cs457 – introduction to information systems security cryptography 1a
Post on 04-Jan-2016
43 Views
Preview:
DESCRIPTION
TRANSCRIPT
CS457 – Introduction to Information Systems Security
Cryptography 1a
Elias Athanasopouloselathan@ics.forth.gr
Elias Athanasopoulos 2
Cryptography Elements
Symmetric Encryption- Block Ciphers- Stream Ciphers
Asymmetric EncryptionCryptographic Hash FunctionsApplications
CS-457
Elias Athanasopoulos 3
Computer Security“The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software,
firmware, information/ data, and telecommunications). ”
CS-457
Elias Athanasopoulos 4
CIA Confidentiality
- Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
- Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Integrity- Data integrity: Assures that information and programs are changed only in a
specified and authorized manner. - System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Availability- Assures that systems work promptly and service is not denied to authorized users.
CS-457
Elias Athanasopoulos 5
An Example
CS-457
Confidentiality: Bad guys cannot
see messages
Integrity: Bad guys cannot change
messages
Availability: The system is
operational
System/ServiceCommunication
Elias Athanasopoulos 6
How to achieve CIA?
Crypto algorithms- “Hide” messages, sign messages, provide
guarantees about sent/received messages, etc.Secure systems
- Apply Crypto concepts in protocols, systems, etc.Software defenses
- Ensure that software is not manipulated
CS-457
Elias Athanasopoulos 7
The need to remain secret
CS-457
Elias Athanasopoulos 8
Cryptographic Jargon Plaintext
- This is the original intelligible message or data that is fed into the algorithm as input.
Encryption algorithm - The encryption algorithm performs various substitutions and transformations on
the plaintext. Secret key
- The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time.
Ciphertext:- This is the scrambled message produced as output. It depends on the plaintext
and the secret key. Decryption algorithm
- This is essentially the encryption algorithm run in reverse.
CS-457
Elias Athanasopoulos 9
NOT Security via Obscurity
The encryption/decryption algorithm is assumed to be known
Security is based on- Secrecy of the key- Hard to infer the plaintext via the ciphertext by
just knowing the keyCryptanalysis
- Infer the plaintext from ciphertext without knowing the key
CS-457
Elias Athanasopoulos 10
Symmetric Encryption
CS-457
Elias Athanasopoulos 11
Caesar Cipher
CS-457
Elias Athanasopoulos 12
C = E(3, p) = (p + 3) mod 26
CS-457
Key: 3
Elias Athanasopoulos 13
Or…
Plain: abcdefghijklmnopqrstuvwxyz Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
CS-457
Elias Athanasopoulos 14
Encrypting a message
Plain: meet me after the toga party Cipher: PHHW PH DIWHU WKH WRJD SDUWB
CS-457
Elias Athanasopoulos 15
Is this secure?
CS-457
Simple Brute Force attack: we need to try
25 different keys.
Elias Athanasopoulos 16
Increase the key space
Permutations: {a, b, c}- abc, acb, bac, bca, cab, cba
Size: 6 (or 3! ~ 1*2*3)- In general the size is n! (n is the size of the set)
For the alphabet: 26!
CS-457
Elias Athanasopoulos 17
Is this secure?
CS-457
Frequency Analysis
Elias Athanasopoulos 18
Example
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
CS-457
Elias Athanasopoulos 19
Count Frequencies
CS-457
Elias Athanasopoulos 20
Compare with English
CS-457
Elias Athanasopoulos 21
And try…
CS-457
Elias Athanasopoulos 22
Voila!
CS-457
Elias Athanasopoulos 23
One-Time PadCiphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih plaintext: mr mustard with the candlestick in the hall
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih plaintext: miss scarlet with the knife in the library
Key = Size of message
CS-457
Elias Athanasopoulos 24
Transposition
CS-457
Elias Athanasopoulos 25
Modern Symmetric Ciphers
DES, 3DES, and AES- AES is the dominant one, today
Based on- Substitutions and transpositions
Very complexType
- Block- Stream
CS-457
Elias Athanasopoulos 26
Block vs Stream
Block cipher - one in which a block of plaintext is treated as a
whole and used to produce a ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used.
Stream cipher- one that encrypts a digital data stream one bit or
one byte at a time.
CS-457
Elias Athanasopoulos 27
Block Cipher
CS-457
Elias Athanasopoulos 28
Stream Cipher
CS-457
Elias Athanasopoulos 29
Block cipher
Plaintext of n bits produces a ciphertext of n bits- Block size: n bits
Space of different plaintext blocks: 2^n- Each block must be unique
CS-457
Elias Athanasopoulos 30
Encryption should be reversible
CS-457
Elias Athanasopoulos 31
General n-bit-n-bit Block (n = 4)
CS-457
Elias Athanasopoulos 32
Decryption/Encryption
CS-457
Elias Athanasopoulos 33
Problems
Vulnerable to statistical attacks - Small blocks can take limited transformations- Increase n
Key size: 4 bits * 16 rows- In general: n * 2^n- Approximate the ideal case
CS-457
Elias Athanasopoulos 34
Feistel Cipher
Goal- Approximate the ideal cipher- Reduce statistical properties between plaintext,
ciphertext, and key(s) Difussion
- Each plaintext digit affect the value of many ciphertext digits
Confusion- The statistics of the ciphertext and the value of the
encryption key is as complex as possible CS-457
Elias Athanasopoulos 35
Feistel Cipher
CS-457
Substitution: right part is transformed by F(Ki) and
XORed with left part.
Permutation: right part swapped with left part.
Elias Athanasopoulos 36
Properties
Block size: - Larger block sizes mean greater security but reduced
encryption/decryption speed for a given algorithm. A block size of 64 bits is reasonable tradeoff. AES uses a 128-bit block size.
Key size: - Larger key size means greater security but may decrease
encryption/ decryption speed. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size.
CS-457
Elias Athanasopoulos 37
Properties
Number of rounds:- The essence of the Feistel cipher is that a single round
offers inadequate security but that multiple rounds offer increasing security. A typical size is 16 rounds.
Subkey generation algorithm: - Greater complexity in this algorithm should lead to
greater difficulty of cryptanalysis. Round function F:
- Again, greater complexity generally means greater resistance to cryptanalysis.
CS-457
Elias Athanasopoulos 38
Extra (desired) properties
Fast software encryption/decryption: - In many cases, encryption is embedded in applications
or utility functions in such a way as to preclude a hardware implementation.
Ease of analysis: - There is great benefit in making the algorithm easy to
analyze. It is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. DES, for example, does not have an easily analyzed functionality.
CS-457
Elias Athanasopoulos 39
Block modes
CS-457
Mode Description Typical Application
Electronic Codebook (ECB) Each block of 64 plaintext bits is encoded independently using the same key.
• Secure transmission of single values (e.g., an encryption key)
Cipher Block Chaining (CBC)
The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext.
• General-purpose block- oriented transmission • Authentication
top related