1 / 58

Computer Security Cryptography –an introduction

Computer Security Cryptography –an introduction. Encryption. key K E key K D

salim
Download Presentation

Computer Security Cryptography –an introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer SecurityCryptography –an introduction

  2. Encryption key KE key KD x plaintext y ciphertext original plaintext x . encryption decryption Eavesdropper

  3. Encryption A cryptosystem involves • an encryption algorithm E, and a • a decryptionalgorithm D Both algorithms make use of a key. Let KEbe the encryption key and KD the decryption key. For symmetric cryptosystems the same key is used both encryption and decryption: KE = KD.

  4. Encryption If P is the plaintext message, C the ciphertext, then for symmetric cryptosystems: C = E(K,P)and P = D(K,E(K,P)) = D(K,C) For an asymmetric cryptosystem C = E(KE,P)and P = D(KD,E(KE,P)) = D(KD,C)

  5. Kerchoffs’ assumption The adversary knows all details of the encrypting function except the secret key

  6. Symmetric key encryption There are two types of cipher systems: • Streamciphers, • Blockciphers.

  7. Stream ciphers Encryption x = ISSOPMI y = wdhuvad Key KE

  8. Block ciphers x = XNE OIG TPH YRK … y = .Key KE wdm . hut vap dgd … Encryption

  9. Block ciphersAn overview of the DES Algorithm DES is an iterated block cipher with • 16 rounds, • block length 64 bits and • key length 56 bits

  10. Iterating Block ciphers 1. Iterated block cipher Random (binary) key K  round keys:K1,..., KNr, 2. Round function g wr = g(wr-1, Kr), where wr-1is the previous state

  11. Iterated cipher … Encryption operation: w0x (x =plaintext) w1 = g(w0, K1), w2 = g(w1, K2), wNr = g(wNr-1, KNr), ywNr(y =ciphertext)

  12. Iterated cipher … For decryption we must have: g(.,K) must be invertible for all K Then decryption is the reverse of encryption (bottom-up)

  13. Data Encryption Standard DES is a special type of iterated cipher called a Feistel cipher. Block length 64 bits Key length 56 bits Ciphertext length 64 bits

  14. DES The round function is: g([Li-1,Ri-1 ]),Ki ) = (Li ,Ri), where Li = Ri-1 and Ri = Li-1 XOR f (Ri-1, Ki).

  15. DES round encryption

  16. DES inner function

  17. DES computation path

  18. Inner Function + A Round of DES 64 bit input 32 bit Rn 32 bit Ln Kn 32 bit Ln+1 32 bit Rn+1 64 bit output

  19. Inner functionf Combine 32 bit input and 48 bit key into 32 bit output • Expand 32 bit input to 48 bits • XOR the 48 bit key with the expanded 48 bit input • Apply the S-boxes to the 48 bit input to produce 32 bit output • Permute the resulting 32 bits

  20. S Boxes • There are 8 different S-Boxes,1 for each chunk • S-box process maps 6 bit input to 4 bit output • S box performs substitution on 4 bits • There are 8 possible substitutions in each S box • Inner 4 bits are fed into an S box • Outer 2 bits determine which substitution is used

  21. DES: Initial and Final Permutations There is also an initial and a final permutation: the final permutation is the inverse of the initial permutation

  22. Decrypting DES • DES (and all Feistel structures) is reversiblethrough a “reverse” encryption because: • No input data is mangled and passed to the output • The properties of XOR • S-boxes are not reversible (and don't need to be) • Everything needed (except the key) to produce the input to the n-1th step is available from the output of the nthstep. 4. The input to the nth step is the output of the n-1th step. 5. Work backwards to step 1.

  23. Encrypt round n Decrypt round n+1 64 bit input 64 bit output 32 bit Rn 32 bit Rn Kn Kn 32 bit Ln 32 bit Ln Inner Function Inner Function + + 32 bit Ln+1 32 bit Rn+1 32 bit Ln+1 32 bit Rn+1 64 bit input 64 bit output

  24. Attacks on DES • Brute force • Linear Cryptanalysis -- Known plaintext attack • Differential cryptanalysis • Chosen plaintext attack • Modify plaintext bits, observe change in ciphertext No dramatic improvement on brute force

  25. Countering Attacks • Large keyspace combats brute force attack • Triple DES (say EDE mode, with usually 2 keys) • Use AES

  26. Modes of operation Four basic modes of operation are available for block ciphers: • Electronic codebook mode: ECB • Cipher block chaining mode: CBC • Cipher feedback mode: CFB • Output feedback mode: OFB

  27. Electronic Codebook mode, ECB Each plaintext xi is encrypted with the same key K: yi = eK(xi). So, the naïve use of a block cipher.

  28. ECB x1 x2 x3 x4 DES DES DES DES y1 y2 y3 y4

  29. Cipher Block Chaining mode, CBC Each cipher block yi-1 is xor-ed with the next plaintext xi : yi = eK(yi-1 XOR xi) before being encrypted to get the next plaintext yi. The chain is initialized with an initialization vector: y0 = IV with length, the block size.

  30. CBC x1 x2 x3 x4 IV + + + + DES DES DES DES y1 y2 y3 y4

  31. Cipher and Output feedback modes (CFB & OFB) CFB z0 = IV and recursively: zi = eK(yi-1) and yi = xi XOR zi OFB z0 = IV and recursively: zi = eK(zi-1) and yi = xi XOR zi

  32. CFB mode x1 x2 IV eK + eK + eK y1 y2

  33. OFB mode IV eK eK x1 x2 + + y1 y2

  34. Double & Triple DES Double:C = E(k2,E(k1,m) Triple: C = E(k1,D(k2,E(k1,m)

  35. AES Block length 128 bits. Key lengths 128 (or 192 or 256). The AES is an iterated cipher with Nr=10 (or 12 or 14) In each round we have: • Subkey mixing: State  Roundkey XOR State • A substitution: SubBytes(State) • A permutation:ShiftRows(State) & MixColumns(State)

  36. Asymmetric key encryptionPublic Key Cryptography

  37. Public Key Cryptography AliceBob Alice and Bob want to exchange a private key in public.

  38. Public Key CryptographyThe Diffie-Hellman protocol Alicega mod pBob gb mod p The private key is:gab mod p where p is a prime and g is a generator of Zp

  39. Finite Fields Theorem If p is a prime then Zp is a cyclic group. The generator of Zpis called a primitive element modulo p

  40. Public Key CryptographyEncryption schemes Let • P be the set of all plaintext messages • C be the set of ciphertexts • K be the set of all keys

  41. The RSA cryptosystem Let n = pq, where p and q are primes. Let P = C= Zn, and define K= {(n,p,q,e,d) : ed = 1 mod f(n) }. For each key K = (n,p,q,e,d), define c = eK(m) = me mod n and dK(c) = cd mod n, where (m,c)eZn. Public key = (n,e), Private key (n,d).

  42. Check We have: ed = 1 mod f(n), so ed = 1 + tf(n). Therefore, dK(eK(m)) = (me)d = med = mtf(n)+1 = (mf(n))t m = 1.m = m mod n

  43. Example p = 101, q = 113, n = 11413. f(n) = 100x112 = 11200 = 26527 For encryption use e = 3533. Then d = e-1 mod11200 = 6597. Bob publishes: n = 11413, e = 3533. Suppose Alice wants to encrypt: 9726. She computes 97263533 mod 11413 = 5761 To decrypt it Bob computes: 57616597 mod 11413 = 9726

  44. Implementation • Generate two large primes: p,q • n pq and f(n)= (p-1)(q-1) • Choose random e: with 1<e< f(n) & gcd(e,f(n))=1 • d  e -1 modf(n) • The public key is (n,e) and the private key is (p,q,d)

  45. Security of RSA • Relation to factoring. Recovering the plaintext m from an RSA ciphertext c is easy if factoring is possible. • The RSA problem Given (n,e) and c, compute: m such that me = c mod n

  46. The ElGamal encryption scheme Let p be a prime and g e Zp a primitive element. Let P = Zp-1, C = Zp-1 x Zp-1 and K = {(p,g,x,y): y = gx modp }. • The values p,g,y are the public key. • x is the private key.

  47. The ElGamal encryption scheme • Encryption Let me Zp-1 be a message. For K = {(p,g,x,y): y = gx modp }, and secret random number k e Zp-1, define: eK(m,k) = (s,t), where • s = gk modp • t = m yk modp • Decryption For s,t e Zp-1, define: dK(s,t) = t(sx)-1modp

  48. The security of ElGamal • The Diffie-Hellman problem. Given a prime p,g e Zp-1, and x,y e Zp-1, find xlog gy modp. The security of the ElGamal encryption is reduced to the difficulty of breaking the Diffie-Hellman problem.

  49. Digital Signatures

  50. Public Key CryptographySignature schemes Let • P be the set of all messages • A be the set of signatures • K be the set of all keys

More Related