introduction to software security crypto basicssecuresw.dankook.ac.kr/iss20-1/iss_16_2020_crypto...

Prof. Seong-je Cho

Spring 2020

Computer Security & Operating Systems Lab,

Dept. of Software Science, DKU

Introduction to Software Security

Crypto Basics (2)

- 2 -

Sources / References

Information Security: Principles and Practice, 2nd edition by Mark Stamp, Wiley, 2011

Behrouz A. Forouzan, Cryptography and network security, MH 2008

M. T. Goodrich and R. Tamassia, Introduction to Computer Security, Pearson (Addison-Wesley)

Foundations of Computer Security Lecture 52: Diffie-Hellman Key Exchange, Dr. Bill Young, Department of Computer Sciences, University of Texas at Austin

Many photos in presentation licensed from google images or wikipedia

Please do not duplicate and distribute

Computer Security & OS Lab, DKU

- 3 -

Contents

Claude Shannon

Confusion & Diffusion

Symmetric Key Cryptography

Shared Key Cryptography

Symmetric Key Exchange

Diffie-Hellman Key Agreement Protocol

Asymmetric Key Cryptography

Public Key Cryptography

9 Algorithms That Changed the Future


- 4 -

Post-WWII History

Claude Shannon The father of the science of information theory 1916 ~2001. 정보이론의창시자, 디지털의아버지

American Mathematician, Electrical engineer, Cryptographer

He contributed to the field of cryptanalysis for national defense during World War II

Computer revolution lots of data

Data Encryption Standard (DES), 70’s

Public Key cryptography, 70’s

CRYPTO conferences, 80’s

Advanced Encryption Standard (AES), 90’s

Crypto moved out of classified world (crypto가숨겨져있다가기밀세계바깥으로나오게됨)


- 5 -

Claude Shannon (클로드새넌)

The founder of Information Theory

Confusion and diffusion are two properties of the operation of a secure cipher which were identified by Claude Shannon in his paper “Communication Theory of Secrecy Systems”. http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf

These properties work to thwart the application of statistics and other methods of cryptanalysis.

Confusion (혼돈)

It’s a good idea to obscure the relationship between your plaintext and ‘encrypted’ message.

The best way to cause confusion is through the use of a complex substitution algorithm.

Diffusion (확산)

It’s also a good idea to spread out the message.

Permuting the elements from place to place in a seemingly random fashion.

Dissipates statistical structure of plaintext over bulk of ciphertext.» An example of this ‘diffusion’ is a transposition (permutation).


thwart: 좌절시키다. obscure: 모호하게하다, 이해하기어렵게하다 .dissipate: 소멸시키다.

http://en.wikipedia.org/wiki/Claude_Shannon

http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf

https://en.wikipedia.org/wiki/Statistics

https://en.wikipedia.org/wiki/Cryptanalysis

- 6 -

Confusion and Diffusion

Confusion obscure relationship between plaintext and ciphertext It hides the relationship between the encryption key and the ciphertext, as well as that between the

plaintext and the ciphertext, as complex as possible. In particular, each character of ciphertext should depend on several parts of the key.

E.g.) Complex substitution (Hill cipher)

Diffusion spread plaintext statistics through the ciphertext It makes each plaintext bit affect as many ciphertext bits as possible.

Change of one bit in the plaintext results in several bits changed in the ciphertext

E.g.) Permutation, Hill cipher

The Caesar and Vigenère ciphers do not have the properties of diffusion and confusion, which is why they are so susceptible to frequency analysis.

Many block ciphers (DES, AES, etc.) are designed using confusion and diffusion.


obscure: 모호하게하다, 이해하기어렵게하다.


(DES, AES, SEED, …)


- 8 -

DES and AES

DES is basically a block cipher combining fundamental cryptographic techniques, confusion and diffusion.

Confusion thwarts a cryptanalyst’s attempts to study the ciphertext by looking for redundancies and statistical patterns.

Diffusion frustrates a cryptanalyst’s attempts to search for redundancies in the plaintext through observations of the ciphertext.

The Advanced Encryption Standard (AES) has both excellent confusion and diffusion.

Both confusion and diffusion are repeated multiple times for each input to increase the amount of scrambling.

substitution-permutation network (SPN)


Source: AES 암호알고리즘(Advanced Encryption Standard)https://www.crocus.co.kr/1230 [Crocus]

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

- 9 -

Symmetric key cryptography

Block cipher : 64/128-bit block

DES (Data Encryption Standard)

AES (Advanced Encryption Standard)

The SEED cipher by KISA

Stream cipher : 1 bit or byte

RC4 stream cipher

☞Making OTP practical by using pseudorandom key


http://en.wikipedia.org/wiki/File:Crypto.png

http://en.wikipedia.org/wiki/File:Crypto.png

http://images.yourdictionary.com/images/computer/XOR.GIF

http://images.yourdictionary.com/images/computer/XOR.GIF

- 10 -

Crypto as Black Box


The message M is called the plaintext.

Alice will convert plaintext M to an encrypted form using an encryption algorithm E that outputs a ciphertext C for M.

encrypt decrypt

ciphertext

plaintext

sharedsecret

key

sharedsecret

key

CommunicationchannelSender Recipient

Attacker(eavesdropping)

plaintextplaintext

평문

Symmetric key cryptosystem

- 11 -

Key size and algorithm strength

Key size is an oft-cited measure of the strength of an algorithm, but is strength strongly correlated (or perfectly correlated with key length)?

Say we have two algorithms, A and B with key sizes of 56 and 128 bits

Is A less secure than B?


Source: https://slideplayer.com/slide/9460332/

Kerckhoffs’ principle

- 12 -

Symmetric key cryptography

Every pair of users must share a unique secret key

Intuitively, only holder of secret key should be able to decrypt


Source: Public Key Cryptography and Digital Signatures. Arpan Srivastava, Nov. 2018

Symmetric Key Exchange

(Secret Key Agreement Protocol)

References:

• Foundations of Computer Security Lecture 52: Diffie-Hellman Key Exchange, Dr. Bill Young, Department of Computer Sciences, University of Texas at Austin

• Cryptanalysis on Diffie-Hellman (DH) using a Timing Attack, http://internetokracy.appspot.com/crypto1

• Others


- 14 -

Shared key cryptography

Traditional use of cryptography

Symmetric keys, where A single key (k) is used is used for E and D

D( k, E( k, P ) ) = P

All (intended) receivers have access to key

Note: Management of keys determines who has access to encrypted data

E.g., password encrypted email

Also known as symmetric key cryptography.

How can the pair share the secret key (symmetric key)?


- 15 -

Symmetric key cryptosystem

Locking and unlocking with the same key


Wireshark

- 16 -

Diffie-Hellman Key Exchange

The Diffie-Hellman key agreement protocol (1976) was the first practical method for establishing a shared secret over an unsecured communication channel.

The point is to agree on a key that two parties can use for a symmetric encryption, in such a way that an eavesdropper cannot obtain the key.


Source: How Exploit Kit Operators are Misusing Diffie-Hellman Key Exchange,Trend Micro

- 17 -

Diffie-Hellman Algorithm

Both Alice and Bob can use this number as their key.

Notice that p and g need not be protected.

Source: aa


a and b are secret

A = ga mod p

B = gb mod p

A and B are sent

- 18 -

Diffie-Hellman Example

Then 2 is the shared secret.

Clearly, much larger values of a, b, and p are required.

An eavesdropper cannot discover this value even if she knows p and g and can obtain each of the messages.


- 19 -

Diffie-Hellman Example


Source: Cryptanalysis on Diffie-Hellman (DH) using a Timing Attack, http://internetokracy.appspot.com/crypto1

break


vs.



- 21 -

Symmetric key vs. Asymmetric key pair

A symmetric key cryptosystem uses the same key to encrypt as to decrypt

Symmetric key = Shared Secret key


A asymmetric key cryptosystem uses a public key to encrypt and a private key to decrypt (for secret communication)

Public key cryptosystem

It uses two separate keys

Public key (공개키)

Private key (개인키): Secret key

Source: IBM Knowledge Center

sender receiver

- 22 -

How Many Keys: Symmetric Encryption

Given a symmetric system with n users, how many keys are needed for pairwise secure communication?


Each time a new user is added to the system, it needs to share a new key with each previous user.

Thus, for n users, we have

1 + 2 + . . . + (n − 1) = n(n−1)/2 keys.

This is O(n2) keys.

- 23 -

How Many Keys: Asymmetric Encryption

Given an asymmetric system of n users, how many keys are needed for pairwise secure communication?


Each time a new user is added to the system,

it needs only a public key and a private key.

Thus, for n users, we have 2n keys, which is O(n).

Depending on the algorithm, each user may need separate pairs for confidentiality and signing, i.e., 4n keys, which is still O(n) keys.

n key pairs

private

private private

private

public public

public public

Source: Wikipedia, https://en.wikipedia.org/wiki/Public-key_cryptography

https://en.wikipedia.org/wiki/Public-key_cryptography

- 24 -

General Idea of Asymmetric key cryptosystem

The burden of providing security is mostly on the shoulders of the receiver (Bob, in this case).

Bob needs to create two keys : one private and one public.

Bob is responsible for distributing the public key to the community.


- 25 -

Asymmetric key cryptography

Public key cryptography RSA (Rivest, Sharmir, Adleman)

ECC (Elliptic Curve Cryptography)

ElGamal


Secret Communication vs. Digital Signature

Source: Wikipedia, https://en.wikipedia.org/wiki/Public-key_cryptography

Message + Ciphertext


- 26 -


Secret Communication: It can be also used for sharing a symmetric key


Source: x509 Certificate – Asymmetric encryption and Digital Signatures, by SachiMani, 2013

- 27 -



Source: x509 Certificate – Asymmetric encryption and Digital Signatures, by SachiMani, 2013

Digital Signature, Authentication

- 28 -

Public-key Cryptography


Encryption with public key

User encrypts data using his or her

public key

He or she will be able to decrypt the

data

Directed toward providing

confidentiality

Encryption with private key

User encrypts data using his or her own

private key

Anyone who knows the corresponding

public key will be able to decrypt the

message

Directed toward providing

authentication

- 29 -

Crypto as Black Box

Symmetric-key cryptography is based on sharing secrecy.

Asymmetric-key cryptography is based on personal secrecy.


Review & Summary


- 31 -

Taxonomy of Cryptography

Symmetric Key Same key for encryption as for decryption

Block ciphers and Stream ciphers

Algorithm is less complex and faster

Use for Bulk encryption, which means encrypting files and communication paths

Security service provided: Confidentiality

Public Key Two keys, one for encryption (public), and one for decryption (private)

Algorithm is more complex and slower

Use for Distributing keys, Digital signatures, and Key encryption

Security services provided: Confidentiality, Authentication, and Non-repudiation

Hash algorithms


- 32 -

Taxonomy of Cryptography


스트림 암호 블록 암호

RC4, LFSR AES, SEED

이산 대수 소인수 분해

공개키 암호

DH, DSA RSA

현대 암호

대칭키 암호

해쉬 함수

SHA1,HAS-160

- 33 -

Usage of Cryptography

Confidentiality, Authentication, Non-repudiation, …

Digital signature

Secure Communication

SSL, TLS

Password protection

Sensitive data protection

Document protection

File encryption

Privacy protection


- 34 -

Nine Algorithms That Changed the Future, 2012

1. Search engine indexing

2. PageRank

3. Public-key cryptography

4. Forward error correction

5. Pattern recognition

6. Data compression

7. Database

8. Digital signature


https://en.wikipedia.org/wiki/Search_engine_indexing

https://en.wikipedia.org/wiki/PageRank


https://en.wikipedia.org/wiki/Forward_error_correction

https://en.wikipedia.org/wiki/Pattern_recognition

https://en.wikipedia.org/wiki/Data_compression

https://en.wikipedia.org/wiki/Database

https://en.wikipedia.org/wiki/Digital_signature

- 35 -

Summary

Confusion & Diffusion


Shared secret key

Efficient for secret communication

Key Distribution Issue

Diffie-Hellman key exchange protocol


Public Key Cryptography

Key pair (Private key, Public key)

Heavy computation overhead


- 36 -

Number of keys when using symmetric and asymmetric encryption?

How many keys are required for secure communication among N person?

For symmetric, you need N⋅ (N−1)/2 keys:

Each pair of parties would need a single key that will be used to both encrypt and decrypt the message between the two parties.

The number of pairs of parties is equal to the number of combinations to choose a pair of parties among N parties: first you choose the first party - N possibilities. Then, you are left with (N−1) options to choose the next party.

Once you've chosen the pair of parties, notice that you don't have any significance to the order of the parties in the pair, so you need to divide the number of possibilities by 2 to cancel out the order.

For asymmetric, you need 2⋅ N keypairs,

every party A that wants to send a message m to party B, encrypts m using PKB, the public key of party B, and

then party B decrypts the message using the private key RKB corresponding to PKB.


introduction to software security crypto basicssecuresw.dankook.ac.kr/iss20-1/iss_16_2020_crypto...

Documents