Cryptography. Dr. Ahmad Almulhem. Spring Computer Engineering Department, KFUPM. Ahmad Almulhem - Network Security Engineering / 84

Similar documents
IS 2150 / TEL 2810 Information Security and Privacy

Cryptographic Checksums

Spring 2010: CS419 Computer Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Chapter 9: Key Management

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Lecture 1 Applied Cryptography (Part 1)

What did we talk about last time? Public key cryptography A little number theory

Network Security Essentials Chapter 2

APNIC elearning: Cryptography Basics

Cryptography MIS

Cryptography (Overview)

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography Part II Introduction to Computer Security. Chapter 8

Symmetric Encryption Algorithms

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cryptography Introduction to Computer Security. Chapter 8

Chapter 10: Key Management

CSC 482/582: Computer Security. Security Protocols

Encryption. INST 346, Section 0201 April 3, 2018

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Chapter 3 Block Ciphers and the Data Encryption Standard

CS Computer Networks 1: Authentication

EEC-484/584 Computer Networks

Making and Breaking Ciphers

Block Encryption and DES

Kurose & Ross, Chapters (5 th ed.)

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

Cryptography and Network Security

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CENG 520 Lecture Note III

Traditional Symmetric-Key Ciphers. A Biswas, IT, BESU Shibpur

Symmetric Cryptography. Chapter 6

(2½ hours) Total Marks: 75

CSCE 715: Network Systems Security

Computer Security 3/23/18

Public Key Algorithms

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Network Security Chapter 8

Lecture 2 Applied Cryptography (Part 2)

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Network Security. Chapter 8. MYcsvtu Notes.

Computer Security: Principles and Practice

Data Encryption Standard (DES)

CRYPTOGRAPHY & DIGITAL SIGNATURE

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Security: Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

CIT 380: Securing Computer Systems. Symmetric Cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Cryptography Symmetric Encryption Class 2

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

CPSC 467: Cryptography and Computer Security

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Secret Key Cryptography

Fundamentals of Computer Security

David Wetherall, with some slides from Radia Perlman s security lectures.

Encryption Algorithms

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Garantía y Seguridad en Sistemas y Redes

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

UNIT - IV Cryptographic Hash Function 31.1

Fun with Crypto keys and protocols. some Bishop, some Jim, some RA

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Network Security Essentials

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

EEC-682/782 Computer Networks I

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

CSCE 813 Internet Security Symmetric Cryptography

CSC 8560 Computer Networks: Network Security

Lecture 3: Symmetric Key Encryption

Stream Ciphers and Block Ciphers

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Symmetric, Asymmetric, and One Way Technologies

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Stream Ciphers and Block Ciphers

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Ref:

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Lecture 4: Symmetric Key Encryption

Grenzen der Kryptographie

INFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2

Spring 2010: CS419 Computer Security

Elements of Security

Transcription:

Cryptography Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 84

Outline Cryptography Cryptosystem Attacks Part I Overview Ahmad Almulhem - Network Security Engineering - 2008 2 / 84

Outline Cryptography Cryptosystem Attacks Outline What is Cryptography? Classical Cryptography - Caesar cipher - Vigénere cipher - DES Public Key Cryptography - Diffie-Hellman - RSA Cryptographic Checksums - HMAC Ahmad Almulhem - Network Security Engineering - 2008 3 / 84

Outline Cryptography Cryptosystem Attacks Cryptography The word cryptography comes from two Greek words meaning secret writing and is the art and science of concealing meaning Cryptanalysis is the breaking of codes Cryptography is a deep mathematical subject In this course (system design), Cryptography is a tool/mechanism Cryptography provides - Secure communication (cryptographic protocols) - Confidentiality - Integrity - Non-repudiation (verification and trust of signatures) Ahmad Almulhem - Network Security Engineering - 2008 4 / 84

Outline Cryptography Cryptosystem Attacks Cryptosystem A Cryptosystem is a quintuple (E, D, M, K, C) M set of plaintexts K set of keys C set of ciphertexts E set of encryption functions e : M K C D set of decryption functions d : C K M Example (Caesar cipher) M = { sequences of letters } K = {i i is an integer and 0 i 25} E = {E k k K and for all letters m,e k (m) = (m + k) mod 26} D = {D k k K and for all letters c,d k (c) = (26 + c k) mod 26} C = M Ahmad Almulhem - Network Security Engineering - 2008 5 / 84

Outline Cryptography Cryptosystem Attacks Basis for Attacks Attacks (Cryptanalysis) Opponent whose goal is to break cryptosystem is the adversary - Assume adversary knows algorithm used, but not key Three types of attacks: - ciphertext only : adversary has only ciphertext; goal is to find plaintext, possibly key - known plaintext: adversary has ciphertext, corresponding plaintext; goal is to find key - chosen plaintext: adversary may supply plaintexts and obtain corresponding ciphertext; goal is to find key Ahmad Almulhem - Network Security Engineering - 2008 6 / 84

