introduction to cryptography --- foundations of information and network security --- lecture 3
Post on 20-Dec-2015
221 views
TRANSCRIPT
Introduction to CryptographyIntroduction to Cryptography
--- Foundations of information and network --- Foundations of information and network security ---security ---
Lecture 3Lecture 3
Information and Network Security 2
OutlineOutline
Why study cryptologyWhy study cryptology?? Basic terms, notations and structure Basic terms, notations and structure
of cryptographyof cryptography Private & public key cryptography Private & public key cryptography
examplesexamples Modern secret key ciphers : usage and Modern secret key ciphers : usage and
methodologymethodology Encryption and possible attacksEncryption and possible attacks Secret key ciphers designSecret key ciphers design
Information and Network Security 3
Why Study cryptology(1)Why Study cryptology(1)
A B
Intruder
Communications security
Information and Network Security 4
Why Study cryptology(2)Why Study cryptology(2)
Customer Merchant
TTP
Electronic Commerce Security
Information and Network Security 5
Why Study cryptology(3)Why Study cryptology(3)
A B
LEA
Law enforcement
Information and Network Security 6
The Basic ProblemThe Basic Problem
We consider the We consider the confidentialityconfidentiality goal: goal:Alice and Bob are FriendsAlice and Bob are FriendsMarvin is a rivalMarvin is a rivalAlice wants to send secret messages (MAlice wants to send secret messages (M11,M,M22,…) to ,…) to
Bob over the InternetBob over the InternetRival Marvin wants to read the messages (MRival Marvin wants to read the messages (M11,M,M22,…) - ,…) -
Alice and Bob want to prevent this! Alice and Bob want to prevent this! Assumption:Assumption: The network is OPEN: Marvin is able to The network is OPEN: Marvin is able to
eavesdrop and read all data sent from Alice to Bob.eavesdrop and read all data sent from Alice to Bob.Consequence:Consequence: Alice must not send messages (M Alice must not send messages (M11,M,M22,,
…) directly – they must be “scrambled” or …) directly – they must be “scrambled” or encryptedencrypted using a ‘secret code’ unknown to Marvin but known using a ‘secret code’ unknown to Marvin but known to Bob.to Bob.
Information and Network Security 7
CryptographyCryptography
plaintext (data file or messages)
encryption
ciphertext (stored or transmitted safely)
decryption
plaintext (original data or messages)
Information and Network Security 8
ED
Message(cleartext, plaintext)
Encrypted message(ciphertext)
Encrypted message(ciphertext)
Encryption
Decryption
key
AliceBob
Private key cipherPrivate key cipher
Message(cleartext,plaintext
)
Information and Network Security 9
Basic termsBasic terms
Cryptology (to be very precise)Cryptology (to be very precise)Cryptography --- code designingCryptography --- code designingCryptanalysis --- code breakingCryptanalysis --- code breaking
Cryptologist: Cryptologist: Cryptographer & cryptanalystCryptographer & cryptanalyst
Encryption/enciphermentEncryption/enciphermentScrambling data into unintelligible to Scrambling data into unintelligible to
unauthorised partiesunauthorised parties Decryption/deciphermentDecryption/decipherment
Un-scramblingUn-scrambling
Information and Network Security 10
Types of ciphersTypes of ciphers
Private key cryptosystems/ciphersPrivate key cryptosystems/ciphersThe secret key is shared between two The secret key is shared between two
partiesparties Public key cryptosystems/ciphersPublic key cryptosystems/ciphers
The secret key is not shared and two The secret key is not shared and two parties can still communicate using their parties can still communicate using their public keyspublic keys
Information and Network Security 11
Examples of “Messages”Examples of “Messages”
Types of secret “Messages” Alice Types of secret “Messages” Alice might want to send Bob (in increasing might want to send Bob (in increasing length):length):Decision (yes/no),Decision (yes/no), eg. as answer to the eg. as answer to the
question “Are we meeting tomorrow?”question “Are we meeting tomorrow?”Numerical ValueNumerical Value, eg. as answer to the , eg. as answer to the
question “at what hour are we meeting?”question “at what hour are we meeting?”DocumentDocumentSoftwareSoftware, , ImagesImages etc. etc.
Information and Network Security 12
ConceptsConcepts
A private key cipher is composed of A private key cipher is composed of two algorithmstwo algorithmsencryption algorithm Eencryption algorithm Edecryption algorithm Ddecryption algorithm D
The same key K is used for encryption The same key K is used for encryption & decryption& decryption
K has to be distributed beforehandK has to be distributed beforehand
Information and Network Security 13
NotationsNotations
Encrypt a plaintext P using a key K & Encrypt a plaintext P using a key K & an encryption algorithm Ean encryption algorithm E
C = E(K,P)C = E(K,P) Decrypt a ciphertext C using the same Decrypt a ciphertext C using the same
key K and the matching decryption key K and the matching decryption algorithm Dalgorithm D
P = D(K,C)P = D(K,C)
Note: P = D(K,C) = D(K, E(K,P))Note: P = D(K,C) = D(K, E(K,P))
Information and Network Security 14
The Caesar cipher (e.g)The Caesar cipher (e.g)
The Caesar cipher is a substitution The Caesar cipher is a substitution cipher, named after Julius Caesar.cipher, named after Julius Caesar.
Operation principle:Operation principle:each letter is translated into the letter each letter is translated into the letter a fixed number of positionsa fixed number of positions after after it in the alphabet table.it in the alphabet table.
The fixed number of positions is a key The fixed number of positions is a key both for encryption and decryption.both for encryption and decryption.
Information and Network Security 15
The Caesar cipher (cnt’d)The Caesar cipher (cnt’d)
K=3
Inner: ciphertext
Outer: plaintext
Information and Network Security 16
An exampleAn example
For a key K=3,For a key K=3,plaintext letter:plaintext letter: ABCDEF...UVWXYZABCDEF...UVWXYZciphtertext letter: ciphtertext letter: DEF...UVWXYZABCDEF...UVWXYZABC
HenceHenceTREATY IMPOSSIBLETREATY IMPOSSIBLE
is translated intois translated intoWUHDWB LPSRVVLEOHWUHDWB LPSRVVLEOH
Information and Network Security 17
Breaking classic ciphersBreaking classic ciphers
With the help of fast computers, With the help of fast computers, 99.99% ciphers used before 1976 are 99.99% ciphers used before 1976 are breakable by using one of the 4 types breakable by using one of the 4 types of attacks (described later).of attacks (described later).
Modern cluster computers and future Modern cluster computers and future quantum computers can break several quantum computers can break several existing ciphers due to the power of existing ciphers due to the power of such computers.such computers.
Information and Network Security 18
Breaking the Caesar cipherBreaking the Caesar cipher
By trial-and errorBy trial-and error By using statistics on lettersBy using statistics on letters
frequency distributions of lettersfrequency distributions of lettersletterletter percentpercentAA 7.49%7.49%BB 1.29%1.29%CC 3.54%3.54%DD 3.62%3.62%EE 14.00%14.00%....................................................................
Information and Network Security 19
Toy example of private key Toy example of private key cryptography (TPC)cryptography (TPC)
Assume that a message is broken into 64-bit blocks and each Assume that a message is broken into 64-bit blocks and each 64-bit block of plaintext is encrypted separately:64-bit block of plaintext is encrypted separately:
Key space are combinations of numerical digits – max: 7 Key space are combinations of numerical digits – max: 7 digits- digits- (eg: key = [1]; or key = [1,3], or key = [1,4,2]).(eg: key = [1]; or key = [1,3], or key = [1,4,2]).
Assume that all 8 bits of a byte is used and key digits start Assume that all 8 bits of a byte is used and key digits start from left to right.from left to right.
Encryption: Each plaintext block is first shifted by the number Encryption: Each plaintext block is first shifted by the number of binary digits before the last non-zero digit of the key. It is of binary digits before the last non-zero digit of the key. It is then exclusive-ored with the key starting from the first byte of then exclusive-ored with the key starting from the first byte of the block, repeatedly to the end of the block (the key moves a the block, repeatedly to the end of the block (the key moves a distance of its size from left to right of the plaintext block).distance of its size from left to right of the plaintext block).
Decryption: do the reverse of encryption: the cipher-text is Decryption: do the reverse of encryption: the cipher-text is exclusive-ored and then shifted.exclusive-ored and then shifted.
0 0 0=1 1 0=0 1 1=1 0 1=
: exclusive : exclusive oror
Information and Network Security 20
Using TPCUsing TPC
Use TPC to encrypt the plaintext “12345”, key Use TPC to encrypt the plaintext “12345”, key = [1,4,2]= [1,4,2]Use TPC to encrypt the plaintext “TREATY Use TPC to encrypt the plaintext “TREATY IMPOSSIBLE”; key = [4];IMPOSSIBLE”; key = [4];Use TPC to encrypt the plaintext “100 Use TPC to encrypt the plaintext “100 dollars”, key = [2,4];dollars”, key = [2,4];
Information and Network Security 21
Principles of Private Key EncryptionPrinciples of Private Key Encryption
Devise cryptographic algorithms: Devise cryptographic algorithms: a set of fast functions (E1, E2, E3, ..En) that when in turn a set of fast functions (E1, E2, E3, ..En) that when in turn
applied to an input (initial or intermediate input) will applied to an input (initial or intermediate input) will produce a more potentially scrambled output.produce a more potentially scrambled output.
and a set of functions (D1,D2,D3, .. Dn) that when in turn and a set of functions (D1,D2,D3, .. Dn) that when in turn applied to the cipher text (final or intermediate) will applied to the cipher text (final or intermediate) will produce the original input text.produce the original input text.
Devise algorithms, tests and proofs to validate Devise algorithms, tests and proofs to validate your cryptographic algorithmsyour cryptographic algorithms Analysing algorithms.Analysing algorithms. Tests with powerful computers such as specialised, Tests with powerful computers such as specialised,
parallel, cluster, or quantum computers.parallel, cluster, or quantum computers. Mathematical proofs.Mathematical proofs.
Information and Network Security 22
Toy example of public key Toy example of public key cryptographycryptography
Definition: The multiplicative inverse of Definition: The multiplicative inverse of xx with modulo with modulo nn is is yy such that (such that (xx**yy) mod ) mod nn = 1 = 1
E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1 E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1
The above multiplicative inverse can be used to create a The above multiplicative inverse can be used to create a simple public key cipher: either simple public key cipher: either xx or or yy can be thought of as a can be thought of as a secret key and the other is the public key. Let secret key and the other is the public key. Let xx = 3, = 3, yy = 7, = 7, nn = = 10, and M be the message:10, and M be the message: M = 4 ;M = 4 ;
3*4 mod 10 = 2; (ciphertext) - encrypting 3*4 mod 10 = 2; (ciphertext) - encrypting 2*7 mod 10 = 4 = M ; (message) - decrypting2*7 mod 10 = 4 = M ; (message) - decrypting
M =6 ; M =6 ; 3*6 mod 10 = 8; 3*6 mod 10 = 8; 8*7 mod 10 = 6 = M (message)8*7 mod 10 = 6 = M (message)
Information and Network Security 23
What is PKE used for?What is PKE used for?
Private Key Encryption (PKE) can be Private Key Encryption (PKE) can be used:used:Transmitting data over an insecure Transmitting data over an insecure
channelchannelSecure stored data (encrypt & store)Secure stored data (encrypt & store)Provide integrity check:Provide integrity check:
(Key + Mes.) -> MAC (message authentication (Key + Mes.) -> MAC (message authentication code)code)
Information and Network Security 24
Morden Cryptography applicationsMorden Cryptography applications
Not just about confidentiality!Not just about confidentiality! IntegrityIntegrity
Digital signaturesDigital signatures Hash functionsHash functions
Fair exchangeFair exchange Contract signingContract signing
AnonymityAnonymity Electronic cashElectronic cash Electronic votingElectronic voting
Etc.Etc.
Information and Network Security 25
Modern private key ciphersModern private key ciphers
DES (US, 1977) (3DES)DES (US, 1977) (3DES) key -- 56 bits, plaintext/ciphertext -- 64 bitskey -- 56 bits, plaintext/ciphertext -- 64 bits
LOKI (ADFA, Australia, 1989)LOKI (ADFA, Australia, 1989) key, plaintext/ciphertext -- 64 bitskey, plaintext/ciphertext -- 64 bits
FEAL (NTT, Japan, 1990)FEAL (NTT, Japan, 1990) key -- 128 bits, plaintext/ciphertext -- 64 bitskey -- 128 bits, plaintext/ciphertext -- 64 bits
IDEA (Lai & Massey, Swiss, 1991) IDEA (Lai & Massey, Swiss, 1991) key -- 128 bits, plaintext/ciphertext -- 64 bitskey -- 128 bits, plaintext/ciphertext -- 64 bits
SPEED (Y Zheng in 1996)SPEED (Y Zheng in 1996) Key/(plaintext/ciphertext) -- 48,64,80,…,256 bitsKey/(plaintext/ciphertext) -- 48,64,80,…,256 bits
AES (Joan Daemen & Vincent Rijmen 2000)AES (Joan Daemen & Vincent Rijmen 2000) Key/(plaintext/ciphertext) -- 128, 192 and 256 bitsKey/(plaintext/ciphertext) -- 128, 192 and 256 bits
Information and Network Security 26
General approaches to CryptographyGeneral approaches to Cryptography
There are two general encryption methods: There are two general encryption methods: Block ciphers & Block ciphers & Stream ciphersStream ciphers
Block ciphersBlock ciphers Slice message M into (fixed size blocks) Slice message M into (fixed size blocks) mm11, …, , …, mmnn
Add padding to last block Add padding to last block Use EUse Ekk to produce (ciphertext blocks) to produce (ciphertext blocks) xx11, …, , …, xxnn
Use DUse Dkk to recover M from to recover M from mm11, …, , …, mmn n
E.g: DES, etc.E.g: DES, etc. Stream ciphersStream ciphers
Generate a long random string (or pseudo random)Generate a long random string (or pseudo random)called called one-time padone-time pad..
Message Message one-time pad one-time pad (exclusive or)(exclusive or) E.g: EC4E.g: EC4
Information and Network Security 27
Design of Private Key Ciphers(1)Design of Private Key Ciphers(1)
A Cryptographic algorithm should be efficient for A Cryptographic algorithm should be efficient for good usegood use It should be fast and key length should be of the right It should be fast and key length should be of the right
length – e.g.; not too shortlength – e.g.; not too short Cryptographic algorithms are not impossible to Cryptographic algorithms are not impossible to
break without a keybreak without a key If we try all the combinations, we can get the original If we try all the combinations, we can get the original
messagemessage The security of a cryptographic algorithm depends The security of a cryptographic algorithm depends
on how much work it takes for someone to break iton how much work it takes for someone to break it E.g If it takes 10 mil. years to break a cryptographic E.g If it takes 10 mil. years to break a cryptographic
algorithm X using all the computers of a state, X can be algorithm X using all the computers of a state, X can be thought of as a secure one – reason: cluster computers thought of as a secure one – reason: cluster computers and quantum computers are powerful enough to crack and quantum computers are powerful enough to crack many current cryptographic algorithms.many current cryptographic algorithms.
Information and Network Security 28
Design of Private Key Ciphers(2)Design of Private Key Ciphers(2)
Encryption Algorithm DesignEncryption Algorithm DesignShould the strength of the algorithm be Should the strength of the algorithm be
included in the implementation of the included in the implementation of the algorithm? Should we hide the algorithm?algorithm? Should we hide the algorithm?
Should the block size be small or large?Should the block size be small or large?Should the keyspace be large?Should the keyspace be large?Should we consider other search rather Should we consider other search rather
than brute-force search?than brute-force search?Should we consider the hardware Should we consider the hardware
technology?technology?
Information and Network Security 29
4 types of cryptanalysis4 types of cryptanalysis
Depending on what a cryptanalyst has Depending on what a cryptanalyst has to work with, attacks can be classified to work with, attacks can be classified intointociphertext only attackciphertext only attackknown plaintext attackknown plaintext attackchosen plaintext attackchosen plaintext attackchosen ciphertext attack (most severe)chosen ciphertext attack (most severe)
Information and Network Security 30
4 types of attacks 4 types of attacks
Ciphertext only attackCiphertext only attackthe only data available is a target the only data available is a target
ciphertextciphertext
Known plaintext attackKnown plaintext attacka target ciphertexta target ciphertextpairs of other ciphertext and plaintext pairs of other ciphertext and plaintext
(say, previously broken or guessing)(say, previously broken or guessing)
Information and Network Security 31
4 types of attacks 4 types of attacks
Chosen plaintext attacksChosen plaintext attacksa target ciphertexta target ciphertextcan feed encryption algorithm with can feed encryption algorithm with
plaintexts and obtain the matching plaintexts and obtain the matching ciphertextsciphertexts
Chosen ciphertext attackChosen ciphertext attacka target ciphertexta target ciphertextcan feed decryption algorithm with can feed decryption algorithm with
ciphertexts and obtain the matching ciphertexts and obtain the matching plaintextsplaintexts