1 / 10

Advanced Concepts in Cryptography: Asymmetric Solutions and Trusted Components Discussion

Explore the advanced realm of asymmetric cryptography, covering mathematical statements, key pairs, security strength, encryption states, and the current status of AES, DES, and hash functions. Join us for a comprehensive look at modern encryption techniques and ensure you never compromise security by building your own solutions when proven tools are available. Stay informed about the latest developments in SHA-3 and engage in discussions on trusting internal components.

palmer-rios
Download Presentation

Advanced Concepts in Cryptography: Asymmetric Solutions and Trusted Components Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Class 4Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer SecuritySpring 2014 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/

  2. Administrative stuff • Quiz on Thursday • Cryptography concepts • Examples… • Project due dates posted • Schedule always being updated – watch for changes • What would you like to see covered? • Paper reading and the “huh?” moment

  3. Last time: Basic primitives • Confidentiality (encryption) • Symmetric (e.g. AES) • Asymmetric (e.g. RSA) • Hash functions • Integrity and authentication • Symmetric (authentication codes) • Asymmetric (signatures) • Random numbers

  4. Asymmetric cryptography • The idea: base security properties on mathematical statements • Facts or assumptions • We need to be familiar with our toolset • NEVER BUILD YOUR OWN WHEN SOLUTION EXISTS!!

  5. NEVER BUILD YOUR OWN WHEN SOLUTION EXISTS!!!

  6. Asymmetric • No pre-shared keys • Public and secret keys (key pairs) • Asymmetric means…? • Non-repudiable • Key agreement, e.g. Diffie-Hellman • Not like sending password in the clear • Mathematical proof based on conjecture • Variants of conjecture (important)

  7. Security (strength) • Key size* • Commonly 2256 for AES, 22048 for RSA • What is a [good] key? • Underlying cryptosystem/primitives • Composition • e.g. MAC with broken underlying hash function may not itself be broken

  8. Current state of symmetric encryption • DES is too weak (56-bit key) • 3DES is weak (168-bit keys but only 2112 security – “meet-in-the-middle” attack) • Recent weaknesses in AES: • AES-256 (2254.4) AES-192 (2189.7) AES-128 (2126.1) http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf

  9. Current state of hash functions • MD5 is broken • http://www.win.tue.nl/hashclash/ • SHA-1 is known to be weak • http://theory.csail.mit.edu/~yiqun/shanote.pdf (269) • http://eprint.iacr.org/2004/304 (2106, generalizable) • SHA-256 (variant) is even weaker • SHA-3 currently in “development” (NIST) • We have a winner: all hail Keccak (SHA-3)! • http://csrc.nist.gov/groups/ST/hash/sha-3/

  10. Questions? Trusted component discussion

More Related