161 Computer Security

CSC/ECE 774 Advanced Network Security

Encryption and Forensics/Data Hiding

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

CSC 8560 Computer Networks: Network Security

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CS Computer Networks 1: Authentication

Outline Key Management CS 239 Computer Security February 9, 2004

CS November 2018

Chapter 9: Key Management

Course Administration

18-642: Cryptography

CSC 580 Cryptography and Computer Security

Overview. SSL Cryptography Overview CHAPTER 1

Chapter 9 Public Key Cryptography. WANG YANG

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Spring 2010: CS419 Computer Security

Number Theory and RSA Public-Key Encryption

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Refresher: Applied Cryptography

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Session key establishment protocols

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

CPSC 467: Cryptography and Computer Security

Security. Communication security. System Security

Session key establishment protocols

Homework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.

Ref:

1. Diffie-Hellman Key Exchange

Encryption Providing Perfect Secrecy COPYRIGHT 2001 NON-ELEPHANT ENCRYPTION SYSTEMS INC.

Full file at

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Summary on Crypto Primitives and Protocols

CS 161 Computer Security

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Lecture 6 - Cryptography

Uses of Cryptography

CS 161 Computer Security

Study Guide for the Final Exam

Information Security CS 526

Activity Guide - Public Key Cryptography

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

ASYMMETRIC CRYPTOGRAPHY

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Key Establishment and Authentication Protocols EECE 412

Transcription:

Introduction to Cryptography Ramki Thurimella

Encryption & Decryption 2

Generic Setting 3

Kerckhoff s Principle Security of the encryption scheme must depend only on The secret key NOT on the secrecy of the algorithm Algorithms do not usually change Nobody designs a separate algorithm for each pair of users There could be million users using the same algorithm (Eve can easily get a copy) 4

Kerckhoff s Principle (cont.) Netscape fiasco (details in NYT article) There is usually a healthy distrust of Proprietary Confidential Or otherwise secret algorithms Publishing encourages other security researchers to find flaws & suggest fixes SCADA 5

Authentication 6

MAC Assuming Alice and Bob somehow agree on a key K e 7

Authentication Eve can still Delay or Delete messages Replay Change the message order So, MAC is typically combined with sequence numbers With this, Bob can receive a subsequence of messages sent by Alice 8

Public-Key Cryptography Encryption Figure from http://gdp.globus.org/gt4-tutorial/multiplehtml/ch09s03.html 9

Public-Key Cryptography (cont.) Both Alice and Bob have a pair of keys, one that is public and one private that they keep secret. Given a public key, one cannot derive the corresponding private key Solves the key-distribution problem Used in the first phase of SSL to exchange a symmetric key Why not use asymmetric key cryptography for everything? 10

Public-Key Cryptography (cont.) Modular arithmetic on large (thousands of digits) integers is slooow! Digital signatures: If Alice applies her secret key and sends the message, then every one in possession of her public key can verify that the message originated from Alice The key pair can be applied in either order, i.e. the function composition is commutative. This order of function application is useful for authentication 11

Public-Key Cryptography (cont.) Digital Signatures Figure from http://gdp.globus.org/gt4-tutorial/multiplehtml/ch09s03.html 12

Can the pubic key be trusted? Eve can replace Alice s public key with a different one How can Bob be sure that the public key of Alice really belongs to Alice? Have a Certification Authority (CA) sign the public key vouching for the authenticity How can CA s public key be trusted? Hardcode (bury) the public key of a handful of CA s in the browsers/operating systems Some example CAs are Verisign, GoDaddy, Comodo 13

Problems with PKI For scale, the task of signing public keys is delegated to lower level CAs. That is, there is a hierarchy: root CA and lower-level CAs One CA might not be trustworthy to everyone in the world What if CA s secret key is stolen? CA s liability 14

Attacks Ciphertext-only model Known-Plaintext model Chosen-Plaintext model Chosen-Ciphertext model Distinguishing Attack goal Other (information leakage or side-channel) Attack Digital Signatures Timing information (how fast encryption and decryption took) & Ciphertext length 15

Ciphertext-only model Eve has access only to the ciphertext Hardest because Eve has the least amount of information This is the attack most people are referring to when they say breaking an encryption system The goal is to decrypt a message, or derive the secret key 16

