1

CS166INFORMATION SECURITY

San Jose State UniversityComputer Science Department Spring 2017Kaya Ota

TEXT BOOK 2

• This note depends on this text book (required in the class)

3

CHAPTER 1introduction

4 DEFINITIONS 1CONFIDENTIALITY, INTEGRITY, DATA AVAILABILITY

• Confidentiality • Preventing unauthorized reading of information.

• Integrity • At least detecting unauthorized writing** of information.

• Data Availability• Hidden the information is not a solution. We need data.

Need different methods to support these properties. **Writing can mean to write, to update, or to delete

5 DEFINITION 2TERMS • Cryptology – the art of science of making and breaking “secret codes”• Cryptography – the making of “secret codes”• Cryptanalysis – the breaking of “secret codes”

• Plain text -- the original text • Cipher text – encrypted text

6 DEFINITION 3SECURITY• Cryptosystem is secure if the best known attack requires as

much work as exhaustive key search. • Per se,

• We do Never guarantee that a cryptosystem NEVER lets attackers find a key

7 DEFINITION 4Confusion And Diffusion• Claude Shannon offers the fundamental cipher deign principle • Confusion – obscuring relationship between the plaintext and the

cipher-text• i.e. changing the plaintext to something else. • Example: Simple Substitution and One-Time-Pad

• Diffusion – spreading the plaintext statistically through the cipher text • i.e. rearranging the plaintext to generate the cipher-text • Example: double transposition

8

CHAPTER 2Crypt basis

9 SIMPLE SUBSTITUTIONROT 13

From Wikipedia

The original set of letters “hello” does not appear in the cipher

text Confusion is satisfied.

10 SIMPLE SUBSTITUTION Caesar Cipher • General version of rot 13 cipher• Simple substitution is confusion cipher

• Although using E in the plain, E does not necessary appears in the chiphertxt

How (many) to shift / substitute is a

keyIn this case

key = 3 or 23Gaius Iulius Caesar

https://upload.wikimedia.org/wikipedia/commons/4/4a/Caesar_cipher_left_shift_of_3.svg

SIMPLE SUBSTITUTION 11

• Simple substation is weak at letter analysis.

• The attacker can determine the most frequently appeared letter is “E”

• The next most is then “T” …..and so on.

• So, the cipher is not SECURE.• There exist short cut key search

Winner!!!

ONE TIME PAD 12

• One time pad is made on the beauty of Xor

• repeat within the “one-time” pad made cryptanalysis possible

13

CHAPTER 3Symmetric key Crypto

14 STREAM CIPHER

Key stream bit (K)

Plaintext bit (P)

Key generator

Key seed

EncryptCiphe rtext bit

(C)

Ciphe rtext bit (C)

Plaintext bit (P) decrypt

Key stream bit (K)

Key generator

Key seed

15 STREAM CIPHERS

• A stream cipher takes a key K of n bits in length and stretches it into a long keystream

• A keystream is XORed with the plaintext P to get a ciphertext • Ciphertext = Keystream Xor Plaintext

• The function of streamcipher: StreamCipher(K) = S • Where K is the key and S is the keystream

• A keystream is NOT a cipher text

16 STREAM CIPHERS

• Encrypt • C0 = p0 xor s0• C1 = p1 xor s1• C2 = p2 xor s2

Given a keystream S= s0, s1, s2 …. Given a plaintext P = p0, p1, p2….. Given a ciphertext C=c0, c1, c2…

Decrypt p0 = c0 xor s0 p1 = c1 xor s1 p2 = c2 xor s2

17 LIST OF STREAM CIPHERS

• One time pad • A5/1• RC4

18 A5/1 - STREAM CIPHER

• A5/1 is used for confidentiality in GSM cell phone • A5/1 uses 3 liner feedback shift registers (LFSR)

• LFSR X holds 19 bits• LFSR Y holds 22 bits • LFSR Z holds 23 bits • So, LFSR hold total of 64 bits

• Key of A5/1, K holds 64 bits• The key is used as the initial fill of the 3 registers

• Key = initial value of 3 registers

19 STREAM CIPHER – REGISTERS IN DETAIL

• When register X steps, the following series of operation occurs:• t = x13 xor x16 xor x17 xor x18 • xi = x(i-1)

• x0 = t

20 BLOCK CIPHER

• Deterministic algorithm operating on fix-length groups of bits, called blocks, with unvarying transformation that is specified by a symmetric key.

21 FEISTEL CIPHER

• Plaintext P = (L0, R0) for I = 1,2,,,,n • Next round represented by:

• Li = R(i-1)• Ri = Li

22 MAC – Message Authentication Code --

• MAC uses a block cipher to ensure data integrity.• Encrypt the data in CBC mode,

23 FUNDAMENTAL PROBLEM SYMMETRIC KEY CRYPT

• How to exchange the key?

24

CHAPTER 4Public key Crypt

25 Difference Between Symmetric And Public Key Crypt

Symmetric Key Crypt

• Use one key to encrypt and decrypt

• Efficient• Easy to compute encrypt and

decrypt • Problem

• How do we share the key? • i.e. Key exchange problem

Public Key Crypt • Use two keys

• Encrypt with public key • Decrypt with private / secret key

• Inefficient • Require computational effort

• Problem • Reliability

• Can we trust who made the public key?• i.e. key exchange problem

26 PUBLIC KEY CRYPTOSYSTEM

• Public key crypto-sys is based on a trap-door one-way function. • Trap-door features

• an attacker can not use the public information to recover private information

• One-way features • Easy to compute get , but difficult to find out from • Hash function

27 PUBLIC KEY CRYPTOSYSTEM

• Encrypt Message M with Alice’s public key: C = {M}alice • Decrypt the ciphertext C with Alice’s PRIVATE key: M = [C]alice

• The notation for Alice signing message M is S = [M]alice

[ {𝑀 }𝑎𝑙𝑖𝑐𝑒 ]𝑎𝑙𝑖𝑐𝑒= {[𝑀 ]𝑎𝑙𝑖𝑐𝑒 }𝑎𝑙𝑖𝑐𝑒=𝑀Important Relation

28 USES OF PUBLIC KEY CRYPTO

• What a symmetric key can do is doable with public key: but slower.• include Confidentiality • include Integrity : digital signature.

Integrity is provided bySymmetric: MAC

Public: digital signature

29 NON-REPUDIATION

• Non-repudiation is not a TECHNICAL problem, rather human error (maliciously).

• The concept of non-repudiation is essentially important for financial / e-commerse apps

• “Technically” required to prove that a unique user has made a transaction request.

http://world.std.com/~cme/non-repudiation.htm

Want to buy: order

I have never ordered!

Money Back!deriver

b

How do we prove she did buy?

30 Digital Signature

• Digital signature is used for integrity (detecting unAuth writing)• Technological solution for non-repudiation

• The signature is written and locked(encrypted) by only the sender and her PRIVATE key.

• The receiver will only unlocked(decrypt) by the sender’s public key

Public key crypt does not face to key

exchange problem because the receiver do

not need private key!OPEN

!

Public key IS accessible by anyone

31 DIGITAL SIGNATURE

• Signature is signed

only by The sender

Much: Verify the signature Miss-Much: not verify the

signature

32 ANALOGY OF PUBLIC KEY

• Every body can try with their public key

• But, only the expected person can open it.

http://yaplog.jp/tkgenmu/image/132/281

Every one can try to pull out the sword.But, only certain person can actually pull out

the sword

33

CHAPTER 5Hash Function ++

34 CRYPTOGRAPHIC HASH FUNCTION

• Compression • For any size input x, the output length of y = h(x) is small.

• Efficiency • Easy to compute h(x) for any input x • O(h(x)) should not grow too fast.

• One-way • Given any value y, it computationally infeasible to find a value x such that h(x) = y

• Weak Collision Resistance • Strong Collision Resistance

• It’s infeasible to find any x and y, such that x != y and h(x) == h(y)

Compression v.s. Strong Collison Resistance

Theoretically: contradict Practically: infeasible enough

So, OK!

35

• Given hash function h, Alice will sign M by the first hashing M then signing the hash • Alice computes

M,

S=[h (M ) ]Alice

Alice

Verify

Bob

More Secure > less SecureSigning(h( M )) >>

signing(M)

要確認

36 BIRTHDAY PROBLEM 1 Who has the same birthday with me in n-people?

• How large must N be before the probability that someone has the same birthday as you is greater then ½?

• Solve for N: • N = 253

My birthday is:1/1

How many people do I need to ask to find

one sharing birthday ?

37 BIRTHDAY PROBLEM 2WHO SHARES BIRTHDAY? • How large must N b e before we expect two or more people will have the

same birthday?

• Solve for N: N = 23

Does anyone share Birthday ?

38 Correlation Between Hash And Birthday Problem • Suppose h(x) generate an output with N bits long

• Then there are possible hash values • Since , birthday problem implies that • if we hash about different input, we can expect to find a collision.

Yes, repetition. choose value

independent from Previous event

Birthday problem tells how many inputs will be enough to

find a collision.

39 RANDOM NUMBERSnon-security app• Random number is often used for non-security application as well.

• Purpose: simulation, various statistical applications. • In non-security applications, random numbers only need to be statistically random

• i.e. they must be indistinguishable from random• Actually, there is repetitions in generating random.

• Persuade-random number commonly predictable • See mathematical modeling note

Random だけど Random じゃなかった！

出典 : となりのトトロ （さつきとメイ）

40 RANDOM NUMBERSsecurity applications • Random has to be statistically unpredictable • Let Alice’s key Ka, Bob’s key Kb, Charlie’s key Kc, and Dave has Kd • Assume Alice, Bob, Charlie do not like Dave. • They share(pool) their keys information

• Persuade-random is statically predictable, so pooling key-info might help them to figure out Dave’s key

• It is not secure if knowing Ka, Kb, Kc lets Alice, Bob, Charlie determines Kd (Dave’s key)

41

42

43

ADDITIONAL INFORMATION Reference and Credit

44 REFERENCE

• https://www.owasp.org/index.php/Guide_to_Cryptography#Non-Repudiation

45 CREDIT

• https://www.supinfo.com/articles/single/3654-modern-type-of-cryptography• http://www.stealthcopter.com/blog/2010/01/python-cryptography-decoding

-a-caesar-shift-frequency-analysis/

• https://clipartfest.com/categories/view/9acd078310c7d1d137c81e8cac2bb3ce5631a97b/signing-paper-clipart.html

• By Matt_Crypto - http://en.wikipedia.org/wiki/File:Caesar3.png, パブリック・ドメイン , https://commons.wikimedia.org/w/index.php?curid=30693472

• Gif anime http://popkey.co/m/AoZ7p-evil-witch-trapdoor• One time Pad image:

https://pt.slideshare.net/fadwa_stuka/lecture-2-12758871