Why computer security
1 / 105

Why Computer Security - PowerPoint PPT Presentation

  • Updated On :

Why Computer Security. The past decade has seen an explosion in the concern for the security of information Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003 and $67 billion in 2006! Security specialists markets are expanding !

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Why Computer Security' - jihan

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Why computer security l.jpg
Why Computer Security

  • The past decade has seen an explosion in the concern for the security of information

    • Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003 and $67 billion in 2006!

  • Security specialists markets are expanding !

    • “Salary Premiums for Security Certifications Increasing” (Computerworld 2007)

      • Up to 15% more salary

      • Demand is being driven not only by compliance and government regulation, but also by customers who are "demanding more security" from companies

    • US Struggles to recruit compute security experts (Washington Post Dec. 23 2009)


Why computer security cont d l.jpg
Why Computer Security (cont’d)

  • Internet attacks are increasing in frequency, severity and sophistication

    • The number of scans, probes, and attacks reported to the DHS has increased by more than 300 percent from 2006 to 2008.

    • Karen Evans, the Bush administration's information technology (IT) administrator, points out that most federal IT managers do not know what advanced skills are required to counter cyberattacks.


Why computer security cont d3 l.jpg
Why Computer Security (cont’d)

  • Virus and worms faster and powerful

    • Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007.

    • Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss

    • Slammer (2003): 15 minutes infected > 75K machines - $1 billion loss

  • Spams, phishing …

  • New Internet security landscape emerging: BOTNETS !

    • Conficker/Downadup (2008): infected > 10M machines

      • MSFT offering $250K reward


Outline l.jpg

  • History of Security and Definitions

  • Overview of Cryptography

  • Symmetric Cipher

    • Classical Symmetric Cipher

    • Modern Symmetric Ciphers (DES and AES)

  • Asymmetric Cipher

  • One-way Hash Functions and Message Digest


The history of computing l.jpg
The History of Computing

  • For a long time, security was largely ignored in the community

    • The computer industry was in “survival mode”, struggling to overcome technological and economic hurdles

    • As a result, a lot of comers were cut and many compromises made

    • There was lots of theory, and even examples of systems built with very good security, but were largely ignored or unsuccessful

      • E.g., ADA language vs. C (powerful and easy to use)


Computing today is very different l.jpg
Computing Today is Very Different

  • Computers today are far from “survival mode”

    • Performance is abundant and the cost is very cheap

    • As a result, computers now ubiquitous at every facet of society

  • Internet

    • Computers are all connected and interdependent

    • This codependency magnifies the effects of any failures


Biological analogy l.jpg
Biological Analogy

  • Computing today is very homogeneous.

    • A single architecture and a handful of OS dominates

  • In biology, homogeneous populations are in danger

    • A single disease or virus can wipe them out overnight because they all share the same weakness

    • The disease only needs a vector to travel among hosts

  • Computers are like the animals, the Internet provides the vector.

    • It is like having only one kind of cow in the world, and having them drink from one single pool of water!


The flash worm l.jpg
The Flash Worm

  • Slammer worm infected 75,000 machines in <15 minutes

  • A properly designed worm, flash worm, can take less than 1 second to compromise 1 million vulnerable machines in the Internet

    • The Top Speed of Flash Worms. S. Staniford, D. Moore, V. Paxson and N. Weaver, ACM WORM Workshop 2004.

    • Exploit many vectors such as P2P file sharing, intelligent scanning, hitlists, etc.


The definition of computer security l.jpg
The Definition of Computer Security

  • Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable

  • Security rests on confidentiality, authenticity, integrity, and availability


The basic components l.jpg
The Basic Components

  • Confidentiality is the concealment of information or resources.

    • E.g., only sender, intended receiver should “understand” message contents

  • Authenticity is the identification and assurance of the origin of information.

  • Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.

  • Availability refers to the ability to use the information or resource desired.


Security threats and attacks l.jpg
Security Threats and Attacks

  • A threat/vulnerability is a potential violation of security.

    • Flaws in design, implementation, and operation.

  • An attack is any action that violates security.

    • Active adversary

  • An attack has an implicit concept of “intent”

    • Router mis-configuration or server crash can also cause loss of availability, but they are not attacks


Friends and enemies alice bob trudy l.jpg
Friends and enemies: Alice, Bob, Trudy

  • well-known in network security world

  • Bob, Alice (lovers!) want to communicate “securely”

  • Trudy (intruder) may intercept, delete, add messages



data, control messages










Eavesdropping message interception attack on confidentiality l.jpg
Eavesdropping - Message Interception (Attack on Confidentiality)

  • Unauthorized access to information

  • Packet sniffers and wiretappers

  • Illicit copying of files and programs





Integrity attack tampering with messages l.jpg
Integrity Attack - Tampering With Messages Confidentiality)

  • Stop the flow of the message

  • Delay and optionally modify the message

  • Release the message again





Authenticity attack fabrication l.jpg
Authenticity Attack - Fabrication Confidentiality)

  • Unauthorized assumption of other’s identity

  • Generate and distribute objects under this identity



Masquerader: from A


Attack on availability l.jpg

B Confidentiality)


Attack on Availability

  • Destroy hardware (cutting fiber) or software

  • Modify software in a subtle way (alias commands)

  • Corrupt packets in transit

  • Blatant denial of service (DoS):

    • Crashing the server

    • Overwhelm the server (use up its resource)


Classify security attacks as l.jpg
Classify Security Attacks as Confidentiality)

  • Passive attacks - eavesdropping on, or monitoring of, transmissions to:

    • obtain message contents, or

    • monitor traffic flows

  • Active attacks – modification of data stream to:

    • masquerade of one entity as some other

    • replay previous messages

    • modify messages in transit

    • denial of service


Group exercise l.jpg
Group Exercise Confidentiality)

Please classify each of the following as a violation of confidentiality, integrity, availability, authenticity, or some combination of these

  • John copies Mary’s homework.

  • Paul crashes Linda’s system.

  • Gina forges Roger’s signature on a deed.


Outline20 l.jpg
Outline Confidentiality)

  • Overview of Cryptography

  • Symmetric Cipher

    • Classical Symmetric Cipher

    • Modern Symmetric Ciphers (DES and AES)

  • Asymmetric Cipher

  • One-way Hash Functions and Message Digest


Basic terminology l.jpg
Basic Terminology Confidentiality)

  • plaintext - the original message

  • ciphertext - the coded message

  • cipher - algorithm for transforming plaintext to ciphertext

  • key - info used in cipher known only to sender/receiver

  • encipher (encrypt) - converting plaintext to ciphertext

  • decipher (decrypt) - recovering ciphertext from plaintext

  • cryptography - study of encryption principles/methods

  • cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key

  • cryptology - the field of both cryptography and cryptanalysis


Classification of cryptography l.jpg
Classification of Cryptography Confidentiality)

  • Number of keys used

    • Hash functions: no key

    • Secret key cryptography: one key

    • Public key cryptography: two keys - public, private

  • Type of encryption operations used

    • substitution / transposition / product

  • Way in which plaintext is processed

    • block / stream


Secret key vs secret algorithm l.jpg
Secret Key vs. Secret Algorithm Confidentiality)

  • Secret algorithm: additional hurdle

  • Hard to keep secret if used widely:

    • Reverse engineering, social engineering

  • Commercial: published

    • Wide review, trust

  • Military: avoid giving enemy good ideas


Unconditional vs computational security l.jpg
Unconditional vs. Computational Security Confidentiality)

  • Unconditional security

    • No matter how much computer power is available, the cipher cannot be broken

    • The ciphertext provides insufficient information to uniquely determine the corresponding plaintext

  • Computational security

    • The cost of breaking the cipher exceeds the value of the encrypted info

    • The time required to break the cipher exceeds the useful lifetime of the info


Brute force search l.jpg
Brute Force Search Confidentiality)

  • Always possible to simply try every key

  • Most basic attack, proportional to key size

  • Assume either know / recognise plaintext


Outline26 l.jpg
Outline Confidentiality)

  • Overview of Cryptography

  • Classical Symmetric Cipher

    • Substitution Cipher

    • Transposition Cipher

  • Modern Symmetric Ciphers (DES and AES)

  • Asymmetric Cipher

  • One-way Hash Functions and Message Digest


Symmetric cipher model l.jpg
Symmetric Cipher Model Confidentiality)


Requirements l.jpg
Requirements Confidentiality)

  • Two requirements for secure use of symmetric encryption:

    • a strong encryption algorithm

    • a secret key known only to sender / receiver

      Y = EK(X)

      X = DK(Y)

  • Assume encryption algorithm is known

  • Implies a secure channel to distribute key


Classical substitution ciphers l.jpg
Classical Substitution Ciphers Confidentiality)

  • Letters of plaintext are replaced by other letters or by numbers or symbols

  • Plaintext is viewed as a sequence of bits, then substitution replaces plaintext bit patterns with ciphertext bit patterns


Caesar cipher l.jpg
Caesar Cipher Confidentiality)

  • Earliest known substitution cipher

  • Replaces each letter by 3rd letter on

  • Example:

    meet me after the toga party



Caesar cipher31 l.jpg
Caesar Cipher Confidentiality)

  • Define transformation as:

    a b c d e f g h i j k l m n o p q r s t u v w x y z

    D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

  • Mathematically give each letter a number

    a b c d e f g h i j k l m

    0 1 2 3 4 5 6 7 8 9 10 11 12

    n o p q r s t u v w x y Z

    13 14 15 16 17 18 19 20 21 22 23 24 25

  • Then have Caesar cipher as:

    C = E(p) = (p + k) mod (26)

    p = D(C) = (C – k) mod (26)


Cryptanalysis of caesar cipher l.jpg
Cryptanalysis of Caesar Cipher Confidentiality)

  • Only have 25 possible ciphers

    • A maps to B,..Z

  • Given ciphertext, just try all shifts of letters

  • Do need to recognize when have plaintext

  • E.g., break ciphertext "GCUA VQ DTGCM“

  • How to make it harder?


Monoalphabetic cipher l.jpg
Monoalphabetic Cipher Confidentiality)

  • Rather than just shifting the alphabet

  • Could shuffle (jumble) the letters arbitrarily

  • Each plaintext letter maps to a different random ciphertext letter

  • Key is 26 letters long

    Plain: abcdefghijklmnopqrstuvwxyz


    Plaintext: ifwewishtoreplaceletters



Monoalphabetic cipher security l.jpg
Monoalphabetic Cipher Security Confidentiality)

  • Now have a total of 26! = 4 x 1026 keys

  • Is that secure?

  • Problem is language characteristics

    • Human languages are redundant

    • Letters are not equally commonly used


English letter frequencies l.jpg
English Letter Frequencies Confidentiality)

Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies.


Example cryptanalysis l.jpg
Example Cryptanalysis Confidentiality)

  • Given ciphertext:




  • Count relative letter frequencies (see text)

  • Guess P & Z are e and t

  • Guess ZW is th and hence ZWP is the

  • Proceeding with trial and error finally get:

    it was disclosed yesterday that several informal but

    direct contacts have been made with political

    representatives of the viet cong in moscow


Transposition ciphers l.jpg
Transposition Ciphers Confidentiality)

  • Now consider classical transposition or permutation ciphers

  • These hide the message by rearranging the letter order, without altering the actual letters used

  • Any shortcut for breaking it?

  • Can recognise these since have the same frequency distribution as the original text


Rail fence cipher l.jpg
Rail Fence Cipher Confidentiality)

  • Write message letters out diagonally over a number of rows

  • Then read off cipher row by row

  • E.g., write message out as:

    m e m a t r h t g p r y

    e t e f e t e o a a t

  • Giving ciphertext



Product ciphers l.jpg
Product Ciphers Confidentiality)

  • Ciphers using substitutions or transpositions are not secure because of language characteristics

  • Hence consider using several ciphers in succession to make harder, but:

    • Two substitutions make another substitution

    • Two transpositions make a more complex transposition

    • But a substitution followed by a transposition makes a new much harder cipher

  • This is bridge from classical to modern ciphers


Outline40 l.jpg
Outline Confidentiality)

