Upload
paula-small
View
224
Download
5
Embed Size (px)
Citation preview
EE 5900 Fall 03EE 5900 Fall 03
Introduction to Introduction to CryptographyCryptography
OutlineOutline
Introduction to CryptographyIntroduction to Cryptography SecretSecret Key Cryptography Key Cryptography PublicPublic Key Cryptography Key Cryptography HashHash Algorithms Algorithms
Cryptography: DefinitionsCryptography: Definitions
Idea: process data into Idea: process data into unintelligible unintelligible (confidentiality)(confidentiality) form, form, reversiblereversible, without data , without data lossloss
Other security services:Other security services: Integrity Integrity checking: no tamperingchecking: no tampering AuthenticationAuthentication: not an imposter: not an imposter
Plaintext Plaintext encryptionencryption ciphertext ciphertext decryptiondecryption plaintextplaintext Components: Components: AlgorithmAlgorithm + Secret Value (key) + Secret Value (key)
Why need two? Which one to hide?Why need two? Which one to hide?
Secret Key vs. Secret AlgorithmSecret Key vs. Secret Algorithm
Secret algorithm: Secret algorithm: additionaladditional hurdle hurdle Hard to keep secret if used widely:Hard to keep secret if used widely:
Reverse engineering, social engineeringReverse engineering, social engineering CommercialCommercial: published: published
Wide review, trustWide review, trust MilitaryMilitary: avoid giving enemy good ideas: avoid giving enemy good ideas
Computational DifficultyComputational Difficulty Algorithm needs to be Algorithm needs to be efficientefficient..
SecuritySecurity of cryptographic algorithm? of cryptographic algorithm? Most schemes can be broken: depends on $$$.Most schemes can be broken: depends on $$$.
e.g. Try all possible keys.e.g. Try all possible keys. Longer key is often more secureLonger key is often more secure W/ the advance in computer tech., who W/ the advance in computer tech., who benefitsbenefits more? more?
Some Some TrivialTrivial Schemes Schemes Caesar cipher: Caesar cipher: substitutionsubstitution cipher: cipher:
A A D, B D, B E E
Captain Midnight Secret Decoder rings:Captain Midnight Secret Decoder rings: shiftshift variable by variable by nn: IBM : IBM HAL, or : HAL, or :
• (letter + (letter + offsetoffset) mod 26) mod 26 only only 2626 possible ways of secret coding. possible ways of secret coding.
Mono-alphabetic cipher: Mono-alphabetic cipher: generalization, generalization, arbitrary mappingarbitrary mapping of one letter to another of one letter to another 26!, approximately 4 26!, approximately 4 10 1026 26 possible pairings of letterpossible pairings of letter statistical analysis of letter frequenciesstatistical analysis of letter frequencies
Cryptanalysis: Breaking an Cryptanalysis: Breaking an Encryption SchemeEncryption Scheme
Ciphertext only:Ciphertext only: Exhaustive search until “recognizable plaintext”Exhaustive search until “recognizable plaintext” Need enough ciphertextNeed enough ciphertext
Known plaintext:Known plaintext: Secret may be revealed (by spy, time), thus <ciphertext, Secret may be revealed (by spy, time), thus <ciphertext,
plaintext> pair is obtainedplaintext> pair is obtained Great for Great for mono-alphabeticmono-alphabetic ciphers ciphers
Chosen plaintext:Chosen plaintext: Choose text, get encryptedChoose text, get encrypted Useful if limited set of messagesUseful if limited set of messages
Types of cryptographyTypes of cryptography
Secret-keySecret-key crypto: sender, receiver keys crypto: sender, receiver keys identicalidentical (1 key)(1 key) public-key public-key crypto: encryption key crypto: encryption key publicpublic, decryption key , decryption key
private private (2 keys)(2 keys) Hash Hash functions: functions: no keyno key
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
Secret key cryptographySecret key cryptography
Secret keySecret key crypto: Bob and Alice crypto: Bob and Alice shareshare same key K same key K ->->SymmetricSymmetric (conventional)(conventional) cryptography cryptography
Q:Q: how do Bob and Alice how do Bob and Alice agree on keyagree on key value? value? Ciphertext approximately the same length as plaintextCiphertext approximately the same length as plaintext Example: Substitution codes, DES, IDEAExample: Substitution codes, DES, IDEA
e.g., key is knowing substitution e.g., key is knowing substitution patternpattern in mono alphabetic in mono alphabetic substitution ciphersubstitution cipher
A-B
plaintextciphertext
KA-B
encryptionalgorithm
decryption algorithm
KA-B
plaintextmessage, m
K (m)A-B
K (m)A-Bm = K ( )
A-B
Security Uses of Secret Key CryptographySecurity Uses of Secret Key Cryptography
Message transmission (Message transmission (confidentialityconfidentiality): ): Communicate over insecure channelCommunicate over insecure channel
Secure storage: Secure storage: cryptcrypt Strong Strong authenticationauthentication: prove : prove knowledgeknowledge of key without of key without
revealing it (revealing it (Figure 2-1Figure 2-1):): Send Send challenge challenge rr, verify the returned encrypted {, verify the returned encrypted {rr}: }: responseresponse Fred can obtain chosen <plaintext, cihpertext> pairsFred can obtain chosen <plaintext, cihpertext> pairs
• Challenge should chosen from a Challenge should chosen from a large poollarge pool
IntegrityIntegrity check: check: fixed-lengthfixed-length checksumchecksum for message for message via secret key cryptographyvia secret key cryptography Send Send MAC/MIC MAC/MIC along with the messagealong with the message
Symmetric-key cryptographySymmetric-key cryptography AdvantagesAdvantages
high data throughputhigh data throughput relatively relatively short short key sizekey size primitives to construct various cryptographic primitives to construct various cryptographic
mechanismsmechanisms
DisadvantagesDisadvantages the key must remain secret at the key must remain secret at bothboth ends. ends. relatively relatively short lifetimeshort lifetime of the key of the key
Public key cryptographyPublic key cryptography
plaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
Bob’s public key
plaintextmessageK (m)
B+
K B+
Bob’s privatekey
K B-
m = K (K (m))B+
B-
Public Key Cryptography (cont’d)Public Key Cryptography (cont’d) Asymmetric Asymmetric cryptographycryptography Invented/published in 1975Invented/published in 1975
Two keys:Two keys: private ( private (dd), public (), public (ee)) Encryption:Encryption: public key; public key; Decryption:Decryption: private key private key Digital Signatures: Signing Digital Signatures: Signing byby private key; private key; Verification Verification by by
public key. i.e., encrypt public key. i.e., encrypt hashhash hh((mm) with ) with private keyprivate key• Authorship (Authorship (authenticationauthentication))• Integrity: Integrity: Similar to MAC/MIC?Similar to MAC/MIC? • Non-repudiationNon-repudiation: can’t do with secret key cryptography: can’t do with secret key cryptography
Much Much slowerslower than secret key cryptography than secret key cryptography• Can do all jobs SKC doesCan do all jobs SKC does• Usually used Usually used together w/together w/ secret key cryptography secret key cryptography
Security Uses of Public Key CryptographySecurity Uses of Public Key Cryptography
Data transmission (Data transmission (confidentialityconfidentiality):): Alice encrypts Alice encrypts mmaa using using eeBB, Bob decrypts to , Bob decrypts to mmaa
using using ddbb.. Storage: encrypt w/ your Storage: encrypt w/ your public keypublic key Authentication (Authentication (p53p53))::
No need to store secretNo need to store secretss, only need , only need publicpublic keys.keys. Secret key cryptography: need to Secret key cryptography: need to share share secretsecret
keykey for every person to communicate with. for every person to communicate with. Digital Signatures Digital Signatures
(authentication/integrity/non-repudiation)(authentication/integrity/non-repudiation)
Public-key cryptographyPublic-key cryptography AdvantagesAdvantages
only the only the private keyprivate key must be kept secret must be kept secret relatively relatively long life timelong life time of the key of the key more security servicesmore security services relatively relatively efficient digital signatureefficient digital signature mechanisms mechanisms
DisadvantagesDisadvantages low datalow data throughput throughput much larger key sizes much larger key sizes
Summary of comparisonSummary of comparison public-keypublic-key cryptography cryptography
encryptionencryption, , signaturessignatures (particularly, (particularly, non-non-repudiationrepudiation) and key management) and key management
secret-key secret-key cryptographycryptography encryptionencryption and some data and some data integrityintegrity applications applications
Key sizesKey sizes Private keysPrivate keys must be larger ( must be larger (e.g., e.g., 10241024 bits for RSA bits for RSA) )
than than secret keyssecret keys ( (e.g., DES e.g., DES 6464 or AES or AES128128 bits bits))• most attack on secret-key systems is an most attack on secret-key systems is an exhaustive exhaustive
key searchkey search• public-key systems are subject to “short-cut” attacks public-key systems are subject to “short-cut” attacks
(e.g., RSA. (e.g., RSA. factoring 512-bit: 30, 000 MIPS-yearsfactoring 512-bit: 30, 000 MIPS-years))
Hash AlgorithmsHash Algorithms Message digests, one-way transformationsMessage digests, one-way transformations Idea: Idea: input is mangled badly the process can not be input is mangled badly the process can not be
reversed (reversed (compare w/ secret/public key cryptcompare w/ secret/public key crypt)) Properties:Properties:
Length of Length of hh((mm) much ) much shortershorter then length of then length of mm Usually Usually fixed lengthsfixed lengths: 48 -128 bits: 48 -128 bits EasyEasy to compute to compute hh((mm) ) Given Given hh((mm), no easy way to find ), no easy way to find mm Computationally infeasibleComputationally infeasible to find to find mm11, , mm22 s.t. s.t. hh((mm11) = ) =
hh((mm22)) Example: (Example: (mm++cc))22, take middle , take middle nn digits digits
Hash Algorithms (Cont’d)Hash Algorithms (Cont’d) PasswordPassword hashing hashing
Doesn’t need to know password to verify itDoesn’t need to know password to verify it Store Store hh((pp++ss), ), ss (salt), and compare it with the user-entered (salt), and compare it with the user-entered pp SaltSalt makes makes dictionary attackdictionary attack less convenient less convenient
Message Message integrity integrity ->MAC->MAC Agree on a Agree on a shared secretshared secret p ?p ? Compute Compute “keyed hash”“keyed hash” hh((pp||mm) and send w/ ) and send w/ m (m (p56p56)) Doesn’t require encryption algorithm, so the technology is exportableDoesn’t require encryption algorithm, so the technology is exportable
Message Message FingerprintFingerprint: : save storage save storage ((large data structure) Downline Load Downline Load SecuritySecurity: check programs’ hash before running: check programs’ hash before running Digital SignatureDigital Signature Efficiency Efficiency
Much less processor-intensive than best-known public key algorithmMuch less processor-intensive than best-known public key algorithm