l5-cryptography and applications
TRANSCRIPT
-
7/27/2019 l5-Cryptography and Applications
1/93
Cryptography andApplicationsP HA M VA N HAU ([email protected] )
SCHOOL OF COMPUTER SCIENCE AND ENGINEERING-INTERNATIONAL UNI VERSITY
mailto:[email protected]:[email protected] -
7/27/2019 l5-Cryptography and Applications
2/93
The History of ryptographyCryptography has roots thatbegin around 2000 B.C. in Egypt
used to decorate tombs to tellthe life story of the deceased
not so much about hiding themessages themselves; rather, thehieroglyphics were intended tomake the life story seem morenoble, ceremonial, and majestic
-
7/27/2019 l5-Cryptography and Applications
3/93
Some Basic Terminology plaintext - original message
ciphertext - coded message
cipher - algorithm for transforming plaintext to ciphertext
key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext
decipher (decrypt) - recovering ciphertext from plaintext
cryptography - study of encryption principles/methods
cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext withoutknowing key cryptology - field of both cryptography and cryptanalysis
3
-
7/27/2019 l5-Cryptography and Applications
4/93
Classical Substitution Ciphers where letters of plaintext are replaced by other letters or by
numbers or symbols
or if plaintext is viewed as a sequence of bits, then substitutioninvolves replacing plaintext bit patterns with ciphertext bit patterns
4
-
7/27/2019 l5-Cryptography and Applications
5/93
Caesar Cipher earliest known substitution cipher
by Julius Caesar
first attested use in military affairs
replaces each letter by 3rd letter ona b c d e f g h i j k l m n o p q r s t u v wx y z
D E F G H I J K L M N O P Q R S T U V W X Y Z AB C
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
5
-
7/27/2019 l5-Cryptography and Applications
6/93
aesar ipher mathematically give each letter a numbera b c d e f g h i j k l m n o p q r s t u v w x y
z0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
25
then have Caesar cipher as:c = E(p) = (p + k) mod (26)
p = D(c) = (c k) mod (26)
6
-
7/27/2019 l5-Cryptography and Applications
7/93
ryptanalysis of aesar ipher only have 26 possible ciphers
A maps to A,B,..Z
could simply try each in turn
given ciphertext, just try all shifts of letters do need to recognize when have plaintext
eg. break ciphertext "GCUA VQ DTGCM"
7
-
7/27/2019 l5-Cryptography and Applications
8/93
More substitution ciphersMono-alphabetic CipherPlayfair Cipher
Polyalphabetic Cipher
Vigenre Cipher Autokey Cipher
One Time Pad
-
7/27/2019 l5-Cryptography and Applications
9/93
Monoalphabetic ipher rather than just shifting the alphabet
could shuffle (jumble) the letters arbitrarily
each plaintext letter maps to a different random
ciphertext letter hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
9
-
7/27/2019 l5-Cryptography and Applications
10/93
Monoalphabetic Cipher
Security now have a total of 26! = 4 x 1026 keys
with so many keys, might think is secure
but would be !!!WRONG!!!
problem is language characteristics
10
-
7/27/2019 l5-Cryptography and Applications
11/93
The Strength of theryptosystemThe strength (work factor): an estimate of the effort and resources itwould take an attacker to penetrate a cryptosystem
strength of an encryption method comes from
the algorithm,
the secrecy of the key,
the length of the key,
the initialization vectors,
how they all work together within the cryptosystem
-
7/27/2019 l5-Cryptography and Applications
12/93
ryptanalysis letters are not equally commonly used
in English E is by far the most common letter
followed by T,R,N,I,O,A,S
other letters like Z,J,K,Q,X are fairly rare
have tables of single, double & triple letter frequenciesfor various languages
12
-
7/27/2019 l5-Cryptography and Applications
13/93
English Letter Frequencies
13
-
7/27/2019 l5-Cryptography and Applications
14/93
Use in Cryptanalysis key concept - monoalphabetic substitution ciphers do not
change relative letter frequencies
discovered by Arabian scientists in 9th century
calculate letter frequencies for ciphertext compare counts/plots against known values
if caesar cipher look for common peaks/troughs
peaks at: A-E-I triple, NO pair, RST triple
troughs at: JK, X-Z
for monoalphabetic must identify each letter
tables of common double/triple letters help
14
-
7/27/2019 l5-Cryptography and Applications
15/93
Example Cryptanalysis given ciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
count relative letter frequencies (see text) guess P & Z are e and t
guess ZW is th and hence ZWP is the
proceeding with trial and error finally get:
it was disclosed yesterday that several informal butdirect contacts have been made with political
representatives of the viet cong in moscow
15
-
7/27/2019 l5-Cryptography and Applications
16/93
Playfair Cipher not even the large number of keys in a monoalphabetic cipher
provides security
one approach to improving security was to encrypt multiple letters
the Playfair Cipher is an example
invented by Charles Wheatstone in 1854, but named after hisfriend Baron Playfair
16
-
7/27/2019 l5-Cryptography and Applications
17/93
Playfair Key Matrix a 5X5 matrix of letters based
on a keyword
fill in letters of keyword (sansduplicates)
fill rest of matrix with otherletters
eg. using the keywordMONARCHY
17
ZXWVU
TSQPL
KI/JGFE
DBYHC
RANOM
-
7/27/2019 l5-Cryptography and Applications
18/93
Encrypting and Decrypting plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like 'X
2. if both letters fall in the same row, replace each with letter to right(wrapping back to start from end)
3. if both letters fall in the same column, replace each with the letterbelow it (again wrapping to top from bottom)
4. otherwise each letter is replaced by the letter in the same row and inthe column of the other letter of the pair
18
-
7/27/2019 l5-Cryptography and Applications
19/93
Example Encryption of the Hello world message
Step 1: split into two letter tokken:Hello world= he ll ow or ld
Step 2: Encrypt each two letter tokken
19
-
7/27/2019 l5-Cryptography and Applications
20/93
Security of Playfair Cipher security much improved over monoalphabetic
since have 26 x 26 = 676 digrams
would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic) and correspondingly more ciphertext
was widely used for many years
eg. by US & British military in WW1
it can be broken, given a few hundred letters since still has much of plaintext structure
20
-
7/27/2019 l5-Cryptography and Applications
21/93
Polyalphabetic Ciphers polyalphabetic substitution ciphers
improve security using multiple cipher alphabets
make cryptanalysis harder with more alphabets to guess
and flatter frequency distribution use a key to select which alphabet is used for each letter
of the message
use each alphabet in turn
repeat from start after end of key is reached
21
-
7/27/2019 l5-Cryptography and Applications
22/93
Vigenre Cipher simplest polyalphabetic substitution cipher
effectively multiple caesar ciphers
key is multiple letters long K = k1 k2 ... kd
ith
letter specifies ith
alphabet to use use each alphabet in turn
repeat from start after d letters in message
decryption simply works in reverse
22
-
7/27/2019 l5-Cryptography and Applications
23/93
Example of Vigenre Cipher write the plaintext out
write the keyword repeated above it
use each key letter as a caesar cipher key
encrypt the corresponding plaintext letter
eg using keyword deceptivekey: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
23
-
7/27/2019 l5-Cryptography and Applications
24/93
Security of Vigenre Ciphers have multiple ciphertext letters for each plaintext letter
hence letter frequencies are obscured
but not totally lost
start with letter frequencies see if look monoalphabetic or not
if not, then need to determine number of alphabets, since then canattach each
24
-
7/27/2019 l5-Cryptography and Applications
25/93
Kasiski Method method developed by Babbage / Kasiski
repetitions in ciphertext give clues to period
so find same plaintext an exact period apart
which results in the same ciphertext of course, could also be random fluke
eg repeated VTW in previous example
suggests size of 3 or 9
then attack each monoalphabetic cipher individuallyusing same techniques as before
25
-
7/27/2019 l5-Cryptography and Applications
26/93
Autokey Cipher ideally want a key as long as the message
Vigenre proposed the autokey cipher
with keyword is prefixed to message as key
knowing keyword can recover the first few letters
use these in turn on the rest of the message
but still have frequency characteristics to attack
eg. given key deceptivekey: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
26
-
7/27/2019 l5-Cryptography and Applications
27/93
One-Time Pad if a truly random key as long as the message is used, the
cipher will be secure
called a One-Time pad
is unbreakable since ciphertext bears no statisticalrelationship to the plaintext
since for any plaintext & any ciphertext there exists a keymapping one to other
can only use the key once though problems in generation & safe distribution of key
27
-
7/27/2019 l5-Cryptography and Applications
28/93
Transposition Ciphers now consider classical transposition or permutation ciphers
these hide the message by rearranging the letter order
without altering the actual letters used
can recognise these since have the same frequency distribution asthe original text
28
-
7/27/2019 l5-Cryptography and Applications
29/93
Rail Fence cipher write message letters out diagonally over a number of
rows
then read off cipher row by row
eg. write message out as:m e m a t r h t g p r ye t e f e t e o a a t
giving ciphertextMEMATRHTGPRYETEFETEOAAT
29
-
7/27/2019 l5-Cryptography and Applications
30/93
Row Transposition Ciphers a more complex transposition
write letters of message out in rows over a specified number ofcolumns
then reorder the columns according to some key before reading off
the rowsKey: 4 3 1 2 5 6 7Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
30
-
7/27/2019 l5-Cryptography and Applications
31/93
ytale ipherAround 400 B.C., the Spartanswould write a message on a sheetof papyrus (a type of paper) thatwas wrapped around a staff (astick or wooden rod), which was
then delivered and wrappedaround a different staff by therecipient. The message was onlyreadable if it was wrapped aroundthe correct size staff, which madethe letters properly match up
-
7/27/2019 l5-Cryptography and Applications
32/93
Enigma ode Machinehttp://www.youtube.com/watch?v=Hb44bGY2KdU
-
7/27/2019 l5-Cryptography and Applications
33/93
Product Ciphers ciphers using substitutions or transpositions are not
secure because of language characteristics
hence consider using several ciphers in succession tomake harder, but:
two substitutions make a more complex substitution
two transpositions make more complex transposition
but a substitution followed by a transposition makes a newmuch harder cipher
this is bridge from classical to modern ciphers
33
-
7/27/2019 l5-Cryptography and Applications
34/93
Symmetric ryptography
-
7/27/2019 l5-Cryptography and Applications
35/93
Block and Stream iphersBLOCK CIPHERS WORK ONBLOCKS OF BITS
STREAM CIPHERS, WHICH WORKON ONE BIT AT A TIME
-
7/27/2019 l5-Cryptography and Applications
36/93
Initialization VectorsRandom values that are used with algorithms to ensure patterns are notcreated during the encryption process.
(If IVs are not used, then two identical plaintext values that areencrypted with the same key will create the same ciphertext. )
They are used with keys
Do not need to be encrypted when being sent to the destination.
Key Distribution
-
7/27/2019 l5-Cryptography and Applications
37/93
Key Distribution
given parties A and B have various key distributionalternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use previous
key to encrypt a new key
4. if A & B have secure communications with a third party C,
C can relay key between A & B
-
7/27/2019 l5-Cryptography and Applications
38/93
Strengths and WeaknessesStrengths
Much faster (less computationally intensive) than asymmetricsystems.
Hard to break if using a large key size.
Weaknesses
Requires a secure mechanism to deliver keys properly.
Each pair of users needs a unique key, so as the number of individualsincreases, so does the number of keys, possibly making keymanagement overwhelming.
Provides confidentiality but not authenticity or nonrepudiation
-
7/27/2019 l5-Cryptography and Applications
39/93
Types of Symmetric SystemsData Encryption Standard (DES)
3DES (Triple DES)
Blowfish
Twofish
IDEA (International Data Encryption Algorithm)
RC4, RC5, RC6
AES (Advanced Encryption Standard)
SAFER (Secure and Fast Encryption Routine)
Serpent
-
7/27/2019 l5-Cryptography and Applications
40/93
Asymmetric ryptography
RSA
-
7/27/2019 l5-Cryptography and Applications
41/93
RSA
by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme
based on exponentiation in a finite (Galois) field over
integers modulo a primenb. exponentiation takes O((log n)3) operations (easy)
uses large integers (eg. 1024 bits)
security due to cost of factoring large numbers
nb. factorization takes O(e log n log log n) operations (hard)
-
7/27/2019 l5-Cryptography and Applications
42/93
Ideas...Given a big number n, a message M (that is converted to
integer value), if we can choose e and d that satisfy the
following conditions:C=Me mod n for all M
-
7/27/2019 l5-Cryptography and Applications
43/93
How RSA Works
Given two primes p, q, and two integers m, n, such that n=p.qand 0
-
7/27/2019 l5-Cryptography and Applications
44/93
RSA Key Setup
each user generates a public/private key pair by:
selecting two large primes at random - p, q
computing their system modulus n=p.q
note (n)=(p-1)(q-1)
selecting at random the encryption key e where 1
-
7/27/2019 l5-Cryptography and Applications
45/93
RSA Use
to encrypt a message M the sender:obtains public key of recipient PU={e,n}
computes: C = Me mod n, where 0M
-
7/27/2019 l5-Cryptography and Applications
46/93
RSA Example - Key Setup
Select primes:p=17 & q=11 Compute n =pq=17 x 11=187
Compute (n)=(p1)(q-1)=16 x 10=160
Select e: gcd(e,160)=1; choose e=7
Determine d: de 1 mod 160 and d < 160 Value isd=23 since 23x7=161= 10x160+1
Publish public key PU={7,187}
Keep secret private key PR={23,187}
RSA Example - En/Decryption
-
7/27/2019 l5-Cryptography and Applications
47/93
RSA Example - En/Decryption
sample RSA encryption/decryption is: given message M = 88 (nb. 88
-
7/27/2019 l5-Cryptography and Applications
48/93
RSA Security
possible approaches to attacking RSA are:brute force key search (infeasible given big size of keys)
mathematical attacks (based on difficulty of computing
(n), by factoring modulus n)
timing attacks (on running of decryption)
Factoring Problem
-
7/27/2019 l5-Cryptography and Applications
49/93
Factoring Problem
mathematical approach takes 3 forms:factor n=p.q, hence compute (n) and then d
determine (n) directly and compute d
find d directly
currently believe all equivalent to factoringCryptanalysis have seen slow improvements over the years
currently assume 1024-2048 bit RSA is secure
ensure p, q of similar size and matching other constraints
Timing Attacks
-
7/27/2019 l5-Cryptography and Applications
50/93
Timing Attacks
developed by Paul Kocher in mid-1990s exploit timing variations in operations
eg. multiplying by small vs large number
or IF's varying which instructions executed
infer operand size based on time taken
RSA exploits time taken in exponentiation
countermeasures
use constant exponentiation time
add random delays
blind values used in calculations
-
7/27/2019 l5-Cryptography and Applications
51/93
Strengths and WeaknessesStrengths
Better key distribution than symmetric systems
Better scalability than symmetric systems
Can provide authentication and nonrepudiation
Weaknesses
Works much more slowly than symmetric systems
Mathematically intensive tasks
Key Management
-
7/27/2019 l5-Cryptography and Applications
52/93
Key Management
public-key encryption helps address key distributionproblems
have two aspects of this:
distribution of public keysuse of public-key encryption to distribute secret keys
Distribution of Public Keys
-
7/27/2019 l5-Cryptography and Applications
53/93
s bu o o ub eys
can be considered as using one of:public announcement
publicly available directory
public-key authoritypublic-key certificates
Public Announcement
-
7/27/2019 l5-Cryptography and Applications
54/93
users distribute public keys to recipients or broadcastto community at large
eg. append PGP keys to email messages or post to news
groups or email list
major weakness is forgeryanyone can create a key claiming to be someone else andbroadcast it
until forgery is discovered can masquerade as claimed
user
Publicly Available Directory
-
7/27/2019 l5-Cryptography and Applications
55/93
y y
can obtain greater security by registering keys with apublic directory
directory must be trusted with properties:
contains {name,public-key} entries
participants register securely with directory
participants can replace key at any time
directory is periodically published
directory can be accessed electronically
still vulnerable to tampering or forgery
Public-Key Authority
-
7/27/2019 l5-Cryptography and Applications
56/93
y y
improve security by tightening control overdistribution of keys from directory
has properties of directory
and requires users to know public key for the
directory
then users interact with directory to obtain any
desired public key securely
does require real-time access to directory when keys areneeded
Public-Key Authority
-
7/27/2019 l5-Cryptography and Applications
57/93
y y
Public-Key Certificates
-
7/27/2019 l5-Cryptography and Applications
58/93
certificates allow key exchange without real-timeaccess to public-key authority
a certificate binds identity to public key
usually with other info such as period of validity, rights of
use etc
with all contents signed by a trusted Public-Key or
Certificate Authority (CA)
can be verified by anyone who knows the public-keyauthorities public-key
Public-Key Certificates
-
7/27/2019 l5-Cryptography and Applications
59/93
-
7/27/2019 l5-Cryptography and Applications
60/93
Public-key infrastructure (PKI)A public-key infrastructure (PKI) is a set of hardware, software, people,policies, and procedures needed to create, manage, distribute, use,store, and revoke digital certificates
PKI is an arrangement that binds public keys with respective useridentities by means of a certificate authority (CA)
Differences Between Symmetric
http://en.wikipedia.org/wiki/Digital_certificateshttp://en.wikipedia.org/wiki/Public_keyhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Certificate_authorityhttp://en.wikipedia.org/wiki/Public_keyhttp://en.wikipedia.org/wiki/Digital_certificates -
7/27/2019 l5-Cryptography and Applications
61/93
yand Asymmetric SystemsAttribute Symmetric Asymmetric
Keys One key is shared between
two or more entities
One entity has a public key,
and the other entity has the
corresponding private key.
Key exchange Out-of-band through secure
mechanisms.
A public key is made available
to everyone, and a private key
is kept secret by the owner.
Speed Algorithm is less complex
and faster.
The algorithm is more
complex and slower.
Use Bulk encryption, which
means encrypting files and
communication paths.
Key distribution and digital
signatures.
Security service
provided
Confidentiality. Authentication and
nonrepudiation
-
7/27/2019 l5-Cryptography and Applications
62/93
Types of Asymmetric SystemsThe Diffie-Hellman Algorithm
RSA
El Gamal
Elliptic Curve CryptosystemsLUC
Knapsack
Zero Knowledge Proof
-
7/27/2019 l5-Cryptography and Applications
63/93
Hybrid Encryption Methods
Public-Key Distribution of Secret Keys
-
7/27/2019 l5-Cryptography and Applications
64/93
use previous methods to obtain public-key can use for secrecy or authentication
but public-key algorithms are slow
so usually want to use private-key encryption toprotect message contents
hence need a session key
have several alternatives for negotiating a suitable
session
Simple Secret Key Distribution
-
7/27/2019 l5-Cryptography and Applications
65/93
proposed by Merkle in 1979A generates a new temporary public key pair
A sends B the public key and their identity
B generates a session key K sends it to A encrypted using
the supplied public key
A decrypts the session key and both use
problem is that an opponent can intercept and
impersonate both halves of protocol
Public-Key Distribution of Secret Keys
-
7/27/2019 l5-Cryptography and Applications
66/93
if have securely exchanged public-keys:
Hybrid Key Distribution
-
7/27/2019 l5-Cryptography and Applications
67/93
retain use of private-key KDC shares secret master key with each user
distributes session key using master key
public-key used to distribute master keysespecially useful with widely distributed users
rationale
performance
backward compatibility
Diffie-Hellman Key Exchange
-
7/27/2019 l5-Cryptography and Applications
68/93
first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition
of public key concepts
note: now know that Williamson (UK CESG) secretly
proposed the concept in 1970
is a practical method for public exchange of a secret
key
used in a number of commercial products
Diffie-Hellman Key Exchange
-
7/27/2019 l5-Cryptography and Applications
69/93
a public-key distribution scheme
cannot be used to exchange an arbitrary message
rather it can establish a common key
known only to the two participants
value of key depends on the participants (and their privateand public key information)
based on exponentiation in a finite (Galois) field (modulo a
prime or a polynomial) - easy
security relies on the difficulty of computing discretelogarithms (similar to factoring) hard
Diffie-Hellman Setup
-
7/27/2019 l5-Cryptography and Applications
70/93
all users agree on global parameters:large prime integer or polynomial q
a being a primitive root mod q
each user (eg. A) generates their key
chooses a secret key (number): xA < q
compute their public key: yA = axA mod q
each user makes public that key yA
Diffie-Hellman Key Exchange
-
7/27/2019 l5-Cryptography and Applications
71/93
shared session key for users A & B is KAB:
KAB = axA.xB mod q
= yAxB mod q (which B can compute)
= yBxA mod q (which A can compute)
KAB
is used as session key in private-key encryption scheme
between Alice and Bob
if Alice and Bob subsequently communicate, they will have the
same key as before, unless they choose new public-keys
attacker needs an x, must solve discrete log
Diffie-Hellman Example
-
7/27/2019 l5-Cryptography and Applications
72/93
users Alice & Bob who wish to swap keys:
agree on prime q=353 and a=3
select random secret keys:
A chooses xA=97, B chooses xB=233
compute respective public keys:
yA=397
mod 353 = 40 (Alice)
yB=3233
mod 353 = 248 (Bob)
compute shared session key as:
KAB= yB
xA
mod 353 = 248
97
= 160 (Alice)KAB= yA
xB mod 353 = 40233
= 160 (Bob)
Key Exchange Protocols
-
7/27/2019 l5-Cryptography and Applications
73/93
users could create random private/public D-H keyseach time they communicate
users could create a known private/public D-H key
and publish in a directory, then consulted and used
to securely communicate with them
both of these are vulnerable to a meet-in-the-
Middle Attack
authentication of the keys is needed
-
7/27/2019 l5-Cryptography and Applications
74/93
Kerckhoffs PrincipleAuguste Kerckhoffs published a paper in 1883 stating that
the only secrecy involved with a cryptography system should be the key.
algorithm should be publicly known.
if security were based on too many secrets, there would be morevulnerabilities to possibly exploit.
-
7/27/2019 l5-Cryptography and Applications
75/93
Hash Functionscondenses arbitrary message to fixed size
h = H(M)
usually assume that the hash function is public and not keyed
hash used to detect changes to message
can use in various ways with message
most often to create a digital signature
Requirements for Hash
-
7/27/2019 l5-Cryptography and Applications
76/93
Functionscan be applied to any sized message M
produces fixed-length output h
is easy to compute h=H(M) for any message M
given h is infeasible to find x s.t. H(x)=h
one-way property
given x is infeasible to find y s.t. H(y)=H(x)
weak collision resistance
is infeasible to find any x,y s.t. H(y)=H(x)
strong collision resistance
-
7/27/2019 l5-Cryptography and Applications
77/93
Various Hashing AlgorithmsMD2
MD4
MD5
SHA
SHA-1
SHA-2 family: SHA-256, SHA-384, and SHA-512
HAVAL
Tiger
Attacks Against One-Way Hash
-
7/27/2019 l5-Cryptography and Applications
78/93
FunctionsIf the algorithm does produce the same value for two distinctly differentmessages, this is called a collision
An attacker can attempt to force a collision, which is referred to as abirthday attack
How many people must be in the same room for the chance to begreater than even that another person has the same birthday as you?
Answer: 253
How many people must be in the same room for the chance to begreater than even that at least two people share the same birthday?
Answer: 23
Message Authentication ode
-
7/27/2019 l5-Cryptography and Applications
79/93
(MA )generated by an algorithm that creates a small fixed-sized block
depending on both message and some key
like encryption though need not be reversible
appended to message as a signature
receiver performs same computation on message and checks itmatches the MAC
provides assurance that message is unaltered and comes from sender
HMAC
-
7/27/2019 l5-Cryptography and Applications
80/93
HMAC
-
7/27/2019 l5-Cryptography and Applications
81/93
B -MA
-
7/27/2019 l5-Cryptography and Applications
82/93
ryptosystemsA cryptosystem is made up of at least the following:
Software
Protocols
Algorithms
Keys
-
7/27/2019 l5-Cryptography and Applications
83/93
Services of ryptosystemsConfidentiality Renders the information unintelligible except byauthorized
entities.
Integrity Data has not been altered in an unauthorized manner since it
was created, transmitted, or stored.Authentication Verifies the identity of the user or system that createdinformation.
Nonrepudiation Ensures that the sender cannot deny sending themessage.
Digital signature for a message
-
7/27/2019 l5-Cryptography and Applications
84/93
Digital signature for a message
Link Encryption vs. End-to-End
-
7/27/2019 l5-Cryptography and Applications
85/93
EncryptionLink encryption encrypts all the data (except data link control messaginginformation) along a specific communication path, as in a satellite link,T3 line, or telephone circuit
end-to-end encryption happens within the applications
SSL encryption takes place at the transport layer.
-
7/27/2019 l5-Cryptography and Applications
86/93
HTTP SecureHTTP Secure (HTTPS) is HTTP running over SSL (developed by Netscape)
SSL :
it is not an open-community protocol
works at the transport layer
uses public key encryption
provides data encryption, server authentication, message integrity, andoptional client authentication
The open-community version of SSL is Transport Layer Security (TLS)
-
7/27/2019 l5-Cryptography and Applications
87/93
Pretty Good PrivacyFreeware e-mail security program and was released in 1991
PGP is a complete cryptosystem that uses cryptographic protection toprotect e-mail and files.
It can use RSA public key encryption for key management and use
IDEA symmetric cipher for bulk encryption of data
PGP uses web of trust in its key management approach
-
7/27/2019 l5-Cryptography and Applications
88/93
Secure ShellSSH is a program and a set of protocols that work together to provide asecure tunnel between two computers.
The two computers go through a handshaking process and exchange(via Diffie-Hellman) a session key that will be used during the session toencrypt and protect the data sent
SSH should be used instead of Telnet, FTP, rlogin, rexec, or rsh
Internet Protocol Security(IPSec)
-
7/27/2019 l5-Cryptography and Applications
89/93
(IPSec)IPSec uses two basic security protocols:Authentication Header (AH)and Encapsulating Security Payload (ESP).
AH is the authenticating protocol
ESP is an authenticating and encrypting protocol that uses
cryptographic mechanisms to provide source authentication,confidentiality, and message integrity
IPSec can work in one of two modes:
transport mode, in which the payload of the message is protected
tunnel mode, in which the payload and the routing and header information
are protected
-
7/27/2019 l5-Cryptography and Applications
90/93
AttacksCipher-Only Attacks
Known-Plaintext Attacks
Chosen-Plaintext Attacks
Chosen-Ciphertext Attacks
Differential Cryptanalysis
Side-Channel Attacks
Replay Attacks
Steganography
-
7/27/2019 l5-Cryptography and Applications
91/93
g g p y an alternative to encryption
hides existence of message
using only a subset of letters/words in a longer message marked insome way
using invisible ink
hiding in graphic image or sound file
has drawbacks
high overhead to hide relatively few info bits
91
Example
-
7/27/2019 l5-Cryptography and Applications
92/93
92
Removing all but the last 2 bits of each color component produces an almost
completely black image. Making that image 85 times brighter produces the image
on the right hand-side
.
Example 2: Letter of Recommendation(copied from http://gadgetopia.com/post/2278)
-
7/27/2019 l5-Cryptography and Applications
93/93
93
Jane S., a chief sub editor and editor, can always be foundhard at work in her cubicle. Jane works independently, without
wasting company time talking to colleagues. She never
thinks twice about assisting fellow employees, and she always
finishes given assignments on time. Often Jane takes extended
measures to complete her work, sometimes skipping
coffee breaks. She is a dedicated individual who has absolutely novanity in spite of her high accomplishments and profound
knowledge in her field. I firmly believe that Jane can be
classed as a high-caliber employee, the type which cannot be
dispensed with. Consequently, I duly recommend that Jane be
promoted to executive management, and a proposal will be
sent away as soon as possible.
Project Leader
Jane S., a chief sub editor and editor, can always be foundhard at work in her cubicle. Jane works independently, without
wasting company time talking to colleagues. She never
thinks twice about assisting fellow employees, and she always
finishes given assignments on time. Often Jane takes extended
measures to complete her work, sometimes skipping
coffee breaks. She is a dedicated individual who has absolutely novanity in spite of her high accomplishments and profound
knowledge in her field. I firmly believe that Jane can be
classed as a high-caliber employee, the type which cannot be
dispensed with. Consequently, I duly recommend that Jane be
promoted to executive management, and a proposal will be
sent away as soon as possible.
Project Leader