r r r cse870: advanced software engineering: cheng (sp 2003)1 outline brief review mainstream...
TRANSCRIPT
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
1
R
R
ROutline
• Brief review• Mainstream crypto-algorithms
– Symmetric encryption algorithms• DES
– Asymmetric encryption algorithms• RSA• Merkle-Hellman
• Other crypto-related techniques– Digital signature– Digital certificate
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
2
R
R
RAcknowledgements
• Charles Pfleedger
• E. Spafford
• William A. Stein
• FOLDOC
• Sunit Chauhan
• Jim Xu, et al.
• Shawn Hillis
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
3
R
R
RBrief Review
• Basic Concepts– Encryption– Crypto-system– Symmetric / asymmetric encryption– Cryptographer / crypto-analyst– Crypto-analysis– Breakability
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
4
R
R
RBrief Review – cont’d
• Stream ciphers– Substitution-based ciphers
• Mono-alphabetic ciphers: Caesar cipher• Poly-alphabetic ciphers: multiple alphabets
– Strengths• Simple• Fast• Low error propagation rate
– Weaknesses• Sustainable to frequency-based attacks• Sustainable to pattern-based attacks
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
5
R
R
RBrief Review – cont’d
• Block ciphers– Transposition
• Columnar transposition• Double transposition• Fractionated transposition
– Strengths• Good diffusion, immune to pattern-based attacks
– Weaknesses• Slow• Error propagation rate
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
6
R
R
RSecure Encryption Systems
• Weaknesses of stream and block ciphers– Can be manually broken, although tedious
• We will introduce– some “hard” encryption algorithms– Review 3 key, important encryption algs
• DES, RSA, M-H
– Look at cryptography related techniques
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
7
R
R
RSym vs Asym Encryption Algorithms
• Symmetric encryption algorithm– Encryption key == decryption key– DES
• Asymmetric algorithms– Encryption key != decryption key– Basis of public-key encryption algorithms– RSA, M-H, …
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
8
R
R
RData Encryption Standard (DES)
• Based on Shannon’s theory of information secrecy– Confusion: info is changed so that output bits have no obvious
relation to input bits– Diffusion: spread the effect of one plaintext bits to other cipher-text
bits.
• History of DES– Developed by US govt for general public use (by National Institute
of Standards and Technologies)– Milestones: 1972(CFP) - 1975(IBM) – 1976(NIST) – 2001(AES)
– Cracked in 1999• 56-bit key, Cracked in 22 hours 15 min (1999)
– Extensions of DES• Triple-DES, length of key extends to 56*3• AES, 128, 192, or 256-bit key (2001)
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
9
R
R
RDES – cont’d
• Overview of DES– Repeats 16 cycles of
• substitution, for confusion• transposition, for diffusion
– Splits data block into 2 pieces:• Scrambles each half independently• Combines key with one half
– (key is transformed during each cycle)
• Swap 2 halves• Repeat 16 times.
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
10
R
R
RDES – cont’d
• Overview of DES – cont’d
Plaintext(64bits)initialphase
left
rightfunctionfunction
FF
inverseinitialphase
Cipher-text
16x
transposition substitution
[Shawn Hillis]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
11
R
R
RDES – cont’d
[NPS.Navy]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
12
R
R
ROne Cycle in DES
Left Half Right Half
New Left Half(Old Right Half)
New Right Half
++
Key shifted
Permuted Key
Permuted Data
[Pfleeger97]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
13
R
R
RDES – cont’d
• Evaluation– Strengths include
• fast• simple• standard
– Weaknesses include• weak keys, length of key is only 56bit• number of iterations, only 16• NSA involvement, trapdoor?