Outline Cryptography Cryptosystem Attacks Basis for Attacks Basis of Cryptanalysis Mathematical attacks - Based on analysis of underlying mathematics Statistical attacks - Make assumptions about the distribution of letters, pairs of letters (digrams), triplets of letters (trigrams), etc. - Called models of the language - Examine ciphertext, correlate properties with the assumptions. Ahmad Almulhem - Network Security Engineering - 2008 7 / 84

Classical Cryptography Transposition Substitution DES AES Part II Classical Cryptography Ahmad Almulhem - Network Security Engineering - 2008 8 / 84

Classical Cryptography Transposition Substitution DES AES Classical Cryptography Sender, receiver share common key - Keys may be the same, or trivial to derive from one another - Sometimes called symmetric cryptography, single-key, shared-key, etc. Two basic types - Transposition ciphers - Substitution ciphers - Combinations are called product ciphers Ahmad Almulhem - Network Security Engineering - 2008 9 / 84

Classical Cryptography Transposition Substitution DES AES Transposition Cipher Attacking Example Transposition Cipher Rearrange letters in plaintext to produce ciphertext Example (Rail-Fence Cipher) Plaintext: HELLO WORLD arrange plaintext as follows: HLOOL ELWRD Ciphertext is HLOOL ELWRD Ahmad Almulhem - Network Security Engineering - 2008 10 / 84

Classical Cryptography Transposition Substitution DES AES Transposition Cipher Attacking Example Attacking Transposition Ciphers Transposition is a permutation function - Frequency of characters is not changed - Statistical properties are not changed Anagramming Attack - If 1-gram frequencies match English frequencies, but other n-gram frequencies do not, probably transposition - Rearrange letters to form n-grams with highest frequencies English Characters Frequency (Denning 1982) a 0.080 h 0.060 n 0.070 t 0.090 b 0.015 i 0.065 o 0.080 u 0.030 c 0.030 j 0.005 p 0.020 v 0.010 d 0.040 k 0.005 q 0.002 w 0.015 e 0.130 l 0.035 r 0.065 x 0.005 f 0.020 m 0.030 s 0.060 y 0.020 g 0.015 z 0.002 Ahmad Almulhem - Network Security Engineering - 2008 11 / 84

Classical Cryptography Transposition Substitution DES AES Transposition Cipher Attacking Example Example Ciphertext: HLOOLELWRD - Frequencies of 2-grams beginning with H HE 0.0305 HO 0.0043 HL, HW, HR, HD < 0.0010 - Frequencies of 2-grams ending in H WH 0.0026 EH, LH, OH, RH, DH 0.0002 Implies E follows H Arrange so the H and E are adjacent HE LL OW OR LD Read off across, then down, to get original plaintext Ahmad Almulhem - Network Security Engineering - 2008 12 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Substitution Ciphers Change characters in plaintext to produce ciphertext Example (Caesar cipher) Plaintext is HELLO WORLD (src: www.wikipedia.org) Change each letter to the third letter following it (A goes to D, X goes to A, Y to B, Z to C) Key is 3, usually written as letter D Ciphertext is KHOOR ZRUOG Ahmad Almulhem - Network Security Engineering - 2008 13 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Attacking Substitution Ciphers Exhaustive search - If the key space is small enough, try all possible keys until you find the right one - Caesar cipher has 26 possible keys Statistical analysis - Compare to 1-gram model of English Ahmad Almulhem - Network Security Engineering - 2008 14 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Statistical Attack Compute frequency of each letter in ciphertext (KHOOR ZRUOG): G = 0.1 H = 0.1 K = 0.1 O = 0.3 R = 0.2 U = 0.1 Z = 0.1 Apply 1-gram model of English Character Frequency (Denning 1982) a 0.080 h 0.060 n 0.070 t 0.090 b 0.015 i 0.065 o 0.080 u 0.030 c 0.030 j 0.005 p 0.020 v 0.010 d 0.040 k 0.005 q 0.002 w 0.015 e 0.130 l 0.035 r 0.065 x 0.005 f 0.020 m 0.030 s 0.060 y 0.020 g 0.015 z 0.002 Ahmad Almulhem - Network Security Engineering - 2008 15 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Statistical Attack (continue) Let φ(i) be a correlation function of the frequency of each letter in ciphertext with the corresponding letter in English, φ(i) = f (c)p(c i) 0 c 25 - i is the key - f (c) is the frequency of character c in ciphertext - p(x) is the frequency of character x in English For our ciphertext (KHOOR ZRUOG): φ(i) = 0.1p(6 i) + 0.1p(7 i) + 0.1p(10 i) + 0.3p(14 i) + 0.2p(17 i) + 0.1p(20 i) + 0.1p(25 i) Ahmad Almulhem - Network Security Engineering - 2008 16 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Statistical Attack (continue) Correlation: φ(i) for 0 i 25 i φ(i) i φ(i) i φ(i) i φ(i) 0 0.0482 7 0.0442 13 0.0520 19 0.0315 1 0.0364 8 0.0202 14 0.0535 20 0.0302 2 0.0410 9 0.0267 15 0.0226 21 0.0517 3 0.0575 10 0.0635 16 0.0322 22 0.0380 4 0.0252 11 0.0262 17 0.0392 23 0.0370 5 0.0190 12 0.0325 18 0.0299 24 0.0316 6 0.0660 25 0.0430 Most probable keys, based on φ: - φ(6) = 0.0660 plaintext: EBIIL TLOLA - φ(10) = 0.0635 plaintext AXEEH PHKEW - φ(3) = 0.0575 plaintext HELLO WORLD - φ(14) = 0.0535 plaintext WTAAD LDGAS) The only English phrase is for i = 3 (key = 3 or D ) Results have to checked; statistcal attacks only reduce search space Ahmad Almulhem - Network Security Engineering - 2008 17 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Caesar s Problem Key is too short - Can be found by exhaustive search - Statistical frequencies not concealed well - They look too much like regular English letters Solution: make the key longer - Multiple letters in key - Idea is to smooth the statistical frequencies to make cryptanalysis harder Ahmad Almulhem - Network Security Engineering - 2008 18 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Vigénere Cipher Like Caesar cipher, but use a phrase Example - Message: THE BOY HAS THE BALL - Key: VIG - Encipher using Caesar cipher for each letter: key: plain: cipher: VIGVIGVIGVIGVIGV THEBOYHASTHEBALL OPKWWECIYOPKWIRG Relevant Parts of Tableau G I V A G I V B H J W E L M Z H N P C L R T G O U W J S Y A N T Z B O Y E H T Ahmad Almulhem - Network Security Engineering - 2008 19 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking The Vigenére tableau (src: www.wikipedia.org) Ahmad Almulhem - Network Security Engineering - 2008 20 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Vigénere Cipher: Useful Terms The period: length of key - In above example, period is 3 The tableau: table used to encipher and decipher - Vigénere cipher has key letters on top, plaintext letters on the left polyalphabetic cipher: the key maps to several different letters - Caesar cipher is monoalphabetic Ahmad Almulhem - Network Security Engineering - 2008 21 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Attacking The Vigenére Cipher The Vigenére Cipher can be broken using the following steps: 1 Find the period (key length); call it n 2 Break ciphertext into n parts - Each part is enciphered using the same key letter (Caesar cipher) 3 Solve each part as a Caesar cipher! Ahmad Almulhem - Network Security Engineering - 2008 22 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Attacking The Vigenére Cipher Finding the Period : Method 1 Kasiski Test: repetitions in the ciphertext occur when characters of the key appear over the same characters in the plaintext. Example key: VIGVIGVIGVIGVIGV plain: THEBOYHASTHEBALL cipher: OPKWWECIYOPKWIRG distance: 0123456789012345 - the key and plaintext line up over the repetitions (red) - distance between repetitions is 9 - the period is a factor of 9 (that is, 1, 3, or 9) Ahmad Almulhem - Network Security Engineering - 2008 23 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking Attacking The Vigenére Cipher Finding the Period : Method 2 Compute Index of Coincidence (IC) 0 i n IC = F i(f i 1) n(n 1) - n is length of ciphertext - F i the number of times character i occurs in ciphertext Meaning: The probability that two randomly chosen letters from ciphertext will be the same. For English language: Period 1 2 3 4 5 10 Large Expected IC 0.066 0.052 0.047 0.045 0.044 0.041 0.038 Ahmad Almulhem - Network Security Engineering - 2008 24 / 84

Classical Cryptography Transposition Substitution DES AES Substitution Ciphers Attacking Substitution Ciphers Attacking One-Time Pad A Vigenre cipher with a random key at least as long as the message Provably unbreakable - Why? Look at ciphertext DXQR. Equally likely to correspond to plaintext DOIT (key AJIY) and to plaintext DONT (key AJDY) and any other 4 letters Warning: keys must be random, or you can attack the cipher by trying to regenerate the key! - Approximations, such as using pseudorandom number generators to generate keys, are not random Ahmad Almulhem - Network Security Engineering - 2008 25 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy Data Encryption Standard (DES) Most widely used block cipher in world Adopted in 1977 by NBS (now NIST) - as FIPS PUB 46 Encrypts 64-bit data using 56-bit key Has widespread use Has been considerable controversy over its security Ahmad Almulhem - Network Security Engineering - 2008 26 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy DES History IBM developed Lucifer cipher - by team led by Feistel in late 60s - used 64-bit data blocks with 128-bit key then redeveloped as a commercial cipher with input from NSA and others in 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES Ahmad Almulhem - Network Security Engineering - 2008 27 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy Data Encryption Standard (DES) A block cipher: - encrypts blocks of 64 bits using a 64 bit key - outputs 64 bits of ciphertext A product cipher - basic unit is the bit - performs both substitution and transposition (permutation) on the bits Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key Ahmad Almulhem - Network Security Engineering - 2008 28 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy DES Structure 16 identical stages (rounds) Initial permutation (IP) and final permutation (FP); FP = IP 1 (no cryptography significance, easier interface, make DES run slower in software) In each round, the block is divided into two 32-bit halves This criss-crossing is known as the Feistel scheme (decryption and encryption are similar) For decryption, subkeys are applied in the reverse order Ahmad Almulhem - Network Security Engineering - 2008 29 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy DES: The Feistel (F) function 1 Expansion (E-Box): 32 48 (duplicating some bits) 2 Key mixing: XOR result with round key 3 Substitution (S-Box): 6bits 4bits (nonlinear lookup table) 4 Permutation (P-Box) Ahmad Almulhem - Network Security Engineering - 2008 30 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy DES: Generating Round Keys Permuted Choice 1 (PC-1): 56 bits (out of 64 bits) are permuted Remaining 8 bits are discarded or used as parity check The 56 bits are divided into two 28-bit halves Both halves are rotated left by one or two bits Permuted Choice 2 (PC-2): 48-bits subkey (24 from the left half, and 24 from the right) Each bit is used in approximately 14 out of the 16 subkeys Ahmad Almulhem - Network Security Engineering - 2008 31 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy DES: Avalanche Effect (Stallings 2003) DES has a strong Avalanche Effect Two plaintext differing by one bit One key One plaintext Two keys differing by one bit round bits differ 0 1 1 6 2 21 3 35 4 39 5 34 6 32 7 31 8 29 9 42 10 44 11 32 12 30 13 30 14 26 15 29 16 34 round bits differ 0 0 1 2 2 14 3 28 4 32 5 30 6 32 7 35 8 34 9 40 10 38 11 31 12 33 13 28 14 26 15 34 16 35 Ahmad Almulhem - Network Security Engineering - 2008 32 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy DES Modes Electronic Code Book Mode (ECB) - Encipher each block independently Cipher Block Chaining Mode (CBC) - Xor each block with previous ciphertext block - Requires an initialization vector for the first one Encrypt-Decrypt-Encrypt Mode (2 keys: k,k ) - c = DES k (DES 1 k (DES k(m))) Encrypt-Encrypt-Encrypt Mode (3 keys: k,k,k ) - c = DES k (DES k (DES k (m))) Ahmad Almulhem - Network Security Engineering - 2008 33 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy CBC Mode Encryption Ahmad Almulhem - Network Security Engineering - 2008 34 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy CBC Mode Decryption Ahmad Almulhem - Network Security Engineering - 2008 35 / 84

Classical Cryptography Transposition Substitution DES AES Overview Details Avalanche Effect Modes Controversy DES: Controversy in 1976, Diffie, Hellman said in a few years technology would allow DES to be broken in days Key Size: 56-bit (2 56 = 7.2 10 16 possible keys) - performing 1 encryption per µs requires 1142 years! - Recent advances made brute force attack possible - In 1997, using idle cycles of thousands of computers across the Internet - In 1998 a DES cracker was built by the EFF for (cost: $250K). The machine brute-forced DES in less than 3 days - In 2007, the COPACOBANA machine (cost: $10K) brute-forced DES keys in less than a week Design decisions not public - S-boxes may have backdoors Ahmad Almulhem - Network Security Engineering - 2008 36 / 84

Classical Cryptography Transposition Substitution DES AES Overview Animation The AES Cipher - Rijndael Designed by Rijmen-Daemen in Belgium Has 128/192/256 bit keys, 128 bit data An iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round Designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity Ahmad Almulhem - Network Security Engineering - 2008 37 / 84

Classical Cryptography Transposition Substitution DES AES Overview Animation AES History A replacement for DES was needed Several theoretical attacks were discovered Brute force attacks becomes feasible Triple-DES is slow and has small blocks US NIST issued call for replacement cipher in 1997 15 candidates accepted in Jun 98 5 were shortlisted in Aug-99 Rijndael was selected as the AES in Oct-2000 Issued as an FIPS PUB 197 standard in Nov-2001 Ahmad Almulhem - Network Security Engineering - 2008 38 / 84

Classical Cryptography Transposition Substitution DES AES Overview Animation AES Animation http://www.formaestudio.com/rijndaelinspector/ Ahmad Almulhem - Network Security Engineering - 2008 39 / 84

Public Key Cryptography RSA Part III Public Key Cryptography Ahmad Almulhem - Network Security Engineering - 2008 40 / 84

Public Key Cryptography RSA Overview Requirements Applications Public Key Cryptography Two keys: - private key known only to individual - public key available to anyone The two keys are linked mathematically, such that - knowing the public key tells you nothing about the private one - private key unlock messages encrypted by public key Examples: - RSA - elliptic curve cryptography Ahmad Almulhem - Network Security Engineering - 2008 41 / 84

Public Key Cryptography RSA Overview Requirements Applications Public Key Cryptography Introduced by Diffie and Hellman (Stanford Univ) in 1976 (W. Diffie and M. Hellman, New directions in cryptography, IEEE Trans. on Information Theory, vol.22, no.6, Nov 1976) Known earlier in classified community (James Ellis, British Gov.) Probably most significant advance in the 3000 year history of cryptography Uses clever application of Number Theory concepts Complements rather than replaces private key cryptography Ahmad Almulhem - Network Security Engineering - 2008 42 / 84

Public Key Cryptography RSA Overview Requirements Applications Requirements 1 It must be computationally easy to encipher or decipher a message given the appropriate key 2 It must be computationally infeasible to derive the private key from the public key 3 It must be computationally infeasible to determine the private key from a chosen plaintext attack Ahmad Almulhem - Network Security Engineering - 2008 43 / 84

Public Key Cryptography RSA Overview Requirements Applications Applications Confidentiality: encipher using public key, decipher using private key Integrity/authentication: encipher using private key, decipher using public one - Modifyed ciphertext can not be deciphered - Digital signatures - Non-Repudiation Key exchange (of session keys) Ahmad Almulhem - Network Security Engineering - 2008 44 / 84

Public Key Cryptography RSA Overview Background Algorithm Example Strength RSA Developed by Rivest, Shamir and Adelman (MIT) in 1977 Exponentiation cipher Relies on the difficulty of determining the number of numbers relatively prime to a large integer n Ahmad Almulhem - Network Security Engineering - 2008 45 / 84

Public Key Cryptography RSA Overview Background Algorithm Example Strength Background Definition (totient function φ(n)) Number of positive integers less than n and relatively prime to n - relatively prime means with no factors in common with n - if p is a prime number then φ(p) = p 1 Example 1 φ(10) = 4 1, 3, 7, 9 are relatively prime to 10 2 φ(21) = 12 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are relatively prime to 21 3 φ(11) = 10 all numbers from 1 to 10 are relatively prime to 11 Ahmad Almulhem - Network Security Engineering - 2008 46 / 84

Public Key Cryptography RSA Overview Background Algorithm Example Strength Algorithm Choose two large prime numbers p and q Let n = p q; then φ(n) = (p 1)(q 1) Choose e < n such that e is relatively prime to φ(n) Compute d such that e d mod φ(n) = 1 Public key: (e, n) Private key: d Encipher: c = m e mod n Decipher: m = c d mod n Ahmad Almulhem - Network Security Engineering - 2008 47 / 84

Public Key Cryptography RSA Overview Background Algorithm Example Strength Example (Encryption) Take p = 7, q = 11, so n = 77 and φ(n) = 60 Alice chooses e = 17, making d = 53 - e d = 17 53 = 901 mod 60 = 1 Bob wants to send Alice secret message HELLO (07 04 11 11 14) E(07) = 07 17 mod 77 = 28 E(04) = 04 17 mod 77 = 16 E(11) = 11 17 mod 77 = 44 E(11) = 11 17 mod 77 = 44 E(14) = 14 17 mod 77 = 42 Bob sends 28 16 44 44 42 Ahmad Almulhem - Network Security Engineering - 2008 48 / 84

Public Key Cryptography RSA Overview Background Algorithm Example Strength Example (Decryption) Alice receives 28 16 44 44 42 Alice uses private key, d = 53, to decrypt message: D(28) = 28 53 mod 77 = 07 D(16) = 16 53 mod 77 = 04 D(44) = 44 53 mod 77 = 11 D(44) = 44 53 mod 77 = 11 D(42) = 42 53 mod 77 = 14 Alice translates message to letters to read HELLO - No one else could read it, as only Alice knows her private key and that is needed for decryption Ahmad Almulhem - Network Security Engineering - 2008 49 / 84

Public Key Cryptography RSA Overview Background Algorithm Example Strength RSA Security Factoring the modulus n into p and q is a hard problem - primes should be at least of 512 bits (155 digits) - n 1024-bit is safe for medium term security - n 2048-bit is better for long term security Block size has to be large - Encyphering 1 character per block cause RSA to be broken like classical substitution ciphers - Attacker may rearrange block and alter message meaning (ON NO) The use of very large numbers makes it slow Ahmad Almulhem - Network Security Engineering - 2008 50 / 84

Cryptographic Checksums Summary Part IV Cryptographic Checksums Ahmad Almulhem - Network Security Engineering - 2008 51 / 84

Cryptographic Checksums Summary Example Definition Collisions Keys Cryptographic Checksums Data integrity Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller than n except in unusual circumstances The smaller set is called the checksum or message digest Receiver recomputes the checksum to check the message integrity Ahmad Almulhem - Network Security Engineering - 2008 52 / 84

Cryptographic Checksums Summary Example Definition Collisions Keys Example Example: ASCII parity bit ASCII has 7 bits; 8th bit is parity Even parity: even number of 1 bits Odd parity: odd number of 1 bits Bob receives 10111101 as bits. If Sender is using even parity; 6 1 bits received, so character was received correctly Note: could be garbled, but 2 bits would need to have been changed to preserve parity If Sender is using odd parity; even number of 1 bits received, so character was not received correctly Ahmad Almulhem - Network Security Engineering - 2008 53 / 84

Cryptographic Checksums Summary Example Definition Collisions Keys Definition A Cryptographic checksum function h : A B is a function that has the following properties: 1 For any x A, h(x) is easy to compute 2 For any y B, it is computationally infeasible to find x A such that h(x) = y 3 It is computationally infeasible to find two inputs x,x A such that x x and h(x) = h(x ) 4 Alternate form (stronger): Given any x A, it is computationally infeasible to find a different x A such that h(x) = h(x ). Ahmad Almulhem - Network Security Engineering - 2008 54 / 84

Cryptographic Checksums Summary Example Definition Collisions Keys Collisions Checksum has fewer bits several messages produce same checksum! If x x and h(x) = h(x ), x and x are a collision Good checksum functions produce same number of messages per checksum Definition (Pigeonhole principle) Pigeonhole principle: if there are n containers for n + 1 objects, then at least one container will have 2 objects in it. Application: if there are 32 files and 8 possible cryptographic checksum values, at least one value corresponds to at least 4 files Ahmad Almulhem - Network Security Engineering - 2008 55 / 84

Cryptographic Checksums Summary Example Definition Collisions Keys Using Keys 1 Keyed cryptographic checksum: requires cryptographic key DES in chaining mode: encipher message, send last n bits. Requires a key to encipher, so it is a keyed cryptographic checksum. 2 Keyless cryptographic checksum: requires no cryptographic key MD5 and SHA-1 are best known; others include MD4, HAVAL, and Snefru Ahmad Almulhem - Network Security Engineering - 2008 56 / 84

Cryptographic Checksums Summary Summary Two main types of cryptosystems: classical and public key Classical cryptosystems encipher and decipher using the same key - Or one key is easily derived from the other Public key cryptosystems encipher and decipher using different keys - Computationally infeasible to derive one from the other Cryptographic checksums provide a check on integrity Ahmad Almulhem - Network Security Engineering - 2008 57 / 84

Overview Key Distribution Key Exchange Protocols PKI Part V Network and Cryptography Ahmad Almulhem - Network Security Engineering - 2008 58 / 84

Overview Key Distribution Key Exchange Protocols PKI Network and Cryptography Problems Network and Cryptography Cryptography provides the cornerstone for secure communication Encryption algorithms and protocols are valuable components/tools Using cryptosystems over a network introduces many problems! Cryptography is sensitive to environment Using cipher requires knowledge of environment, and threats in the environment, in which cipher will be used Is the set of possible messages small? Do the messages exhibit regularities that remain after encipherment? Can an active wiretapper rearrange or change parts of the message? Ahmad Almulhem - Network Security Engineering - 2008 59 / 84

Overview Key Distribution Key Exchange Protocols PKI Network and Cryptography Problems Attack 1: Precomputation Set of possible messages M small Public key cipher f used Idea: precompute set of possible ciphertexts f (M), build table (m,f (m)) When ciphertext f (m) appears, use table to find m Also called forward searches Ahmad Almulhem - Network Security Engineering - 2008 60 / 84

Overview Key Distribution Key Exchange Protocols PKI Network and Cryptography Problems Attack 1: Precomputation (Example) Cathy knows Alice will send Bob one of two messages: {BUY, SELL} Using public key e Bob, Cathy precomputes c 1 = {BUY, e Bob } c 2 = {SELL, e Bob } Cathy sees Alice send Bob c 2 Cathy knows Alice sent SELL Ahmad Almulhem - Network Security Engineering - 2008 61 / 84

Overview Key Distribution Key Exchange Protocols PKI Network and Cryptography Problems Attack 2: Misordered Blocks Alice sends Bob message n Bob = 77, e Bob = 17, d Bob = 53 Message is LIVE (11 08 21 04) Enciphered message is 44 57 21 16 Eve intercepts it, rearranges blocks Now enciphered message is 16 21 57 44 Bob gets enciphered message, deciphers it He sees EVIL Ahmad Almulhem - Network Security Engineering - 2008 62 / 84

Overview Key Distribution Key Exchange Protocols PKI Network and Cryptography Problems Attack 3: Statistical Regularities If plaintext repeats, ciphertext may too Example using DES: input (in hex): 3231 3433 3635 3837 3231 3433 3635 3837 corresponding output (in hex): ef7c 4bb2 b4ce 6f3b ef7c 4bb2 b4ce 6f3b Fix: cascade blocks together (chaining) Ahmad Almulhem - Network Security Engineering - 2008 63 / 84

