Basic Cryptography Jenny Kammer Department of Computer Science University of Tulsa, Tulsa, OK 74104. What is Cryptography?. Cryptography – process of designing systems to communicate over non-secure channels Encryption – making a message unreadable except to the intended recipient

Download Presentation

What is Cryptography?

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

Basic CryptographyJenny KammerDepartment of Computer ScienceUniversity of Tulsa, Tulsa, OK 74104

What is Cryptography?

Cryptography – process of designing systems to communicate over non-secure channels

Encryption – making a message unreadable except to the intended recipient

Decryption – making an encrypted message readable to the intended recipient

Cryptanalysis – Examining cryptosystems in an attempt to break encryption techniques, allowing unintended recipients to view the message.

Why do we Need Cryptography?

Want to transmit or send a message securely over an insecure medium

Ensures confidentiality – making sure data is secret from all except authorized persons

Cryptography in a Nutshell

Alice wants to send a message to Bob

Bob

Message: Hi Bob!

Message: Hi Bob!

ciphertext

plaintext

plaintext

Message: qks9!h&

Eve

Secret Algorithm vs. Secret Key

Secret Algorithm – Only the two parties communicating know how to encrypt/decrypt

Secret Key – Everyone knows how to encrypt and decrypt, but you need a secret key to do it, and only the two parties communicating have the key(s)

Better if we want to communicate with large numbers of people

Examples of Encryption in History

1900 BC – Egyptian scribe uses non-standard hieroglyphs (1st documented example written cryptography)

Caesar used simple substitution cipher (Decoder rings)

German Enigma Machines

Substitution vs. Transposition

Substitution – exchanging one letter for another

Monoalphabetic vs. Polyalphabetic

Vulnerable to frequency analysis

Transposition – scrambling the message up

Analyze digraphs and trigraphs

Symmetric vs. Asymmetric Encryption

Symmetric – Same key used to encrypt and to decrypt message

How do we share the key?

Lots of keys to keep (n*(n-1)/2 )

Asymmetric – Uses key pairs. Key pair is a set of a public and private key where public key is used to encrypt a message and private key is used to decrypt a message.

Don’t have to share secret keys

Fewer keys – (2n)

Hashing and Checksums

Hashing and checksums are similar to encryption, but they are NOT the same

Encryption can be decrypted; hashes cannot be decrypted (hashes are one-way functions)

Hashes are used to verify the integrity of message, not ensure the confidentiality of a message

Limitations of Cryptography

Flaws in cryptosystems

Start to finish problem

If data is encrypted during transport but stored on a server in plaintext, it is still vulnerable

Weak passwords

Moore’s Law

Human component

Breaking Cryptography

Cryptanalysis

Try to find weaknesses in encryption algorithms

Gives weight to older algorithms – they have stood the test of time

Password Cracking

Brute Force – trying every possible password

Will find password on average in n/2 time

This is why longer passwords are “safer”

Dictionary – trying common passwords/English words first

This is why strong password rules are important!

Cryptosystems don’t have to be impossible to break, just computationally infeasible.

Recent Standards

DES was standard from 1976 until 2002

1977 – Diffe and Hellman propose a parallel attack, which required 10^6 chips, each testing 1 key per microsecond would require 20 hrs and cost $20,000/solution

1997 – An attack on DES cracked it in 120 days

1998 – EFF broke DES in 56 hours

1999 – EFF’s Deep Crack and a distributed net break DES in 22 hours

2001 – AES is published

2002 – AES is adopted as new standard

DES vs. AES

DES vs. AES

“Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.”

Keyspace size

Assume alphanumeric keyspace (A-Z, a-z, 0-9)

5 character password: 916,132,832

6 character password: 56,800,235,584

7 character password: 3,521,614,606,208

8 character password: 218,340,105,584,896

9 character password: 13,537,086,546,263,552

Questions?

Sources

Trappe, Wade and Washington, Lawrence. Introduction to Cryptography with Coding Theory. Pearson Prentice Hall. New Jersey. 2006.

Loehr, Nick. Class Lecture. Cryptography I. Virginia Tech, Blacksburg, VA. 2008.

Shenoi, Sujeet. Class Lecture. Computer and Network Security. University of Tulsa, Tulsa, OK. Feb 2010.