Known-Plaintext model Eve has ciphertext + corresponding plaintext Goal: derive the secret key How did Eve get her hands on the plaintext? Predictable Some parts of e-mail Auto responders, if the recipient is on a vacation Padding characters Heart-beat messages Eve received legitimately from Alice (as part of a protocol) Ciphertext is a draft version, later Alice and Bob publish the final version 17

Chosen-Plaintext model Eve has control over the plaintext Can feed Alice a chosen plaintext p have Alice produce the corresponding ciphertext c Eve uses c and p to derive the secret key E.g. Eve has access to Unix passwd file She can invoke the passwd function, supply different words (say from a dictionary) and compare with the encrypted entries in the passwd file Dictionary Attack To see your own linux password hash % sudo getent shadow $USER cut -d : -f 2 Offline and Online 18

Chosen-Ciphertext model Misnomer it is really chosen-plaintext + chosen-ciphertext, i.e. Given plaintext, you get ciphertext Given ciphertext, you get plaintext Goal: derive the secret key Eve might have stolen the encryption system and trying to figure out the inner workings 19

Distinguishing Attack goal An attack that does not entirely decrypt or find the secret key, but Reveals partial information about the message Any nontrivial method that distinguishes between the ideal encryption and the actual one 20

Information leakage or sidechannel Attacks on authentication or digital signatures Eve might know The time it took to compute c Energy consumed Eavesdropping on keystrokes 21

Birthday Attacks Source: http://en.wikipedia.org/wiki/file:birthday_paradox.svg 22

Birthday Attacks (cont.) Assume all birthdays are equally probable By pigeon-hole principle, if the number of people n is 367, then P(collision) = 1 n c 2 when n=23 is 253 pairs n c 2 is O(n 2 ) Collision probability exceeds 50% when n is greater than sample space 23

Birthday Attacks (cont.) How is this related to cryptography For secure financial transactions, use a fresh 64-bit authentication key There are 2 64 (=18*10 18 ) key values But, after 2 64 = 2 32 (only 4 billion), two transactions use the same key with more 50% probability Assume every transaction starts with Are you ready? Eve can compare the new MAC with the old ones and see if any of the old ones is being repeated If yes, Eve can mount a replay attack 24

Meet-in-the-middle Attacks Cousins of Birthday Attacks Fall under the broad category of collision attacks Method Choose 2 32 different 64-bit keys at random Compute the MAC for Are you ready? for each one If MAC from the transaction matches one of the 2 32 MACs that were precomputed, then the precomputed key matches Alice s key with high likelihood Insert arbitrary messages since the secret key is 25

Meet-in-the-middle Attacks (cont.) How many messages does she need to listen to before Eve has a hit? The probability that Alice s key matches one of the precomputed keys is 1/2 32 Expected value of a collision is 1 after witnessing 2 32 transactions Far fewer than brute-forcing 2 64 values 26

Meet-in-the-middle Attacks (cont.) Abstractly Say the sample space is N Eve has generated a set of P keys Alice has generated Q keys Number of pairs = P*Q Collision occurs when P*Q is close N P = N (1/3) and Q = N (2/3) This attack provides more flexibility to Eve She should choose P and Q so as to minimize the total cost 27

Security Level How much work does it take to break a system? 2 235 steps to break a 235-bit key What is a step? Could be looking up a table entry Database hit Computing a simple function Could take 1 clock cycle 1 second 10 6 clock cycles Abstractly, we would like difficulty relative to a brute-force attack Textbook assumes 1 step = 1 clock cycle to simplify analysis 28

Security Level (cont.) Current systems require 128-bit security for them to last for next few decades For engineering reasons, the key length is typically a power of 2 Security level Focuses only how much work Eve has to do Ignores interaction with the system (Does Eve have access to plaintext or the encryption system?) 29

Performance Cryptographic algorithms are seen as slow DO NOT attempt to roll your own crypto system Adding AES one would take roughly 20% performance hit If https initialization is slow, it is better throw more hardware at it than to write your own ssl There are already enough insecure fast systems; we don t need another one 30

Complexity Complexity is the worst enemy of security Test Test Fix 31

Complexity (cont.) Testing shows only the presence of errors, not the absence of them Dijkstra Testing can only test for functionality Security is the absence of functionality, i.e. the Test attacker should not be able to achieve a certain property; Testing is not suitable for this Build a robust system ground up (factor security in design) Modularize correctness must be a local property 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback