Garantía y Seguridad en Sistemas y Redes

Similar documents
Computer Security: Principles and Practice

Cryptography MIS

Encryption. INST 346, Section 0201 April 3, 2018

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction to Cryptography. Vasil Slavov William Jewell College

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptographic Concepts

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Public Key Algorithms

Ref:

Kurose & Ross, Chapters (5 th ed.)

David Wetherall, with some slides from Radia Perlman s security lectures.

Public Key Algorithms

Public Key Cryptography

Chapter 9. Public Key Cryptography, RSA And Key Management

APNIC elearning: Cryptography Basics

CSE 127: Computer Security Cryptography. Kirill Levchenko

UNIT - IV Cryptographic Hash Function 31.1

CCNA Security 1.1 Instructional Resource

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

1.264 Lecture 28. Cryptography: Asymmetric keys

Garantía y Seguridad en Sistemas y Redes

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Message Authentication and Hash function

Cryptography (Overview)

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CSC 474/574 Information Systems Security

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

CSC 774 Network Security

CSCE 715: Network Systems Security

CSC/ECE 774 Advanced Network Security

CSC 8560 Computer Networks: Network Security

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

CS 332 Computer Networks Security

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Some Stuff About Crypto

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

LECTURE 4: Cryptography

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Tuesday, January 17, 17. Crypto - mini lecture 1

Cryptography and Network Security. Sixth Edition by William Stallings

Lecture 2 Applied Cryptography (Part 2)

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Cryptography and Network Security

BCA III Network security and Cryptography Examination-2016 Model Paper 1

L13. Reviews. Rocky K. C. Chang, April 10, 2015

S. Erfani, ECE Dept., University of Windsor Network Security

Network Security Chapter 8

Introduction to Symmetric Cryptography

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

CSC 474/574 Information Systems Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 1 Applied Cryptography (Part 1)

CS Computer Networks 1: Authentication

Cryptography Introduction to Computer Security. Chapter 8

PUBLIC KEY CRYPTO. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

PROTECTING CONVERSATIONS

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Making and Breaking Ciphers

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Public-key Cryptography: Theory and Practice

14. Internet Security (J. Kurose)

Public Key Cryptography

Computers and Security

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

What did we talk about last time? Public key cryptography A little number theory

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Grenzen der Kryptographie

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Digital Certificates Demystified

SECURITY IN NETWORKS

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

EEC-484/584 Computer Networks

VPN Overview. VPN Types

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

T Cryptography and Data Security

Security in ECE Systems

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Cryptographic Systems

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Cryptography Introduction

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Using Cryptography CMSC 414. October 16, 2017

SECURITY IN NETWORKS 1

Computer Security 3/23/18

Transcription:

Garantía y Seguridad en Sistemas y Redes Tema 2. Cryptographic Tools Esteban Stafford Departamento de Ingeniería Informá2ca y Electrónica Este tema se publica bajo Licencia: Crea2ve Commons BY- NC- SA 4.0

Contents Basics of Cryptography Confidentiality with Symmetric Encryption Message Authentication and Hash Functions Public-ey Cryptography Digital Signatures and ey Management Practical Application: SSL/TLS 1

What can cryptography do? Confidentiality Integrity Availability Authenticity Accountability key key Plaintext Input X E Y=E(,X) D X=D(,Y) Plaintext Output 2

Caesar Cypher Named after Julius Caesar, although used long before. Representative of the substitution cypher algorithms. The encryption process shifts each letter a number of places. (key) Easily attackable by brute force. 3

Substitution Cypher The key is a substitution table. The encryption changes each letter by the corresponding in the table. Infeasible to break by brute force. Breakable by cryptanalysis. 4 Probability Substitution Cypher a b c d e f g h i j k l mn o p q r s t u vwx y z Working examples of old cyphers http://www. simonsingh.net/the_black_chamber/chamberguide.html 5

Substitution Cypher The key is a substitution table. The encryption changes each letter by the corresponding in the table. Infeasible to break by brute force. Breakable by cryptanalysis. 4 Probability Substitution Cypher ab c de f gh i j k l mno pq r s t u vwx y z Working examples of old cyphers http://simonsingh.net/the_black_chamber/chamberguide.html 5

