Upload
elian-ackley
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Tutorial on Encryption Page : 1
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Fundamentals ofFundamentals ofSecurity in Communication SystemsSecurity in Communication Systems
overview tutorialoverview tutorial
ByByDr. Muhammad ElrabaaDr. Muhammad Elrabaa
Tutorial on Encryption Page : 2
COE Dept. KFUPM
Dr. M. Elrabaa 2002
• The Story of Security Science• Traditional Secret Key Systems• Public Key Systems• Protocols
• Identification• Secrecy
• Modern Standards
Outlines
Tutorial on Encryption Page : 3
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Communication Security ObjectivesCommunication Security Objectives
• Secrecy• Authentication
Employs Cryptographic mechanisms
Tutorial on Encryption Page : 4
COE Dept. KFUPM
Dr. M. Elrabaa 2002
IT Security BusinessIT Security Business• Increases very rapidly such as: E-commerce, M-Commerce => Security business in IT is increasing exponentially !
• We still have serious security gaps : - e.g. Virus damage per year is 1.6 Billion $ - “I love you” Virus damage was in year 2000 about 2 600 Mil. $
Tutorial on Encryption Page : 5
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Can We trust Can We trust Modern Information Technology ?Modern Information Technology ?
Answer at the end of presentation
Tutorial on Encryption Page : 6
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Cryptographic SecurityCryptographic Security
Unconditionally secure: System impossible to break with any means (whatever)One impractical System is only known !
Practically Secure:System possible to break with any means (whatever)Many modern practical systems are known
Tutorial on Encryption Page : 7
COE Dept. KFUPM
Dr. M. Elrabaa 2002
ConventionalConventionalSecret Key CryptographySecret Key Cryptography
Fundamental ConceptsFundamental Concepts
Tutorial on Encryption Page : 8
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Secret Key Cryptography
K-open = K-close
(Symmetric System)
Open and close with the same key
Tutorial on Encryption Page : 9
COE Dept. KFUPM
Dr. M. Elrabaa 2002
SENDER RECEIVER
Secret Key Crypto-System : mechanical analogSecret Key Crypto-System : mechanical analog
MessageZ
Lock
Z
Key = Z Secret key agreement Key = Z
Message
Tutorial on Encryption Page : 10
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Y = E (Z,X)
Channel Message
Sender Receiver
MessageX E ( Z,X )
Secret Key Channel
D ( Z,Y ) X
Conventional Cryptography till 1976 : Conventional Cryptography till 1976 : Secret Key systemsSecret Key systems
Z
Ciphering De-Ciphering
Secret Key = Z
Z
Known locks as Standard
Tutorial on Encryption Page : 11
COE Dept. KFUPM
Dr. M. Elrabaa 2002
The Perfect Cipher: Vernam (AT&T 1926)
proved to be unbreakable by Shannon (AT&T 1949)
One Time secret Key One Time secret Key
Key length = Clear text length (Shannon 1949)
Key-tape Key-tape
Cipher Text X+Z
Clear Text X
Z
+Clear Text X+Z+Z=X
+
Z
Tutorial on Encryption Page : 12
COE Dept. KFUPM
Dr. M. Elrabaa 2002
CombinationalLogic
Message X
n
Key Z
n
CryptogramY
n
Block-CiphersBlock-Ciphers
Tutorial on Encryption Page : 13
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Standard Block-CiphersStandard Block-Ciphers• DES : Data Encryption Standard, IBM ( NIST) 1976 (USA)
• IDEA (J. Massey and Lai) 1990 (Europe)
• FEAL NTT 1989 (Japan)
• A5 GSM (Secret Cipher) (Europe)
Replaed by KASUMI 1999 UMTS/3GPP (Mitsubishi Japan)
• AES Advanced Encryption Standard (NIST):
New international standard RijndaelRijndael Belgium ( Oct. 2000)
Tutorial on Encryption Page : 14
COE Dept. KFUPM
Dr. M. Elrabaa 2002
CombinationalLogic
Message
64
Key
64
Cryptogram64
DES: DDES: Dataata E Encryptionncryption S Standardtandard
1976 NIST / IBM1976 NIST / IBM
Tutorial on Encryption Page : 15
COE Dept. KFUPM
Dr. M. Elrabaa 2002
The Core of DES Cipher
Round 2
Round 1
Round 3
Round 16
.
.
.
In (64 Bits)
Out (64 Bits)
Key Map
Key (64 Bits)
Tutorial on Encryption Page : 16
COE Dept. KFUPM
Dr. M. Elrabaa 2002
DES Round StructureDES Round Structure
L R
L´ R´
Ki
(32 Bits each)
(32 Bits each)
Tutorial on Encryption Page : 17
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Involution
M 1
M2
M 2
M1
F x F = 1 F = F-1
F
M 1
M2
F
Tutorial on Encryption Page : 18
COE Dept. KFUPM
Dr. M. Elrabaa 2002
L R
Kif
L + f(Ki,R) R
Kif
L R
f(Ki,R)
Involution
Tutorial on Encryption Page : 19
COE Dept. KFUPM
Dr. M. Elrabaa 2002
DESDES is is still still not broken !!not broken !!and there is and there is
No proof that DES can not be broken !!No proof that DES can not be broken !!
ThisThis Dilemma Dilemma characterises virtually characterises virtually all practical crypto-systems all practical crypto-systems
Tutorial on Encryption Page : 20
COE Dept. KFUPM
Dr. M. Elrabaa 2002
A bad example of secret Cryptography:A bad example of secret Cryptography:
!! A5 structure was never been made public !! !! A5 structure was never been made public !!
GSM GSM A5A5 Mobile Mobile Confidentiality CipherConfidentiality Cipher
Tutorial on Encryption Page : 21
COE Dept. KFUPM
Dr. M. Elrabaa 2002
GSMGSM:: Mobile Phone Mobile Phone A5A5 Stream-Cipher Stream-CipherPublished by Berkely Students, Attacked by Shamir 1999Published by Berkely Students, Attacked by Shamir 1999
LFSR1
LFSR2
LFSR3
Clock Control(majority function)
C
C
C
Stop/go-1
Stop/go-2
Stop/go-3
Z(t)
length = 23 Bits
length = 22 Bits
length = 19 Bits
Effective key length = 40 Bits ?
/1
/1
/1
Linear Feedback Shift Register
Tutorial on Encryption Page : 22
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Basic Linear Feedback Shift Register Basic Linear Feedback Shift Register LFSRLFSR ExampleExample
C(D) = D3 + D + 1is a primitive Polynomial with Period N = 23-1 = 7.
Cycle structure is {1(1), 1(7)}.
Tutorial on Encryption Page : 23
COE Dept. KFUPM
Dr. M. Elrabaa 2002
KASUMI KASUMI CipherCipher
to replaceto replace A5A5
Original Cipher: Mitsubishi’s “ Original Cipher: Mitsubishi’s “ MISTYMISTY” 1997” 1997
Standardized for UMTS/3GPP (March 2000)Standardized for UMTS/3GPP (March 2000)
MISTY KASUMI
Tutorial on Encryption Page : 24
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Recursive Structure of MISTY
FO
FO
FO
3232
FO
FO
FO
3232
FI
FI
FI
1616
MISTY1 Level 1 (n round)
MISTY2 Level 1 (n round)
FO Level 2 (3 round)
FI Level 3 (3 round)
S9
S7
S9
79
Tutorial on Encryption Page : 25
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Table of S9 over GF (29) Table of S7 over GF (27)
451,203,339,415,483,233,251, 53,385,185,279,491,307, 9, 45,211,199,330, 55,126,235,356,403,472,163,286, 85, 44, 29,418,355,280,331,338,466, 15, 43, 48,314,229,273,312,398, 99,227,200,500, 27,1,157,248,416,365,499, 28,326,125,209,130,490,387,301,244,414,467,221,482,296,480,236, 89,145, 17,303, 38,220,176,396,271,503,231,364,182,249,216,337,257,332,259,184,340,299,430, 23,113, 12,71, 88,127,420,308,297,132,349,413,434,419, 72,124, 81,458, 35,317,423,357, 59, 66,218,402,206,193,107,159,497,300,388,250,406,481,361,381, 49,384,266,148,474,390,318,284, 96,373,463,103,281,101,104,153,336, 8, 7,380,183, 36, 25,222,295,219,228,425, 82,265,144,412,449, 40,435,309,362,374,223,485,392,197,366,478,433,195,479, 54,238,494,240,147, 73,154,438,105,129,293, 11, 94,180,329,455,372, 62,315,439,142,454,174, 16,149,495, 78,242,509,133,253,246,160,367,131,138,342,155,316,263,359,152,464,489, 3,510,189,290,137,210,399, 18, 51,106,322,237,368,283,226,335,344,305,327, 93,275,461,121,353,421,377,158,436,204, 34,306, 26,232, 4,391,493,407, 