Lecture IV : Cryptography, Fundamentals

Similar documents
Introduction to Cryptography and Security Mechanisms. Abdul Hameed

RSA. Public Key CryptoSystem

Great Theoretical Ideas in Computer Science. Lecture 27: Cryptography

Public Key Cryptography

Public Key Algorithms

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Foundations of Cryptology

Some Stuff About Crypto

OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Classical Cryptography. Thierry Sans

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Classical Encryption Techniques. CSS 322 Security and Cryptography

LECTURE 4: Cryptography

Introduction to Cryptology. Lecture 2

Cryptosystems. Truong Tuan Anh CSE-HCMUT

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Other Topics in Cryptography. Truong Tuan Anh

1-7 Attacks on Cryptosystems

Channel Coding and Cryptography Part II: Introduction to Cryptography

Lecture III : Communication Security Mechanisms

CSC 474/574 Information Systems Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography and Network Security. Sixth Edition by William Stallings

Math236 Discrete Maths with Applications

Security Models: Proofs, Protocols and Certification

Cryptographic Concepts

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security 3/23/18

Introduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu

Private-Key Encryption

CS408 Cryptography & Internet Security

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Introduction to Cryptography. In the News: Hacker exposes embassies'

LECTURE NOTES ON PUBLIC- KEY CRYPTOGRAPHY. (One-Way Functions and ElGamal System)

2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography

Cryptography and Network Security 2. Symmetric Ciphers. Lectured by Nguyễn Đức Thái

Public-key encipherment concept

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Introduction to Cryptography

L2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015

S. Erfani, ECE Dept., University of Windsor Network Security. 2.3-Cipher Block Modes of operation

Introduction to Cryptography Lecture 7

Security: Cryptography

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Introduction to Cryptography

Public-Key Cryptography

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptanalysis. Ed Crowley

Introduction to Cryptography

CPSC 467: Cryptography and Computer Security

Study Guide to Mideterm Exam

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014

Cryptography ThreeB. Ed Crowley. Fall 08

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Public Key Cryptography and RSA

CS669 Network Security

Topics. Number Theory Review. Public Key Cryptography

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

The Beta Cryptosystem

EEC-484/584 Computer Networks

Lecture 6 - Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

A nice outline of the RSA algorithm and implementation can be found at:

B) Symmetric Ciphers. B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Public-Key Cryptanalysis

Tuesday, January 17, 17. Crypto - mini lecture 1

(8) Cryptanalysis. Close-up of the rotors in a Fialka cipher machine

Cryptography Introduction to Computer Security. Chapter 8

Introduction. Cambridge University Press Mathematics of Public Key Cryptography Steven D. Galbraith Excerpt More information

Hardware Design and Software Simulation for Four Classical Cryptosystems

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX. Part 1.

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Ref:

Introduction to Cryptography Lecture 7

Computational Security, Stream and Block Cipher Functions

Lecture 6: Overview of Public-Key Cryptography and RSA

Classical Encryption Techniques

10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Chapter 9 Public Key Cryptography. WANG YANG

CSC 474/574 Information Systems Security

Outline Basics of Data Encryption CS 239 Computer Security January 24, 2005

Chapter 9. Public Key Cryptography, RSA And Key Management

ECEN 5022 Cryptography

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CRYPTOGRAPHY & DIGITAL SIGNATURE

CSCE 813 Internet Security Symmetric Cryptography

CSC/ECE 774 Advanced Network Security

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

CPSC 467b: Cryptography and Computer Security

Transcription:

Lecture IV : Cryptography, Fundamentals Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University Spring 2012

Basic Principles Kerckhoff s Principle: Internet Security - Cryptography Basics 2 A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Shannon's Maxim: Your enemy knows your system!

Internet Security - Cryptography Basics 3 Outlines Basic Concepts Information Theoretic Cryptography Computational Difficult Cryptography One Way Functions One Way Trapdoor Functions Cyptanalytic Attacks Mathematical Foundation Modular Arithmetic Finite Fields Computationally Hard Problems

Internet Security - Cryptography Basics 4 Information Theoretic Cryptography Basic Cryptography Tenet Proper application of cryptography should make it infeasible for cryptanalysis to infer plaintext and/or crypto-keys using ciphertext, known-plaintext or chosen-plaintext attacks What does it mean by infeasible? What does it mean by infer? Information Theoretic Cryptography [Shannon 1949] Infeasible means Mathematically impossible (regardless of available resources) Cryptanalyst does not have enough information to decipher Infer means Obtaining partial/probabilistic information about plaintext

Internet Security - Cryptography Basics 5 Computational Difficult Cryptography Foundation of Modern Cryptography Infeasible means Computationally infeasible with existing technology & available resources Cryptanalyst does have enough information to decipher, but may not have time, machines or energy to crack the codes Infer means Obtaining partial/probabilistic information about plaintext Computationally difficult cryptosystems are based upon One-Way Functions One-Way Functions are functions that are easy to evaluate but hard to invert x f(x)

Internet Security - Cryptography Basics 6 Outlines Basic Concepts Information Theoretic Cryptography Computational Difficult Cryptography One Way Functions One Way Trapdoor Functions Cyptanalytic Attacks Mathematical Foundation Modular Arithmetic Finite Fields Computationally Hard Problems

7 One-Way Function Spring 2012 Internet Security - Cryptography Basics Definition : A one-to-one mapping x S, y S y = f (x) of which Forward Mapping f is computationally feasible Inverse Mapping f -1 is computationally infeasible Characteristics : Cryptographically Strong / Secure Inverse Infeasibility f -1 is computationally infeasible Collision Improbability Example : Given a, b S, P ( f (a) = f (b) ) #(S)/2 Modular Exponentiation Message Digest (Cryptographically Strong Hashing)

8 Spring 2012 One-Way Trapdoor Function Internet Security - Cryptography Basics Definition : A one-to-one parameterized mapping x S, y S y = f k (x) of which Question : Forward Mapping f k is computationally feasible if k is known Inverse Mapping f k -1 is Computationally infeasible if k is unknown, but Computationally feasible if k is known Does such function ever exist? Diffie and Hellman thought so! Diffie, W. and Hellman, M.E., New Directions in Cryptography, IEEE Transaction on Information Theory 22(6):644-654, 1976.

Internet Security - Cryptography Basics 9 Outlines Basic Concepts Information Theoretic Cryptography Computational Difficult Cryptography One Way Functions One Way Trapdoor Functions Cyptanalytic Attacks Mathematical Foundation Modular Arithmetic Finite Fields Computationally Hard Problems

Attack Models When performing cryptanalytic attacks, we have to determine adversary s capability (Attack Model) and define a successful attack (Goal Model). Ciphertext-Only Attack (COA) Attackers have access only to a set of ciphertexts Known-Plaintext Attack (KPA) Attackers have samples of both the plaintext, and its encrypted version (ciphertext) Chosen-Plaintext Attack (CPA) Attackers have the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts Chosen-Ciphertext Attack (CCA) Internet Security - Cryptography Basics 10 Attackers have the capability to choose a ciphertext and obtaining its decryption under an unknown key

Internet Security - Cryptography Basics 11 Attack Goals Corresponding plaintext is deduced Part of plaintext or the whole plaintext of target ciphertext Unintended ciphertext/plaintext is generated One or more valid ciphertext/plaintext pair Users private keys are found Attackers can do anything. Also known as total break.

Example: Caesar Cipher Ciphertext-Only Attack (COA) Attacker gains one ciphertext. He can tries all 26 possible key (shift amount) to see if meaningful plaintext appears. Known-Plaintext Attack (KPA) Attacker gains several plaintext/ciphertext pair. He could easily find which one letter maps to the other. Chosen-Plaintext Attack (CPA) Attacker chooses one letter to be encrypted and retrieve the ciphertext. He could deduce the key from the ciphertext. Chosen-Ciphertext Attack (CCA) Work basically the same way since the operation is symmetric. Internet Security - Cryptography Basics 12

Ciphertext Attack Concept Internet Security - Cryptography Basics 13 Attempts to discover cipher key(s) or plaintext(s) from known ciphertext(s) Most common cipher attacks Definition Given ciphertext of N unknown plaintext under same unknown key c i = E k (m i ), i = [ 1..N ] Discover or infer key k or some subset(s) of plaintext { m i } Example Mono-alphabetic Cipher : encipher English text by mapping the alphabets to a chosen permutation { a, b, c, x, y, z } { e, r, p, h, g, m } Relatively difficult to break based on exhaustive key search (26! 1) Easy to break based on letter frequencies of English alphabets

Known Plaintext Attack Concept Internet Security - Cryptography Basics 14 Attempts to discover cipher key(s) or new plaintext(s) from known plaintext and ciphertext pairs Definition Given N pairs of known plaintext and ciphertext under same unknown key ( m i, c i = E k (m i ) ), i = [ 1..N ] Discover or infer key k or some new ciphertext-plaintext pair Example k or ( c N+1, m N+1 ) Key or plaintext discovery from special control messages Mono-alphabetic Cipher : Easy to break if known plaintext-ciphertext pairs contain all alphabets

Chosen Plaintext Attacks Concept Internet Security - Cryptography Basics 15 Attempts to discover cipher key(s) or new plaintext(s) from knowing corresponding plaintexts of chosen ciphertexts Definition Given ciphertext of N chosen plaintext under same unknown key ( m i (chosen), c i = E k (m i ) ), i = [ 1..N ] Discover or infer key k or some new ciphertext-plaintext pair Example ( c N+1, m N+1 ) Mono-alphabetic Cipher : Easy to break by having the corresponding ciphertext of plaintext abcd xyz or any sub-string of 25 alphabets Challenge-Response Attacks SSL Million Message Attack

Internet Security - Cryptography Basics 16 Outlines Basic Concepts Cyptanalytic Attacks Information Theoretic Crypto Computational Difficult Crypto One Way Functions One Way Trapdoor Functions Mathematical Foundation Modular Arithmetic Finite Fields Computationally Hard Problems

17 Spring 2012 Internet Security - Cryptography Basics Wonderful World of Modular Arithmetic Integers : = { -2, -1, 0, 1, 2, } Addition (+) Identity : z, 0 z + 0 = z Inverse : z, -z z + (-z) = 0 Multiplication (x) Identity : z, 1 z x 1 = z Inverse :? is a (commutative) ring

18 Spring 2012 Internet Security - Cryptography Basics Modular Arithmetic Addition (+) a, b, n ( a + b ) mod n remainder ( a + b ) n Ex: ( 3 + 8 ) mod 10 = 1

Modular Arithmetic Multiplication ( ) Internet Security - Cryptography Basics 19 a, b, n ( a b ) mod n remainder ( a b ) n Ex: ( 2 7 ) mod 10 = 4

Internet Security - Cryptography Basics 20 Outlines Basic Concepts Cyptanalytic Attacks Information Theoretic Crypto Computational Difficult Crypto One Way Functions One Way Trapdoor Functions Mathematical Foundation Modular Arithmetic Finite Fields Computationally Hard Problems

21 Finite Fields Spring 2012 Internet Security - Cryptography Basics Addition (+) Identity : z p, 0 p ( z + 0 ) mod p = z Inverse : z p, -z p z + (-z) = 0 Multiplication ( ) Identity : z p, 1 p z 1 = z Inverse : z p, z -1 p z z -1 = 0

22 Spring 2012 Internet Security - Cryptography Basics Finite Field, p Integer Prime-Modulo Sets : p = { 0, 1, 2, p-1 } Addition (+) Identity : z p, 0 p ( z + 0 ) mod p = z Inverse : z p, -z p z + (-z) = 0 Ex: ( 3 + 2 ) mod 5 = 0 Multiplication ( ) Identity : z p, 1 p z 1 = z Inverse : z p, z -1 p z z -1 = 1 Ex: ( 3 2 ) mod 5 = 1! p is a FINITE FIELD

Internet Security - Cryptography Basics 23 Outlines Basic Concepts Cyptanalytic Attacks Information Theoretic Crypto Computational Difficult Crypto One Way Functions One Way Trapdoor Functions Mathematical Foundation Modular Arithmetic Finite Fields Computationally Hard Problems

Internet Security - Cryptography Basics 24 Hard Problem : Discrete Logarithm Modular Exponentiation (x y ) Definition : x, y, n x y mod p remainder ( x y ) n How about Inverse? z p, p is prime, Is there y p x y mod p = z? y is known as log x z (mod p) Discrete Logarithm Inverse of Modular Exponentiation Like factoring problem, discrete logarithm problem (DLP) is believed to be difficult. Thus, modular exponentiation is regarded as a one-way function, and used as the basis of several public-key cryptosystems. Yet, nobody admitted to have proven that DLP cannot be solved quickly.

Internet Security Cryptography Basics 25 Discrete Logarithm, Properties NOT all columns contain unique results! ONLY those share no common factor with n = 10 contain unique results. α x mod n α x+n mod n α x mod n = α x+κφ(n) mod n

NP-Intermediate Problems Internet Security - Cryptography Basics 26 It s a problem in NP but not known to be in P or NP-complete If P NP then there exist problems in NP that are neither P nor NPcomplete. These problems are called NP-intermediate problems. - Ladner Examples: Graph Isomorphism Discrete Logarithm Integer Factorization

Best Algorithms Internet Security - Cryptography Basics 27 Both integer factoring and discrete logarithm can be solved by sub-exponential algorithms Integer Factoring General_number_field_sieve: http://en.wikipedia.org/wiki/general_number_field_sieve L n [1/3, (64/9) 1/3 ]= L n [1/3, 1.92299943...] Special_number_field_sieve: http://en.wikipedia.org/wiki/special_number_field_sieve L n [1/3, (32/9) 1/3 ]=L n [1/3, 1.52628566...] Discrete Logarithms Index_calculus_algorithm: http://en.wikipedia.org/wiki/index_calculus_algorithm L 2 m[1/3,c] 0<c<1.587 for F * 2m, let n=2m

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback