Cryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice

Similar documents
Cryptography (Overview)

1.264 Lecture 28. Cryptography: Asymmetric keys

Encryption. INST 346, Section 0201 April 3, 2018

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

APNIC elearning: Cryptography Basics

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptography MIS

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CSC 474/574 Information Systems Security

Encryption I. An Introduction

18-642: Cryptography 11/15/ Philip Koopman

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators

EEC-484/584 Computer Networks

CCNA Security 1.1 Instructional Resource

Computer Security 3/23/18

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Network Security Chapter 8

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Ref:

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Cryptography and Network Security. Sixth Edition by William Stallings

Public Key Cryptography

Authentication CHAPTER 17

14. Internet Security (J. Kurose)

Overview. SSL Cryptography Overview CHAPTER 1

Security: Focus of Control

Public Key Algorithms

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CS Computer Networks 1: Authentication

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Goals of Modern Cryptography

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

CRYPTOGRAPHY & DIGITAL SIGNATURE

David Wetherall, with some slides from Radia Perlman s security lectures.

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Some Stuff About Crypto

Kurose & Ross, Chapters (5 th ed.)

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Computers and Security

Computer Security: Principles and Practice

18-642: Cryptography

SECURITY IN NETWORKS

Symmetric, Asymmetric, and One Way Technologies

Cryptographic Concepts

Verification of security protocols introduction

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Chapter 9 Public Key Cryptography. WANG YANG

Cryptology. An introduction. by Ulf Lindqvist translated and processed by Erland Jonsson

Classical Cryptography. Thierry Sans

Security: Cryptography

A simple approach of Peer-to-Peer E-Cash system

EEC-682/782 Computer Networks I

Lecture 2 Applied Cryptography (Part 2)

Public Key Algorithms

Network Security. Chapter 8. MYcsvtu Notes.

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Making and Breaking Ciphers

CS 332 Computer Networks Security

CSC 8560 Computer Networks: Network Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Security. Communication security. System Security

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

CSC/ECE 774 Advanced Network Security

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Cryptography. Cryptography is much more than. What is Cryptography, exactly? Why Cryptography? (cont d) Straight encoding and decoding

The Design of an Anonymous and a Fair Novel E-cash System

6 Cryptographic Techniques A Brief Introduction

(2½ hours) Total Marks: 75

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

UNIT - IV Cryptographic Hash Function 31.1

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

SECURITY IN NETWORKS 1

Digital Certificates Demystified

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Lecture 1 Applied Cryptography (Part 1)

CSC 774 Network Security

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Security: Focus of Control. Authentication

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

PROTECTING CONVERSATIONS

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Introduction to Cryptography. Vasil Slavov William Jewell College

Public Key Cryptography

Transcription:

Cryptography some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) modern secret key cryptography DES, AES public key cryptography RSA, digital signatures cryptography in practice

Cryptography basics Alice & Bob want to exchange messages keeping the content secret though not the fact that they are communicating they need some kind of secret that scrambles messages makes them unintelligible to bad guys but intelligible to good guys the secret is a "key" (like a password) known only to the communicating parties that is used to do the scrambling and unscrambling for Caesar cipher, the "key" is the amount of the shift (A => D, etc.) for substitution ciphers, the key is the permutation of the alphabet for Enigma, key is wiring and position of wheels plus settings of patches for modern ciphers, the key is a large integer used as part of an intricate algorithmic operation on the bits of the message

Modern secret key cryptography messages encrypted and decrypted with a shared secret key usually the same key for both operations ("symmetric") encryption/decryption algorithm is known to adversaries "security by obscurity" does not work attacks decrypt specific message(s) by analysis various combinations of known or chosen plaintext and ciphertext determine key by "brute force" (try all possible keys) if key is compromised, all past and future messages are compromised big problem: key distribution need a secure way to get the key to both/all parties diplomatic pouches, secret agents, doesn't work when the parties don't know each other or have no possible channel for exchanging a secret key or when want to exchange secret messages with many different parties e.g., credit card numbers on Internet

