EE 5900 Fall 03EE 5900 Fall 03

Introduction to Introduction to CryptographyCryptography

OutlineOutline

Introduction to CryptographyIntroduction to Cryptography SecretSecret Key Cryptography Key Cryptography PublicPublic Key Cryptography Key Cryptography HashHash Algorithms Algorithms

Cryptography: DefinitionsCryptography: Definitions

Idea: process data into Idea: process data into unintelligible unintelligible (confidentiality)(confidentiality) form, form, reversiblereversible, without data , without data lossloss

Other security services:Other security services: Integrity Integrity checking: no tamperingchecking: no tampering AuthenticationAuthentication: not an imposter: not an imposter

Plaintext Plaintext encryptionencryption ciphertext ciphertext decryptiondecryption plaintextplaintext Components: Components: AlgorithmAlgorithm + Secret Value (key) + Secret Value (key)

Why need two? Which one to hide?Why need two? Which one to hide?

Secret Key vs. Secret AlgorithmSecret Key vs. Secret Algorithm

Secret algorithm: Secret algorithm: additionaladditional hurdle hurdle Hard to keep secret if used widely:Hard to keep secret if used widely:

Reverse engineering, social engineeringReverse engineering, social engineering CommercialCommercial: published: published

Wide review, trustWide review, trust MilitaryMilitary: avoid giving enemy good ideas: avoid giving enemy good ideas

Computational DifficultyComputational Difficulty Algorithm needs to be Algorithm needs to be efficientefficient..

SecuritySecurity of cryptographic algorithm? of cryptographic algorithm? Most schemes can be broken: depends on $$$.Most schemes can be broken: depends on $$$.

e.g. Try all possible keys.e.g. Try all possible keys. Longer key is often more secureLonger key is often more secure W/ the advance in computer tech., who W/ the advance in computer tech., who benefitsbenefits more? more?

Some Some TrivialTrivial Schemes Schemes Caesar cipher: Caesar cipher: substitutionsubstitution cipher: cipher:

A A D, B D, B E E

Captain Midnight Secret Decoder rings:Captain Midnight Secret Decoder rings: shiftshift variable by variable by nn: IBM : IBM HAL, or : HAL, or :

• (letter + (letter + offsetoffset) mod 26) mod 26 only only 2626 possible ways of secret coding. possible ways of secret coding.

Mono-alphabetic cipher: Mono-alphabetic cipher: generalization, generalization, arbitrary mappingarbitrary mapping of one letter to another of one letter to another 26!, approximately 4 26!, approximately 4 10 1026 26 possible pairings of letterpossible pairings of letter statistical analysis of letter frequenciesstatistical analysis of letter frequencies

Cryptanalysis: Breaking an Cryptanalysis: Breaking an Encryption SchemeEncryption Scheme

Ciphertext only:Ciphertext only: Exhaustive search until “recognizable plaintext”Exhaustive search until “recognizable plaintext” Need enough ciphertextNeed enough ciphertext

Known plaintext:Known plaintext: Secret may be revealed (by spy, time), thus <ciphertext, Secret may be revealed (by spy, time), thus <ciphertext,

plaintext> pair is obtainedplaintext> pair is obtained Great for Great for mono-alphabeticmono-alphabetic ciphers ciphers

Chosen plaintext:Chosen plaintext: Choose text, get encryptedChoose text, get encrypted Useful if limited set of messagesUseful if limited set of messages

Types of cryptographyTypes of cryptography

Secret-keySecret-key crypto: sender, receiver keys crypto: sender, receiver keys identicalidentical (1 key)(1 key) public-key public-key crypto: encryption key crypto: encryption key publicpublic, decryption key , decryption key

private private (2 keys)(2 keys) Hash Hash functions: functions: no keyno key

plaintext plaintextciphertext

KA

encryptionalgorithm

decryption algorithm

Alice’s encryptionkey

Bob’s decryptionkey

KB

Secret key cryptographySecret key cryptography

Secret keySecret key crypto: Bob and Alice crypto: Bob and Alice shareshare same key K same key K ->->SymmetricSymmetric (conventional)(conventional) cryptography cryptography

Q:Q: how do Bob and Alice how do Bob and Alice agree on keyagree on key value? value? Ciphertext approximately the same length as plaintextCiphertext approximately the same length as plaintext Example: Substitution codes, DES, IDEAExample: Substitution codes, DES, IDEA

e.g., key is knowing substitution e.g., key is knowing substitution patternpattern in mono alphabetic in mono alphabetic substitution ciphersubstitution cipher

A-B

plaintextciphertext

KA-B

encryptionalgorithm

decryption algorithm

KA-B

plaintextmessage, m

K (m)A-B

K (m)A-Bm = K ( )

A-B

Security Uses of Secret Key CryptographySecurity Uses of Secret Key Cryptography

Message transmission (Message transmission (confidentialityconfidentiality): ): Communicate over insecure channelCommunicate over insecure channel

Secure storage: Secure storage: cryptcrypt Strong Strong authenticationauthentication: prove : prove knowledgeknowledge of key without of key without

revealing it (revealing it (Figure 2-1Figure 2-1):): Send Send challenge challenge rr, verify the returned encrypted {, verify the returned encrypted {rr}: }: responseresponse Fred can obtain chosen <plaintext, cihpertext> pairsFred can obtain chosen <plaintext, cihpertext> pairs

• Challenge should chosen from a Challenge should chosen from a large poollarge pool

IntegrityIntegrity check: check: fixed-lengthfixed-length checksumchecksum for message for message via secret key cryptographyvia secret key cryptography Send Send MAC/MIC MAC/MIC along with the messagealong with the message