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
14
R
R
RPublic Key Systems (PKS)
• Traditional key system (symmetric enc system):– Need a key for every pair of users– N*(N-1)/2 keys, grows exponentially with users– Each user has to keep track of many keys
• Public key systems (asymmetric enc system)– Each user only has 2 keys: public and private key
• M=D(kPRIV,E(kPUB,M))
– Solid mathematical basis: one way functions: • E: M x Ke -> C and D=E-1: C x Kd -> M• Easy for Kd-holders to compute D, while difficult for others
– May publish the public key freely• others can ally encrypt mesgs for A with A’s public key
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
15
R
R
RSome “Hard” theories
• Computational complexity– Is number of steps or arithmetic operations required to
solve a computational problem– Polynomial time– NP, Non-deterministic polynomial time– NP-hard– NP-complete
• Satisfaction problem• Hamilton’s problem
– Cryptographers try to • find encryption algorithms that would require NP-complete
algorithms to decrypt
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
16
R
R
RSome “Hard” theories – cont’d
• Basic number theory:– Prime factorization
• Primes– 1|p, p|p, no other factors
• Euclid’s algorithm• The unsolved prime factorization problem problem
– Is there an algorithm which can factor any k-digit number n so quickly that it’s running time is bound by a polynomial function of k
– Modular Arithmetic• a = b mod N iff N|(a-b)
– Inverses[William A. Stein]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
17
R
R
RExample PKS
• Rivest-Shamir-Adelman (RSA):– Based on number theory– Suspected to be NP-complete, not proven
• Merkle-Hellman:– Based on knapsack problem– Proven to be NP-complete
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
18
R
R
RRSA
• The most widely used enc and auth algorithm– In IE, Netscape, Notes, SSH Secure Shell,
Quicken, etc.
• Proposed in 1977 by – Ronald L. Rivest, MIT, now in MIT– Adi Shamir, MIT, now in Weizmann Institute– Leonard Adleman, MIT, now in USC
• Now owned by RSA Security
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
19
R
R
RRSA – cont’d
• Based on prime factorization problem• How RSA works
– Create public/private keys• Pick large prime numbers p and q, let n=p*q• Let
– all the numbers that is co-prime with n form a group, and the size of that group is (p-1)(q-1)
• Select e, s.t. • Solve equation, get d, • Public key is (n,e), private key is (n,d)
[William A. Stein]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
20
R
R
RRSA – cont’d
• How RSA works – cont’d– Encrypt/decrypt messages
• Encode a phrase into a number– state = 19 + 20*27 + 1*272 + 20*273 + 5*274
• E(x) = xe (mod n)• D(x) = xd (mod n)
– Preposition: n,d,e are integers, n is square-free, for each p|n, p-1|de-1, then, for all a, ade = a mod n
– D(E(m)) = (me mod n)d mod n = med mod n = m mod n = m
[William A. Stein]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
21
R
R
RRSA – cont’d
• Example – Let p=17, q=19, n = 323– – Let e = 95– Solve 95*x=1 mod 288, d=191
• E(m) = m95 mod n• D(c) = c191 mod n
– Suppose we have string “x”, which is 24• E(“x”) = E(24) = 2495 mod 323 = 294• D(294) = 294191 mod 323 = 24 = “x”
[William A. Stein]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
22
R
R
RRSA – cont’d
• Why is it hard to break RSA?– Keep secret, if you wanna get d, you have to
factorized n into p and q
• RSA challenge– http://www.rsasecurity.com/rsalabs
/challenges/factoring/numbers.html – 8 challenges– Problem: 576 – 2048 digits– Prizes: 10k to 200k dollars
[William A. Stein]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
23
R
R
RRSA – cont’d
• Evaluation– Strengths
• Algorithm is simple and easy to implement• Supported by RSA Security
– Weaknesses • Problem not yet proved to be NP-Complete• Slower than DES
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
24
R
R
RMerkle-Hellman
• Knapsack problem: – Set of positive integers– Target sum– Find subset of integers that equal the target– Proven to be NP-complete.