The secrecy is in the key "Il faut qu'il n'exige pas le secret, et qu'il puisse sans inconvénient tomber entre les mains de l'ennemi." (The system must not require secrecy, and it does not matter if it falls into the hands of the enemy.) Auguste Kerckhoffs, "La cryptographie militaire", Journal des sciences militaires, vol IX, pp 5-38, Jan 1883. we have to assume that the bad guys know how the encryption and decryption operate security by obscurity does not work

DES and AES Data Encryption Standard (DES) developed ~1977 by IBM, with NSA involvement widely used, though lingering concerns about trap doors 56-bit key is now much too short: can exhaustively test all keys in a few hours with comparatively cheap special-purpose hardware "triple DES" uses 3 DES encryptions to increase effective key length Advanced Encryption Standard (AES) result of an international competition run by NIST (www.nist.gov/aes) completely open: algorithms and analyses in public domain Rijndael: winning algorithm selected October 2000 approved as official US government standard 128, 192, 256-bit keys fast in both hardware and software implementations

The big problem: key distribution we need a secure way to get the key to all parties diplomatic pouches, secret agents, steganography, doesn't work when there is no channel for exchanging a secret key or when two parties don't know each other or if we need to exchange secret messages with many different parties e.g., credit card numbers on Internet

Public key cryptography fundamentally new idea Diffie & Hellman (USA, 1976); earlier in England but kept secret each person has a public key and a private key the keys are mathematically related a message encrypted with one can only be decrypted with the other public keys are published, visible to everyone private keys are secret, known only to owner Alice sends a secret message to Bob by encrypting it with Bob's public key only Bob can decrypt it, using his private key Bob sends a secret reply to Alice by encrypting it with Alice's public key only Alice can decrypt it, using her private key Eve knows Alice and Bob are talking but can t decrypt what they are saying

RSA public key cryptographic algorithm most widely used public key system invented by Ron Rivest, Adi Shamir, Len Adleman, 1977 patent expired Sept 2000, now in public domain based on (apparent) difficulty of factoring very large integers "large" >= 1024 bits ~ 300 digits public key based on product of two large (secret) primes encrypting and decrypting require knowledge of the factors slow, so usually use RSA to exchange a secret "session key" session key used for secret key encryption with AES used by SSH for secure login used by browsers for secure exchange of credit card numbers https: http with encryption SSL (Secure Sockets Layer) or TLS (Transport Layer Security) used to encrypt TCP/IP

How does RSA work? (you are not expected to remember this) choose two big primes p and q (~100 digits each) compute N = p q (~200 digits) select e, relatively prime to (p-1) (q-1) compute d such that e d = 1 mod (p-1) (q-1) public key is (e, N), private key is d to encode message m, c = m e mod N to decode message c, m = c d mod N decoding is easy if you know d, but hard if you don't: you have to figure out p-1 and q-1 so you have to figure out p and q so you have to factor N and that's too hard

A tiny example p = 17, q = 11 (primes) N = 17 11 = 187 e = 7 (relatively prime to p-1 q-1 = 16 10 = 160) d = 23 (7 23 = 161 = 1 mod 160) public key is (7, 187); private key is 23 to encode X (88 in ascii), compute 88 7 mod 187 = 11 to decrypt 11, compute 11 23 mod 187 = 88

Digital signatures can use public key cryptography for digital signatures if Alice encrypts a message with her private key and it decodes properly with her public key it had to be Alice who encoded it signature can be attached to a message Alice encrypts a message with her private key Alice encrypts the result with Bob's public key only Bob can decrypt this (with his private key) but it won't make any sense yet Bob then decrypts it with Alice's public key if it decodes properly, it had to be Alice who encrypted it originally necessary properties of digital signatures can only be done by the right person: can't be forged can't re-use a signature to sign something else signature attached to a document: signs specific contents signature can't be repudiated

Secure hashes digital signature usually done by signing a secure hash" or message digest of a document, not the document itself secure hash algorithm reduces input data to a comparatively short number such that any change to the original document produces a completely different hash can't deduce the original document from the number can't find another document that has the same hash current secure hash algorithms MD5 (Rivest, MIT): 128 bits SHA-1 (US government standard): 160 bits SHA-2 (also standard): family of 224, 256, 384, or 512 bits international competition to create a new secure hash, SHA-3 analogous to AES competition (also run by NIST) first round submissions 10/08, final round 12/10, winner announced in Oct 2012

Properties of public/private keys can't deduce the public key from the private, or vice versa can't find another encryption key that works with the decryption key keys are long enough that brute force search is infeasible nasty problems: if a key is lost, all messages and signatures are lost if a key is compromised, all messages and signatures are compromised it's hard to revoke a key it's hard to repudiate a key (and hard to distinguish that from revoking) authentication how do you know who you are talking to? is that really Alice's public key? public key infrastructure, web of trust, digital certificates

Encrypted transactions, online shopping browser says "prove that you're really Amazon" Amazon says "here's my signed certificate from a CA" encrypted with the CA's private key browser decrypts certificate with CA's public key browser generates a random key, encrypts it with Amazon's public key, sends it to Amazon browser and Amazon use AES to talk securely

Tor: The Onion Router anonymous routing through the Internet using TCP receiver can t determine the sender s address sender creates a random path through a network of Tor relays path is changed frequently each part of the path is encrypted separate encryption keys for each hop each relay only knows who gave it data and who it sends data to no relay knows the whole path messages are wrapped up with nested encryptions, one for each component of the path each relay removes one layer of encryption before passing on potentially vulnerable to some attacks traffic correlation at end points exit nodes can be blocked or monitored

Bitcoin digital currency (2009; see bitcoin.org et al) exists only in digital form: nothing physical like gold no central authority or control anonymous ownership and transfer value fluctuates wildly how are bitcoins created? how is ownership validated & transferred without double spending? block chain: shared public ledger of all transactions a transaction transfers value from one wallet to another signed digitally by the sender broadcast via peer to peer network so block chain can be updated mining confirms transactions by adding them to block chain competitive distributed consensus algorithm takes work to confirm; new bitcoins created as a reward blocks are protected by cryptographic hashing; each new one depends on previous ones

Crypto politics cryptographic techniques as weapons of war? until recently, (strong) cryptography was classified as "munitions" in USA falls under International Traffic in Arms Regulations and follow-ons export control laws prohibited export of cryptographic code though it was ok to export books and T-shirts with code and everyone else in the world had it anyway changed during 2000, but there are still restrictions does the government have the right/duty... to control cryptographic algorithms and programs? to require trapdoors, key escrow, or similar mechanisms? to prevent reverse-engineering of cryptographic devices? to prevent research in cryptographic techniques? do corporations have the right... to prevent publication of cryptographic techniques? to prevent reverse-engineering of cryptographic devices? how do we balance individual rights, property rights, & societal rights?

Summary of crypto secret/symmetric key algorithms: DES, AES key distribution problem: everyone has to have the key public key algorithms: RSA,... solves key distribution problem, but authentication is still important also permits digital signatures much slower than secret key, so used mainly for key exchange security is entirely in the key security by obscurity does not work: bad guys know everything brute force attacks work if keys are too short or easy good cryptography is hard you can't invent your own methods you can't trust secret or proprietary methods people are the weak link complicated or awkward systems will be subverted, ignored or misused social engineering attacks are effective ignorance, incompetence, misguided helpfulness if all else fails, try bribery, burglary, blackmail, brutality

Cryptography is important it protects our privacy and security access to computers email online shopping, banking, taxes electronic voting... it can restrict our rights and freedoms digital rights management: limits on what we can do with music, movies, software,... it helps good guys and bad guys alike

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback