Skip this Video
Download Presentation
Spoiler Warning

Loading in 2 Seconds...

play fullscreen
1 / 20

Spoiler Warning - PowerPoint PPT Presentation

  • Uploaded on

Spoiler Warning. After listening to this talk, you may become disappointed with this book! Much of the book’s content is about cryptography, but those about modern cryptography is often inaccurate. Build Your Own Cryptosystem. Have you heard about any cryptosystem?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Spoiler Warning' - lanza

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
spoiler warning
Spoiler Warning
  • After listening to this talk, you may become disappointed with this book!
  • Much of the book’s content is about cryptography, but those about modern cryptography is often inaccurate
build your own cryptosystem
Build Your Own Cryptosystem
  • Have you heard about any cryptosystem?
  • Have you tried to design your own encryption algorithm?
  • Some software companies do this
  • But this is in fact very insecure
    • A cryptosystem can have many hidden flaws!
a simple cryptosystem i used in f 1
A simple cryptosystem I used in F.1
  • Substitute English alphabets with numbers
    • 01..26 <-> A..Z
    • 00 <-> Space
    • 27..99 <-> Nothing, added to obfuscate the eavesdropper
    • This is a kind of monoalphabetic substitution cipher
  • Example
    • 08 05 48 37 36 12 12 15 00 23 61 15 18 12 04 95
  • Problems?
classical ciphers
Classical Ciphers
  • Monoalphabetic Substitution Cipher
    • Example : Caesar, simple substitution
  • Substitutes every letter with a fixed letter
  • Very vulnerable to frequency analysis
classical ciphers1
Classical Ciphers
  • Polyalphabetic Substitution Cipher
    • Example : Vigenere Cipher, Enigma
  • Substitution depends on position
  • Vulnerable to frequency analysis on collections of letters
classical ciphers2
Classical Ciphers
  • Transposition Cipher
    • Example : Columnar transposition
  • Moves the position of letters around
  • Again vulnerable to frequency analysis
classical ciphers3
Classical Ciphers
  • Hill Cipher
  • Based on matrix multiplication
  • Vulnerable to known plaintext attack
modern cryptography
Modern Cryptography
  • Cryptosystem
    • Key generation (an cryptosystem without key is useless)
    • Encryption
    • Decryption
  • Confusing Words
    • Cryptography is the study of cryptosystems and their applications
    • “Cipher” usually means the same thing as “Cryptosystem”
    • Plaintext / cleartext means un-encrypted data
    • Ciphertext / crypto-text means encrypted data
symmetric ciphers private key cryptosystems
Symmetric Ciphers (Private Key Cryptosystems)
  • Most famous : DES (Data Encryption Standard)
    • 64 bit Key (56 bit for encryption, 8 bit for error check)
    • In Digital Fortress, the brute force code breaking machine TRANSLTR can break DES in 10 minutes
    • However this is totally useless, because if we encrypt the data with 3 keys consecutively (this is called 3DES), it would take 256x2 x 10 minutes to break!
  • New algorithm : AES (Advanced Encryption Standard)
    • 128, 192 or 256 bit Key
    • Widely used
  • Main problem with symmetric ciphers
    • Key Distribution
asymmetric cipher public key cryptosystem
Asymmetric Cipher (Public Key Cryptosystem)
  • Most famous : RSA
  • A little number theory
    • n = p*q (p and q are large primes)
    • Choose e, d such that e*d = 1 (mod f(n))
  • Encryption and Decryption
    • Public key is (n,e)
    • Private key is (n,d)
    • C = Me
    • M = Cd
  • To break RSA we need to factorize n
    • Current fastest algorithm : Number Field Sieve
why still use symmetric ciphers
Why still use symmetric ciphers?
  • Symmetric ciphers are much faster than asymmetric ones
    • At least 100x
  • Key length of symmetric ciphers can be much shorter than asymmetric ciphers
    • AES key of 128 bit is roughly as strong as a RSA key of 2048 bit
  • Use asymmetric cipher to encrypt the keys of symmetric cipher!
  • Other well known algorithms
    • Symmetric : RC5, IDEA, BlowFish, …
    • Asymmetric : El-Gamal, Elliptic Curve Cryptography (ECC), XTR, …
the one time pad
The One Time Pad
  • One Time Pad is the only form of “Perfectly Secure” cryptosystem
  • Length of Key must be at least length of Message
  • Vernam Cipher
    • Use bitwise XOR
  • Sometimes used by governments to transfer keys to embassies
digital signatures
Digital Signatures
  • Many asymmetric encryption/decryption schemes are just mathematical functions, we can reverse the order
    • Dec(Enc(X)) = Enc(Dec(X)) = X
  • Therefore we can use them for “digital signature”
    • Example : RSA
    • If we send M to somebody, we also send s=Md
    • The other party can check M has not been altered by verifying se=M
public key infrastructure
Public Key Infrastructure
  • Certificate Authorities (CA)
    • Store your public key in their server and verifies their authenticity
  • Hierarchy of Trust
  • Example scenario
    • When you send a message, you also send a certificate as well as signature signed with your private key
    • When the other party receive the message, it first go to the CA which issued your cert to verify it
    • Then it use your public key listed in the cert to verify the message
the real world
The Real World
  • What I told you is INSECURE !
  • Dolev-Yao Threat Model
    • Attackers control the whole network
    • Attackers can intercept, duplicate, replay, modify, or forge any message, but
    • Attackers cannot find the plaintext from a ciphertext without the key, and
    • Attackers cannot find the private key from a public key
  • Recall the BT incident
    • 90% of what the Customs did (mainly eavesdropping) can be done by everyone on the Internet
attack on rsa
Attack on RSA
  • Scenario
    • I eavesdropped an RSA-encrypted message for you (Me, where e is your public key)
    • I ask you to forward this message to someone else, but I lie to you that this is a unencrypted message
    • I also remind you to sign the message before forwarding
    • In fact, the other person is myself
    • Signature of Me = (Me)d = Med = M !
  • In this scenario you acted as a “Decryption Oracle” and provided “Oracle Services” to me, the attacker
attack on rsa1
Attack on RSA
  • A fix?
    • Check every message to see if it is actually encrypted
  • This is useless
  • Another scenario
    • When I eavesdropped Me, I compute Me Xe = (MX)e, where X is an integer I chose
    • I send (MX)e to you and ask you to sign it. When you try to decrypt it you get MX, which looks innoculous
    • Feeling safe, you sign it, and send MX back to me
    • I can compute MX X-1 to get M (taking multiplicative inverse is easy)
  • This is called the “Chosen Ciphertext Attack”
attack on rsa2
Attack on RSA
  • A real solution is to apply cryptographic hash function before signing
  • Properties of cryptographic hash function
    • One way
    • Non-linear
    • Collision free
  • However, many other attacks are possible
    • Now, formal methods are used to model the attacks
    • A “really secure” version of RSA is the RSA-OAEP
    • Many research are ongoing
  • Cryptography A-Z
  • Handbook of Applied Cryptography
  • Wikipedia