Cmsc 414 computer and network security lecture 2
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

CMSC 414 Computer and Network Security Lecture 2 PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on
  • Presentation posted in: General

CMSC 414 Computer and Network Security Lecture 2. Jonathan Katz. JCE tutorial. In class next Tuesday. A high-level survey of cryptography. Caveat. Everything I present will be (relatively) informal I may simplify, but I will try not to say anything that is an outright lie…

Download Presentation

CMSC 414 Computer and Network Security Lecture 2

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cmsc 414 computer and network security lecture 2

CMSC 414Computer and Network SecurityLecture 2

Jonathan Katz


Jce tutorial

JCE tutorial

  • In class next Tuesday


Cmsc 414 computer and network security lecture 2

A high-level survey of

cryptography


Caveat

Caveat

  • Everything I present will be (relatively) informal

    • I may simplify, but I will try not to say anything that is an outright lie…

  • Cryptography is about precise definitions, formal models, and rigorous proofs of security (which we will not cover here)

    • For more details, take CMSC 456 with me (or read my book)!


Goals of cryptography

Goals of cryptography

  • Crypto deals primarily with three goals:

    • Confidentiality

    • Integrity (of data)

    • Authentication (of resources, people, systems)

  • Other goals also considered

    • E.g., non-repudiation

    • E-cash (e.g., double spending)

    • General secure multi-party computation

    • Anonymity


Private vs public key settings

Private- vs. public-key settings

  • For the basic goals of confidentiality and integrity, there are two settings:

    • Private-key / shared-key / symmetric-key / secret-key

    • Public-key

  • The private-key setting is the “classical” one (thousands of years old)

  • The public-key setting dates to the 1970s


Private key cryptography

Private-key cryptography

  • The communicating parties share some information that is random and secret

    • This shared information is called a key

    • Key is not known to an attacker

    • This key must be shared (somehow) in advance of their communication


To emphasize

To emphasize

  • Alice and Bob share a key K

    • Must be shared securely

    • Must be completely random

    • Must be kept completely secret from attacker

  • We don’t discuss (for now) how they do this

    • You can imagine they meet on a dark street corner and Alice hands a USB device (with a key on it) to Bob


Private key cryptography1

Private-key cryptography

  • For confidentiality:

    • Private-key (symmetric-key) encryption

  • For data integrity:

    • Message authentication codes

    • (archaic: cryptographic checksums)


Canonical applications

Canonical applications

  • Two (or more) distinct parties communicating over an insecure network

    • E.g., secure communication

  • A single party who is communicating “with itself” over time

    • E.g., secure storage


Cmsc 414 computer and network security lecture 2

Bob

Bob

Alice

Alice

K

K

K

shared info

K


Cmsc 414 computer and network security lecture 2

Bob

Bob

K

K


Security

Security?

  • We will specify the exact threat model being addressed

  • We will also specify the security guarantees that are ensured, within this threat model

    • Here: informally; CMSC 456: formally

  • Crucial to understand these issues before crypto can be successfully deployed!

    • Make sure the stated threat model matches your application

    • Make sure the security guarantees are what you need


Security through obscurity

Security through obscurity?

  • Always assume that the full details of crypto protocols and algorithms are public

    • Known as Kerckhoffs’ principle

    • Only secret information is a key

  • “Security through obscurity” is a bad idea…

    • True in general; even more true in the case of cryptography

    • Home-brewed solutions are BAD!

    • Standardized, widely-accepted solutions are GOOD!


Cmsc 414 computer and network security lecture 2

Private-key encryption


Functional definition

Functional definition

  • Encryption algorithm:

    • Takes a key and a message (plaintext), and outputs a ciphertext

    • c  EK(m)

  • Decryption algorithm:

    • Takes a key and a ciphertext, and outputs a message (or perhaps an error)

    • m = DK(c)

  • Correctness: for all K, we have DK(EK(m)) = m

  • We have not yet said anything about security…


Cmsc 414 computer and network security lecture 2

Bob

Bob

Alice

Alice

K

K

K

shared info

K

c

cEK(m)

m=DK(c)


A classic example shift cipher

A classic example: shift cipher

  • Assume the English uppercase alphabet (no lowercase, punctuation, etc.)

    • View letters as numbers in {0, …, 25}

  • The key is a random letter of the alphabet

  • Encryption done by addition modulo 26

  • Is this secure?

    • Exhaustive key search

    • Automated determination of the key


Another example substitution cipher

Another example: substitution cipher

  • The key is a random permutation of the alphabet

    • Note: key space is huge!

  • Encryption done in the natural way

  • Is this secure?

    • Frequency analysis

  • A large key space is necessary, but not sufficient, for security


Another example vigenere cipher

Another example: Vigenere cipher

  • More complicated version of shift cipher

  • Believed to be secure for over 100 years

  • Is it secure?

    • Index of coincidence method


Moral of the story

Moral of the story?

  • Don’t use “simple” schemes

  • Don’t use schemes that you design yourself

    • Use schemes that other people have already designed and analyzed…


A fundamental problem

A fundamental problem

  • A fundamental problem with “classical” cryptography is that no definition of security was ever specified

    • It was not even clear what it would mean for an encryption scheme to be “secure”

  • As a consequence, proving security was not even an option

    • So how can you know when something is secure?


Defining security

Defining security?

  • What is a good definition?


Security goals

Security goals?

  • Adversary unable to recover the key

    • Necessary, but meaningless on its own…

  • Adversary unable to recover entire plaintext

    • Good, but is it enough?

  • Adversary unable to determine any information at all about the plaintext

    • Formalize?

    • Sounds great!

    • Can we achieve it?


Cmsc 414 computer and network security lecture 2

Note

  • Even given our definition, we need to consider the threat model

    • Multiple messages or a single message?

    • Passive/active adversary?

    • Chosen-plaintext attacks?


Cmsc 414 computer and network security lecture 2

Next time: the one-time pad;

its limitations;

overcoming these limitations


  • Login