You are on page 1of 34

# Introduction to Cryptography C h

## Dr. Nguyen Tuan Nam songuku99@yahoo.com

What Is Cryptography?

## Cryptography comes from the Greek words

= hidden or secret = writing The art of secret writing

Basic service

The ability to send information between participants in a way that prevents others from reading it Representing information as numbers Manipulating those numbers mathematically Integrity checking Authentication

## Plaintext and Ciphertext

Plaintext or cleartext

Message in its original form The Th mangled information l di f ti The process for p p producing ciphertext from p g p plaintext The reverse of encryption
plaintext encryption cyphertext decryption plaintext

Ciphertext

Encryption

Decryption

## Fundamental Tenet of Cryptography

Cryptographers yp g p

## Invent clever secret codes Attempt to break these codes

Cryptanalysts

These 2 disciplines constantly try to keep ahead of each other th r The success of the cryptographers rests on the Fundamental Tenet of Cryptography

If lots of smart people have failed to solve a problem it probably wont be solved (soon)
Nguyen Tuan Nam/NetSec/Win2010 4

Cryptographic System

Involve both

## Why do we need a key? A good cryptographic scheme g yp g p

Perfectly OK to have everyone (including the bad guys and cryptanalysts) know the algorithm Because knowledge of the algorithm without the key does not help un-mangle the information easily unComputational diffi l C i l difficulty
5

## Nguyen Tuan Nam/NetSec/Win2010

Computational Difficulty

Important for cryptographic algorithms to be reasonably efficient for the good guy to compute d t t

## Good guys are the ones with knowledge of the keys

Cryptographic algorithms are not impossible to break without the key. Why? key. The security of a cryptographic scheme depends on how much work it is for the bad guys to break it

10 million years to break using all of the computers in the world considered reasonably secure Combination lock consists of 3 numbers Takes 10 seconds to dial in a combination reasonably convenient for the good guy How much work is it for the bad guy? (worst case, average) Combination lock example?

Example:

Key Lengths

## Computer can be used to exhaustively try keys

Faster than people Dont get tired Thousands or millions of keys can be tried per second More keys can be tried in parallel if you have multiple computers y p y p p Can be made more secure by increasing the length of the key Increasing the length of the key by 1 bits

VariableVariable-length key

Good G d guys job just a bit h d j bj bi harder Bad guys job, how much harder?

FixedFixed-length key

Similar algorithm with a longer key can be devised g g y If the computers get 1000 times faster, how much longer should the key length be?

Quiz

A Bolt Cutter

## Breaking the cryptographic scheme is only one way

A bolt cutter works no matter how many digits are in the combination

Good guys: A kind word is a key to get what you want Bad guys: However you can get further with a kind word However, and a gun than you can with a kind word alone

## To Publish or Not to Publish

View Vi 1
Keeping a cryptographic algorithm as secret as possible

View 2
g g Publishing the algorithm, so that it is widely known

Common practice today Commercial cryptosystems to be published. Some in published the US may be unpublished. Why? Military cryptosystems to be kept secret. Why? secret
Nguyen Tuan Nam/NetSec/Win2010 9

Secret Codes

## Secret code or cipher

Any method of encrypting data Substitute for each letter of the message, the letter which is 3 letters later in h l h b (wrap around) i the alphabet ( d) Pick a number n between 1 and 25 Substitute f each l S b i for h letter of the message, the l f h h letter which i n hi h hi h is higher (wrap around) Arbitrary mapping of one letter to another letter How many possible parings of letters? If took 1 microsecond to try each one take about 10 trillion years However?
Nguyen Tuan Nam/NetSec/Win2010 10

Caesar cipher

## Captain Midnight Secret Decoder rings

MonoMono-alphabetic cipher

What Is This?

Cf lqrxs xsnyctm n eqxxqgsy iqul qf wdcp eqqh, lqr xs eqqh erl lqrx qgt iqul!

