1 / 50

What is encryption?

What is encryption?. A process that converts original information, also called plain text into a difficult-to-interpret form called ciphertext. Done by using an encryption algorithm, a formula used to turn plain text into ciphertext. Two types: Asymmetric and Symmetric. Asymmetric Encryption.

shepry
Download Presentation

What is encryption?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What is encryption? • A process that converts original information, also called plain text into a difficult-to-interpret form called ciphertext. • Done by using an encryption algorithm, a formula used to turn plain text into ciphertext. • Two types: Asymmetric and Symmetric

  2. Asymmetric Encryption • Click to edit Master text styles • Second level • Third level • Fourth level • Fifth level

  3. Symmetric Encryption

  4. Which one is better? • Although, symmetric encryption is fast, it is not as safe as asymmetric encryption because someone could “steal” the key and decode the messages. But because of its speed, it's commonly used for e-commerce transactions. • Asymmetric encryption is more complex--and more secure. Asymmetric encryption's added safety comes at a price: More computation is required, so the process takes longer. (several orders or magnitude longer)

  5. Why use encryption? • Authentication • Protects personal data such as passwords. • Privacy • Provides for confidentiality of private information. • Integrity • Ensures that a document or file has not been altered. • Accountability • Prevents denial or plagiarism.

  6. Examples of Encryption • Web browser encryption • Email encryption • Hard drive encryption • Operating system protection

  7. What is cryptography? • “hidden writing” • Until recently: military tool • Like any military technology: methods change over time • Two sides: • designing codes • breaking codes (cryptanalysis) • Computers have changed both

  8. How do we encrypt? • Protocol, or scheme: method of encryption • Cryptovariable, or key: secret information • Symmetric Encryption: protocol is reversible! The method is the same for encryption and decryption. plaintext protocol ciphertext cryptovariable

  9. Example: Caesar Shift • Protocol: shift each letter by the same amount • Cryptovariable: amount to shift • Decryption: shift back the same amount IBM HAL -1 Veni, vidi, vici Foxs, fsns, fsms

  10. Substitution Cipher • Allow any permutation of the alphabet • Key = permutation; 26! possibilities • 26! = 403,291,461,126,605,635,584,000,000 • Roughly 288: checking 1 billion per second, would take 12 billion years • Is there a better way? • al-Kindi, ninth century: frequency analysis

  11. A harder example YIRLAZ MRACIRB CR PKORI CRP: MRPPVAMQAY MRLACZRGA, VAYQAVW RA • Shorter = less information • R occurs 10 times, A occurs 9 times • (all others occur 4 or fewer times) • Telegraph style; fewer short words

  12. A harder example E E E E E E YIRLAZ MRACIRB CR PKORI CRP: E E E E MRPPVAMQAY MRLACZRGA, VAYQAVW RA E doesn’t begin any common 2-letter words

  13. A harder example O O O O O O YIRLAZ MRACIRB CR PKORI CRP: O O O O MRPPVAMQAY MRLACZRGA, VAYQAVW RA A occurs 9 times. What could it be?

  14. A harder example O N ON O O O O YIRLAZ MRACIRB CR PKORI CRP: O N N O N O N N N ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  15. A harder example O N ONT O TO O TO YIRLAZ MRACIRB CR PKORI CRP: O N N O NT O N N N ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  16. A harder example G O N ONT O TO O TO YIRLAZ MRACIRB CR PKORI CRP: O N ING O NT O N NGIN ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  17. A harder example GROUND CONTROL TO MAJOR TOM: YIRLAZ MRACIRB CR PKORI CRP: COMMENCING COUNTDOWN, ENGINES ON MRPPVAMQAY MRLACZRGA, VAYQAVW RA

  18. The perfect cryptosystem • One-time pad: encrypt each letter with its own key • Example: Caesar shift each letter separately • Ci = Pi + Ki (mod 26) • To encrypt n bits, use n bits of key • This uses up lots of key bits; need to prearrange • How do you generate key bits?

