1 / 60

Cryptography 101

Cryptography 101. EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography , Network Associates’ An Introduction to Cryptography, course textbooks. What is cryptography.

italia
Download Presentation

Cryptography 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography 101 EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography, Network Associates’ An Introduction to Cryptography, course textbooks

  2. What is cryptography • Cryptography: transforming (enciphering) plaintext into a form where the original info is present but hidden • Plaintext: data that can be read w/o any special tool • Ciphertext: result of encryption; unreadable data • Given a plaintext, many transformations are possible; to expose the info one may have to try all (on average, half) of possible transformations

  3. An elementary school approach • On a sheet of paper, write the alphabets in order in one column; write the same alphabets randomly (but uniquely) in the second column A W B J C R … … • To encipher a plaintext, substitute each letter with the associated letter from the second column

  4. An elementary school example • Suppose we have the following substitution ABCDEFGHIJKLMNOPQRSTUVWXYZ QAZWSXEDCRFVTGBYHNUJMIKOLP • Plaintext message: MEET ME AT SIX • Enciphered message: TSSJ TS QJ UCO • The Caesar cipher En(x) = (x + n) mod 26 Dn(x) = (x - n) mod 26 For Caesar cipher: n = 3

  5. A middle school approach • Singe (simple) substitution: the key is one particular permutation (arrangement) of the alphabet; once the sheet revealed, it is no longer good • But one can create a notebook of different permutations for the second column, each on a page; the key will be the page number • If the notebook is exposed, one must try all (or at least half) transformations

  6. Weak vs. strong transformation • Simple substitution is weak: the more often a particular letter is used, the more often the ciphertext letter appears • Languages use some letters (or letter combinations) more than others, and thus possible to guess • One solution: increase the size of the cipher alphabet • Instead of single letters, use pairs of letters • For example, replace A with WK • At least 26 × 26 = 676 transformations

  7. Weak vs. strong transformation [2] • How about expanding: instead of a pair of letters, select triplets, quadruples, … • Soon a computer will be needed to do the operations • A conventional (block) cipher: A much larger alphabet • A 64-bit (eight character) block cipher: instead of using 26 letters, views each 2^64 values as a separate letter • 18,000,000,000,000,000 “letters”!

  8. Keyspace for an 8-bit key • A notebook with 256 pages: 256 different keys • Decimal 256 = Binary 100000000 = 2^8 = 8 bit • Thus an “8 bit” keyspace gives 256 unique key values • If we choose one of the keys, one would have to try 256 (or probably only 128) keys to break • Thus a low design strength

  9. Keyspace for longer than 8-bit keys • A 65,536 page notebook offers a “16 bit” keyspace • That is 256 times that of an “8 bit” while the key has 8 bits more • A “56 bit” keyspace: 7 × 10^16 different keys • Broken via brute force in 56 hours! • A “128 bit” (16 characters): 3.40282367 × 1038 • Strong enough

  10. What cryptography can and cannot do • It can hide to facilitate confidentiality and authentication • It cannot hide contraband, a luxury lifestyle with no visible means of support, informants, or undercover spying • Keys can be lost, forgotten, stolen, or revealed for payment or under duress

  11. Encryption/decryption process • Encryption: the process of disguising plaintext • Decryption: the process of reverting ciphertext to its original plaintext

  12. Other related terms • Cryptanalysis: the science of analyzing and breaking secure communications • Analytical reasoning/math • Pattern matching • Patience, determination, good luck • Cryptography: the science of information security • Cryptology: cryptography + cryptanalysis

  13. Strong vs. weak cryptography • Strength is measured in the time and resources required to recover a plaintext • Strong cryptography: very difficult to decipher • A billion computers doing a billion checks a second, it is not possible to decipher the result of strong cryptography in a billion year

  14. How does it work • A mathematical function • Strength: (1) algorithm, (2) secrecy of the key

  15. Conventional cryptography • AKA symmetric key • One key is used for encryption/decryption • Example: the Data Encryption Std (DES) used by the fed government

