Is 302 information security and trust week 2 encryption basics
Download
1 / 51

IS 302: Information Security and Trust Week 2: Encryption Basics - PowerPoint PPT Presentation


  • 75 Views
  • Uploaded on

IS 302: Information Security and Trust Week 2: Encryption Basics. 2012. Treasure Hunter’s Parchment.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' IS 302: Information Security and Trust Week 2: Encryption Basics' - dexter-rios


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Is 302 information security and trust week 2 encryption basics

IS 302: Information Security and TrustWeek 2: Encryption Basics

2012


Treasure hunter s parchment
Treasure Hunter’s Parchment

  •       “53‡‡†305))6*;4826)4‡);806*;48†8      ¶60))85;I‡(;:‡*8†83(88)5*†;46(;88*96      *?;8)*‡(;485);5*†2:*‡(;4956*2(5*-4)8      ¶8*;4069285);)6†8)4‡‡;I(‡9;48081;8:8‡      I;48†85;4)485†528806*81(‡9;48;(88;4      (‡?34;48)4‡;161;:188;‡?;”


Confidentiality
Confidentiality

  • How to protect message from adversary?

Mallory

The secret is…

Bob

Alice

plaintext


Cryptography
Cryptography

  • Use a language that only Alice and Bob can understand

Mallory

Nz dsfejr dbse ovncds jt…

ciphertext

Bob

Alice


Concepts
Concepts

  • Cryptography – hidden writing

  • Encryption – encode or encipher

  • Decryption – decode or decipher

  • Cryptosystem – a system for encryption and decryption

  • Cryptographer – anyone who invents encryption algorithms

  • Cryptanalyst – anyone who attempts to break encryption algorithms

  • Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis


Cryptosystem
Cryptosystem

  • Algorithms with a parameter – key K

Plaintext

Ciphertext

Plaintext

Encryption Algorithm E

Decryption Algorithm D

P

C

P


Jeff Moser: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html


Encryption

Encryption http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Input: plaintext and key

Output: ciphertext

Encryption

Plaintext

Encryption

Function


Decryption

Decryption http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Input: ciphertext and a key

Output: original plaintext

Decryption

Decryption

Function

Plaintext


Symmetric cryptosystem
Symmetric Cryptosystem http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • C=E(P,K)

  • P=D(C,K)

Plaintext

Ciphertext

Plaintext

Encryption Algorithm E

Decryption Algorithm D

P

C

P

Secret channel

K

K


Cryptanalysis (Attacks) http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Cryptanalyst (Mallory)

    • E and D are public

    • Given ciphertext, find plaintext

    • What else Mallory knows?


Classical ciphers
Classical Ciphers http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Caesar cipher

  • Vigenére cipher

  • Zimmerman cipher

  • Vernam cipher


Caesar cipher
Caesar Cipher http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Shifting alphabet

  • How many possible keys?


Discussion
Discussion http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Follow me with CrypTool

  • Observation:

    • The break between two words is preserved

    • Repeated letters are mapped to repeated letters

  • Decrypt the following Caesar cipher

    • Wklv phvvdjh lv qrw wrr kdug wr euhdn

    • Hints: Observe the following patterns

      • Wrr, wr

      • Wklv, lv


Unbreakable cipher vigen re tableau
“Unbreakable” cipher: Vigen http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.htmlére Tableau

  • Same letters are not mapped to the same letters

  • Encrypt

    • Keyword: hothot (repeat: row)

    • Plaintext: attack (column)

    • ciphertext: hhmhqd

  • Decrypt

    • Keyword: hothot (repeat: column)

    • Ciphertext: hhmhqd (from that column find c letter)

    • Plaintext: attack (the index of row)


Discussion1
Discussion http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Follow me with CrypTool

  • How “unbreakable” is Vigenére cipher?


Codebook zimmermann cipher
Codebook/Zimmermann Cipher http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • A codebook is literally a dictionary-like book containing words and their corresponding codewords.

  • Zimmerman Telegram

    Februar 13605

    fest 13732

    finanzielle 13850

    folgender 13918

    Frieden 17142

    Friedenschluss 17149

  • What is the key?

  • Compare it with Vigenére cipher w.r.t key size

  • How secure is Zimmermann cipher?


Zimmerman telegram decrypted
Zimmerman Telegram Decrypted http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html


Perfect cipher
Perfect Cipher http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html


Vernam cipher

Plaintext http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Ciphertext

Plaintext

Exclusive OR

Exclusive OR

P

C

P

Secret channel

K

K

1 0 =1; 0 1=1

0 0 =0; 1 1=0

Vernam Cipher

  • The only unbreakable stream cipher

    • K: a long, non-repeating sequence of random numbers


Vernam cipher1
Vernam Cipher http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • An example of Vernam Cipher

    • Alice:

    • Bob:

1 0 =1; 0 1=1

0 0 =0; 1 1=0

P: 100 010 111 011 110 001…

K: 010 011 101 101 010 111…

C: 110 001 010 110 100 110…

C: 110 001 010 110 100 110…

K: 010 011 101 101 010 111…

P: 100 010 111 011 110 001…


Discussion2
Discussion http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Follow me with CrypTool

  • Why is Vernam cipher perfectly secure?


Modern ciphers
Modern Ciphers http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Basic ideas: confusion and diffusion

  • Combinations

  • Evaluation


Confusion
Confusion http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Permutation operations

    • First remove spaces

      • A legitimate receiver can breakmostmessagesintowordsfairlyeasily

    • Then break messages arbitrarily into blocks of a uniform size (e.g., every five letters)

    • Map each plaintext letter to a unique ciphertext letter (usually in the same alphabet)

      • How many keys for permuting 26 English letters?


Caveat
Caveat http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • All permutation ciphers are subject to

    • ciphertext only attack

    • not to mention known plaintext attack,chosen plaintext and chosen ciphertext attacks


Frequency attack
Frequency Attack http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

source: http://knight.cis.temple.edu/~jfiore/2006/fall/386/handouts/ch2/ch2_part2_4ups.pdf


Diffusion
Diffusion http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

  • Spread out the message by re-arranging letters


Product cipher
Product Cipher http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Combinations of confusion and diffusion operations in many rounds

  • DES (56 bits) 16 rounds

  • AES (128, 192, 256) 9, 11, 13 rounds

  • Deterministic vs non-deterministic


  • Evaluation
    Evaluation http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • Shannon’s characteristics of good ciphers

      • Amount of secrecy (key size) determines amount of labor

      • Set of keys and enciphering algorithm are simple

      • Implementation is simple

      • Errors do not propagate

      • Size of ciphertext is no larger than original message


    How secure is secure
    How Secure is Secure http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    It takes your computer at least 1000 years to break my cipher!!

    Computational security

    No matter how powerful your computer is, you don’t have enough information to defeat the system !!

    Unconditional security


    However
    However… http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html


    Hands on exercise
    Hands-On Exercise http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • Installation:

      • Download LabPrep.doc and follow its instructions to install

        • OpenSSL (Win32openSSL-0_9_8d.exe)

        • HHD HexEditor (http://www.asciitable.com/)

        • JCE (jdk-1_5_0_08-windows-i586-p.exe)

      • Mac computers have already these tools pre-installed


    Hands on exercise1
    Hands-On Exercise http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • Testing:

      • Download LabTest.doc

      • Follow its instructions in section 2.1 to test openSSL

      • Follow its instructions in section 2.2 to test JCE


    Introduction to openssl
    Introduction to OpenSSL http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • OpenSSL is an open source toolkit to ensure secure communication.

      • Symmetric key (secret key) encryption

      • Asymmetric key (public key) encryption

      • Message Digests and digital signatures

      • Certificates


    Example 1 keys generation
    Example 1: Keys Generation http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    openssl genrsa -des3 -out privkey.pem 2048

    • genrsa – Generates RSA Key

    • des3 – Password protects the key using triple DES encryption

    • out <filename>– Save the key in a file. In this example, its privkey.pem

    • <key size> -Size of the key generated. In this example, its 2048 bits


    Example 2 certificate request
    Example 2: Certificate Request http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    openssl req -new -key privkey.pem -out cert.csr

    • req - Generate certificate request.

    • new –New certificate request.

    • key <file name> - Specify the file to read the private key from. In this example, its privkey.pem

    • out <file name> - Save the request in a file. In this example, its cert.csr


    Example 3 encryption
    Example 3: Encryption http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    openssl des3 -salt -in file.txt -out file.des3

    • des3 – Encrypt using the TripleDES algorithm

    • salt - Use a salt in the key derivation routines

    • in <file name> - Input file with the clear message

    • out <file name> - Output file with the encrypted message

  • Users will be prompted to enter a password to complete the encryption


  • Example 4 decryption
    Example 4: Decryption http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    openssl des3 -d -salt -in file.des3 -out file.txt

