cryptography basics
DESCRIPTION
Cryptography Basics. IT443 – Network Security Administration. Outline. Basic concepts in cryptography system Secret key cryptography Public key cryptography Hash functions. Who Am I?. ?????????????????????? ?????????????????????? How do you know who I am?? - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/1.jpg)
1
Cryptography Basics
IT443 – Network Security Administration
![Page 2: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/2.jpg)
2
Outline
• Basic concepts in cryptography system• Secret key cryptography• Public key cryptography• Hash functions
![Page 3: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/3.jpg)
3
Who Am I?
• ??????????????????????• ??????????????????????
• How do you know who I am??• What about if we were on the telephone??
![Page 4: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/4.jpg)
4
Encryption/Decryption
• Plaintext: a message in its original form• Ciphertext: a message in the transformed, unrecognized form• Encryption: the process that transforms a plaintext into a ciphertext• Decryption: the process that transforms a ciphertext to the
corresponding plaintext• Key: the value used to control encryption/decryption.
plaintextencryption
ciphertextdecryption
plaintext
key key
![Page 5: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/5.jpg)
5
Cryptanalysis
• “code breaking”, “attacking the cipher”
• Difficulty depends on– sophistication of the cipher– amount of information available to the code
breaker
• Any cipher can be broken by exhaustive trials, but rarely practical
![Page 6: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/6.jpg)
6
Caesar Cipher
• Replace each letter with the one 3 letters later in the alphabet– ex.: plaintext CAT ciphertext FDW
A B C D E F G H I J K …
A B C D E F G H I J K …
plaintextalphabet
ciphertextalphabet
Trivial to break
![Page 7: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/7.jpg)
7
Mono-Alphabetic Ciphers
• Generalized substitution cipher: an arbitrary (but fixed) mapping of one letter to another– 26! ( 4.0*1026 288) possibilities
A B C D E F G H I J K …
A B C D E F G H I J K …plaintextalphabet
ciphertextalphabet
![Page 8: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/8.jpg)
8
Attacking Mono-Alphabetic Ciphers• Broken by statistical analysis of letter, word, and phrase
frequencies of the language• Frequency of single letters in English language, taken
from a large corpus of text:
![Page 9: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/9.jpg)
9
Ciphertext Only Attacks
• Ex.: attacker can intercept encrypted communications, nothing else
• Breaking the cipher: analyze patterns in the ciphertext– provides clues about the encryption
method/key
![Page 10: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/10.jpg)
10
Known Plaintext Attacks
• Ex.: attacker intercepts encrypted text, but also has access to some of the corresponding plaintext (definite advantage)
• Makes some codes (e.g., mono-alphabetic ciphers) very easy to break
![Page 11: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/11.jpg)
11
Chosen Plaintext Attacks
• Ex.: attacker can choose any plaintext desired, and intercept the corresponding ciphertext
• Allows targeted code breaking (choose exactly the messages that will reveal the most about the cipher)
![Page 12: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/12.jpg)
12
The “Weakest Link” in Security
• Cryptography is rarely the weakest link• Weaker links
– Implementation of cipher– Distribution or protection of keys– … …
![Page 13: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/13.jpg)
13
Secret Keys vs Secret Algorithms
• Security by obscurity– We can achieve better security if we keep the
algorithms secret– Hard to keep secret if used widely– Reverse engineering, social engineering
• Publish the algorithms– Security of the algorithms depends on the secrecy of
the keys– Less unknown vulnerability if all the smart (good)
people in the world are examine the algorithms
![Page 14: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/14.jpg)
14
Outline
• Basic concepts in cryptography system• Secret key cryptography• Public key cryptography• Hash functions
![Page 15: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/15.jpg)
15
Secret Key Cryptography
• Same key is used for encryption and decryption• Also known as
– Symmetric cryptography– Conventional cryptography
plaintextencryption
ciphertextdecryption
plaintext
key keySame key
![Page 16: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/16.jpg)
16
Secret Key Cryptography
• Stream cipher• Block cipher
– Converts one input plaintext block of fixed size k bits to an output ciphertext block of k bits
– DES, IDEA, AES, …– AES
• Selected from an open competition, organized by NSA• Joan Daemen and Vincent Rijmen (Belgium)• Block size=128 bits, Key Size= 128/192/256 bits
![Page 17: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/17.jpg)
17
Key Size
• Keys should be selected from a large potential set, to prevent brute force attacks
• Secret key sizes– 40 bits were considered adequate in 70’s– 56 bits used by DES were adequate in the 80’s– 128 bits are adequate for now
• If computers increase in power by 40% per year, need roughly 5 more key bits per decade to stay “sufficiently” hard to break
![Page 18: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/18.jpg)
18
Public Key Cryptography
• A public/private key pair is used– Public key can be publicly known– Private key is kept secret by the owner of the key
• Much slower than secret key cryptography• Also known as asymmetric cryptography• Another mode: digital signature
plaintextencryption
ciphertextdecryption
plaintext
Public key Private key
![Page 19: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/19.jpg)
19
Public Key Cryptography
• Digital signature– Only the party with the private key can create a digital signature.– The digital signature is verifiable by anyone who knows the public key.– The signer cannot deny that he/she has done so.