  • Overview of Cryptography

  • Classical Symmetric Cipher

  • Modern Symmetric Ciphers (DES/AES)

  • Asymmetric Cipher

  • One-way Hash Functions and Message Digest


Block vs stream ciphers l.jpg
Block vs Stream Ciphers Confidentiality)

  • Block ciphers process messages in into blocks, each of which is then en/decrypted

  • Like a substitution on very big characters

    • 64-bits or more

  • Stream ciphers process messages a bit or byte at a time when en/decrypting

  • Many current ciphers are block ciphers, one of the most widely used types of cryptographic algorithms


Block cipher principles l.jpg
Block Cipher Principles Confidentiality)

  • Most symmetric block ciphers are based on a Feistel Cipher Structure

  • Block ciphers look like an extremely large substitution

  • Would need table of 264 entries for a 64-bit block

  • Instead create from smaller building blocks

  • Using idea of a product cipher


Ideal block cipher l.jpg
Ideal Block Cipher Confidentiality)


Feistel cipher structure l.jpg
Feistel Cipher Structure Confidentiality)

  • Process through multiple rounds which

    • partitions input block into two halves

    • perform a substitution on left data half

    • based on round function of right half & subkey

    • then have permutation swapping halves


Feistel cipher decryption l.jpg
Feistel Cipher Decryption Confidentiality)


Des data encryption standard l.jpg
DES (Data Encryption Standard) Confidentiality)

  • Published in 1977, standardized in 1979.

  • Key: 64 bit quantity=8-bit parity+56-bit key

    • Every 8th bit is a parity bit.

  • 64 bit input, 64 bit output.

64 bit M

64 bit C



56 bits


Des top view l.jpg
DES Top View Confidentiality)

56-bit Key

64-bit Input

48-bit K1

Generate keys


Initial Permutation

48-bit K1

Round 1

48-bit K2

Round 2


48-bit K16

Round 16

Swap 32-bit halves


Final Permutation


64-bit Output


Des summary l.jpg
DES Summary Confidentiality)

  • Simple, easy to implement:

    • Hardware/gigabits/second, software/megabits/second

  • 56-bit key DES may be acceptable for non-critical applications but triple DES (DES3) should be secure for most applications today

  • Supports several operation modes (ECB CBC, OFB, CFB) for different applications


Avalanche effect l.jpg
Avalanche Effect Confidentiality)

  • Key desirable property of encryption alg

  • Where a change of one input or key bit results in changing more than half output bits

  • DES exhibits strong avalanche


Strength of des key size l.jpg
Strength of DES – Key Size Confidentiality)

  • 56-bit keys have 256 = 7.2 x 1016 values

  • Brute force search looks hard

  • Recent advances have shown is possible

    • in 1997 on a huge cluster of computers over the Internet in a few months

    • in 1998 on dedicated hardware called “DES cracker” by EFF in a few days ($220,000)

    • in 1999 above combined in 22hrs!

  • Still must be able to recognize plaintext

  • No big flaw for DES algorithms


Des replacement l.jpg
DES Replacement Confidentiality)

  • Triple-DES (3DES)

    • 168-bit key, no brute force attacks

    • Underlying encryption algorithm the same, no effective analytic attacks

    • Drawbacks

      • Performance: no efficient software codes for DES/3DES

      • Efficiency/security: bigger block size desirable

  • Advanced Encryption Standards (AES)

    • US NIST issued call for ciphers in 1997

    • AES was selected in Oct-2000


Slide52 l.jpg
AES Confidentiality)

  • Private key symmetric block cipher

  • 128-bit data, 128/192/256-bit keys

  • Stronger & faster than Triple-DES

  • Provide full specification & design details

  • Evaluation criteria

    • Security: effort to practically cryptanalysis

    • Cost: computational efficiency and memory requirement

    • Algorithm & implementation characteristics: flexibility to apps, hardware/software suitability, simplicity


Aes shortlist l.jpg
AES Shortlist Confidentiality)

  • After testing and evaluation, shortlist in Aug-99:

    • MARS (IBM) - complex, fast, high security margin

    • RC6 (USA) - v. simple, v. fast, low security margin

    • Rijndael (Belgium) - clean, fast, good security margin

    • Serpent (Euro) - slow, clean, v. high security margin

    • Twofish (USA) - complex, v. fast, high security margin

  • Then subject to further analysis & comment


Outlines l.jpg
Outlines Confidentiality)

  • Symmetric Cipher

    • Classical Symmetric Cipher

    • Modern Symmetric Ciphers (DES and AES)

  • Asymmetric Cipher

  • One-way Hash Functions and Message Digest


Private key cryptography l.jpg
Private-Key Cryptography Confidentiality)

  • Private/secret/single key cryptography uses one key

  • Shared by both sender and receiver

  • If this key is disclosed communications are compromised

  • Also is symmetric, parties are equal

  • Hence does not protect sender from receiver forging a message & claiming is sent by sender


Public key cryptography l.jpg
Public-Key Cryptography Confidentiality)

  • Probably most significant advance in the 3000 year history of cryptography

  • Uses two keys – a public & a private key

  • Asymmetric since parties are not equal

  • Uses clever application of number theoretic concepts to function

  • Complements rather than replaces private key crypto


Public key cryptography57 l.jpg
Public-Key Cryptography Confidentiality)

  • Public-key/two-key/asymmetric cryptography involves the use of two keys:

    • a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures

    • a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

  • Asymmetric because

    • those who encrypt messages or verify signatures cannot decrypt messages or create signatures


Public key cryptography58 l.jpg
Public-Key Cryptography Confidentiality)


Public key characteristics l.jpg
Public-Key Characteristics Confidentiality)

  • Public-Key algorithms rely on two keys with the characteristics that it is:

    • computationally infeasible to find decryption key knowing only algorithm & encryption key

    • computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known

    • either of the two related keys can be used for encryption, with the other used for decryption (in some schemes)

  • Analogy to delivery w/ a padlocked box


Public key cryptosystems l.jpg
Public-Key Cryptosystems Confidentiality)

  • Two major applications:

    • encryption/decryption (provide secrecy)

    • digital signatures (provide authentication)


Rsa rivest shamir adleman l.jpg
RSA (Rivest, Shamir, Adleman) Confidentiality)

  • The most popular one.

  • Support both public key encryption and digital signature.

  • Assumption/theoretical basis:

    • Factoring a big number is hard.

  • Variable key length (usually 1024 bits).

  • Plaintext block size.

    • Plaintext must be “less or equal” than the key.

    • Ciphertext block size is the same as the key length.


What is rsa l.jpg
What Is RSA? Confidentiality)

  • To generate key pair:

    • Pick large primes (>= 512 bits each) p and q

    • Let n = p*q, keep your p and q to yourself!

    • For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = <e,n>

    • For private key, find d that is the multiplicative inverse of e mod ø(n),i.e., e*d = 1 mod ø(n), let priv = <d,n>


Rsa example l.jpg
RSA Example Confidentiality)

  • Select primes: p=17 & q=11

  • Computen = pq =17×11=187

  • Computeø(n)=(p–1)(q-1)=16×10=160

  • Select e : gcd(e,160)=1; choose e=7

  • Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1

  • Publish public key KU={7,187}

  • Keep secret private key KR={23,17,11}


How does rsa work l.jpg
How Does RSA Work? Confidentiality)

  • Given pub = <e, n> and priv = <d, n>

    • encryption: c = me mod n, m < n

    • decryption: m = cd mod n

    • signature: s = md mod n, m < n

    • verification: m = se mod n

  • given message M = 88 (nb. 88<187)

  • encryption:

    C = 887 mod 187 = 11

  • decryption:

    M = 1123 mod 187 = 88


Is rsa secure l.jpg
Is RSA Secure? Confidentiality)

  • Factoring 1024-bit number is very hard!

  • But if you can factor big number n then given public key <e,n>, you can find d, hence the private key by:

    • Knowing factors p, q, such that, n= p*q

    • Then ø(n) =(p-1)(q-1)

    • Then d such that e*d = 1 mod ø(n)

  • Threat

    • Moore’s law

    • Refinement of factorizing algorithms

  • For the near future, a key of 1024 or 2048 bits needed


Symmetric des vs public key rsa l.jpg
Symmetric (DES) vs. Public Key (RSA) Confidentiality)

  • Exponentiation of RSA is expensive !

  • AES and DES are much faster

    • 100 times faster in software

    • 1,000 to 10,000 times faster in hardware

  • RSA often used in combination in AES and DES

    • Pass the session key with RSA


Outline67 l.jpg
Outline Confidentiality)

  • History of Security and Definitions

  • Overview of Cryptography

  • Symmetric Cipher

    • Classical Symmetric Cipher

    • Modern Symmetric Ciphers (DES and AES)

  • Asymmetric Cipher

  • One-way Hash Functions and Message Digest


Confidentiality authenticity l.jpg
Confidentiality => Authenticity ? Confidentiality)

  • Symmetric cipher ?

    • Shared key problem

    • Plaintext has to be intelligible/understandable

  • Asymmetric cipher?

    • Too expensive

    • Plaintext has to be intelligible/understandable

    • Desirable to cipher on a much smaller size of data which uniquely represents the long message


Hash functions l.jpg
Hash Functions Confidentiality)

  • Condenses arbitrary message to fixed size

    h = H(M)

  • Usually assume that the hash function is public and not keyed

  • Hash used to detect changes to message

  • Can use in various ways with message

  • Most often to create a digital signature


Requirements for hash functions l.jpg
Requirements for Hash Functions Confidentiality)

  • Can be applied to any sized message M

  • Produces fixed-length output h

  • Is easy to compute h=H(M) for any message M

  • Given h is infeasible to find x s.t. H(x)=h

    • One-way property

  • Given x is infeasible to find y s.t. H(y)=H(x)

    • Weak collision resistance

  • Is infeasible to find any x,y s.t. H(y)=H(x)

    • Strong collision resistance


Birthday problem l.jpg
Birthday Problem Confidentiality)

  • How many people do you need so that the probability of having two of them share the same birthday is > 50% ?

  • Random sample of n birthdays (input) taken from k (365, output)

  • kn total number of possibilities

  • (k)n=k(k-1)…(k-n+1) possibilities without duplicate birthday

  • Probability of no repetition:

    • p = (k)n/kn 1 - n(n-1)/2k

  • For k=366, minimum n = 23

  • n(n-1)/2 pairs, each pair has a probability 1/k of having the same output

  • n(n-1)/2k > 50%  n>k1/2


How many bits for hash l.jpg
How Many Bits for Hash? Confidentiality)

  • m bits, takes 2m/2 to find two with the same hash

  • 64 bits, takes 232 messages to search (doable)

  • Need at least 128 bits


General structure of secure hash code l.jpg
General Structure of Secure Hash Code Confidentiality)

  • Iterative compression function

    • Each f is collision-resistant, so is the resulting hashing


Md5 message digest version 5 l.jpg
MD5: Message Digest Version 5 Confidentiality)

input Message

Output 128 bits Digest

  • Until recently the most widely used hash algorithm

    • in recent times have both brute-force & cryptanalytic concerns

  • Specified as Internet standard RFC1321


Md5 overview l.jpg
MD5 Overview Confidentiality)


Md5 overview77 l.jpg
MD5 Overview Confidentiality)

  • Pad message so its length is 448 mod 512

  • Append a 64-bit original length value to message

  • Initialise 4-word (128-bit) MD buffer (A,B,C,D)

  • Process message in 16-word (512-bit) blocks:

    • Using 4 rounds of 16 bit operations on message block & buffer

    • Add output to buffer input to form new buffer value

  • Output hash value is the final buffer value


Processing of block m i 4 passes l.jpg
Processing of Block Confidentiality)mi - 4 Passes















MD i+1


Secure hash algorithm l.jpg
Secure Hash Algorithm Confidentiality)

  • SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST, 1993

  • Input message must be < 264 bits

    • not really a problem

  • Message is processed in 512-bit blocks sequentially

  • Message digest is 160 bits


Sha 1 verses md5 l.jpg
SHA-1 verses MD5 Confidentiality)

  • Brute force attack is harder (160 vs 128 bits for MD5)

  • A little slower than MD5 (80 vs 64 steps)

    • Both work well on a 32-bit architecture

  • Both designed as simple and compact for implementation

  • Cryptanalytic attacks

    • MD4/5: vulnerability discovered since its design

    • SHA-1: no until recent 2005 results raised concerns on its use in future applications


Revised secure hash standard l.jpg
Revised Secure Hash Standard Confidentiality)

  • NIST have issued a revision in 2002

  • Adds 3 additional hash algorithms

  • SHA-256, SHA-384, SHA-512

    • Collectively called SHA-2

  • Designed for compatibility with increased security provided by the AES cipher

  • Structure & detail are similar to SHA-1

  • Hence analysis should be similar, but security levels are rather higher


Backup slides l.jpg

Backup Slides Confidentiality)


Cryptanalysis scheme l.jpg
Cryptanalysis Scheme Confidentiality)

Ciphertext only:

Exhaustive search until “recognizable plaintext”

Need enough ciphertext

Known plaintext:

Secret may be revealed (by spy, time), thus <ciphertext, plaintext> pair is obtained

Great for monoalphabetic ciphers

Chosen plaintext:

Choose text, get encrypted

Pick patterns to reveal the structure of the key


One time pad l.jpg
One-Time Pad Confidentiality)

  • If a truly random key as long as the message is used, the cipher will be secure - One-Time pad

  • E.g., a random sequence of 0’s and 1’s XORed to plaintext, no repetition of keys

  • Unbreakable since ciphertext bears no statistical relationship to the plaintext

  • For any plaintext, it needs a random key of the same length

    • Hard to generate large amount of keys

  • Have problem of safe distribution of key


Rotor machines l.jpg
Rotor Machines Confidentiality)

  • Before modern ciphers, rotor machines were most common complex ciphers in use

  • Widely used in WW2

    • German Enigma, Allied Hagelin, Japanese Purple

  • Implemented a very complex, varying substitution cipher


Substitution permutation ciphers l.jpg
Substitution-Permutation Ciphers Confidentiality)

  • Substitution-permutation (S-P) networks [Shannon, 1949]

    • modern substitution-transposition product cipher

  • These form the basis of modern block ciphers

  • S-P networks are based on the two primitive cryptographic operations

    • substitution (S-box)

    • permutation (P-box)

  • provide confusion and diffusion of message


Confusion and diffusion l.jpg
Confusion and Diffusion Confidentiality)

  • Cipher needs to completely obscure statistical properties of original message

  • A one-time pad does this

  • More practically Shannon suggested S-P networks to obtain:

  • Diffusion – dissipates statistical structure of plaintext over bulk of ciphertext

  • Confusion – makes relationship between ciphertext and key as complex as possible


Bit permutation 1 to 1 l.jpg
Bit Permutation (1-to-1) Confidentiality)

1 2 3 4 32


0 0 1 0 1


1 bit



1 0 1 1 1

22 6 13 32 3


Per round key generation l.jpg
Per-Round Key Generation Confidentiality)

Initial Permutation of DES key

C i-1

D i-1

28 bits

28 bits

Circular Left Shift

Circular Left Shift



Round 1,2,9,16:

single shift

Others: two bits


with Discard

48 bits


C i

D i

28 bits

28 bits


A des round l.jpg
A DES Round Confidentiality)

32 bits Ln

32 bits Rn


One Round


48 bits



48 bits




32 bits

32 bits Ln+1

32 bits Rn+1


Mangler function l.jpg

6 Confidentiality)

















































Mangler Function

The permutation produces “spread” among the chunks/S-boxes!


Slide92 l.jpg

Bits Expansion (1-to-m) Confidentiality)

1 2 3 4 5 32



0 0 1 0 1 1



10 0 1 0 1 0 110

1 2 3 4 5 6 7 8 48


S box substitute and shrink l.jpg

2 bits Confidentiality)














4 bits


= 1,…8.