• Encode binary mesg as soln to knapsack problem– Plaintext: 0’s and 1’s– By adding terms corresponding to 1s in plaintext,
we can reduce cipher-text to target sum
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
25
R
R
RMerkle-Hellman – cont’d
• Super-increasing sequence: – Each integer is greater than sum of all preceding integers
– ak > j=1
k-1aj
– Solution of super-increasing knapsack (e.g., simple knapsack) is easy to find, and unique
• Convert simple knapsack into Hard knapsack– Pick super-increasing sequence S of m integers
• S = [s1, s2,.., sm]
• Choose multiplier w and modulus n, n > j=1
m-1si
• Choose n to be prime
• Replace every sj in simple knapsack with term:– hi= w* si mod n
– Hard knapsack: H = [h1, h2,.., hm]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
26
R
R
RMerkle-Hellman - cont’d
• Merkle-Hellman is Public key cryptosystem– Each user has public key:
• Set of integers of a knapsack problem
– Each user has private key• Set of integers for corresponding superincreasing
knapsack
• Contribution: design of technique to convert super-increasing knapsack into a regular one.– Change numbers in non-obvious, reversible way.
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
27
R
R
RMerkle-Hellman - cont’d
• Encryption alg starts with binary message– P = [p1, p2,.., pk]
• Divide message into blocks of m bits, – P0 = [p1, p2,.., pm], P1 = [p1, p2,.., p2m],
– Value of m is number of terms in simple or hard knapsack
• Encipherment of message P is sequence of targets
– Each target is sum of some of the terms of the hard knapsack H
– Terms selected correspond to 1 bits in Pi,
– Pi serves as selection vector for elts of H
– Each term of ciphertext is Pi * H
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
28
R
R
RMerkle-Hellman - cont’d
• Decryption:– Legitimate recipient knows simple knapsack and values of
w and n– H = w * S mod n– C = H * P = w* S* P mod n
• To decipher, multiply C by w-1
– w-1 * C = w-1 * H * P = w-1 * w * S * P = S * P mod n
• Weaknesses:– How easy is it to determine w or n from H?
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
29
R
R
RMerkle-Hellman – cont’d
• Example– S= [1,2,4,9]; H= [15,13,9,16], – w= 15, n= 17, m = 4; hi= w* si mod n
– P = 0100101110100101– Encode with H as follows:
• P = 0100 1011 1010 0101• [0,1,0,0] * [15,13,9,16] = 13• [1,0,1,1] * [15,13,9,16] = 40• [1,0,1,0] * [15,13,9,16] = 24• [0,1,0,1] * [15,13,9,16] = 29
– Encrypted message as integers: 13,40,24,29,• Public knapsack H = [15,13,9,16]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
30
R
R
REvaluation of PKS
• Strengths– Harder to break– Easier to manage keys
• Weaknesses– Slower– Dependent upon NP-computational theory
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
31
R
R
RCrypto-related Techniques
• Digital signatures
• Digital certificates
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
32
R
R
RDigital Signatures
• Digital signature proves integrity of message – by signing the message using PK techniques
• How digital signatures work?– The sender
• sends M, S=E(hash(M), private)• Message digest functions
– MD2, MD4, and MD5 from RSA Security– SHA and SHA-1 from US government
– The receiver • compares E(S, public) with hash(M)• M is considered genuine if they match
[Jim Xu, et al.]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
33
R
R
RDigital Signatures – cont’d
• Assumption: – it is very rare that two different messages
have the same digest
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
34
R
R
RDigital Certificates
• Digital certificates are– frameworks for identification information,
and bind identities with public keys
• Digital certificates provide foundation for– identification– authentication– non-repudiation
[Sunit Chauhan][Sunit Chauhan]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
35
R
R
RDigital Certificates – cont’d
• How digital certificates work?– Let a third party, trusted by both sender
and receiver, prove the binding of sender and its public key.
– Need a hierarchy of trusted certificate authorities (CAs)
• Everybody trust root CA• Root CA prove the trustworthiness of a
hierarchy of other CAs
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
36
R
R
RDigital Certificates – cont’d
• Example digital certificate– X509 v3 certificate format
• Version
• Certificate Serial Number
• Signature Algorithm Identifier
• Issuer Name
• Validity Period
• Subject Name
• Subject Public Key Information
• Optional Fields
[Chauhan]
CSE870: Advanced Software Engineering: Cheng (Sp 2003)
37
R
R
RSummary
• Symmetric-key encryption algorithms– DES
• Public-key encryption algorithms– RSA, Merkel-Hellman
• PKS based techniques– Digital signature– Digital certificate