cryptography basics n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Cryptography Basics PowerPoint Presentation
Download Presentation
Cryptography Basics

Loading in 2 Seconds...

play fullscreen
1 / 31

Cryptography Basics - PowerPoint PPT Presentation


  • 241 Views
  • Uploaded on

Cryptography Basics. IT443 – Network Security Administration. Outline. Basic concepts in cryptography system Secret key cryptography Public key cryptography Hash functions. Who Am I?. ?????????????????????? ?????????????????????? How do you know who I am??

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Cryptography Basics' - monet


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cryptography basics

Cryptography Basics

IT443 – Network Security Administration

outline
Outline
  • Basic concepts in cryptography system
  • Secret key cryptography
  • Public key cryptography
  • Hash functions
who am i
Who Am I?
  • ??????????????????????
  • ??????????????????????
  • How do you know who I am??
  • What about if we were on the telephone??
encryption decryption
Encryption/Decryption
  • Plaintext: a message in its original form
  • Ciphertext: a message in the transformed, unrecognized form
  • Encryption: the process that transforms a plaintext into a ciphertext
  • Decryption: the process that transforms a ciphertext to the corresponding plaintext
  • Key: the value used to control encryption/decryption.

plaintext

ciphertext

plaintext

encryption

decryption

key

key

cryptanalysis
Cryptanalysis
  • “code breaking”, “attacking the cipher”
  • Difficulty depends on
    • sophistication of the cipher
    • amount of information available to the code breaker
  • Any cipher can be broken by exhaustive trials, but rarely practical
caesar cipher

plaintextalphabet

ciphertextalphabet

Caesar Cipher
  • Replace each letter with the one 3 letters later in the alphabet
    • ex.: plaintext CAT ciphertext FDW

Trivial to break

mono alphabetic ciphers

plaintextalphabet

ciphertextalphabet

Mono-Alphabetic Ciphers
  • Generalized substitution cipher: an arbitrary (but fixed) mapping of one letter to another
    • 26! (4.0*1026 288) possibilities
attacking mono alphabetic ciphers
Attacking Mono-Alphabetic Ciphers
  • Broken by statistical analysis of letter, word, and phrase frequencies of the language
  • Frequency of single letters in English language, taken from a large corpus of text:
ciphertext only attacks
Ciphertext Only Attacks
  • Ex.: attacker can intercept encrypted communications, nothing else
  • Breaking the cipher: analyze patterns in the ciphertext
    • provides clues about the encryption method/key
known plaintext attacks
Known Plaintext Attacks
  • Ex.: attacker intercepts encrypted text, but also has access to some of the corresponding plaintext (definite advantage)
  • Makes some codes (e.g., mono-alphabetic ciphers) very easy to break
chosen plaintext attacks
Chosen Plaintext Attacks
  • Ex.: attacker can choose any plaintext desired, and intercept the corresponding ciphertext
  • Allows targeted code breaking (choose exactly the messages that will reveal the most about the cipher)
the weakest link in security
The “Weakest Link” in Security
  • Cryptography is rarely the weakest link
  • Weaker links
    • Implementation of cipher
    • Distribution or protection of keys
    • … …
secret keys vs secret algorithms
Secret Keys vs Secret Algorithms
  • Security by obscurity
    • We can achieve better security if we keep the algorithms secret
    • Hard to keep secret if used widely
    • Reverse engineering, social engineering
  • Publish the algorithms
    • Security of the algorithms depends on the secrecy of the keys
    • Less unknown vulnerability if all the smart (good) people in the world are examine the algorithms
outline1
Outline
  • Basic concepts in cryptography system
  • Secret key cryptography
  • Public key cryptography
  • Hash functions
secret key cryptography
Secret Key Cryptography
  • Same key is used for encryption and decryption
  • Also known as
    • Symmetric cryptography
    • Conventional cryptography

plaintext

ciphertext

plaintext

encryption

decryption

key

Same key

key

secret key cryptography1
Secret Key Cryptography
  • Stream cipher
  • Block cipher
    • Converts one input plaintext block of fixed size k bits to an output ciphertext block of k bits
    • DES, IDEA, AES, …
    • AES
      • Selected from an open competition, organized by NSA
      • Joan Daemen and Vincent Rijmen (Belgium)
      • Block size=128 bits, Key Size= 128/192/256 bits
key size
Key Size
  • Keys should be selected from a large potential set, to prevent brute force attacks
  • Secret key sizes
    • 40 bits were considered adequate in 70’s
    • 56 bits used by DES were adequate in the 80’s
    • 128 bits are adequate for now
  • If computers increase in power by 40% per year, need roughly 5 more key bits per decade to stay “sufficiently” hard to break
public key cryptography
Public Key Cryptography
  • A public/private key pair is used
    • Public key can be publicly known
    • Private key is kept secret by the owner of the key
  • Much slower than secret key cryptography
  • Also known as asymmetric cryptography
  • Another mode: digital signature

plaintext

ciphertext

plaintext

encryption

decryption

Public key

Private key

public key cryptography1
Public Key Cryptography
  • Digital signature
    • Only the party with the private key can create a digital signature.
    • The digital signature is verifiable by anyone who knows the public key.
    • The signer cannot deny that he/she has done so.