57,447,471, 39,395,198,156,208,334,108, 52,498,110,202, 37,186,401,254, 19,262, 47,429,370,475,192,267,470,245,492,269,118,276,427,117,268,484,345, 84,287, 75,196,446,247, 41,164,14,496,119, 77,378,134,139,179,369,191,270,260,151,347,352,360,215,187,102,462,252,146,453,111, 22, 74,161,313,175,241,400, 10,426,323,379, 86,397,358,212,507,333,404,410,135,504,291,167,440,321, 60,505,320, 42,341,282,417,408,213,294,431, 97,302,343,476,114,394,170,150,277,239, 69,123,141,325, 83, 95,376,178, 46, 32,469, 63,457,487,428, 68, 56, 20,177,363,171,181, 90,386,456,468,24,375,100,207,109,256,409,304,346, 5,288,443,445,224, 79,214,319,452,298, 21, 6,255,411,166, 67,136, 80,351,488,289,115,382,188,194,201,371,393,501,116,460,486,424,405, 31, 65, 13,442, 50,61,465,128,168, 87,441,354,328,217,261, 98,122, 33,511,274,264,448,169,285,432,422,205,243, 92,258, 91,473,324,502,173,165, 58,459,310,383, 70,225, 30,477,230,311,506,389,140,143, 64,437,190,120, 0,172,272,350,292, 2,444,162,234,112,508,278,348, 76,450
27, 50, 51, 90, 59, 16, 23, 84, 91, 26,114,115,107, 44,102, 73,
31, 36, 19,108, 55, 46, 63, 74, 93, 15, 64, 86, 37, 81, 28, 4,
11, 70, 32, 13,123, 53, 68, 66, 43, 30, 65, 20, 75,121, 21,111,
14, 85, 9, 54,116, 12,103, 83, 40, 10,126, 56, 2, 7, 96, 41,
25, 18,101, 47, 48, 57, 8,104, 95,120, 42, 76,100, 69,117, 61,
89, 72, 3, 87,124, 79, 98, 60, 29, 33, 94, 39,106,112, 77, 58,
1,109,110, 99, 24,119, 35, 5, 38,118, 0, 49, 45,122,127, 97,
80, 34, 17, 6, 71, 22, 82, 78,113, 62,105, 67, 52, 92, 88,125
Structure of MISTY
Tutorial on Encryption Page : 26
COE Dept. KFUPM
Dr. M. Elrabaa 2002
ExpectExpectKAZUMIKAZUMI
in your 3rd Generation Mobile Phone in your 3rd Generation Mobile Phone 20032003
Tutorial on Encryption Page : 27
COE Dept. KFUPM
Dr. M. Elrabaa 2002
- - StillStill not broken !!not broken !!- - No proofNo proof that KASUMI can not be broken !! that KASUMI can not be broken !!
Two contradictory statements !!Two contradictory statements !!Hold virtually for all practical security systemsHold virtually for all practical security systems
KASUMIKASUMIis Publicly Evaluatedis Publicly Evaluated
Tutorial on Encryption Page : 28
COE Dept. KFUPM
Dr. M. Elrabaa 2002
AAdvanced dvanced EEncryptionncryption S StandardtandardNational Institute of Science and Technology NISTNational Institute of Science and Technology NIST
1998-20011998-2001
AES Winner Algorithm:AES Winner Algorithm:The The Rijndael Rijndael Block CipherBlock Cipher
Decision Oct. 2000Decision Oct. 2000
Tutorial on Encryption Page : 29
COE Dept. KFUPM
Dr. M. Elrabaa 2002
AES Round-3 Finalist Algorithms AES Round-3 Finalist Algorithms (finalized in 2001)(finalized in 2001)
• Symmetric-keySymmetric-key ciphers 128, 192, and 256 bit keys ciphers 128, 192, and 256 bit keys• Royalty-FreeRoyalty-Free (i.e. public domain) (i.e. public domain)
– MARSMARS : IBM : IBM (USA)(USA)– RC6 RC6 : R. Rivest (MIT), creator of the widely used RC4 : R. Rivest (MIT), creator of the widely used RC4 (USA)(USA)– Twofish Twofish : Counterpane Internet Security, Inc. : Counterpane Internet Security, Inc. (USA)(USA)– Serpent Serpent : Ross Anderson, Eli Biham and Lars Knudsen : Ross Anderson, Eli Biham and Lars Knudsen (USA)(USA)
– RijndaelRijndael: : Designed by J. Daemen and V. Rijmen Designed by J. Daemen and V. Rijmen (Belgium)(Belgium)
Tutorial on Encryption Page : 30
COE Dept. KFUPM
Dr. M. Elrabaa 2002
The Winner: The Winner: RijndaelRijndael – J.J. Daemen Daemen (Proton World International) (Proton World International) & V. & V. RijmenRijmen ( (Katholieke Universiteit LeuvenKatholieke Universiteit Leuven).).
– Vast Vast speed improvementspeed improvement over DES in both hardware and over DES in both hardware and software implementationssoftware implementations
Tutorial on Encryption Page : 31
COE Dept. KFUPM
Dr. M. Elrabaa 2002
X r1
Key
r2 Rn-1 rnr3 YRn-2
k1 k2 Kn-1 knk3 Kn-2
K
KE Key Expansion
RoundKeys
Encryption Rounds r1 … rn
Tutorial on Encryption Page : 32
COE Dept. KFUPM
Dr. M. Elrabaa 2002
RijndaelRijndael Core round functions Core round functions
Tutorial on Encryption Page : 33
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Rijndael: Rijndael: ByteSubByteSub
Each byte at the input of a round undergoes a Each byte at the input of a round undergoes a non-linear byte substitutionnon-linear byte substitution according according to the following transform:to the following transform:
[ Substitution (“S”)-box ][ Substitution (“S”)-box ]
Tutorial on Encryption Page : 35
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Each 4 byte column is multiplied by a fixed polynomial C(x) = (03) . X3 + (01) . X2 + (01) X + (02)This corresponds to matrix multiplication b(x) = c(x) a(x) :
Rijndael: Rijndael: MixColumnMixColumn
Tutorial on Encryption Page : 36
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Each word is simply EXOR’ed with the expanded round key
Key Expansion algorithm see next
Rijndael: Rijndael: AddRoundKeyAddRoundKey
Tutorial on Encryption Page : 37
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Again:Again:No proof that AES can not be broken !!No proof that AES can not be broken !!
!!! It is investigated by the international scientific community!!! It is investigated by the international scientific communitydue to global open competition due to global open competition
We have nothing better to trust !!!!!We have nothing better to trust !!!!!
RijndaelRijndael includes no Involution ! includes no Involution !
Tutorial on Encryption Page : 38
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Fundamentals ofFundamentals ofPublic Key Cryptography born 1976Public Key Cryptography born 1976
First introduced by Diffie and HellmannFirst introduced by Diffie and Hellmann(Stanford University, USA)(Stanford University, USA)
Tutorial on Encryption Page : 39
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Secret Key Cryptography Secret Key Cryptography
K-open = K-close
(Symmetric System)
Open and close with the same key !!
Tutorial on Encryption Page : 40
COE Dept. KFUPM
Dr. M. Elrabaa 2002
SENDER RECEIVER
Secret Key Crypto-System : mechanical analog
MessageZ
Lock
Z
Key = ZKey = Z Secret key agreement Secret key agreement Key = ZKey = Z
Message
Essential Initialization Process
Tutorial on Encryption Page : 41
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Public-Key Secrecy SystemsPublic-Key Secrecy SystemsDiffie & Hellman 1976Diffie & Hellman 1976
K-close
K-open
Revolutionary Invention:Revolutionary Invention:to Communicate secretly without prior secret exchangeto Communicate secretly without prior secret exchange
Tutorial on Encryption Page : 42
COE Dept. KFUPM
Dr. M. Elrabaa 2002
OPEN DIRECTORYSENDER RECEIVER
K-close
K-close
K-close
Basic public-key secrecy system : Mechanical simulationBasic public-key secrecy system : Mechanical simulation
K-open (keep secret)
K-open
Message
Message
Tutorial on Encryption Page : 43
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Diffie-Hellman Secret Sharing Scheme 1976Diffie-Hellman Secret Sharing Scheme 1976
A B
! Same thing !Shared Secret
SHIELD
Secret key-A Secret key-B
K-open-B
Open Register
K-open-A
injectioninjection
Tutorial on Encryption Page : 44
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Open Agreement/RegisterShielding function is: y = (5 x) mod 7
