cryptography
DESCRIPTION
"Secret code" redirects here. For the Aya Kamiki album, see Secret Code."Cryptology" redirects here. For the David S. Ware album, see Cryptology (album).German Lorenz cipher machine, used in World War II to encrypt very-high-level general staff messagesCryptography (or cryptology; from Greek κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "writing", or -λογία -logia, "study", respectively)[1] is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).[2] More generally, it is about constructing and analyzing protocols that block adversaries;[3] various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation[4] are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons to do the same. Since World War I and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread.Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these solutions to be continually adapted. There exist information-theoretically secure schemes that provably cannot be broken even with unlimited computing power—an example is the one-time pad—but these schemes are more difficult to implement than the best theoretically breakable but computationally secure mechanisms.Cryptology-related technology has raised a number of legal issues. In the United Kingdom, additions to the Regulation of Investigatory Powers Act 2000 require a suspected criminal to hand over his or her decryption key if asked by law enforcement. Otherwise the user will face a criminal charge.[5] The Electronic Frontier Foundation (EFF) was involved in a case in the United States which questioned whether requiring suspected criminals to provide their decryption keys to law enforcement is unconstitutional. The EFF argued that this is a violation of the right of not being forced to incriminate oneself, as given in the fifth amendment.[6]TRANSCRIPT
-
Cryptographic
Algorithms
14th May 2012
P.R.Lakshmi Eswari
e-Security Team
C-DAC Hyderabad
-
Network Security
What is it ?
Why do we need it ?
How is it provided ?
-
Normal Flow
Network Security Issues
-
Normal Flow
Interruption
Network Security Issues
-
Normal Flow
Modification
Interruption
Network Security Issues
-
Normal Flow
Modification Interception
Interruption
Network Security Issues
-
Normal Flow
Fabrication
Modification Interception
Interruption
Network Security Issues
-
Normal Flow
Fabrication
Modification Interception
Interruption
Get it?
Repudiation
No!
No!
Sent it?
Network Security Issues
-
Requirement
Fabrication
Modification Interception
Get it?
Repudiation
No!
No!
Sent it?
Availability
Network Security Services
-
Requirement
Fabrication
Interception
Get it?
Repudiation
No!
No!
Sent it?
Availability
Integrity
Network Security Services
-
Requirement
Fabrication
Get it?
Repudiation
No!
No!
Sent it?
Availability
Integrity Confidentiality
Network Security Services
-
Requirement
Get it?
Repudiation
No!
No!
Sent it?
Availability
Integrity Confidentiality
Authenticity
Network Security Services
-
Requirement
Availability
Integrity Confidentiality
Authenticity Non Repudiation
Network Security Services
-
Security Mechanisms
Confidentiality - Encryption
Integrity - Hashing
Authentication - Digital Certificates
Non-Repudiation - Digital Signatures
-
Cryptographic Algorithms
Types of Cryptographic algorithms
Secret key cryptography or Symmetric Key
Public key cryptography or Asymmetric Key
Hash functions
-
Symmetric Cryptography
-
Asymmetric Cryptography
-
Types of Cryptosystems
Secret Key or Symmetric Cryptography
DES, IDEA, AES etc
Advantages: fast, cipher text secure
Disadvantages: must distribute key in advance, key must not be divulged
Public-key or Asymmetric Cryptography
RSA, Diffie-Hellman key agreement protocol etc Advantages: public key widely distributable, does digital
signatures
Disadvantages: slow
-
Secret Key Algorithms
Encryption
algorithm
Decryption
algorithm
Shared Secret Key
Plain text
input
Plain text
output Transmitted
Cipher text
Confidentiality
-
Secret Key Encryption
Block Cipher: Operates on a block of
message or plaintext at a time
Ex: DES, IDEA)
Types
-
Data Encryption Standard (DES)
Permutation
Permutation
Swap
Round 1
Round 2
Round 16
Generate keys
Initial Permutation
48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
64-bit Output
48-bit K1 64-bit Input 56-bit Key
-
Triple DES
Uses 3 keys and 3 executions of DES algorithm.
Encrypt
Encryption
Decryption
Decrypt Encrypt
Decrypt Encrypt Decrypt
Plain
text
Cipher
text
Cipher
text Plain
text
Key1 Key2 Key3
Key3 Key2 Key1
Secret Key Encryption
-
Other Secret key algorithms
IDEA (International Data Encryption Algorithm)
128 bit key, 8 rounds
Blowfish
Variable key length. (up to 448 bits). Generally 128 bit key used. 16 rounds.
Easy to implement and high execution speed.
Secret Key Encryption
-
Other Secret key algorithms
CAST 128
Key size between 40 and 128 bits.
F varies from round to round.
AES (Advanced Encryption Standard)
Variable block length (128, 192, 256 bits)
Variable key length (128, 192, 256 bits)
Ease of implementation in software and hardware.
Secret Key Encryption
-
Stream Cipher
A pseudo random no. generator
continuously generates bits known as
running key or keystream.
xoring the keystream to the plain text
produces the cipher text.
e.g. RC4, SEAL, A5/1 (used in GSM)
Secret Key Encryption
-
Stream Cipher
Keystream
generator +
+ Keystream generator
key
key
plaintext
ciphertext
plaintext
ciphertext
Encryption
Decryption
Keystream Generator is a pseudo random generator like linear feedback shift register
Secret Key Encryption
-
Key Distribution
Symmetric schemes require both parties to
share a common secret key
Issue is how to securely distribute this key
Often secure system failure due to a break in
the key distribution scheme
-
Public Key Cryptography
Uses two keys: private & public
Used for
Confidentiality
Authentication
Key distribution
-
The sender encrypts using public key of
receiver
Only the receiver can decrypt the cipher
message with his private key
Public Key Cryptography
Confidentiality
-
Public Key Algorithms
Encryption
algorithm
Decryption
algorithm
Plain text
input
Plain text
output
Transmitted
Cipher text
Private Key
Public key ring
Confidentiality
-
RSA
Key Generation
Calculate n = p x q
Calculate (n) = (p-1)(q-1)
Select integer e such that e is relatively
prime to (n)
Calculate d = e-1mod (n)
(d = multiplicative inverse of e)
Public Key = {e, n} Private Key = {d, n}
Public Key Cryptography
-
Encryption
Plaintext M < n
Cipher text C = Me(mod n)
Decryption
Cipher text C
Plaintext M = Cd(mod n)
Public Key Cryptography
RSA
-
Strength of Cryptographic Algorithms
Identify the weakest links
Key length: key can be broken by brute force attack.
For a 32 bit key max. possible combinations is 232.
Hence size of key is crucial.
Symmetric algorithms: key sizes currently used is 128 bits
Public key algorithms: require much larger key sizes since
an extra structure i.e. public key is available to
cryptanalyst. Hence keys with 1024 bits and more are
safer.
Cryptography
-
Public Key Algorithms
Encryption
algorithm
Decryption
algorithm
Plain text
input
Plain text
output
Transmitted
Cipher text
Private Key
Public key ring
Authentication
-
Public Key Algorithms
Encryption
algorithm
Decryption
algorithm
encrypted
key
Private Key
Session
key
Shared
session
key
Public key ring
Key Exchange
-
Enables 2 users to exchange a secret key
securely that can be used for subsequent
encryption of messages.
If p is prime no., its primitive root a is such
that a mod p, a2 p-1 mod p are
distinct integers from 1 to p-1 in some
permutation.
Key Management
Diffie-Hellman Key Exchange
-
Diffie Hellman key exchange
User A User B
prime p
Public key
pk1 = xmod p
Public key
pk2 = ymod p
pk1 pk2
Public Key Cryptography
random no. x random no. y
Secret Key
K = pk2xmod p
= xymod p
Secret Key
K = pk1ymod p
= xymod p
primitive root
prime p
primitive root