Vernam cipher Commonly known as One-time-pad. Proven to be unbreakable (Go Shannon!) ey must be as long as plain text and shared by peers. ey must me truly random and can be used only once. 6

Randomness Cryptography relies heavily on random numbers. Quality of random numbers Uniform distribution Independence Pseudo-random numbers Mathematical modular expression derives number from the last. Good distribution and price, but bad independence. True-random numbers Monitor random or chaotic physical process. Good distribution and independence, but expensive. 7

Symmetric Encryption key key Plaintext Input X Y=E(,X) X=D(,Y) E D Plaintext Output How robust is this? Strong encryption algorithm. Cryptanalysis: Mathematically derive X and/or from Y. Or simplify brute-force. eys subject to brute-force attacks Sender and receiver must obtain keys in secure fashion. 8

Data Encryption Standard (DES) 64 bit blocks, 56 bit keys. Adopted NIST 1977 Cryptanalysis not yet successful. 1997: call for replacement proposals. July 1998: $250,000 machine cracks DES in 56h. Advanced Encryption Standard (AES) 128 bit blocks, 128,192,256 bit keys. Adopted 2001 Years to break (2700 checks/µs) 10 63 10 43 10 23 10 3 10 17 AES256 AES196 3DES168 AES128 3DES112 DES 100 200 ey length(bits) 9

Message Authentication with Symmetric Encryption No confidentiality. Protection against falsification, alteration, delay or replay. Message must contain metadata: error-detection code, sequence number, timestamp. Message Message Transmit Message M = M MAC Message Authentication Code (MAC) Last 16-32 bits of DES encrypted message. 10

One-way Hash Functions Easy x H H(x) Infeasible x: unlimited size, H(x): fixed length. Preimage resistant: guess x from H(x). 2 nd preimage resistant: find y x such that H(x)=H(y). Collision resistant: find any x and y such that H(x)=H(y). Hash function crisis: RIPMED-160, SHA-256 and SHA-512. 11

Message Authentication with One-way Hash Functions One-way Hash Functions are faster than Symmetric Encryption Using shared secret value (). Message Message Transmit Message H H = Secure Hash Algorithm(SHA): SHA-1 160 bit long, used but weaker than expected. Currently 256, 384, 512 bit long. Use in password storage and intrusion detection. 12

Public-ey Encryption Proposed by Diffie and Hellman in 1976. eys are created in pairs. One reverses the other. Bob sends confidential message to Alice. PU a PR a Plaintext Input X Y=E(PU a,x) X=D(PR a,y) E D Plaintext Output Bob sends authentic message to Alice. PR b PU b Plaintext Input X Y=E(PU b,x) X=D(PR b,y) E D Plaintext Output 13

Public-ey Cryptography Myths: Public-key encryption is more secure than Symmetric-key encryption. Public-key encryption makes symmetric obsolete. Public-key distribution is easier than Symmetric-key distributions. Implementations: Rivest, Shamir and Adleman (RSA) Proposed in 1978. Digital Signature Algorithm (DSA) Proposed in 1991. Stronger than RSA. Faster signing, but slower verifying. Elliptic Curve Cryptography (ECC) Stronger than RSA. Allows shorter keys. 14

Digital Signature Messages can be signed by encrypting MAC with private key. Message Message Transmit Message H PR b PU b = H E D 15

Distribution of public keys Certificate Authority(CA) signs public keys (Certificate) Bob s ID Bob s Pub. ey H H PR CA CA info PU CA = E Certificate D Who certifies the CA? Chicken-and-egg problem. Root CAs distribute their public keys self-signed. Applications and OS ship with common root certificates. 16

Certificate Chain of Trust CA CRL Root CA Document Bob s Cert CA Info Bob s ID CA Cert Root Info CA s ID Root Cert Users can recursively validate signatures to the root CA. Certificate Revocation Lists(CRL) enumerate invalid certs. 17

SSL/TLS Handshake Supported algorithms Random number Verify certificate Extract server public key Encrypt pre-master key with server public key Compute symmetric master key Send checksum of handshake messages with master key Verify checksum Selected algorithm Random number Server certificate Decrypt pre-master key with server private key Compute symmetric master key Verify checksum Send checksum of handshake messages with master key 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback