Cmsc 414 computer and network security lecture 2
Download
1 / 26

CMSC 414 Computer and Network Security Lecture 2 - PowerPoint PPT Presentation


  • 146 Views
  • Uploaded on

CMSC 414 Computer and Network Security Lecture 2. Jonathan Katz. JCE tutorial. In class next Tuesday. A high-level survey of cryptography. Caveat. Everything I present will be (relatively) informal I may simplify, but I will try not to say anything that is an outright lie…

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CMSC 414 Computer and Network Security Lecture 2' - arne


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Cmsc 414 computer and network security lecture 2

CMSC 414Computer and Network SecurityLecture 2

Jonathan Katz


Jce tutorial
JCE tutorial

  • In class next Tuesday



Caveat
Caveat

  • Everything I present will be (relatively) informal

    • I may simplify, but I will try not to say anything that is an outright lie…

  • Cryptography is about precise definitions, formal models, and rigorous proofs of security (which we will not cover here)

    • For more details, take CMSC 456 with me (or read my book)!


Goals of cryptography
Goals of cryptography

  • Crypto deals primarily with three goals:

    • Confidentiality

    • Integrity (of data)

    • Authentication (of resources, people, systems)

  • Other goals also considered

    • E.g., non-repudiation

    • E-cash (e.g., double spending)

    • General secure multi-party computation

    • Anonymity


Private vs public key settings
Private- vs. public-key settings

  • For the basic goals of confidentiality and integrity, there are two settings:

    • Private-key / shared-key / symmetric-key / secret-key

    • Public-key

  • The private-key setting is the “classical” one (thousands of years old)

  • The public-key setting dates to the 1970s


Private key cryptography
Private-key cryptography

  • The communicating parties share some information that is random and secret

    • This shared information is called a key

    • Key is not known to an attacker

    • This key must be shared (somehow) in advance of their communication


To emphasize
To emphasize

  • Alice and Bob share a key K

    • Must be shared securely

    • Must be completely random

    • Must be kept completely secret from attacker

  • We don’t discuss (for now) how they do this

    • You can imagine they meet on a dark street corner and Alice hands a USB device (with a key on it) to Bob


Private key cryptography1
Private-key cryptography

  • For confidentiality:

    • Private-key (symmetric-key) encryption

  • For data integrity:

    • Message authentication codes

    • (archaic: cryptographic checksums)


Canonical applications
Canonical applications

  • Two (or more) distinct parties communicating over an insecure network

    • E.g., secure communication

  • A single party who is communicating “with itself” over time

    • E.g., secure storage


Bob

Bob

Alice

Alice

K

K

K

shared info

K


Bob

Bob

K

K


Security
Security?

  • We will specify the exact threat model being addressed

  • We will also specify the security guarantees that are ensured, within this threat model

    • Here: informally; CMSC 456: formally

  • Crucial to understand these issues before crypto can be successfully deployed!

    • Make sure the stated threat model matches your application

    • Make sure the security guarantees are what you need


Security through obscurity
Security through obscurity?

  • Always assume that the full details of crypto protocols and algorithms are public

    • Known as Kerckhoffs’ principle

    • Only secret information is a key

  • “Security through obscurity” is a bad idea…

    • True in general; even more true in the case of cryptography

    • Home-brewed solutions are BAD!

    • Standardized, widely-accepted solutions are GOOD!



Functional definition
Functional definition

  • Encryption algorithm:

    • Takes a key and a message (plaintext), and outputs a ciphertext

    • c  EK(m)

  • Decryption algorithm:

    • Takes a key and a ciphertext, and outputs a message (or perhaps an error)

    • m = DK(c)

  • Correctness: for all K, we have DK(EK(m)) = m

  • We have not yet said anything about security…


Bob

Bob

Alice

Alice

K

K

K

shared info

K

c

cEK(m)

m=DK(c)


A classic example shift cipher
A classic example: shift cipher

  • Assume the English uppercase alphabet (no lowercase, punctuation, etc.)

    • View letters as numbers in {0, …, 25}

  • The key is a random letter of the alphabet

  • Encryption done by addition modulo 26

  • Is this secure?

    • Exhaustive key search

    • Automated determination of the key


Another example substitution cipher
Another example: substitution cipher

  • The key is a random permutation of the alphabet

    • Note: key space is huge!

  • Encryption done in the natural way

  • Is this secure?

    • Frequency analysis

  • A large key space is necessary, but not sufficient, for security


Another example vigenere cipher
Another example: Vigenere cipher

  • More complicated version of shift cipher

  • Believed to be secure for over 100 years

  • Is it secure?

    • Index of coincidence method


Moral of the story
Moral of the story?

  • Don’t use “simple” schemes

  • Don’t use schemes that you design yourself

    • Use schemes that other people have already designed and analyzed…


A fundamental problem
A fundamental problem

  • A fundamental problem with “classical” cryptography is that no definition of security was ever specified

    • It was not even clear what it would mean for an encryption scheme to be “secure”

  • As a consequence, proving security was not even an option

    • So how can you know when something is secure?


Defining security
Defining security?

  • What is a good definition?


Security goals
Security goals?

  • Adversary unable to recover the key

    • Necessary, but meaningless on its own…

  • Adversary unable to recover entire plaintext

    • Good, but is it enough?

  • Adversary unable to determine any information at all about the plaintext

    • Formalize?

    • Sounds great!

    • Can we achieve it?


Note

  • Even given our definition, we need to consider the threat model

    • Multiple messages or a single message?

    • Passive/active adversary?

    • Chosen-plaintext attacks?


Next time: the one-time pad;

its limitations;

overcoming these limitations


ad