Overview Key Distribution Key Exchange Protocols PKI Overview Key Distribution Problem Algorithm like DES, Rijndael requires a shared a key! Bootstrap problem: how do Alice and Bob begin? Alice can t send the key to Bob in the clear! Key Types Interchange Keys : associated with user - long-term - compromising is catastrophic Session Keys : associated with communication - short-term - compromising does not affect long-term security Ahmad Almulhem - Network Security Engineering - 2008 64 / 84

Overview Key Distribution Key Exchange Protocols PKI Overview Key Distribution Problem Possible Solutions: 1. Physical Distribution: : - use a trusted courier (secure channel) - used widely until 1970s 2. Distribution Protocol: : - assume a trusted 3rd party 3. Public Key Cryptography: : - most widely used technique Ahmad Almulhem - Network Security Engineering - 2008 65 / 84

Overview Key Distribution Key Exchange Protocols PKI Overview Key Distribution Problem For n users, n(n 1) 2 keys! 10000 students, 50 million keys! How do you manage them? What if compromised?! Ahmad Almulhem - Network Security Engineering - 2008 66 / 84

Overview Key Distribution Key Exchange Protocols PKI Overview Key Distribution Problem For n users, n(n 1) 2 keys! 10000 students, 50 million keys! How do you manage them? What if compromised?! For n users, n keys For 10000 students, 10000 keys Session keys generated as needed Needs protocol and trusted server Ahmad Almulhem - Network Security Engineering - 2008 66 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Key Exchange Protocols Assumptions Alice and Bob can not send the key in the clear Alice and Bob trust a 3rd part Cathy Alice and Bob already have keys with Cathy Cryptosystem and protocol are public; keys are secret Attacker is the network! Possible attacks: eavesdropping, replay, modification, masquerading Ahmad Almulhem - Network Security Engineering - 2008 67 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Notations Notation (Alice-Bob) A B : {M}K A sends to B a message M encrypted with key K A B : {M N a }K ab {T a }K bs communicating parties: A, B, S message: M concatenation: nonces (number used once; random): N a, N b,... timestamps: T a, T b,... shared keys: K ab, K bs Ahmad Almulhem - Network Security Engineering - 2008 68 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Simple Protocol (Schneier 96) Steps 1 A C : {B}K ac 2 C A : {K ab }K ac {K ab }K bc 3 A B : {K ab }K bc Ahmad Almulhem - Network Security Engineering - 2008 69 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Simple Protocol (Schneier 96) Steps 1 A C : {B}K ac 2 C A : {K ab }K ac {K ab }K bc 3 A B : {K ab }K bc Problems How does Bob know he is talking to Alice? Replay attack (3,msg) msg = deposit $500 in my account Ahmad Almulhem - Network Security Engineering - 2008 69 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Needham-Schroeder Protocol (Needham-Schroeder 78) Steps : 1 A C : {A B N a} 2 C A : {A B N a K ab {A K ab }K bc }K ac 3 A B : {A K ab }K bc 4 B A : {N b }K ab 5 A B : {N b 1}K ab Ahmad Almulhem - Network Security Engineering - 2008 70 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Needham-Schroeder Protocol (Needham-Schroeder 78) Steps : 1 A C : {A B N a} 2 C A : {A B N a K ab {A K ab }K bc }K ac 3 A B : {A K ab }K bc 4 B A : {N b }K ab 5 A B : {N b 1}K ab Argument: Alice talking to Bob Second message: Enciphered using key only she and Cathy knows (So Cathy enciphered it) Response to first message (N a in it matches N a in first message) Third message: Alice knows only Bob can read it (only Bob can derive session key from message) Any messages enciphered with that key are from Bob Ahmad Almulhem - Network Security Engineering - 2008 70 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Needham-Schroeder Protocol (Needham-Schroeder 78) Steps : 1 A C : {A B N a} 2 C A : {A B N a K ab {A K ab }K bc }K ac 3 A B : {A K ab }K bc 4 B A : {N b }K ab 5 A B : {N b 1}K ab Argument: Bob talking to Alice Third message: Enciphered using key only he and Cathy knows (So Cathy enciphered it) Cathy provided session key and says Alice is other party Fourth & Fifth message: Uses session key to determine if it is replay from Eve If not, Alice will respond correctly in fifth message If so, Eve cant decipher N b and so cant respond, or responds incorrectly Ahmad Almulhem - Network Security Engineering - 2008 71 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Needham-Schroeder Protocol (Needham-Schroeder 78) Steps : 1 A C : {A B N a} 2 C A : {A B N a K ab {A K ab }K bc }K ac 3 A B : {A K ab }K bc 4 B A : {N b }K ab 5 A B : {N b 1}K ab Discussion Prevent eavesdropping, replay, modification, masquerading Fails if the session key (K ab ) is compromised! Eve can replay the last 3 messages Eve can pretend to be Alice Variations: use timestamps (Denning and Sacco 81) use an identification-number (Ottway-Rees 87) Ahmad Almulhem - Network Security Engineering - 2008 72 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Needham-Schroeder Protocol + Timestamps (Denning and Sacco 81) Steps : 1 A C : {A B N a} 2 C A : {A B N a K ab {A T K ab }K bc }K ac 3 A B : {A T K ab }K bc 4 B A : {N b }K ab 5 A B : {N b 1}K ab Discussion Adding timestamps prevent replaying old session keys Needs clock synchronization! may either reject valid messages or accept replays Forms the basis for Kerberos protocol (MIT, RFC 4120) Used by MS Window OS Ahmad Almulhem - Network Security Engineering - 2008 73 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Exchanging Keys with Public Cryptograpgy Available Keys: E a, E b Alice and Bob s public keys known to all D a, D b Alice and Bob s private keys known only to owner Simple Protocol (version 1) - Alice and Bob exchange session key K ab {K ab }E b Ahmad Almulhem - Network Security Engineering - 2008 74 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Exchanging Keys with Public-Key Cryptography Problem: Vulnerable to forgery or replay Because E b known to anyone, Bob has no assurance that Alice sent message Simple fix uses Alice s private key Simple Protocol (version 2) - Alice and Bob exchange session key K ab {{K ab }D a}e b Ahmad Almulhem - Network Security Engineering - 2008 75 / 84

