This action might not be possible to undo. Are you sure you want to continue?
Dr. Nguyen Tuan Nam email@example.com
What Is Cryptography?
Cryptography comes from the Greek words
κρυπτός = hidden or secret γράφω = writing The art of secret writing
The ability to send information between participants in a way that prevents others from reading it Representing information as numbers Manipulating those numbers mathematically Integrity checking Authentication
The Th scope of thi class: kind of cryptography where f this l ki d f t h h
Provides th P id other services such as i h
Nguyen Tuan Nam/NetSec/Win2010
Plaintext and Ciphertext
Plaintext or cleartext
Message in its original form The Th mangled information l di f ti The process for p p producing ciphertext from p g p plaintext The reverse of encryption
plaintext encryption cyphertext decryption plaintext
Nguyen Tuan Nam/NetSec/Win2010
Fundamental Tenet of Cryptography Cryptographers yp g p Invent clever secret codes Attempt to break these codes Cryptanalysts These 2 disciplines constantly try to keep ahead of each other th r The success of the cryptographers rests on the Fundamental Tenet of Cryptography If lots of smart people have failed to solve a problem it probably won’t be solved (soon) Nguyen Tuan Nam/NetSec/Win2010 4 .
y Why do we need a key? A good cryptographic scheme g yp g p Perfectly OK to have everyone (including the bad guys and cryptanalysts) know the algorithm Because knowledge of the algorithm without the key does not help un-mangle the information easily unComputational diffi l C i l difficulty 5 How H good should i b ? d h ld it be? Nguyen Tuan Nam/NetSec/Win2010 .Cryptographic System Involve both An algorithm A secret value. known as a key value.
Why? key. average) Combination lock example? Example: A scheme can be made more secure by making the key longer Nguyen Tuan Nam/NetSec/Win2010 6 . The security of a cryptographic scheme depends on how much work it is for the bad guys to break it 10 million years to break using all of the computers in the world considered reasonably secure Combination lock consists of 3 numbers Takes 10 seconds to dial in a combination reasonably convenient for the good guy How much work is it for the bad guy? (worst case.Computational Difficulty Important for cryptographic algorithms to be reasonably efficient for the good guy to compute d t t Good guys are the ones with knowledge of the keys Cryptographic algorithms are not impossible to break without the key.
how much longer should the key length be? Quiz Nguyen Tuan Nam/NetSec/Win2010 7 . how much harder? FixedFixed-length key Similar algorithm with a longer key can be devised g g y If the computers get 1000 times faster.Key Lengths Computer can be used to exhaustively try keys Faster than people Don’t get tired Thousands or millions of keys can be tried per second More keys can be tried in parallel if you have multiple computers y p y p p Can be made more secure by increasing the length of the key Increasing the length of the key by 1 bits VariableVariable-length key Good G d guy’s job just a bit h d ’ j bj bi harder Bad guy’s job.
A Bolt Cutter Breaking the cryptographic scheme is only one way A bolt cutter works no matter how many digits are in the combination Good guys: A kind word is a key to get what you want Bad guys: However you can get further with a kind word However. and a gun than you can with a kind word alone Nguyen Tuan Nam/NetSec/Win2010 8 .
Why? Military cryptosystems to be kept secret. Some in published the US may be unpublished.To Publish or Not to Publish View Vi 1 Keeping a cryptographic algorithm as secret as possible View 2 g g Publishing the algorithm. Why? secret Nguyen Tuan Nam/NetSec/Win2010 9 . so that it is widely known Common practice today Commercial cryptosystems to be published.
the l f h h letter which i n hi h hi h is higher (wrap around) Arbitrary mapping of one letter to another letter How many possible parings of letters? If took 1 microsecond to try each one take about 10 trillion years However? Nguyen Tuan Nam/NetSec/Win2010 10 Caesar cipher Captain Midnight Secret Decoder rings MonoMono-alphabetic cipher . the letter which is 3 letters later in h l h b (wrap around) i the alphabet ( d) Pick a number n between 1 and 25 Substitute f each l S b i for h letter of the message.Secret Codes Secret code or cipher Any method of encrypting data Substitute for each letter of the message.
lqr xs eqqh erl lqrx qgt iqul! Nguyen Tuan Nam/NetSec/Win2010 11 .What Is This? Cf lqr’xs xsnyctm n eqxxqgsy iqul qf wdcp eqqh.
Breaking an Encryption Scheme The three basic attacks Ciphertext only Known plaintext Chosen plaintext Nguyen Tuan Nam/NetSec/Win2010 12 .
Why? attack Nguyen Tuan Nam/NetSec/Win2010 13 .Ciphertext Only Assumption: Fred. not necessary to search through a l of k S i h h h lot f keys Statistical analysis (common English words) A cryptographic algorithm MUST be secure against a ciphertext only attack. the bad guy Seen some ciphertext (not difficult to obtain) Can analyze at leisure Searches all the keys Essential for this attack: How Recognize when he has succeeded Combination lock Recognizable plaintext attack XYZ Enough ciphertext Sometimes.
How? With a mono-alphabetic cipher mono A small amount of known plaintext would be bonanza for Fred Some cryptographic schemes Good enough to be secure against ciphertext only attacks Not good enough against known plaintext attacks Important to design the systems to minimize the possibility that a bad guy will ever be able to obtain <plaintext. p pairs ciphertext> p Nguyen Tuan Nam/NetSec/Win2010 14 . ciphertext> pairs.Known Plaintext Fred somehow obtained some <plaintext.
Chosen Plaintext Fred Can choose any plaintext he wants Get the system to tell him what the corresponding ciphertext is How could it happen? Nguyen Tuan Nam/NetSec/Win2010 15 .
Types of Cryptographic Functions Three kinds of cryptographic functions Public key functions: two keys Secret key functions: one key Hash functions: … zero key Nguyen Tuan Nam/NetSec/Win2010 16 .
Secret Key Cryptography Involves the use of a single key g y Given a message (plaintext) and a key Encryption produces Unintelligible data which is about the same length as the plaintext data. was Using the same key as encryption g y yp Decryption is the reverse Also called Conventional cryptography Symmetric r pt r ph S mm tri cryptography Example? Nguyen Tuan Nam/NetSec/Win2010 17 .
Security Uses of Secret Key Cryptography Transmitting over an insecure channel Secure storage on insecure media Authentication A h i i Integrity check Nguyen Tuan Nam/NetSec/Win2010 18 .
Authentication Using Secret Key Cryptography Strong authentication g Someone can prove knowledge of a secret without revealing it Possible ith P ibl with cryptography t h Particularly useful when 2 computers trying to communicate over an insecure network Alice rA rA encrypted with KAB rB Bob rB encrypted with KAB Nguyen Tuan Nam/NetSec/Win2010 Problem? 19 .
but their integrity is insured MAC (message authentication code) or MIC (message integrity code) Example Nguyen Tuan Nam/NetSec/Win2010 20 . but not an intelligent attacker CRC algorithms are published attacker can re-compute CRC after altering the remessage needs secret checksum algorithms Cryptographic checksum Common (known) algorithm Secret key At least 48 bits long chance is only one in 280 trillion to guess the MAC InterInter-bank electronic funds transfers Messages are not kept secret.Integrity Check What is a checksum? Original derivation of checksum CRC Only protect against faulty hardware.
Public Key Cryptography Relatively new field. invented in 1975 Involves the use of 2 key A private key that is not revealed to anyone A public key that is preferably known to the entire world No shared key between the 2 communicating parties Nguyen Tuan Nam/NetSec/Win2010 21 .
Public Key Cryptography – Encryption and Digital Signature plaintext encryption encr ption ciphertext decryption decr ption plaintext public key private key plaintext signing signed message verification plaintext private key public key Nguyen Tuan Nam/NetSec/Win2010 22 .
Quiz What are the differences between a checksum and a digital signature? What are the differences between a MAC and a digital signature? Nguyen Tuan Nam/NetSec/Win2010 23 .
Security Uses of Public Key Cryptography Public key cryptography can do anything secret key cryptography can do Might be used in the beginning of communication to Authenticate Establish a temporary shared secret key The secret key is used to encrypt the remainder of y yp the conversation using secret key technology Why? Nguyen Tuan Nam/NetSec/Win2010 24 .
Scenario Alice wants to talk to Bob securely What should happen? Nguyen Tuan Nam/NetSec/Win2010 25 .
Transmitting Over an Insecure Channel Using public key cryptography to encrypt message before transmitting How? Nguyen Tuan Nam/NetSec/Win2010 26 .
Secure Storage on Insecure Media Same as secret key cryptography For performance reasons Use U together with secret k cryptography h ih key h Nguyen Tuan Nam/NetSec/Win2010 27 .
Authentication If Bob wants to prove his identity to lots of entities Secret key technology: Remember lots of secret keys Public key technology: Remember only his private keys Know (be able to obtain) others’ public key ( ) p y Does not need to keep any secret in order to verify others Nguyen Tuan Nam/NetSec/Win2010 28 .
Digital Signatures Nguyen Tuan Nam/NetSec/Win2010 29 .
with the following m properties For any message m.Hash Algorithms Also known as message digests or one-way g g one. no way to find an m that hashes to h(m) It is computationally infeasible to find 2 values that hash to the same thing Nguyen Tuan Nam/NetSec/Win2010 30 . relatively easy to compute h(m) y g y y p ( ) Given h(m).y transformations Mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length b d fixedd (short) number h(m) is the hash of a message m.
Password Hashing /etc/passwd Used to be publicly readable Shadow file Nguyen Tuan Nam/NetSec/Win2010 31 .
Message Integrity Cryptographic hash function can be used to generate a MAC to protect the integrity Method 1: Sent the message Use the h h of the message as a MAC U h hash f h Method 2? Nguyen Tuan Nam/NetSec/Win2010 32 .
Message Fingerprint Want to know whether some large data structure has been modified Method 1: keep another copy Method 2: use a hash function (save storage) Watch out W h Bad guy may changes both the data and the hash program Nguyen Tuan Nam/NetSec/Win2010 33 .
instead of the whole message h l Nguyen Tuan Nam/NetSec/Win2010 34 .Digital Signature Efficiency Public key algorithms are sufficiently processorprocessorintensive Compute a message digest of the message Digitally sign the hash result.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.