plaintextSign
ciphertextVerify
plaintext
Private key Public key
![Page 20: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/20.jpg)
20
Public Key Cryptography
• It must be computationally– easy to generate a public / private key pair– hard to determine the private key, given the public key
• It must be computationally – easy to encrypt using the public key– easy to decrypt using the private key– hard to recover the plaintext message from just the
ciphertext and the public key
![Page 21: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/21.jpg)
21
Symmetric vs Asymmetric • Symmetric algorithms are much faster
– In the order of a 1000 times faster
• Symmetric algorithms require a shared secret– Impractical if the communicating entities don’t have another
secure channel
• Both algorithms are combined to provide practical and efficient secure communication– E.g., establish a secret session key using asymmetric crypto and
use symmetric crypto for encrypting the traffic
![Page 22: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/22.jpg)
22
Outline
• Basic concepts in cryptography system• Secret key cryptography• Public key cryptography• Hash functions
![Page 23: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/23.jpg)
23
Hash Function
• Also known as– Message digest– One-way transformation– One-way function– Hash
• Length of H(m) much shorter then length of m• Usually fixed lengths: 128 or 160 bits
Message of arbitrary length
Hash A fixed-length short message
![Page 24: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/24.jpg)
24
Properties of Hash• Consider a hash function H
– Performance: Easy to compute H(m)
– One-way property: Given H(m) but not m, it’s computationally infeasible to find m
– Weak collision resistance (free): Given H(m), it’s computationally infeasible to find m’ such that H(m’) = H(m).
– Strong collision resistance (free): Computationally infeasible to find m1, m2 such that H(m1) = H(m2)
![Page 25: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/25.jpg)
25
Hash Applications
• File / Message integrity– Check if a downloaded file is corrupted– Detect if a file has been changed by someone
after it was stored– Compute a hash H(F) of file F
– openssl dgst -md5 filename
![Page 26: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/26.jpg)
26
Hash Applications
• Password verification– Password cannot be stored in plaintext– In a hashed format– Linux: /etc/passwd, /etc/shadow
– cat /etc/shadow
![Page 27: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/27.jpg)
27
Hash Applications
• User authentication– Alice wants to authenticate herself to Bob– Assuming they already share a secret key K
Alice Bob
time
“I’m Alice”
RcomputesY=H(R|K)
Yverifies thatY=H(R|K)
![Page 28: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/28.jpg)
28
Modern Hash Functions• MD5 (128 bits)
– Previous versions (i.e., MD2, MD4) have weaknesses.– Broken; collisions published in August 2004– Too weak to be used for serious applications
• SHA (Secure Hash Algorithm)– Weaknesses were found
• SHA-1 (160 bits)– Broken, but not yet cracked – Collisions in 269 hash operations, much less than the brute-force attack
of 280 operations– Results were circulated in February 2005, and published in CRYPTO
’05 in August 2005
• SHA-256, SHA-384, …
![Page 29: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/29.jpg)
29
Birthday Attack• What is the smallest group size k such that
– The probability that at least two people in the group have the same birthday is greater than 0.5?
– 23
• Implication for hash function H of length m– With probability at least 0.5– If we hash about 2m/2 random inputs, – Two messages will have the same hash image– m=64, 1ns per hash
• Brute force (264): 1013 seconds over 300 thousand years• Birthday attack (232): 4 seconds
![Page 30: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/30.jpg)
30
Lab 1
• Sample codes– eecs.mit.edu’s IP is 18.62.1.6– Assume their subnetwork use 28-bit prefix
18. 62. 1. 00000110
– Scan 18.62.1.0 ~ 18.62.1.15– dig -x 18.62.1.0 +short– /home/abird/it443/scanip.sh– /home/abird/it443/scanip.pl
![Page 31: Cryptography Basics](https://reader035.vdocuments.net/reader035/viewer/2022062805/56814e4d550346895dbbd78e/html5/thumbnails/31.jpg)
31
Next Time
• Read Chapter 2 in the textbook.• Enter any and all terms you consider
important in your glossary.• Summarize chapter 2 in your notebook.
– The information in this chapter is very important!