Symmetric-key cryptographySymmetric-key cryptography AdvantagesAdvantages

high data throughputhigh data throughput relatively relatively short short key sizekey size primitives to construct various cryptographic primitives to construct various cryptographic

mechanismsmechanisms

DisadvantagesDisadvantages the key must remain secret at the key must remain secret at bothboth ends. ends. relatively relatively short lifetimeshort lifetime of the key of the key

Public key cryptographyPublic key cryptography

plaintextmessage, m

ciphertextencryptionalgorithm

decryption algorithm

Bob’s public key

plaintextmessageK (m)

B+

K B+

Bob’s privatekey

K B-

m = K (K (m))B+

B-

Public Key Cryptography (cont’d)Public Key Cryptography (cont’d) Asymmetric Asymmetric cryptographycryptography Invented/published in 1975Invented/published in 1975

Two keys:Two keys: private ( private (dd), public (), public (ee)) Encryption:Encryption: public key; public key; Decryption:Decryption: private key private key Digital Signatures: Signing Digital Signatures: Signing byby private key; private key; Verification Verification by by

public key. i.e., encrypt public key. i.e., encrypt hashhash hh((mm) with ) with private keyprivate key• Authorship (Authorship (authenticationauthentication))• Integrity: Integrity: Similar to MAC/MIC?Similar to MAC/MIC? • Non-repudiationNon-repudiation: can’t do with secret key cryptography: can’t do with secret key cryptography

Much Much slowerslower than secret key cryptography than secret key cryptography• Can do all jobs SKC doesCan do all jobs SKC does• Usually used Usually used together w/together w/ secret key cryptography secret key cryptography

Security Uses of Public Key CryptographySecurity Uses of Public Key Cryptography

Data transmission (Data transmission (confidentialityconfidentiality):): Alice encrypts Alice encrypts mmaa using using eeBB, Bob decrypts to , Bob decrypts to mmaa

using using ddbb.. Storage: encrypt w/ your Storage: encrypt w/ your public keypublic key Authentication (Authentication (p53p53))::

No need to store secretNo need to store secretss, only need , only need publicpublic keys.keys. Secret key cryptography: need to Secret key cryptography: need to share share secretsecret

keykey for every person to communicate with. for every person to communicate with. Digital Signatures Digital Signatures

(authentication/integrity/non-repudiation)(authentication/integrity/non-repudiation)

Public-key cryptographyPublic-key cryptography AdvantagesAdvantages

only the only the private keyprivate key must be kept secret must be kept secret relatively relatively long life timelong life time of the key of the key more security servicesmore security services relatively relatively efficient digital signatureefficient digital signature mechanisms mechanisms

DisadvantagesDisadvantages low datalow data throughput throughput much larger key sizes much larger key sizes

Summary of comparisonSummary of comparison public-keypublic-key cryptography cryptography

encryptionencryption, , signaturessignatures (particularly, (particularly, non-non-repudiationrepudiation) and key management) and key management

secret-key secret-key cryptographycryptography encryptionencryption and some data and some data integrityintegrity applications applications

Key sizesKey sizes Private keysPrivate keys must be larger ( must be larger (e.g., e.g., 10241024 bits for RSA bits for RSA) )

than than secret keyssecret keys ( (e.g., DES e.g., DES 6464 or AES or AES128128 bits bits))• most attack on secret-key systems is an most attack on secret-key systems is an exhaustive exhaustive

key searchkey search• public-key systems are subject to “short-cut” attacks public-key systems are subject to “short-cut” attacks

(e.g., RSA. (e.g., RSA. factoring 512-bit: 30, 000 MIPS-yearsfactoring 512-bit: 30, 000 MIPS-years))

Hash AlgorithmsHash Algorithms Message digests, one-way transformationsMessage digests, one-way transformations Idea: Idea: input is mangled badly the process can not be input is mangled badly the process can not be

reversed (reversed (compare w/ secret/public key cryptcompare w/ secret/public key crypt)) Properties:Properties:

Length of Length of hh((mm) much ) much shortershorter then length of then length of mm Usually Usually fixed lengthsfixed lengths: 48 -128 bits: 48 -128 bits EasyEasy to compute to compute hh((mm) ) Given Given hh((mm), no easy way to find ), no easy way to find mm Computationally infeasibleComputationally infeasible to find to find mm11, , mm22 s.t. s.t. hh((mm11) = ) =

hh((mm22)) Example: (Example: (mm++cc))22, take middle , take middle nn digits digits

Hash Algorithms (Cont’d)Hash Algorithms (Cont’d) PasswordPassword hashing hashing

Doesn’t need to know password to verify itDoesn’t need to know password to verify it Store Store hh((pp++ss), ), ss (salt), and compare it with the user-entered (salt), and compare it with the user-entered pp SaltSalt makes makes dictionary attackdictionary attack less convenient less convenient

Message Message integrity integrity ->MAC->MAC Agree on a Agree on a shared secretshared secret p ?p ? Compute Compute “keyed hash”“keyed hash” hh((pp||mm) and send w/ ) and send w/ m (m (p56p56)) Doesn’t require encryption algorithm, so the technology is exportableDoesn’t require encryption algorithm, so the technology is exportable

Message Message FingerprintFingerprint: : save storage save storage ((large data structure) Downline Load Downline Load SecuritySecurity: check programs’ hash before running: check programs’ hash before running Digital SignatureDigital Signature Efficiency Efficiency

Much less processor-intensive than best-known public key algorithmMuch less processor-intensive than best-known public key algorithm