introduction to software security crypto basicssecuresw.dankook.ac.kr/iss20-1/iss_16_2020_crypto...
TRANSCRIPT
Prof. Seong-je Cho
Spring 2020
Computer Security & Operating Systems Lab,
Dept. of Software Science, DKU
Introduction to Software Security
Crypto Basics (2)
- 2 -
Sources / References
Information Security: Principles and Practice, 2nd edition by Mark Stamp, Wiley, 2011
Behrouz A. Forouzan, Cryptography and network security, MH 2008
M. T. Goodrich and R. Tamassia, Introduction to Computer Security, Pearson (Addison-Wesley)
Foundations of Computer Security Lecture 52: Diffie-Hellman Key Exchange, Dr. Bill Young, Department of Computer Sciences, University of Texas at Austin
Many photos in presentation licensed from google images or wikipedia
Please do not duplicate and distribute
Computer Security & OS Lab, DKU
- 3 -
Contents
Claude Shannon
Confusion & Diffusion
Symmetric Key Cryptography
Shared Key Cryptography
Symmetric Key Exchange
Diffie-Hellman Key Agreement Protocol
Asymmetric Key Cryptography
Public Key Cryptography
9 Algorithms That Changed the Future
Computer Security & OS Lab, DKU
- 4 -
Post-WWII History
Claude Shannon The father of the science of information theory 1916 ~2001. 정보이론의창시자, 디지털의아버지
American Mathematician, Electrical engineer, Cryptographer
He contributed to the field of cryptanalysis for national defense during World War II
Computer revolution lots of data
Data Encryption Standard (DES), 70’s
Public Key cryptography, 70’s
CRYPTO conferences, 80’s
Advanced Encryption Standard (AES), 90’s
Crypto moved out of classified world (crypto가숨겨져있다가기밀세계바깥으로나오게됨)
Computer Security & OS Lab, DKU
- 5 -
Claude Shannon (클로드새넌)
The founder of Information Theory
Confusion and diffusion are two properties of the operation of a secure cipher which were identified by Claude Shannon in his paper “Communication Theory of Secrecy Systems”. http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf
These properties work to thwart the application of statistics and other methods of cryptanalysis.
Confusion (혼돈)
It’s a good idea to obscure the relationship between your plaintext and ‘encrypted’ message.
The best way to cause confusion is through the use of a complex substitution algorithm.
Diffusion (확산)
It’s also a good idea to spread out the message.
Permuting the elements from place to place in a seemingly random fashion.
Dissipates statistical structure of plaintext over bulk of ciphertext.» An example of this ‘diffusion’ is a transposition (permutation).
Computer Security & OS Lab, DKU
thwart: 좌절시키다. obscure: 모호하게하다, 이해하기어렵게하다 .dissipate: 소멸시키다.
- 6 -
Confusion and Diffusion
Confusion obscure relationship between plaintext and ciphertext It hides the relationship between the encryption key and the ciphertext, as well as that between the
plaintext and the ciphertext, as complex as possible. In particular, each character of ciphertext should depend on several parts of the key.
E.g.) Complex substitution (Hill cipher)
Diffusion spread plaintext statistics through the ciphertext It makes each plaintext bit affect as many ciphertext bits as possible.
Change of one bit in the plaintext results in several bits changed in the ciphertext
E.g.) Permutation, Hill cipher
The Caesar and Vigenère ciphers do not have the properties of diffusion and confusion, which is why they are so susceptible to frequency analysis.
Many block ciphers (DES, AES, etc.) are designed using confusion and diffusion.
Computer Security & OS Lab, DKU
obscure: 모호하게하다, 이해하기어렵게하다.
Symmetric Key Cryptography
(DES, AES, SEED, …)
Computer Security & OS Lab, DKU
- 8 -
DES and AES
DES is basically a block cipher combining fundamental cryptographic techniques, confusion and diffusion.
Confusion thwarts a cryptanalyst’s attempts to study the ciphertext by looking for redundancies and statistical patterns.
Diffusion frustrates a cryptanalyst’s attempts to search for redundancies in the plaintext through observations of the ciphertext.
The Advanced Encryption Standard (AES) has both excellent confusion and diffusion.
Both confusion and diffusion are repeated multiple times for each input to increase the amount of scrambling.
substitution-permutation network (SPN)
Computer Security & OS Lab, DKU
Source: AES 암호알고리즘(Advanced Encryption Standard)https://www.crocus.co.kr/1230 [Crocus]
- 9 -
Symmetric key cryptography
Block cipher : 64/128-bit block
DES (Data Encryption Standard)
AES (Advanced Encryption Standard)
The SEED cipher by KISA
Stream cipher : 1 bit or byte
RC4 stream cipher
☞Making OTP practical by using pseudorandom key
Computer Security & OS Lab, DKU
- 10 -
Crypto as Black Box
Computer Security & OS Lab, DKU
The message M is called the plaintext.
Alice will convert plaintext M to an encrypted form using an encryption algorithm E that outputs a ciphertext C for M.
encrypt decrypt
ciphertext
plaintext
sharedsecret
key
sharedsecret
key
CommunicationchannelSender Recipient
Attacker(eavesdropping)
plaintextplaintext
평문
Symmetric key cryptosystem
- 11 -
Key size and algorithm strength
Key size is an oft-cited measure of the strength of an algorithm, but is strength strongly correlated (or perfectly correlated with key length)?
Say we have two algorithms, A and B with key sizes of 56 and 128 bits
Is A less secure than B?
Computer Security & OS Lab, DKU
Source: https://slideplayer.com/slide/9460332/
Kerckhoffs’ principle
- 12 -
Symmetric key cryptography
Every pair of users must share a unique secret key
Intuitively, only holder of secret key should be able to decrypt
Computer Security & OS Lab, DKU
Source: Public Key Cryptography and Digital Signatures. Arpan Srivastava, Nov. 2018
Symmetric Key Exchange
(Secret Key Agreement Protocol)
References:
• Foundations of Computer Security Lecture 52: Diffie-Hellman Key Exchange, Dr. Bill Young, Department of Computer Sciences, University of Texas at Austin
• Cryptanalysis on Diffie-Hellman (DH) using a Timing Attack, http://internetokracy.appspot.com/crypto1
• Others
Computer Security & OS Lab, DKU
- 14 -
Shared key cryptography
Traditional use of cryptography
Symmetric keys, where A single key (k) is used is used for E and D
D( k, E( k, P ) ) = P
All (intended) receivers have access to key
Note: Management of keys determines who has access to encrypted data
E.g., password encrypted email
Also known as symmetric key cryptography.
How can the pair share the secret key (symmetric key)?
Computer Security & OS Lab, DKU
- 15 -
Symmetric key cryptosystem
Locking and unlocking with the same key
Computer Security & OS Lab, DKU
Wireshark
- 16 -
Diffie-Hellman Key Exchange
The Diffie-Hellman key agreement protocol (1976) was the first practical method for establishing a shared secret over an unsecured communication channel.
The point is to agree on a key that two parties can use for a symmetric encryption, in such a way that an eavesdropper cannot obtain the key.
Computer Security & OS Lab, DKU
Source: How Exploit Kit Operators are Misusing Diffie-Hellman Key Exchange,Trend Micro
- 17 -
Diffie-Hellman Algorithm
Both Alice and Bob can use this number as their key.
Notice that p and g need not be protected.
Source: aa
Computer Security & OS Lab, DKU
a and b are secret
A = ga mod p
B = gb mod p
A and B are sent
- 18 -
Diffie-Hellman Example
Then 2 is the shared secret.
Clearly, much larger values of a, b, and p are required.
An eavesdropper cannot discover this value even if she knows p and g and can obtain each of the messages.
Computer Security & OS Lab, DKU
- 19 -
Diffie-Hellman Example
Computer Security & OS Lab, DKU
Source: Cryptanalysis on Diffie-Hellman (DH) using a Timing Attack, http://internetokracy.appspot.com/crypto1
break
Symmetric Key Cryptography
vs.
Asymmetric Key Cryptography
Computer Security & OS Lab, DKU
- 21 -
Symmetric key vs. Asymmetric key pair
A symmetric key cryptosystem uses the same key to encrypt as to decrypt
Symmetric key = Shared Secret key
Computer Security & OS Lab, DKU
A asymmetric key cryptosystem uses a public key to encrypt and a private key to decrypt (for secret communication)
Public key cryptosystem
It uses two separate keys
Public key (공개키)
Private key (개인키): Secret key
Source: IBM Knowledge Center
sender receiver
- 22 -
How Many Keys: Symmetric Encryption
Given a symmetric system with n users, how many keys are needed for pairwise secure communication?
Computer Security & OS Lab, DKU
Each time a new user is added to the system, it needs to share a new key with each previous user.
Thus, for n users, we have
1 + 2 + . . . + (n − 1) = n(n−1)/2 keys.
This is O(n2) keys.
- 23 -
How Many Keys: Asymmetric Encryption
Given an asymmetric system of n users, how many keys are needed for pairwise secure communication?
Computer Security & OS Lab, DKU
Each time a new user is added to the system,
it needs only a public key and a private key.
Thus, for n users, we have 2n keys, which is O(n).
Depending on the algorithm, each user may need separate pairs for confidentiality and signing, i.e., 4n keys, which is still O(n) keys.
n key pairs
private
private private
private
public public
public public
Source: Wikipedia, https://en.wikipedia.org/wiki/Public-key_cryptography
- 24 -
General Idea of Asymmetric key cryptosystem
The burden of providing security is mostly on the shoulders of the receiver (Bob, in this case).
Bob needs to create two keys : one private and one public.
Bob is responsible for distributing the public key to the community.
Computer Security & OS Lab, DKU
- 25 -
Asymmetric key cryptography
Public key cryptography RSA (Rivest, Sharmir, Adleman)
ECC (Elliptic Curve Cryptography)
ElGamal
Computer Security & OS Lab, DKU
Secret Communication vs. Digital Signature
Source: Wikipedia, https://en.wikipedia.org/wiki/Public-key_cryptography
Message + Ciphertext
- 26 -
Asymmetric key cryptography
Secret Communication: It can be also used for sharing a symmetric key
Computer Security & OS Lab, DKU
Source: x509 Certificate – Asymmetric encryption and Digital Signatures, by SachiMani, 2013
- 27 -
Asymmetric key cryptography
Computer Security & OS Lab, DKU
Source: x509 Certificate – Asymmetric encryption and Digital Signatures, by SachiMani, 2013
Digital Signature, Authentication
- 28 -
Public-key Cryptography
Computer Security & OS Lab, DKU
Encryption with public key
User encrypts data using his or her
public key
He or she will be able to decrypt the
data
Directed toward providing
confidentiality
Encryption with private key
User encrypts data using his or her own
private key
Anyone who knows the corresponding
public key will be able to decrypt the
message
Directed toward providing
authentication
- 29 -
Crypto as Black Box
Symmetric-key cryptography is based on sharing secrecy.
Asymmetric-key cryptography is based on personal secrecy.
Computer Security & OS Lab, DKU
Review & Summary
Computer Security & OS Lab, DKU
- 31 -
Taxonomy of Cryptography
Symmetric Key Same key for encryption as for decryption
Block ciphers and Stream ciphers
Algorithm is less complex and faster
Use for Bulk encryption, which means encrypting files and communication paths
Security service provided: Confidentiality
Public Key Two keys, one for encryption (public), and one for decryption (private)
Algorithm is more complex and slower
Use for Distributing keys, Digital signatures, and Key encryption
Security services provided: Confidentiality, Authentication, and Non-repudiation
Hash algorithms
Computer Security & OS Lab, DKU
- 32 -
Taxonomy of Cryptography
Computer Security & OS Lab, DKU
스트림 암호 블록 암호
RC4, LFSR AES, SEED
이산 대수 소인수 분해
공개키 암호
DH, DSA RSA
현대 암호
대칭키 암호
해쉬 함수
SHA1,HAS-160
- 33 -
Usage of Cryptography
Confidentiality, Authentication, Non-repudiation, …
Digital signature
Secure Communication
SSL, TLS
Password protection
Sensitive data protection
Document protection
File encryption
Privacy protection
Computer Security & OS Lab, DKU
- 34 -
Nine Algorithms That Changed the Future, 2012
1. Search engine indexing
2. PageRank
3. Public-key cryptography
4. Forward error correction
5. Pattern recognition
6. Data compression
7. Database
8. Digital signature
Computer Security & OS Lab, DKU
- 35 -
Summary
Confusion & Diffusion
Symmetric Key Cryptography
Shared secret key
Efficient for secret communication
Key Distribution Issue
Diffie-Hellman key exchange protocol
Asymmetric Key Cryptography
Public Key Cryptography
Key pair (Private key, Public key)
Heavy computation overhead
Computer Security & OS Lab, DKU
- 36 -
Number of keys when using symmetric and asymmetric encryption?
How many keys are required for secure communication among N person?
For symmetric, you need N⋅ (N−1)/2 keys:
Each pair of parties would need a single key that will be used to both encrypt and decrypt the message between the two parties.
The number of pairs of parties is equal to the number of combinations to choose a pair of parties among N parties: first you choose the first party - N possibilities. Then, you are left with (N−1) options to choose the next party.
Once you've chosen the pair of parties, notice that you don't have any significance to the order of the parties in the pair, so you need to divide the number of possibilities by 2 to cancel out the order.
For asymmetric, you need 2⋅ N keypairs,
every party A that wants to send a message m to party B, encrypts m using PKB, the public key of party B, and
then party B decrypts the message using the private key RKB corresponding to PKB.
Computer Security & OS Lab, DKU