  16. Conventional cryptography approaches • Substitution: changes (substitutes) characters in plaintext to produce ciphertext • Example: Caesar cipher where the letters are offset by 3 (or in general n) positions • SECRET  VHFUHW • Transposition: rearranges the characters in the plaintext to produce ciphertext • Example: the “rail fence” cipher where plaintext is written in two rows preceding down, then across • SECRET  SCE  SCEERT ERT

  17. A longer example of transposition encipher • The number of rows is explicitly defined; pad with dummy characters to fill • An example of 3-row fence MTSPNRIE EAIMDBDX ETXUERGY • Read off/send : MTSPNRIEEAIMDBDXETXUERGY • May send in 4-char groups to avoid errors (also for better management and to confuse intruders) MTSP NRIE EAIM DBDX ETXU ERGY

  18. A longer example of transposition encipher [2] • To decipherMTSP NRIE EAIM DBDX ETXU ERGY • Run the letters into a long string MTSPNRIEEAIMDBDXETXUERGY • Since there are 3 rails, divide into 3 groups of 8 MTSPNRIE EAIMDBDX ETXUERGY • Write the first letter of group 1, group 2, and group 3 followed by the second letter of group 1, etc. MEETATSIXPMUNDERBRIDGEXY MEET AT SIX PM UNDER BRIDGE XY

  19. Benefits of conventional encryption • Very fast • Useful for encrypting local data that is not going anywhere • Expensive for data transmission • How to distribute the key

  20. Public key encryption • Addresses key distribution • Asymmetric scheme • Uses a pair of keys • Public key: used to encrypt data • Private key: used to decrypt data • Public key is public and publically advertised • Private key is kept secret • Computationally infeasible to deduce the private key from the public key • An example: PGP

  21. Public key encryption illustrated

  22. Benefits of the public key approach • No need for sender and receiver to share a key • All communications involve public keys; private keys are never transmitted • Examples of public key cryptosystems • Elgamal (named for its inventor, Taher Elgamal) • RSA (named for its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman) • Diffie-Hellman(named for its inventors), and • DSA, the Digital Signature Algorithm (invented by David Kravitz)

  23. How PGP works • Combines the best features of conventional and public cryptography • PGP compresses the plaintext: saves modem transmission and disk space and strengthens security (complicates patterns) • PGP creates a session key: a one-time-only secret key (generated from the random movement of the mouse/keyboard strokes) • The plaintext is encrypted via a fast algorithm and the session key

  24. How PGP works [2] • The session key is encrypted using the recipient's public key and transmitted

  25. How PGP works [3] • Decryption works in reverse: the session key is recovered (by the recipient's private key) and is used to decrypt the ciphertext

  26. The benefits of the PGP • A combination of two methods • Convenience of the public key: no key-distribution concerns • Speed of conventional encryption: about 1,000 faster than the public key encryption

  27. The key issues • A value that works with encryption algorithms to produce a ciphertext • Big, big numbers: measures in bits: 1,024 bits • The bigger the key, the more secure ciphertext • Public key size and conventional cryptography secret key sizes are unrelated • A conventional 80-bit key has the same strengths of a 1,024-bit public key • The bigger the key, the more secure but the algorithms used for each is different (a comparison is like comparing apple and oranges)

  28. The key issues [2] • Public and private keys are mathematically related but difficult to derive a private key from its public key • Pick large keys to be secure; small enough to be applied quickly • Large keys are good for a longer periods of time • Keys are stored in encrypted form; PGP stores on the hard-drive as keyrings • one for public and one for private uses • If the private key is lost, one will be unable to recover decrypted data

  29. Digital signatures • A benefit of public key • Enable the recipient to verify the authenticity of the information’s origin, and also verify that the information is intact • Provides for authenticationand data integrity • Also provides non-repudiation: prevents the sender from claiming that he/she did not send the information

  30. Digital signatures [2] • Authentication • Similar to a handwritten signature but superior in that it is nearly impossible to counterfeit • You may not care if anyone learns that you just deposited $500 in an account, but you do want to be sure it was the bank teller you were communicating with • Integrity • To verify and ensure that the information was not altered

  31. How digital signature works

  32. How digital signature works [2] • Problem with the above approach? SLOW • Data size to communicate too large (at least double the original) • Alternative to expedite? • Use hash functions • “A hash function is any well-defined procedure or mathematical function that converts a large, possibly variable-sized amount of data into a small datum, usually a single integer” • Create a message digest to sign the message

  33. Message digests • Objective: to verify that the message received is the same as the message sent • How: hash function (checksum function) -- h: A  B -- A: a message of any length (millions of bits) -- B: A fixed length output, e.g., 160 bit -- h: ensures that if A is changed in anyway (even one bit), an entirely different output is produced • PGP calls B a message digest (used for creating signatures); one cannot alter the signature or attach to another document

  34. Hash function (h: A B) properties • Easy to compute • For any y in B, infeasible to find x in A such that h(x) = y • For any x, x’ in A, x ≠ x’, infeasible to have h(x) = h(x’) • Given any x in A, infeasible to find x’ in A and x ≠ x’ and h(x’) = h(x)

  35. Side note: pigeonhole principle • If there are n containers and n+1 objects, at least one container will have to hold two objects • So what? If a hash function produces 3-bit hashes and we have a set of 5-bit messages, it implies: • a^3 = 8 hashes • 2^5 = 32 messages • Thus large hash sizes are better

  36. How a hash function is used

  37. Digital envelopes • Creating a digital envelop (an encrypted message; no digital signature attached)

  38. Digital envelopes [2] • Opening a digital envelop

  39. Diffie-Hellam public key agreement • A relatively fast public key agreement • Relies on two functions, p (prime) and g (generator), and two random numbers x and y • Everything exchanged in clear text • Six step process • Works like magic!

  40. Diffie-Hellam public key agreement [2] • Party X and Party Y agree on Diffie-Hellman p and g; exchange these in clear • Party X generates random number x Party Y generates random number y • Party X computes x’ = g^x mod p Party Y computes y’ = g^y mod p • The two parties exchange x’ and y’ in clear • Party X computes kx = y’^x mod p Party Y computes ky = x’^y mod p kx = y’^x mod p = g^(xy) mod p = x’^ymod p = ky • Subsequent encryption with kx or ky

  41. Diffie-Hellam public key agreement [3]

  42. Digital certificates • One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key • Otherwise, you can only encrypt/decrypt to those key handed to you • A solution: digital certificates (or certs) • A form of credentials (like a physical passport) • Included with a person’s public key to verify that a key is valid

  43. Components of a digital certificate • A digital certificate • A public key • Certificate info (identifying information such as name, ID) • One (or more) digital signatures • A stamp of approval from a trusted entity • Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)

  44. Components of a digital certificate [2]

  45. Digital certificate distribution • Digital servers: a networked database that allows users to submit and receive digital certs • Example: PGP Keyserver • Public Key Infrastructures (PKIs) • Storage facilities like the certificate servers • More structured • Provide additional key management services • Issue revoke, store, and trust certificates • Certificate authority: a group of human beings authorized to issue certs (like a passport office)

  46. Common certificate format • The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA • The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on) • The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate • The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish

  47. Common certificate format [2]

  48. Other substitution techniques • Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk • The keyword defines the permutation of English letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz • Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ profesinalbcdghjkmqtuvwxyz

  49. Other substitution techniques [2] • Use every third letter (apply mod 26) adgjmpsvybehknqtwzcfilorux • Consider any possible permutation of the English letters • How many? 26! • Even applying decryption at 1 microsecond, still takes over 1,000 years • The primary issue: the knowledge of letter patterns in a text • Solution: Avoid using the same substitution for a letter

  50. One-time pads (using Vigenere tableau) • Assume a set of large, non-repeating keys written on sheets of paper, glued into a pad • Assume keys are 20 characters • Assume a text that is 300 characters • Sender tears off 15 pages from the pad • Sender writes the keys one at a time above the text letters and enciphers in a prearranged chart • Receiver must have the same pad • Concerns: (1) key distribution, (2) sender/receiver must synchronize (3) need unlimited keys

More Related