Spoiler warning
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Spoiler Warning PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Spoiler Warning. After listening to this talk, you may become disappointed with this book! Much of the book’s content is about cryptography, but those about modern cryptography is often inaccurate. Build Your Own Cryptosystem. Have you heard about any cryptosystem?

Download Presentation

Spoiler Warning

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Spoiler warning

Spoiler Warning

  • After listening to this talk, you may become disappointed with this book!

  • Much of the book’s content is about cryptography, but those about modern cryptography is often inaccurate

Build your own cryptosystem

Build Your Own Cryptosystem

  • Have you heard about any cryptosystem?

  • Have you tried to design your own encryption algorithm?

  • Some software companies do this

  • But this is in fact very insecure

    • A cryptosystem can have many hidden flaws!

A simple cryptosystem i used in f 1

A simple cryptosystem I used in F.1

  • Substitute English alphabets with numbers

    • 01..26 <-> A..Z

    • 00 <-> Space

    • 27..99 <-> Nothing, added to obfuscate the eavesdropper

    • This is a kind of monoalphabetic substitution cipher

  • Example


    • 08 05 48 37 36 12 12 15 00 23 61 15 18 12 04 95

  • Problems?

Classical ciphers

Classical Ciphers

  • Monoalphabetic Substitution Cipher

    • Example : Caesar, simple substitution

  • Substitutes every letter with a fixed letter

  • Very vulnerable to frequency analysis

Classical ciphers1

Classical Ciphers

  • Polyalphabetic Substitution Cipher

    • Example : Vigenere Cipher, Enigma

  • Substitution depends on position

  • Vulnerable to frequency analysis on collections of letters

Classical ciphers2

Classical Ciphers

  • Transposition Cipher

    • Example : Columnar transposition

  • Moves the position of letters around

  • Again vulnerable to frequency analysis

Classical ciphers3

Classical Ciphers

  • Hill Cipher

  • Based on matrix multiplication

  • Vulnerable to known plaintext attack

Modern cryptography

Modern Cryptography

  • Cryptosystem

    • Key generation (an cryptosystem without key is useless)

    • Encryption

    • Decryption

  • Confusing Words

    • Cryptography is the study of cryptosystems and their applications

    • “Cipher” usually means the same thing as “Cryptosystem”

    • Plaintext / cleartext means un-encrypted data

    • Ciphertext / crypto-text means encrypted data

Symmetric ciphers private key cryptosystems

Symmetric Ciphers (Private Key Cryptosystems)

  • Most famous : DES (Data Encryption Standard)

    • 64 bit Key (56 bit for encryption, 8 bit for error check)

    • In Digital Fortress, the brute force code breaking machine TRANSLTR can break DES in 10 minutes

    • However this is totally useless, because if we encrypt the data with 3 keys consecutively (this is called 3DES), it would take 256x2 x 10 minutes to break!

  • New algorithm : AES (Advanced Encryption Standard)

    • 128, 192 or 256 bit Key

    • Widely used

  • Main problem with symmetric ciphers

    • Key Distribution

Asymmetric cipher public key cryptosystem

Asymmetric Cipher (Public Key Cryptosystem)

  • Most famous : RSA

  • A little number theory

    • n = p*q (p and q are large primes)

    • Choose e, d such that e*d = 1 (mod f(n))

  • Encryption and Decryption

    • Public key is (n,e)

    • Private key is (n,d)

    • C = Me

    • M = Cd

  • To break RSA we need to factorize n

    • Current fastest algorithm : Number Field Sieve

Why still use symmetric ciphers

Why still use symmetric ciphers?

  • Symmetric ciphers are much faster than asymmetric ones

    • At least 100x

  • Key length of symmetric ciphers can be much shorter than asymmetric ciphers

    • AES key of 128 bit is roughly as strong as a RSA key of 2048 bit

  • Use asymmetric cipher to encrypt the keys of symmetric cipher!

  • Other well known algorithms

    • Symmetric : RC5, IDEA, BlowFish, …

    • Asymmetric : El-Gamal, Elliptic Curve Cryptography (ECC), XTR, …

The one time pad

The One Time Pad

  • One Time Pad is the only form of “Perfectly Secure” cryptosystem

  • Length of Key must be at least length of Message

  • Vernam Cipher

    • Use bitwise XOR

  • Sometimes used by governments to transfer keys to embassies

Digital signatures

Digital Signatures

  • Many asymmetric encryption/decryption schemes are just mathematical functions, we can reverse the order

    • Dec(Enc(X)) = Enc(Dec(X)) = X

  • Therefore we can use them for “digital signature”

    • Example : RSA

    • If we send M to somebody, we also send s=Md

    • The other party can check M has not been altered by verifying se=M

Public key infrastructure

Public Key Infrastructure

  • Certificate Authorities (CA)

    • Store your public key in their server and verifies their authenticity

  • Hierarchy of Trust

  • Example scenario

    • When you send a message, you also send a certificate as well as signature signed with your private key

    • When the other party receive the message, it first go to the CA which issued your cert to verify it

    • Then it use your public key listed in the cert to verify the message

The real world

The Real World

  • What I told you is INSECURE !

  • Dolev-Yao Threat Model

    • Attackers control the whole network

    • Attackers can intercept, duplicate, replay, modify, or forge any message, but

    • Attackers cannot find the plaintext from a ciphertext without the key, and

    • Attackers cannot find the private key from a public key

  • Recall the BT incident

    • 90% of what the Customs did (mainly eavesdropping) can be done by everyone on the Internet

Attack on rsa

Attack on RSA

  • Scenario

    • I eavesdropped an RSA-encrypted message for you (Me, where e is your public key)

    • I ask you to forward this message to someone else, but I lie to you that this is a unencrypted message

    • I also remind you to sign the message before forwarding

    • In fact, the other person is myself

    • Signature of Me = (Me)d = Med = M !

  • In this scenario you acted as a “Decryption Oracle” and provided “Oracle Services” to me, the attacker

Attack on rsa1

Attack on RSA

  • A fix?

    • Check every message to see if it is actually encrypted

  • This is useless

  • Another scenario

    • When I eavesdropped Me, I compute Me Xe = (MX)e, where X is an integer I chose

    • I send (MX)e to you and ask you to sign it. When you try to decrypt it you get MX, which looks innoculous

    • Feeling safe, you sign it, and send MX back to me

    • I can compute MX X-1 to get M (taking multiplicative inverse is easy)

  • This is called the “Chosen Ciphertext Attack”

Attack on rsa2

Attack on RSA

  • A real solution is to apply cryptographic hash function before signing

  • Properties of cryptographic hash function

    • One way

    • Non-linear

    • Collision free

  • However, many other attacks are possible

    • Now, formal methods are used to model the attacks

    • A “really secure” version of RSA is the RSA-OAEP

    • Many research are ongoing



  • Cryptography A-Z

    • http://www.ssh.com/support/cryptography/index.html

  • Handbook of Applied Cryptography

    • http://www.cacr.math.uwaterloo.ca/hac/

  • Wikipedia

    • http://www.wikipedia.org/

  • Login