11

## The three basic attacks

Ciphertext only Known plaintext Chosen plaintext

12

Ciphertext Only

## Assumption: Fred, the bad guy

Seen some ciphertext (not difficult to obtain) Can analyze at leisure Searches all the keys Essential for this attack:

How

## Combination lock Recognizable plaintext attack XYZ

Enough ciphertext

## Statistical analysis (common English words)

A cryptographic algorithm MUST be secure against a ciphertext only attack. Why? attack
Nguyen Tuan Nam/NetSec/Win2010 13

Known Plaintext

Fred somehow obtained some <plaintext, ciphertext> pairs. How? With a mono-alphabetic cipher mono

## Some cryptographic schemes

Good enough to be secure against ciphertext only attacks Not good enough against known plaintext attacks Important to design the systems to minimize the possibility that a bad guy will ever be able to obtain <plaintext, p pairs ciphertext> p

## Nguyen Tuan Nam/NetSec/Win2010 14

Chosen Plaintext

Fred
Can choose any plaintext he wants Get the system to tell him what the corresponding ciphertext is How could it happen?

15

## Three kinds of cryptographic functions

Public key functions: two keys Secret key functions: one key Hash functions: zero key

16

## Given a message (plaintext) and a key Encryption produces

Unintelligible data which is about the same length as the plaintext data, was Using the same key as encryption g y yp

Also called

Example?

17

## Security Uses of Secret Key Cryptography

Transmitting over an insecure channel Secure storage on insecure media Authentication A h i i Integrity check

18

## Authentication Using Secret Key Cryptography

Strong authentication g

Someone can prove knowledge of a secret without revealing it Possible ith P ibl with cryptography t h Particularly useful when 2 computers trying to communicate over an insecure network Alice
rA rA encrypted with KAB rB

Bob

## rB encrypted with KAB

Nguyen Tuan Nam/NetSec/Win2010

Problem?
19

Integrity Check

What is a checksum?

## Original derivation of checksum CRC

Only protect against faulty hardware, but not an intelligent attacker CRC algorithms are published attacker can re-compute CRC after altering the remessage needs secret checksum algorithms

Cryptographic checksum

Common (known) algorithm Secret key At least 48 bits long chance is only one in 280 trillion to guess the MAC InterInter-bank electronic funds transfers Messages are not kept secret, but their integrity is insured

Example

20

## Relatively new field, invented in 1975 Involves the use of 2 key

A private key that is not revealed to anyone A public key that is preferably known to the entire world No shared key between the 2 communicating parties

21

## Public Key Cryptography Encryption and Digital Signature

plaintext encryption encr ption ciphertext decryption decr ption plaintext

public key

private key

plaintext

signing

signed message

verification

plaintext

private key

public key

## Nguyen Tuan Nam/NetSec/Win2010

22

Quiz

What are the differences between a checksum and a digital signature? What are the differences between a MAC and a digital signature?

23

## Security Uses of Public Key Cryptography

Public key cryptography can do anything secret key cryptography can do Might be used in the beginning of communication to
Authenticate Establish a temporary shared secret key The secret key is used to encrypt the remainder of y yp the conversation using secret key technology Why?

Scenario

25

26

27

Authentication

## Public key technology:

Remember only his private keys Know (be able to obtain) others public key ( ) p y

## Does not need to keep any secret in order to verify others

Nguyen Tuan Nam/NetSec/Win2010 28

Digital Signatures

## Nguyen Tuan Nam/NetSec/Win2010

29

Hash Algorithms

Also known as message digests or one-way g g one- y transformations Mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length b d fixedd (short) number h(m) is the hash of a message m, with the following m properties

For any message m, relatively easy to compute h(m) y g y y p ( ) Given h(m), no way to find an m that hashes to h(m) It is computationally infeasible to find 2 values that hash to the same thing
Nguyen Tuan Nam/NetSec/Win2010 30

/etc/passwd

## Nguyen Tuan Nam/NetSec/Win2010

31

Message Integrity

Cryptographic hash function can be used to generate a MAC to protect the integrity Method 1:
Sent the message Use the h h of the message as a MAC U h hash f h

Method 2?

## Nguyen Tuan Nam/NetSec/Win2010

32

Message Fingerprint

Want to know whether some large data structure has been modified
Method 1: keep another copy Method 2: use a hash function (save storage)

Watch out W h

Bad guy may changes both the data and the hash program

33

## Digital Signature Efficiency

Public key algorithms are sufficiently processorprocessorintensive Compute a message digest of the message Digitally sign the hash result, instead of the whole message h l

34