internet engineering czesław smutnicki discrete mathematics – cryptography
TRANSCRIPT
Internet EngineeringInternet Engineering
Czesław SmutnickiCzesław Smutnicki
Discrete Mathematics Discrete Mathematics – – CryptographyCryptography
CONTENTS
• DES algorithm• Triple-DES algorithm• RSA algorithm• MD5 algorithm• CRC algorithm• ssh service
SECURITY IN COMPUTER NETWORKSSECURITY IN COMPUTER NETWORKS
• Cryptography
• Algorithms with symmetrical keys
• Algorithms with public (non-symmetrical) keys
• Digital signature
• Management of public keys
• Security of communications
• Trustworthiness protocols
• Security of e-mail
• Security of www
• Social aspects of computer networks
CRYPTOGRAPHYCRYPTOGRAPHY
• Introduction: encryption = transformation (bit-after-bit, Introduction: encryption = transformation (bit-after-bit, character-after-character), coding = replacing, open text, character-after-character), coding = replacing, open text, algorithm, key, encrypted text, intruder, cryptoanalysis, algorithm, key, encrypted text, intruder, cryptoanalysis, cryptologycryptology
• Substituting ciphersSubstituting ciphers
• Transposition ciphersTransposition ciphers
• Once-used keys (XOR of data and key)Once-used keys (XOR of data and key)• Quantized cryptography: phaeton, polarisation, strigth Quantized cryptography: phaeton, polarisation, strigth
linear basis, diagonal basis, qubit, once-used keylinear basis, diagonal basis, qubit, once-used key
• Fundamental rules of cryptography: redundancy, timelinessFundamental rules of cryptography: redundancy, timeliness
ALGORITHMS WITH SYMMETRICAL KEYSALGORITHMS WITH SYMMETRICAL KEYS
• P-box, S-box, cascadeP-box, S-box, cascade
• DESDES
• Triple DESTriple DES
• AESAES
• Encryption modes: coding book, linking of coding blocks, Encryption modes: coding book, linking of coding blocks, feedback, streaming code, counting methodfeedback, streaming code, counting method
• Other coding: IDEA, RC4, RC5, Rijndael, Serpent, TwofishOther coding: IDEA, RC4, RC5, Rijndael, Serpent, Twofish
• Cryptoanalysis: differential, linearCryptoanalysis: differential, linear
ALGORITHM WITH SYMMETRICAL KEYSALGORITHM WITH SYMMETRICAL KEYS
P-box: 8 linesP-box: 8 lines S-box: 3 linesS-box: 3 lines Aggregate (cascade): 12 linesAggregate (cascade): 12 lines
Decoder 3->8Decoder 3->8 Decoder 8->3Decoder 8->3
P-boxP-box
P1P1 P2P2 P3P3 P4P4
S1S1
S2S2
S3S3
S4S4
S5S5
S6S6
S7S7
S8S8
S9S9
S10S10
S11S11
S12S12
permutation=keypermutation=key cascade: 64 ..256 lines, >18 stages (hardware), cascade: 64 ..256 lines, >18 stages (hardware), >8 (software), 1 stage=iteration=P+S>8 (software), 1 stage=iteration=P+S
DES = DATA ENCRYPTION STANDARDDES = DATA ENCRYPTION STANDARD
open text 64 bitsopen text 64 bits
starting transpositionstarting transposition
iteration 1iteration 1
transposition of 32-bit halvestransposition of 32-bit halves
iteration 2iteration 2
iteration 16iteration 16
..
..
..
final transposition final transposition inverse to startinginverse to starting
encrypted data 64 bitsencrypted data 64 bits
Key 5
6 b
itsK
ey 5
6 b
its
L 32 bits (i-1)L 32 bits (i-1) P 32 bits (i-1)P 32 bits (i-1)
L 32 bits (i)L 32 bits (i) P 32 bits (i)P 32 bits (i)
L(i) XOR f(P(i-1),K(i))L(i) XOR f(P(i-1),K(i))
DES cont.DES cont.L 32 bits (i-1)L 32 bits (i-1) P 32 bits (i-1)P 32 bits (i-1)
L 32 bits (i)L 32 bits (i) P 32 bits (i)P 32 bits (i)
L(i) XOR f(P(i-1),K(i))L(i) XOR f(P(i-1),K(i))
32 bits32 bits
32 bits -> 48 bits32 bits -> 48 bits
XOR KXOR K
S1S1 S2S2 S3S3 S4S4 S5S5 S6S6 S7S7 S8S8
S-box: in 8 x 6S-box: in 8 x 6
S-box: out 8 x 4S-box: out 8 x 4
P-boxP-box
indirect keyindirect key
indirect key has been obtained by certain transformation of indirect key has been obtained by certain transformation of fundamental key of 56 bits. fundamental key of 56 bits. Applied is so-called whitening operation (additional Applied is so-called whitening operation (additional random keys)random keys)
TRIPLE DESTRIPLE DES
• 2 keys2 keys
• encryption(K1)-decryption(K2)-encryption(K1)encryption(K1)-decryption(K2)-encryption(K1)
AES= ADAVANCED ENCRYPTION STANDARDAES= ADAVANCED ENCRYPTION STANDARD
• CompetitionCompetition
• Symmetrical keySymmetrical key
• Public projectPublic project
• Keys 128, 192, 256-bitsKeys 128, 192, 256-bits
• Easily implementable (hardware, software)Easily implementable (hardware, software)
• Free-access licenceFree-access licence
• Rijndael (86), Serpent (59), Twofish (31), RC6 (23), MARS Rijndael (86), Serpent (59), Twofish (31), RC6 (23), MARS (13) (13)
ALGORYITHM WITH PUBLIC KEYS: RSAALGORYITHM WITH PUBLIC KEYS: RSA
• Choose two prime numbers Choose two prime numbers pp i i qq• Find Find nn==pp**qq and and zz=(=(pp-1)*(-1)*(qq-1)-1)• Find any Find any dd relatively prime with relatively prime with zz• Find any number e such that (Find any number e such that (ee**dd) mod ) mod zz=1=1
Public key (Public key (ee,,nn))Private key (Private key (dd,,nn))
Encryption of message PEncryption of message P decryption of hiden text Cdecryption of hiden text C
nPC e mod nCP d mod
DIGITAL SIGNATUREDIGITAL SIGNATURE
• Receiver can verify the authentity of Sender signatureReceiver can verify the authentity of Sender signature• Sender cannot renege of sending the message with this Sender cannot renege of sending the message with this
contentscontents• Receiver cannot change the obtained message contentsReceiver cannot change the obtained message contents
• Signature based on symmetric keysSignature based on symmetric keys (certification institution)(certification institution)
• Signature based on public keys (secret key theft, changing Signature based on public keys (secret key theft, changing of secret key)of secret key)
• Message shortcut (hashing): MD5, SHA-1, Message shortcut (hashing): MD5, SHA-1,
MANAGEMENT OF PUBLIC KEYSMANAGEMENT OF PUBLIC KEYS
• CertificatesCertificates
• Standard X.509 Standard X.509
• Infrastructure of public keys: confidence chain, certfication Infrastructure of public keys: confidence chain, certfication track, confidence anchors, certificate cancel, track, confidence anchors, certificate cancel,
SECURITY OF COMMUNICATIONSECURITY OF COMMUNICATION
• IPsec: transport mode, tunel mode, trafic analysisIPsec: transport mode, tunel mode, trafic analysis
• Firewalls, packet filter, application gateway, DoS attack, Firewalls, packet filter, application gateway, DoS attack, DDoSDDoS
• Private virtual networksPrivate virtual networks
• Security in wireless networks: WEP (RC4), Bluetooth Security in wireless networks: WEP (RC4), Bluetooth (SAFER+)(SAFER+)
TRUSTWORTHINESS PROTOCOLSTRUSTWORTHINESS PROTOCOLS
• Trustworthiness on the base of shared secret keyTrustworthiness on the base of shared secret key
• Setting shared secret key: key exchangeSetting shared secret key: key exchange
• TrustworthinessTrustworthiness with the use of key distribution center with the use of key distribution center
• TrustworthinessTrustworthiness based on Kerberos based on Kerberos
• TrustworthinessTrustworthiness with the use of public keys with the use of public keys
SECURITY OF E-MAILSECURITY OF E-MAIL
• PGPPGP
• PEMPEM
• S/MIMES/MIME
SECURITY OF WWWSECURITY OF WWW
• EmergencesEmergences
• Secure namesSecure names
• SSLSSL
• Security of movable codeSecurity of movable code
SOCIAL ASPECTS OF COMPUTER NETWORKSSOCIAL ASPECTS OF COMPUTER NETWORKS
• Privacy protection policyPrivacy protection policy
• Freedom of a wordFreedom of a word
• Intelectual property rigthsIntelectual property rigths
Thank you for your attention
DISCRETE MATHEMATICSCzesław Smutnicki