S-Box (Substitute and Shrink)

  • 48 bits ==> 32 bits. (8*6 ==> 8*4)

  • 2 bits used to select amongst 4 substitutions for the rest of the 4-bit quantity


S box examples l.jpg
S-Box Examples Confidentiality)

Each row and column contain different numbers.

0 1 2 3 4 5 6 7 8 9…. 15

0 14 4 13 1 2 15 11 8 3

1 0 15 7 4 14 2 13 1 10

2 4 1 14 8 13 6 2 11 15

3 15 12 8 2 4 9 1 7 5

Example: input: 100110 output: ???


Padding twist l.jpg
Padding Twist Confidentiality)

  • Given original message M, add padding bits “10*” such that resulting length is 64 bits less than a multiple of 512 bits.

  • Append (original length in bits mod 264), represented in 64 bits to the padded message

  • Final message is chopped 512 bits a block


Why does rsa work l.jpg
Why Does RSA Work? Confidentiality)

Given pub = <e, n> and priv = <d, n>

n =p*q, ø(n) =(p-1)(q-1)

e*d = 1 mod ø(n)

xed = x mod n

encryption: c = me mod n

decryption: m = cd mod n = med mod n = m mod n = m (since m < n)

digital signature (similar)


Using hash for authentication l.jpg
Using Hash for Authentication Confidentiality)

Assuming share a key KAB

  • Alice to Bob: challenge rA

  • Bob to Alice: MD(KAB|rA)

  • Bob to Alice: rB

  • Alice to Bob: MD(KAB|rB)

  • Only need to compare MD results


Using hash to encrypt l.jpg
Using Hash to Encrypt Confidentiality)

One-time pad with KAB

Compute bit streams using MD, and K

b1=MD(KAB), bi=MD(KAB|bi-1), …

 with message blocks

Is this a real one-time pad ?

Add a random 64 bit number (aka IV) b1=MD(KAB|IV), bi=MD(KAB|bi-1), …


Md5 process l.jpg
MD5 Process Confidentiality)

  • As many stages as the number of 512-bit blocks in the final padded message

  • Digest: 4 32-bit words: MD=A|B|C|D

  • Every message block contains 16 32-bit words: m0|m1|m2…|m15

    • Digest MD0 initialized to: A=01234567,B=89abcdef,C=fedcba98, D=76543210

    • Every stage consists of 4 passes over the message block, each modifying MD

  • Each block 4 rounds, each round 16 steps


Different passes l.jpg
Different Passes... Confidentiality)

Each step i (1 <= i <= 64):

  • Input:

    • mi – a 32-bit word from the message

      With different shift every round

    • Ti – int(232 * abs(sin(i)))

      Provided a randomized set of 32-bit patterns, which eliminate any regularities in the input data

    • ABCD: current MD

  • Output:

    • ABCD: new MD


Md5 compression function l.jpg
MD5 Compression Function Confidentiality)

  • Each round has 16 steps of the form:

    a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)

  • a,b,c,d refer to the 4 words of the buffer, but used in varying permutations

    • note this updates 1 word only of the buffer

    • after 16 steps each word is updated 4 times

  • where g(b,c,d) is a different nonlinear function in each round (F,G,H,I)


Md5 compression function102 l.jpg
MD5 Compression Function Confidentiality)


Functions and random numbers l.jpg
Functions and Random Numbers Confidentiality)

  • F(x,y,z) == (xy)(~x  z)

    • selection function

  • G(x,y,z) == (x  z) (y ~ z)

  • H(x,y,z) == xy z

  • I(x,y,z) == y(x  ~z)


Basic steps for sha 1 l.jpg
Basic Steps for SHA-1 Confidentiality)

Step1: Padding

Step2: Appending length as 64 bit unsigned

Step3: Initialize MD buffer 5 32-bit words

Store in big endian format, most significant bit in low address


A = 67452301

B = efcdab89

C = 98badcfe

D = 10325476

E = c3d2e1f0


Basic steps l.jpg
Basic Steps... Confidentiality)

Step 4: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each.

Each step t (0 <= t <= 79):

  • Input:

    • Wt – a 32-bit word from the message

    • Kt – a constant.

    • ABCDE: current MD.

  • Output:

    • ABCDE: new MD.