Overview Key Distribution Key Exchange Protocols PKI Background Simple Protocol Needham-Schroeder Public Key Exchanging Keys with Public-Key Cryptography Cautions: Assumes Bob has Alice s public key, and vice versa If not, each must get it from public server If keys not bound to identity of owner, attacker Eve can launch a man-in-the-middle attack (see below) Solution to this (binding identity to keys) discussed later as public key infrastructure (PKI) Man-in-the-middle Attack 1 Alice Cathy: {send Bob s public key} [intercepted by Eve] 2 Eve Cathy: {send Bob s public key} 3 Cathy Eve: E b 4 Eve Alice: E e 5 Alice Bob: {K ab }E e [intercepted by Eve] 6 Eve Bob: {K ab }E b Ahmad Almulhem - Network Security Engineering - 2008 76 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications Digital Certificates Goal: Binding identity (Alice) to public key Create token (message) containing Identity of principal (here, Alice) Corresponding public key Timestamp (when issued) Other information (perhaps identity of signer) Sign it with the public key of trusted authority (here, Cathy) Simple Certificate C a = {Alice E a T }E c Ahmad Almulhem - Network Security Engineering - 2008 77 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications X.509 Certificates Issued by a Certification Authority (CA), containing: version (1, 2, or 3) serial number (unique within CA) identifying certificate signature algorithm identifier issuer X.500 name (CA) period of validity (from - to dates) subject X.500 name (name of owner) subject public-key info (algorithm, parameters, key) issuer unique identifier (v2+) subject unique identifier (v2+) extension fields (v3) signature (of hash of all fields in certificate) Notation CA<<A>> denotes certificate for A signed by CA Ahmad Almulhem - Network Security Engineering - 2008 78 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications Using Digital Certificates The (Certificate Authority) CA owns a public key and a private key The CA s public key is put in a self-signed certificate that is distributed through many channels (e.g embedded in browser) The CA use its private key to sign certificates containing identity and corresponding public key of requesters after verifying their identities Certificates are made available in public databases or exchanged online Ahmad Almulhem - Network Security Engineering - 2008 79 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications Communicating with Certificates Both Alice and Bob have the CA self-signed certificate (obtained through off-line means) When Alice wants to send a message to Bob She retrieves Bob s certificate from a public database She verifies the CAs signature on Bobs certificate She extracts Bob s public key She uses the Bob s public key and her own secret key to encrypt the message Self-signed (root) certificates Ahmad Almulhem - Network Security Engineering - 2008 80 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications Certificate Hierarchy If both users share a common CA then they are assumed to know its public key Otherwise CA s must form a hierarchy Use certificates linking members of hierarchy to validate other CA s (cross-certify) Each CA has certificates for clients (forward) and parent (backward) Each client trusts parents certificates Enable verification of any certificate from one CA by users of all other CAs in hierarchy Ahmad Almulhem - Network Security Engineering - 2008 81 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications Certificate Hierarchy A establish a certificate path to B: X<<W>>W<<V>>V<<Y>>Y<<Z>>Z<<B>> B establish a certificate path to A: Z<<Y>>Y<<V>>V<<W>>W<<X>>X<<A>> Ahmad Almulhem - Network Security Engineering - 2008 82 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications Pretty Good Privacy (PGP) Created by Philip Zimmermann in 1991 e-mail communications Use a bottom-up approach; instead of a top-down PKI Each user acts as a CA A certificate is composed of: One public key packet Zero or more signature packets Forms a web of trust among users Ahmad Almulhem - Network Security Engineering - 2008 83 / 84

Overview Key Distribution Key Exchange Protocols PKI Certificates X.509 Hierarchy PGP Applications Other Applications Transport Layer Security (TLS/SSL) HTTPS SSH IPsec Ahmad Almulhem - Network Security Engineering - 2008 84 / 84

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback