You are on page 1of 41

# Module I.

Fundamentals of Information Security

Chapter 2

Cryptographic Techniques
Web Security: Theory & Applications
School of Software, Sun Yat-sen University

Chapter 2 - Outline
2.1 Cryptology Introduction

• Introduction
• History
• Concepts & Items
2.2 Symmetric Key Cryptographic Algorithms

• Introduction
• Types & Modes
• Data Encryption Standard (DES)

Web Security : Theory And Applications

2 / 41

Chapter 2 - Outline
2.3 Asymmetric Key Cryptographic Algorithms

• Introduction
• The RSA Algorithm
• Digital Signatures
2.4 Hashing Algorithms

• Introduction
• Message-Digest Algorithm (MD5)
2.5 Typical Applications

• AES and Wi-Fi Protected Access
Web Security : Theory And Applications

3 / 41

Chapter 2 - Outline
2.1 Cryptology Introduction

• Introduction
• History
• Concepts & Items
2.2 Symmetric Key Cryptographic Algorithms
2.3 Asymmetric Key Cryptographic Algorithms
2.4 Hashing Algorithms
2.5 Typical Applications

Web Security : Theory And Applications

4 / 41

"study". from Greek kryptós. data integrity. or -logia. authentication. and gráphein. "hidden.1.2. Web Security : Theory And Applications 5 / 41 .1 Introduction  Definition • Cryptography (or cryptology. secret". respectively) is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). and non-repudiation. "writing". More generally. it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality.1 Cryptology Introduction 2.

1 Cryptology Introduction • • Modern cryptography intersects the disciplines of mathematics. and electrical engineering. and electronic commerce. computer science. computer passwords.2. Applications of cryptography include ATM cards. Web Security : Theory And Applications 6 / 41 .

1.2.2 History    The Manual ERA The Mechanical ERA The Modern ERA German Lorenz cipher machine. used in World War II to encrypt very-high-level general staff messages Web Security : Theory And Applications 7 / 41 .1 Cryptology Introduction 2.

Non-repudiation. Integrity.3 Concepts & Items  Plain Text and Cipher Text  Key and Key Space  Cryptosystem Services • Confidentiality. Asymmetric Attributes of Strong Encryption • Confusion. Authenticity.2. Access Control  Cryptographic Methods •  Symmetric.1.1 Cryptology Introduction 2. Diffusion Web Security : Theory And Applications 8 / 41 .

Outline   2.5 Typical Applications Web Security : Theory And Applications 9 / 41 .1 Cryptology Introduction 2.3 Asymmetric Key Cryptographic Algorithms 2.Chapter 2 .4 Hashing Algorithms 2.2 Symmetric Key Cryptographic Algorithms • Introduction • Types & Modes • Data Encryption Standard (DES) • Advanced Encryption Standard (AES)    2.

2. The two parties must somehow exchange the key in a secure way.1 Introduction    Symmetric-key cryptography is sometimes called secretkey cryptography. Symmetric-key systems are simpler and faster.2 Symmetric Key Crypt. Web Security : Theory And Applications 10 / 41 . Algorithms 2. It is a kind of encryption system in which the sender and receiver of a message share a single. common key that is used to encrypt and decrypt the message. Data Encryption Standard.2. The most popular symmetric-key system is the DES.

.K)=E(M1.K)E(M2.K)… .2 Algorithm Types and Modes  Algorithm Types • Block Cipher： E(M.2 Symmetric Key Crypt.E(Mn.2.2. Algorithms 2.K) 。 M为明文，分割成M1、M2… Mn区段。加密速度慢，但 较安全。 • Stream Cipher： Web Security : Theory And Applications 11 / 41 .

2 Symmetric Key Crypt.2. Algorithms Web Security : Theory And Applications 12 / 41 .

Algorithms  Algorithm Modes • Electronic Code Book (ECB) Mode Web Security : Theory And Applications 13 / 41 .2 Symmetric Key Crypt.2.

2 Symmetric Key Crypt.2. Algorithms Source Web Security : Theory And Applications ECB mode non-ECB mode 14 / 41 .

2 Symmetric Key Crypt.2.Encryption Web Security : Theory And Applications 15 / 41 . Algorithms • Cipher Block Chaining (CBC) Mode (IBM.1976) • CBC .

Decryption Web Security : Theory And Applications 16 / 41 . Algorithms • CBC .2 Symmetric Key Crypt.2.

Algorithms • Cipher Feedback (CFB) Mode • CFB .2 Symmetric Key Crypt.2.Encryption Web Security : Theory And Applications 17 / 41 .

Decryption Web Security : Theory And Applications 18 / 41 .2 Symmetric Key Crypt.2. Algorithms • CFB .

2 Symmetric Key Crypt.encryption Web Security : Theory And Applications 19 / 41 .2. Algorithms • Output Feedback (OFB) Mode • OFB .

Algorithms • OFB .Decryption Web Security : Theory And Applications 20 / 41 .2 Symmetric Key Crypt.2.

2 Symmetric Key Crypt. Algorithms 2.2.3 Data Encryption Standard（DES）  Background and History  How DES Works • Feistel function Web Security : Theory And Applications 21 / 41 .2.

2. Algorithms 2. FIPS PUB 197 • Rijndael .Joan Daemen & Vincent Rijmen Properties • Block length = 128 bit • Key length = 128/192/256 bit Steps • AddRoundKey • SubBytes • ShiftRows • MixColumns Web Security : Theory And Applications 22 / 41 .2 Symmetric Key Crypt.4 Advanced Encryption Standard（AES）    Introduction • 2001.2.

Outline    2.4 Hashing Algorithms 2.3 Asymmetric Key Cryptographic Algorithms • Introduction • The RSA Algorithm • Digital Signatures   2.1 Cryptology Introduction 2.5 Typical Applications Web Security : Theory And Applications 23 / 41 .2 Symmetric Key Cryptographic Algorithms 2.Chapter 2 .

Algorithms 2.a public key known to everyone and a private or secret key known only to the recipient of the message. Moreover. Bob then uses his private key to decrypt it.1 Introduction  Definition •  Scenery •  A cryptographic system that uses two keys -.3.3 Asymmetric Key Crypt. Property • It is important that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. When Alice wants to send a secure message to Bob. she uses Bob's public key to encrypt the message. Web Security : Theory And Applications 24 / 41 . it is virtually impossible to deduce the private key from the known public key.2.

3. the factoring problem. Algorithms 2.3 Asymmetric Key Crypt.2 The RSA Algorithm  Introduction • Ron Rivest. Web Security : Theory And Applications 25 / 41 . Adi Shamir & Leonard Adleman (MIT.2. 1977) • RSA algorithm is based on the presumed difficulty of factoring large integers.

Let N=pq. q). Algorithms  How RSA Works • Generating of Public key and Private key • • • • • • Select two different big prims p and q. By Euler’s  function.3 Asymmetric Key Crypt. Web Security : Theory And Applications 26 / 41 .2. (e. the number of integers less than and prim to N is (N) = (pq) = (p) (q) = ( p-1)(q-1) Select an integer e which is less than and prim to (N) Compute d by：ed  1 (mod (N)) Destroy p and q (when N is big enough. Alice will send her (e. and (d.N) the private key.N) in secret. but keep her (d.N) to Bob.N) is used as the public key. it will be extremely difficult to find p.

Bob has Alice’s public key (e. Web Security : Theory And Applications 27 / 41 . Alice can decode n from c by c d  n(mod N ) . • Decryption • By applying her private (d. By applying the key (e.3 Asymmetric Key Crypt. or c  n e mod N Then Bob can send c to Alice through an unsafe channel. Firstly he transforms m to an integer n less than N in a presumed method. or n  c d mod N and recover the m from n.2. Algorithms • Encryption • Suppose that Bob want to send Alice a message m. n is encrypted to c： n e  c(mod N ).N) in hand.N).N).

n  c d mod N So n  c d mod N  (n e ) d mod N  n ed mod N  n mod N Web Security : Theory And Applications 28 / 41 . Algorithms • Principle of RSA • By Euler’s  function. we have n k ( N ) 1  n mod N in another hand. ed  1 (mod  (N)). so ned  n mod N Now we have c  n e mod N .3 Asymmetric Key Crypt. given two prims p and q satisfied N=pq and one integer n satisfied 0<n<N.2. or ed = k (N)+1.

we select small p.N) Let p=3.2. q=11.3 Asymmetric Key Crypt. Algorithms  Example of RSA • For continent.N) and (d.q and e. • Suppose A want to sent a string “key” to B by RSA encryption. ① Compute (e. N=pq=311=33 f(N)=(p-1)(q-1)=210=20 We take e=3 (3 is prim to 20) and try to get d such that ed1 mod f(n)，即3d1 mod 20。 We get d by trial: Web Security : Theory And Applications 29 / 41 .

we find that when d=7. Algorithms f(n)=(p-1)(q-1)=210=20. ed 1 mod f(n) holds. d ed (ed) mod f(n) 1 3 3 2 6 6 3 9 9 4 12 12 5 15 15 6 18 18 7 21 1 8 24 4 9 27 7 From the table. Take e=3 and try d.2.3 Asymmetric Key Crypt. Web Security : Theory And Applications 30 / 41 .

Algorithms So the public key and the private key are as KU =(e.3 Asymmetric Key Crypt.N)=(7.33) and KR =(d.33) Web Security : Theory And Applications 31 / 41 .2.N)=(3.

M3 are 11.3 Asymmetric Key Crypt.05.M2. Algorithms ② Digitization a b c d e f g h i j k l m 01 02 03 04 05 06 07 08 09 10 11 12 13 n o p q r d t u v e x y z 14 15 16 17 18 19 20 21 22 23 24 25 26 By the Code Table. the code values of the string “key” M1.25 Note that the max value of any code is 26 (it can not over N=33). Web Security : Theory And Applications 32 / 41 .2.

C2 = 53 mod 33. M2= 5. Web Security : Theory And Applications 33 / 41 .2. M3 = 167 mod 33 And we get M1= 11. M2 = 267 mod 33.3 Asymmetric Key Crypt. M3= 25 ⑤ Message recovery By checking the Code Table. Algorithms ③ Encryption By Me= C (mod N) we have C = Me (mod N) That is C1 = 113 mod 33. the string “key” is recovered. C3= 16 ④ Decryption By Cd= M (mod N) we have M = Cd (mod N) That is M1 = 117 mod 33. C3 = 253 mod 33 And we get C1= 11. C2= 26.

Algorithms 2.3 Digital Signatures Web Security : Theory And Applications 34 / 41 .2.3 Asymmetric Key Crypt.3.

2 Symmetric Key Cryptographic Algorithms 2.Outline     2.Chapter 2 .3 Asymmetric Key Cryptographic Algorithms 2.4 Hashing Algorithms • Introduction • Message-Digest Algorithm (MD5)  2.5 Typical Applications Web Security : Theory And Applications 35 / 41 .1 Cryptology Introduction 2.

Introduction  Hashing  Hashing value  Hashing algorithms  Data fingerprint Web Security : Theory And Applications 36 / 41 .2.4.1.4 Hashing Algorithms 2.

Message-Digest Algorithm (MD)  What’s MD5 • • Message-Digest Algorithm 5 128-bits length Web Security : Theory And Applications 37 / 41 .2.4 Hashing Algorithms 2.4.2.

4 • • Show me how MD5 works. Design an executable MD5 program in C with some short samples.2.2.4 Hashing Algorithms  Assignments of Sec. Web Security : Theory And Applications 38 / 41 .

5 Typical Applications • Assignments of Sec.2 Symmetric Key Cryptographic Algorithms  2.4 Hashing Algorithms  2.Chapter 2 . • AES and Wi-Fi protected access. Web Security : Theory And Applications 39 / 41 .1 Cryptology Introduction  2.2.Outline  2.5 – Write a short thesis on one of the three applications • MD5 and password protection. • RSA and electronic business.3 Asymmetric Key Cryptographic Algorithms  2.

http://en. Cryptography and Network Security: Principles and Practice (5th Edition).wikipedia.org/wiki/ Birthday attack Cryptography Data Encryption Standard Diffie–Hellman key exchange Digital signature Hash function Information_security MD5 Public-key cryptography RSA Web Security : Theory And Applications 40 / 41 . William Stallings.References 1. Prentice Hall 2010 2.

Thank you! Web Security : Theory And Applications 41 / 41 .