cs457 – introduction to information systems security cryptography 1b
DESCRIPTION
CS457 – Introduction to Information Systems Security Cryptography 1b. Elias Athanasopoulos [email protected]. Cryptography Elements. Symmetric Encryption Block Ciphers Stream Ciphers Asymmetric Encryption Cryptographic Hash Functions Applications. The need for randomness. - PowerPoint PPT PresentationTRANSCRIPT
Elias Athanasopoulos 2
Cryptography Elements
Symmetric Encryption- Block Ciphers- Stream Ciphers
Asymmetric EncryptionCryptographic Hash FunctionsApplications
CS-457
Elias Athanasopoulos 3
The need for randomness
CS-457
Elias Athanasopoulos 4
The need for randomness
Key distributionReplay attacks (nonces)Session key generation Generation of keys for the RSA public-key
encryption algorithmStream ciphers
CS-457
Elias Athanasopoulos 5
Randomness
Uniform distribution - The distribution of bits in the sequence should be
uniform; that is, the frequency of occurrence of ones and zeros should be approximately equal.
Independence - No one subsequence in the sequence can be
inferred from the others. Security requirement
- Unpredictability
CS-457
Elias Athanasopoulos 6
Random Generator Types
True Random Number Generators (TRNGs)Pseudo-random Number Generators (PRNGs)Pseudo-random Functions (PRFs)
CS-457
Elias Athanasopoulos 7CS-457
Elias Athanasopoulos 8
TRNGs
CS-457
Elias Athanasopoulos 9
PRNGs
r = f(seed);
CS-457
Elias Athanasopoulos 10
Requirements Uniformity
- Occurrence of a zero or one is equally likely. The expected number of zeros (or ones) is n/2, where n = the sequence length
Scalability - Any test applicable to a sequence can also be applied to
subsequences extracted at random. If a sequence is random, then any such extracted subsequence should also be random
Consistency- The behavior of a generator must be consistent across
starting values (seeds)
CS-457
Elias Athanasopoulos 11
Tests Frequency test
- Determine whether the number of ones and zeros in a sequence is approximately the same as would be expected for a truly random sequence
Runs test - Determine whether the number of runs of ones and zeros
of various lengths is as expected for a random sequence Maurer’s universal statistical test
- Detect whether or not the sequence can be significantly compressed without loss of information. A significantly compressible sequence is considered to be non-random
CS-457
Elias Athanasopoulos 12
Unpredictability
Forward unpredictability- If the seed is unknown, the next output bit in the
sequence should be unpredictable in spite of any knowledge of previous bits in the sequence
Backward unpredictability - It should also not be feasible to determine the seed
from knowledge of any generated values. No correlation between a seed and any value generated from that seed should be evident; each element of the sequence should appear to be the outcome of an independent random event whose probability is 1/2
CS-457
Elias Athanasopoulos 13
Seed
CS-457
Elias Athanasopoulos 14
Cryptographic PRNGs Purpose-built algorithms
- Designed specifically and solely for the purpose of generating pseudorandom bit streams.
Algorithms based on existing cryptographic algorithms - Cryptographic algorithms have the effect of randomizing input. Indeed,
this is a requirement of such algorithms. Three broad categories of cryptographic algorithms are commonly used to create PRNGs:
Symmetric block ciphers- Stream ciphers
Asymmetric ciphers- RSA, compute primes
Hash functions and message authentication codes
CS-457
Elias Athanasopoulos 15
Example
Xn+1 = (aXn + c) mod mSelection of a, c, and m, is very critical:a=7, c=0, m=32
- {7, 17, 23, 1, 7, etc.} a=5
- {5, 25, 29, 17, 21, 9, 13, 1, 5, etc.} In theory m should be very large (2^31)
CS-457
Elias Athanasopoulos 16
Stream ciphers
CS-457
Elias Athanasopoulos 17CS-457
Elias Athanasopoulos 18
RC4
CS-457
/* Initialization */ for i = 0 to 255 do S[i] = i;T[i] = K[i mod keylen];
/* Initial Permutation of S */ j = 0;for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]);
/* Stream Generation */ i, j = 0;while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t];
Elias Athanasopoulos 19
Asymmetric Encryption
CS-457
Elias Athanasopoulos 20
What is a prime number?
CS-457
Elias Athanasopoulos 21
An integer p > 1 is a prime number if and only if its only divisors are: 1, +p, and -p.
CS-457
Elias Athanasopoulos 22
More maths
Any integer a > 1 can be factored in a unique way as:
CS-457
Elias Athanasopoulos 23
Determining the prime factors of a large number is no easy task!
CS-457
Elias Athanasopoulos 24
Public-Key Cryptography
CS-457
Elias Athanasopoulos 25
Properties
2 keys- Public Key (no secrecy)- Private Key (if stolen everything is lost)
Easy algorithm, but hard to reverse- Y = f(X), easy- X = f-1(X), computationally hard - Computationally hard means solvable in non-
polynomial time
CS-457
Elias Athanasopoulos 26
RSA
Plaintext = M, cipher = C
C = Me mod nM = Cd mod n = (Me mod n)d = Med mod n
Public Key = {e, n}Private Key = {d, n}
CS-457
Elias Athanasopoulos 27
Euler’s totient function
Written φ(n), and defined as the number of positive integers less than n and relatively prime to n. By convention, φ(1) = 1.
CS-457
Elias Athanasopoulos 28
n=pq, p, q are prime numbersφ(n) = φ(pq) =φ(p) φ(q) =(p-1)(q-1)
CS-457
Just believe me that this holds! (i.e., φ(pq) =φ(p) φ(q))
Elias Athanasopoulos 30
RSA Steps
p, q, two prime numbers- Private
n = pq- n can be public, but recall that it is hard to infer p and q
by just knowing n e is relative prime to φ(n)
- Public- Recall φ(n) = (p-1)(q-1)
d from e, and φ(n)- Private
CS-457
Elias Athanasopoulos 31
RSA example
1. Select p = 17 and q = 11 2. Then, n = pq = 17×11 = 187. 3. φ(n) = (p-1)(q-1) = 16×10 = 160. 4. Select e relatively prime to φ(n) = 160 and less
than φ(n); e = 7. 5. Determine d
- de = 1 (mod 160) and d < 160, - The correct value is d = 23, because 23 × 7 = 161 = (1 × 160) + 1;
CS-457
Elias Athanasopoulos 32
Computational Aspects
RSA builds on exponents Intensive operationSide channels
CS-457
Elias Athanasopoulos 33
Cryptographic Hash Functions
CS-457
Elias Athanasopoulos 34
How it works?
CS-457
Elias Athanasopoulos 35
Integrity and Message Authentication
Integrity- (e.g., download a file)- Message digest
Message Authentication Code (MAC)- Used between two parties that share a secret key to
authenticate information exchanged between those parties
- Input is a secret key and a data block and the product is their hash value, referred to as the MAC
- An attacker who alters the message will be unable to alter the MAC value without knowledge of the secret key
CS-457
Elias Athanasopoulos 36
Digital Signatures
The hash value of a message is encrypted with a user’s private key. Anyone who knows the user’s public key can verify the integrity of the message that is associated with the digital signature.
CS-457
Elias Athanasopoulos 37
Simple Hash Functions
CS-457
Elias Athanasopoulos 38
Essentially based on compression
CS-457
Elias Athanasopoulos 39
Requirements
CS-457
Elias Athanasopoulos 40
Applications for Hash Functions
CS-457
Passwords- Never stored in plain- Server stores only the hash value- Salt (same plain goes to different hash)
Cracking- GPUs- Dictionary attacks