1 / 16

Encryption 102

FORE SEC Academy Security Essentials (IV). Encryption 102. Why do I Care about Crypto?. Concepts in Cryptography. Concepts in Cryptography (2). Computational Complexity deals with time and space requirements for the execution of algorithms. Problems can be classified as

pearl
Download Presentation

Encryption 102

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FORESEC AcademySecurity Essentials (IV) Encryption 102

  2. Why do I Care about Crypto?

  3. Concepts in Cryptography

  4. Concepts in Cryptography (2) Computational Complexity deals with time and space requirements for the execution of algorithms. Problems can be classified as tractable or intractable.

  5. Concepts in Cryptography (3) An Example of an Intractable Problem... Difficulty of factoring a large integer into its two prime factors • A “hard” problem • Years of intense public scrutiny suggest intractability • No mathematical proof so far • Example: RSA • based on difficulty of • factoring a large integer • into its prime factors • ~1000 times slower than • DES • considered “secure” • de facto standard • patent expired in 2000

  6. Concepts in Cryptography (4) Another Intractable Problem… Difficulty of solving the discrete logarithm problem --for finite fields • A “hard” problem • Years of intense public scrutiny suggest intractability • No mathematical proof so far • The discrete logarithm problem is as difficult as the problem of factoring a large integer into its prime factors • Examples • El Gamal encryption • and signature schemes • Diffie-Hellman key • agreement scheme • Schnorr signature scheme • NIST.s Digital Signature • Algorithm (DSA)

  7. Concepts in Cryptography (5) Yet Another Intractable Problem... Difficulty of solving the discrete logarithm problem--as applied to elliptic curves • A “hard” Problem • Years of intense public scrutiny suggest intractability • No mathematical proof so far • In general, elliptic curve cryptosystems (ECC) offer higher speed, lower power consumption, and tighter code • Examples • Elliptic curve El Gamal encryption and signature • schemes • Elliptic curve Diffie-Hellman • key agreement scheme Schnorr signature scheme • NIST.s Digital Signature • Algorithm (DSA)

  8. Voila! We Can Now Build...

  9. DES: Data Encryption Standard • Released March 17, 1975 • Rather fast encryption algorithm • Widely used; a de facto standard • Symmetric-key, 64-bit block cipher • 56-bit key size ! Small 256keyspace • Today, DES is not considered secure

  10. DES Weaknesses • DES is considered non-secure for very sensitive encryption. It is crackable in a short period of time. • See the Cracking DES book by O’Reilly. • Multiple encryptions and key size will increase the security. • Double DES is vulnerable to the meet-in-the- middle attack and only has an effective key length of 57 bits. • Triple DES is preferred.

  11. DES • In 1992 it was proven that DES is not a group. This means that multiple DES encryptions are not equivalent to a single encryption. THIS IS A GOOD THING. • If something is a group then - E(K2,E(K,M)) = E(K3,M) • Since DES is not a group, multiple encryptions will increase the security.

  12. Meet-in-the-middle Attack

  13. Triple DES

  14. Triple DES (2)

  15. AES • Advanced Encryption Standard • AES is a new encryption algorithm(s) that is being designed to be effective • well into the 21st century THE FIVE “AES” FINALISTS ! • MARS IBM • RC6tmRSA Laboratories • Rijndael Joan Daemen, Vincent Rijmen • Serpent Ross Anderson, Eli Biham, Lars Knudsen • Twofish Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson Significance Developing “good” cryptographic algorithms that can be trusted is hard. The only practical way to develop such algorithms is to perform the development process in an open manner, and under intense public scrutiny of the global cryptographic community. Can you think of a recent example in which this was not followed? • Countdown • to AES ! • 1/2/1997, the quest • for AES begins... • 8/9/1999, five finalist • algorithms announced • Announced winner – • Rijndeal • 12/26/2001– AES • approved!

  16. AES Algorithm

More Related