Example for Example for Diffie-HellmanDiffie-Hellman key exchange scheme key exchange scheme
A B
! same thing !Z = 6
Shield
Secret key-A= 3 Secret key-B= 5
5 55 3
5 3.5
K-open-A= 65 3 = 6 K-open-B= 3 5 5 = 3
5 5.3
( )5
( )3
5 3
6
5 5
3
Tutorial on Encryption Page : 45
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Cryptographic ProtocolsCryptographic Protocolsfor Public Key Cryptography for Public Key Cryptography
Tutorial on Encryption Page : 46
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Cryptographic Protocols: Cryptographic Protocols: Shamir 3-Pass ProtocolShamir 3-Pass Protocol
User A User B1
2
3
Tutorial on Encryption Page : 47
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Cryptographic IdentificationCryptographic Identification
Tutorial on Encryption Page : 48
COE Dept. KFUPM
Dr. M. Elrabaa 2002
A3 A3
RandomGenerator
Identity keymax. 128 Bit
Ki
Verifier-StationMobil-Station
Authentication response
XRES
RAND RANDKi
GSMGSM: : Challenge-ResponseChallenge-Response identification mechanism identification mechanism
XRESXRES
SIM
Authentication request
128 bits RAND
RAND
=
Authentication Result
32 Bit
Tutorial on Encryption Page : 49
COE Dept. KFUPM
Dr. M. Elrabaa 2002
No Practical No Practical Secret KeySecret Key System System&&
No No Public KeyPublic Key System System
has been proved to be unbreakable !has been proved to be unbreakable !
To ConcludeTo Conclude
More confusing example !More confusing example !
Tutorial on Encryption Page : 50
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Factorizing Problem
DL-Problem• ExponentiationExponentiation Y = aY = a kk (mod p) (mod p) • Multiplication in Elliptic-Curve GroupMultiplication in Elliptic-Curve Group
• ExponentiationExponentiation Y = Y = M M kk (mod m) (mod m)• FactoringFactoring m =m = p . q p . q• Squaring Squaring C =C = M M 22 (mod m) (mod m)
• Knapsack ProblemKnapsack Problem
m = p.q , p, q = large primes m = p.q , p, q = large primes
Famous One-Way Functions Famous One-Way Functions used for Public-Key Systemsused for Public-Key Systems
Tutorial on Encryption Page : 51
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Problem: Find X = [x1, x2 ......] where xi = {0,1}
Solution : X = [ 1 0 1 0 1 0 ]
Easy if:
n
iii
xw1
SUM=
Knapsack Knapsack One Way Function*One Way Function*
W1 W2 W3 W3 W4 W5
SUM= 449
Superincreasing Knapsack: if Wi is more than the sum of all other smaller weights
* Ref. J. Massey
Tutorial on Encryption Page : 52
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Merkle-Hellmann Merkle-Hellmann Crypto System (1978)Crypto System (1978)(Broken by Shamir 1984) *(Broken by Shamir 1984) *
2 5 8 17 35 71 easy knapsack1. Multiplication with u = 113 in Z199 27 167 108 130 174 63 hard knapsack
2. Permute locations and publish 174 27 167 63 108 130 published knapsack
Encrypt: X = [ 1 0 1 0 1 0 ] Plaintext Y = 174 + 167 + 108 = 449 Cryptogram
Decrypt : Y´ = u-1 . Y = 118 . 449 in Z199 = 48 from Y´ find x´ = [0 1 1 0 1 0] in the easy knapsackpermute to get X = [ 1 0 1 0 1 0 ]
Conditions : gcd ( u , m) = 1 and m Wi
secret key is Z = (m, u) = (199,113)
* Ref. J. Massey
Tutorial on Encryption Page : 53
COE Dept. KFUPM
Dr. M. Elrabaa 2002
Can we Trust Modern IT ?Can we Trust Modern IT ?
Trust Absolutely ?:Trust Absolutely ?: No NoTrust Relatively and Temporarily ? :Trust Relatively and Temporarily ? : Yes Yes
There is no reason to hope that a new breakthroughThere is no reason to hope that a new breakthroughwould resolve this Dilemma in the near future !would resolve this Dilemma in the near future !
The answer is:The answer is: Yes and No ! Yes and No !