    • des3 – Use the TripleDES algorithm

    • d – decrypt the file

    • salt - Use a salt in the key derivation routines

    • in <file name> - Input file with the encrypted message

    • out <file name> - Output file with the decrypted message

  • Users will be prompted to enter a password to complete the decryption


  • Introduction to jca and jce
    Introduction to JCA and JCE http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • Java Cryptography Architecture (JCA) is part of Java 2 run-time environment.

       java.security.*

    • Java Cryptography Extension (JCE) is an extension to JCA and is integrated into Java 2 SDK since the 1.4 release.

       javax.crypto.*


    Jce core classes
    JCE Core Classes http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • Cipher Class

      • Provide the functionality of encryption and decryption

    • KeyGenerator Class

      • Generate secret keys for encryption and decryption

    • The SealedObject Class

      • Create an object and protect its confidentiality

    • The Mac Class

      • Provide integrity protection with Message Authentication Code (MAC).

    Reference: http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html


    Class java crypto keygenerator
    Class: java.crypto.KeyGenerator http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    Methods:

    • getInstance(String algorithm)

      • Creates an instance of KeyGenerator for a specific algorithm such as

      • “AES”,“DES”,”HMACSHA1”

    • generateKey()

      • Generate a key for the algorithm specified in the KeyGenerator instance


    Example key generation
    Example: Key Generation http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • The following example generate a SecretKey object using AES.

      //Create an instance of KeyGenerator with algorithm AES

      KeyGenerator kg = KeyGenerator.getInstance(“AES");

      //Generate the secret key

      SecretKey mykey = kg.generateKey();


    Secure key storage
    Secure Key Storage http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • JCA provides an extensible architecture to manage keys through KeyStore.

    • A KeyStore object maintains an in-memory table of key and certificate entries, indexed by aliasstrings, allowing retrieval, insertion and deletion of entries.

    • Keystorefiles are usually password protected.


    Class java security keystore
    Class: java.security.KeyStore http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    Methods:

    • getInstance (String type)

      • Create an instance of KeyStore of the specified type.

    • load(InputStream stream, char[] password))

      • Open keystore with password and load keys from keystore file to memory

    • getKey(String alias, char[] password)

      • Access the keystore with password and get the key based on a given key alias

    • setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam)

      • Set a new key entry in the keystore

    • store(OutputStream stream, char[] password)

      • Store this keystore to the given output stream, and protect its integrity with the given password.


    Example create a null keystore object
    Example:Create a null KeyStore object http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • The following sample creates null KeyStore object with password protection.

      //Create an instance of KeyStore of type “JCEKS”.

      //JCEKS refers the KeyStore implementation from SunJCE provider

      ks = KeyStore.getInstance("JCEKS");

      //Load the null Keystore and set the password to “changeme”

      ks.load(null, "changeme".toCharArray());


    Example set key entry
    Example:Set Key Entry http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • The following sample sets the generated key “mykey” in the KeyStore.

      //Create an instance of KeyStore.SecretKeyEntry using “mykey”

      KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mykey);

      //Get key alias name from user input.

      String alias=args[0];

      //Create KeyStore Password

      KeyStore.PasswordProtection password;

      password = new KeyStore.PasswordProtection("changeme".toCharArray());

      //Set the key entry in the key store with an alias.

      ks.setEntry(alias, skEntry, password);


    Example store keystore object in file
    Example:Store KeyStore object in file http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • The following sample writes the KeyStore object into a file for storage.

      //Create a new file to store the KeyStore object

      java.io.FileOutputStream fos = new java.io.FileOutputStream("keystorefile.jce");

      //Write the KeyStore into the file

      ks.store(fos, "changeme".toCharArray());

      //Close the file stream

      fos.close();


    Example retrieving keys from keystore
    Example:Retrieving Keys from KeyStore http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • The following sample retrieves keys from a KeyStore file.

      //Open the KeyStore file

      FileInputStream fis = new FileInputStream("keystorefile.jce");

      //Create an instance of KeyStore of type “JCEKS”

      ks = KeyStore.getInstance("JCEKS");

      //Load the key entries from the file into the KeyStore object.

      ks.load(fis, "changeme".toCharArray());

      fis.close();

      //Get the key with the given alias.

      String alias=args[0];

      Key k = ks.getKey(alias, "changeme".toCharArray());


    A quick review
    A Quick Review http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

    • Which of the following is subject to frequency attack?

      • Caesar cipher 2. Vigenére 3. Vernam

    • A perfect cipher is?

      • Combination of confusion and diffusion

      • Combination of substitution and transposition

      • Unconditionally secure


    ad