  19. Enigma Machine • German cryptosystem in World War II • Same idea: modify letters • Scrambler disks implement permutation • Rotate after each letter, so many different permutations used • Additional permutation provided by plugboard

  20. Enigma Key • Key changed daily • 3 scramblers in one of 6 orders • In 1938: 3 of 5, so 60 arrangements • 263 = 17,576 settings for scramblers • Billions of plugboard settings • Alan Turing: bypassed plugboard • Used known plaintext, exhausted over space • British were able to read traffic

  21. Navajo Code Talkers • Americans in the Pacific during WWII • Each troop had one Navajo • Even after figuring out system, Japanese couldn’t break it • Like a one-time pad: prearranged secret is a whole language • May not be feasible today

  22. Modern Symmetric Cryptography • Assume the protocol is known to the enemy • Only the key is secret • Encryption, cryptanalysis use computers • Operate on bits, rather than letters • DES, AES • Open standards; let everyone try to break it • Closed design often fails (cell phones) • Don’t try this in-house

  23. Key Distribution • Secure communication requires a key • How do you exchange keys securely? • Military: codebooks in field could fall into enemy hands • Commerce: might not meet face-to-face • Seems to be a Catch-22

  24. Paradigm Shift • Alice wants to mail Bob a letter securely • If they share a “key”, Alice locks, Bob unlocks • If not: Alice puts on padlock, sends box to Bob • Bob adds his padlock, sends box back to Alice • Alice removes her padlock, sends box to Bob • Bob unlocks box, reads letter • Problem: how to translate this to mathematics

  25. Diffie-Hellman-Merkle (1976) • Modular Arithmetic • Choose Y, modulus p • Alice’s function is YA (mod p) • Bob’s function is YB (mod p) • Key is YAB = YBA (mod p) • Eve can’t compute YAB from Y, YA, YB • We think (no one can prove it) • One problem: must communicate to get key

  26. One-way Functions • Easy to compute, hard to reverse • Example: f (A) = YA (mod p) • f -1(YA) is called “discrete log” • Hard to compute (we think) • Could always do exhaustive search • Here, there are p-1 choices

  27. Cryptographic Primitives • Building blocks for algorithms • Example: one-way functions • Protocols built out of primitives • Example: Diffie-Hellman-Merkle • Protocols built out of other protocols • Example: • 1. Use Diffie-Hellman to exchange key • 2. Use symmetric encryption, key to encode message • Good, “modular” design

  28. Trapdoor one-way functions • Another useful primitive • f (X) is easy to compute • f -1(Y) is hard for most people to compute • But: easy to compute if you know a secret • There are trapdoor one-way functions • Found by Rivest-Shamir-Adleman, 1977 • Rely on difficulty of factoring large integers

  29. Idea behind public key • Bob publishes design specs for a padlock • Alice wants to send Bob a box • Alice builds a Bob padlock, locks the box • Bob unlocks box using his key • Eve intercepts box, knows design specs • Goal: Eve still can’t build a key • Padlock = trapdoor one-way function

  30. Public Key Cryptography • Alice wants to talk to Bob: computes key X • Alice sends Bob fB (X) (Bob’s function) • Bob computes fB-1 (fB (X)) = X • Both Alice and Bob know X, use as key for symmetric encryption • Eve knows fB (X); can’t compute X • Asymmetric encryption • Whitfield Diffie, 1975

  31. RSA: Choosing Keys • Choose two large prime numbers p, q. (e.g., 1024 bits each) • Compute n = pq, z = (p-1)(q-1) • Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). • Choose d such that ed-1 is exactly divisible by z (in other words: ed mod z = 1 ). • Public key is (n,e) . Private key is (n,d).

  32. RSA: Encryption, decryption • Given (n,e) and (n,d) as computed before • To encrypt bit pattern, m, compute: • c = me mod n • To decrypt received bit pattern, c, compute • m = cd mod n

  33. RSA example e c = m mod n d d c m = c mod n • Bob chooses p=5, q=7. Then n=35, z=24. • e=5 (so e, z relatively prime). • d=29 (so ed-1 exactly divisible by z. e m m letter encrypt: l 17 1524832 12 c letter decrypt: 17 12 l 481968572106750915091411825223071697

  34. Digital Signature Scheme • Alice wants to send Bob a message, sign it • Alice sends Bob X and S = fA-1 (X) • Bob checks that fA (S) = X • Therefore Bob knows that S = fA-1 (X) • Only Alice can compute fA-1 (X) easily, so Alice must have sent the message • Same primitive, new protocol

  35. Revolution • New ideas made cryptography an option for commerce • PCs gave everyone computing power • Zimmerman’s PGP: gave everyone access • SSL in web browsers

  36. Quantum Computation • Computers revolutionized cryptographic design and cryptanalysis • Quantum computers may one day do the same • Quantum key exchange: guaranteed secure • A quantum computer could factor large integers in polynomial time • We may never live to see one

  37. Symmetric Cryptography DES (Data Encryption Standard) • US encryption standard [NIST 1993] • 56-bit symmetric key, 64-bit plaintext input • How secure is DES? • DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months • no known “backdoor” decryption approach • making DES more secure: • use three keys sequentially (3-DES) on each datum • use cipher-block chaining

  38. Symmetric Cryptography: DES (Data Encryption Standard) • DES Operations • 1) initial permutation • 2) 16 identical “rounds” of function application, each using different 48 bits of key • 3) final permutation

  39. Symmetric Cryptography: AES (Advanced Encryption Standard) • new (Nov. 2001) symmetric-key NIST standard, replacing DES • processes data in 128 bit blocks • 128, 192, or 256 bit keys • brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES

  40. Trusted Intermediaries • Symmetric key problem: • How do two entities establish shared secret key over network? • trusted key distribution center (KDC) acting as intermediary between entities • Public key problem: • When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? • trusted certification authority (CA)

  41. Certification Authorities • Certification authority (CA): binds public key to particular entity, E. • E (person, router) registers its public key with CA • E provides “proof of identity” to CA. • CA creates certificate binding E to its public key. • certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” • When Alice wants Bob’s public key: • gets Bob’s certificate (Bob or elsewhere). • apply CA’s public key to Bob’s certificate, get Bob’s public key

  42. Certificates contain… - -Serial number (unique to issuer) - info about certificate owner, including algorithm and key value itself (not shown) -info about certificate issuer -valid dates -digital signature by issuer

  43. Pretty good privacy (PGP) • Internet e-mail encryption scheme, de-facto standard. • uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. • provides secrecy, sender authentication, integrity. • inventor, Phil Zimmerman, was target of 3-year federal investigation. ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob:My husband is out of town tonight.Passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE---

  44. Secure sockets layer (SSL) • transport layer security to any TCP-based app using SSL services. • used between Web browsers, servers for e-commerce • security services: • server authentication • data encryption • client authentication (optional) • server authentication: • SSL-enabled browser includes public keys for trusted CAs. • Browser requests server certificate, issued by trusted CA. • Browser uses CA’s public key to extract server’s public key from certificate. • check your browser’s security menu to see its trusted CAs.

  45. Secure sockets layer (SSL) • SSL may be one way encrypted – https • Or it may be two way encrypted which is • Https with a certificate (private key). • The certificate (PKI) is used for identity assertion.

  46. IEEE 802.11 security • War-driving: drive around Bay area, see what 802.11 networks available? • More than 9000 accessible from public roadways • 85% use no encryption/authentication • packet-sniffing and various attacks easy! • Securing 802.11 • encryption, authentication • first attempt at 802.11 security: Wired Equivalent Privacy (WEP): a failure • current attempt: 802.11i

  47. Lab Take a file and encrypt is using crypt from Unix. Use a four letter key. Type: sudo apt-get install mcrypt man crypt google crypt ubuntu encrypt a file Command: echo “hello world” > text.txt Command crypt taking text.txt making text.cipher Command taking text.cipher get back to text.orig Plaintext ---- > cipher ------> Plaintext

  48. Lab Answers cat hello.txt | crypt > hello.txt.cipher crypt < hello.txt.cipher

  49. Second Lab Take a file and encrypt it using des from Unix. Use a four letter key. Decrypt the same file and prove it works. This is symmetric. Plaintext ----> Cipher that is DES -----> Plaintext.

  50. Second Lab Answer crypt < hello.txt.cipher cat hello.txt | mcrypt -a des > hello.txt.cipher mcrypt -a des -d < hello.txt.cipher > x

More Related