plaintext

ciphertext

plaintext

Sign

Verify

Private key

Public key

public key cryptography2
Public Key Cryptography
  • It must be computationally
    • easy to generate a public / private key pair
    • hard to determine the private key, given the public key
  • It must be computationally
    • easy to encrypt using the public key
    • easy to decrypt using the private key
    • hard to recover the plaintext message from just the ciphertext and the public key
symmetric vs asymmetric
Symmetric vs Asymmetric
  • Symmetric algorithms are much faster
    • In the order of a 1000 times faster
  • Symmetric algorithms require a shared secret
    • Impractical if the communicating entities don’t have another secure channel
  • Both algorithms are combined to provide practical and efficient secure communication
    • E.g., establish a secret session key using asymmetric crypto and use symmetric crypto for encrypting the traffic
outline2
Outline
  • Basic concepts in cryptography system
  • Secret key cryptography
  • Public key cryptography
  • Hash functions
hash function
Hash Function
  • Also known as
    • Message digest
    • One-way transformation
    • One-way function
    • Hash
  • Length of H(m) much shorter then length of m
  • Usually fixed lengths: 128 or 160 bits

A fixed-length

short message

Message of

arbitrary length

Hash

properties of hash
Properties of Hash
  • Consider a hash function H
    • Performance: Easy to compute H(m)
    • One-way property: Given H(m) but not m, it’s computationally infeasible to find m
    • Weak collision resistance (free): Given H(m), it’s computationally infeasible to find m’ such that H(m’) = H(m).
    • Strong collision resistance (free): Computationally infeasible to find m1, m2 such that H(m1) = H(m2)
hash applications
Hash Applications
  • File / Message integrity
    • Check if a downloaded file is corrupted
    • Detect if a file has been changed by someone after it was stored
    • Compute a hash H(F) of file F
    • openssldgst -md5 filename
hash applications1
Hash Applications
  • Password verification
    • Password cannot be stored in plaintext
    • In a hashed format
    • Linux: /etc/passwd, /etc/shadow
    • cat /etc/shadow
hash applications2
Hash Applications
  • User authentication
    • Alice wants to authenticate herself to Bob
    • Assuming they already share a secret key K

Alice

Bob

“I’m Alice”

R

computesY=H(R|K)

Y

verifies thatY=H(R|K)

time 

modern hash functions
Modern Hash Functions
  • MD5 (128 bits)
    • Previous versions (i.e., MD2, MD4) have weaknesses.
    • Broken; collisions published in August 2004
    • Too weak to be used for serious applications
  • SHA (Secure Hash Algorithm)
    • Weaknesses were found
  • SHA-1 (160 bits)
    • Broken, but not yet cracked
    • Collisions in 269 hash operations, much less than the brute-force attack of 280 operations
    • Results were circulated in February 2005, and published in CRYPTO ’05 in August 2005
  • SHA-256, SHA-384, …
birthday attack
Birthday Attack
  • What is the smallest group size k such that
    • The probability that at least two people in the group have the same birthday is greater than 0.5?
    • 23
  • Implication for hash function H of length m
    • With probability at least 0.5
    • If we hash about 2m/2 random inputs,
    • Two messages will have the same hash image
    • m=64, 1ns per hash
      • Brute force (264): 1013 seconds over 300 thousand years
      • Birthday attack (232): 4 seconds
lab 1
Lab 1
  • Sample codes
    • eecs.mit.edu’s IP is 18.62.1.6
    • Assume their subnetwork use 28-bit prefix

18. 62. 1. 00000110

    • Scan 18.62.1.0 ~ 18.62.1.15
    • dig -x 18.62.1.0 +short
    • /home/abird/it443/scanip.sh
    • /home/abird/it443/scanip.pl
next time
Next Time
  • Read Chapter 2 in the textbook.
  • Enter any and all terms you consider important in your glossary.
  • Summarize chapter 2 in your notebook.
    • The information in this chapter is very important!