Ch 1: Overview of encryption - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

Ch 1: Overview of encryption

Description:

a science of protecting information by encoding it into an unreadable format. Cryptosystem ... Software that provides cryptographic algorithms/operations for ... – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 45
Provided by: won51
Category:

less

Transcript and Presenter's Notes

Title: Ch 1: Overview of encryption


1
Ch 1 Overview of encryption
Type of encryption algorithm (Symmetric and
Asymmetric) Hash - one way function Digital
Signature Applications of cryptography
2
Cryptography
  • Cryptography
  • a science of protecting information by encoding
    it into an unreadable format.
  • Cryptosystem
  • a computer system that implements one or more
    specific encryption algorithms
  • Cryptanalysis
  • Process of analyzing cipher text.
  • Cryptanalyst
  • Person who performs cryptanalysis.
  • Cryptographic toolkit
  • Software that provides cryptographic
    algorithms/operations for use in applications.

3
Cryptographic Techniques - 1
  • Plain text
  • Message in an understandable/readable form, same
    as Clear text
  • Cipher text
  • Result of encryption on a plain text message.

4
Cryptographic Techniques - 2
  • Symmetric key cryptography (classical)
  • Cryptographic technique where the same key is
    used for encryption and decryption operations.
  • Substitution cipher
  • Transposition cipher
  • Product cipher
  • substitution transposition
  • Asymmetric Key Cryptography
  • Cryptographic technique where a key pair is used
    for encryption and decryption operations.

5
Symmetric key cryptography - 1
  • Symmetric Algorithms
  • also known as secret key algorithm
  • use single key on encrypt and decrypt
  • usually hardware assisted

6
Symmetric key cryptography - 2
  • Strength
  • efficient, take less time to encrypt a message
  • smaller key size
  • Fast and well proven technology
  • Weakness
  • The session key need to be transmitted in the
    first place
  • both parties must have a secret key, distribution
    of key is very difficult.
  • there is a lot of keys needed to maintain
  • N(N-1) /2 keys for N people

7
Typical Symmetric algorithms
  • Substitution cipher
  • Transposition cipher
  • Stream cipher
  • Product cipher
  • substitution transposition
  • Typical symmetric algorithm DES, 3DES, AES
  • DES used a combination of above cipher techniques
  • AES - Advanced Encryption Standard
  • to replace DES gt winner of the algorithm (in
    1998) gt Rijndael (by Rimmen and Daemen)

8
Substitution cipher
  • Substitution cipher
  • abcdefghijklmnopqrstuvwxyz
  • poiuytrewqasdfghjklmnbvczx
  • replace each plaintext character in message with
    matching ciphertext character
  • plaintext Charlotte, my love
  • ciphertext iepksgmmy, dz sgby

9
Transposition ciphers
  • Transposition cipher move characters or bits to
    another place within the message block instead of
    substituting them with another value.
    (Permutation.)
  • Eg. Simple Columnar Transposition
  • Place the plaintext in a 2-dimensional matrix
  • (left to right, top to bottom).
  • Output column order
  • (top to bottom, left to right)

10
Stream Ciphers
  • Plaintext to cipher text
  • 1 bit or byte at a time
  • Key stream generator k1, k2,
  • Encryption ci pi xor ki
  • Decryption pi ci xor ki
  • Often used for video streaming, WEP etc.
  • Eg. RC 4

11
The Data Encryption Standard (DES) - 1
  • The most widely used encryption scheme
  • The algorithm referred to is the Data Encryption
    Algorithm (DEA)
  • DES is a block cipher.
  • Block cipher algorithm break the plaintext
    message into several blocks of bits and then work
    on the individual blocks one at a time.
  • The algorithm puts the bits within these blocks
    through several rounds of substitution and
    transposition.

12
The Data Encryption Standard (DES) - 2
  • The plaintext is processed in 64- bit blocks
  • The key is 56- bits in length.
  • 56 Bit Key Big enough?
  • 256 72,057,594,037,927,900
  • It is a symmetric system - the same key is used
    for both enciphering and deciphering.

13
The Data Encryption Standard (DES) - 3
  • Substitution cipher19 stages of transformations
  • 16 involving functions of key
  • Each of the 16 iterations mentioned above uses a
    different 48-bit key derived from the initial
    56-bit key K.

14
Other symmetric algorithms - 1
  • Use three keys and three executions of the DES
    algorithm (encrypt- decrypt- encrypt)
  • Effective key length of 168 bits
  • Better protection
  • Advantage compatible with all software and
    hardware that support DES.

15
Other symmetric algorithms - 2
  • RC algorithms
  • Symmetric key block encryption algorithm,
    involving variable length keys by RSA.
  • RC2 block mode, 64-bit blocks, variable key
    length
  • RC4 stream mode, variable key length
  • RC5 block mode, variable block size, variable
    key length
  • RC6 to fix the design flaws of RC5
  • MARS
  • developed by IBM, 128bit data block, stronger
    security and better performance speed than DES

16
Other symmetric algorithms (3)
  • Blowfish Twofish
  • developed by Bruce Schneier (author of famous
    textbook Applied Cryptography)
  • Blowfish block cipher, variable key length from
    32 to 488 bits
  • used with SSH
  • Twofish 128 bit block cipher, 28, 192, 256 bit
    key
  • Rijindael
  • block cipher supports 128, 192 and 256 bit
  • US government has selected Rijindael to replace
    DES as the Advanced Encryption Standard (AES)

17
Asymmetric Key Cryptography
  • Also known as public-key algorithms
  • Pair of keys (i.e. private and public)
  • Key management is relatively easy
  • Computational intensive
  • Slow (100 times slower than symmetric algorithms
    of similar strengths!!)
  • Many new algorithms develop recently

18
Asymmetric cryptographic system
  • Based on the concepts of same cryptographic
    process but with the different secret keys pair,
    that is private key and public key
  • The sequence of keys does not alter the
    end-result.

19
Applications of asymmetric key - 1
  • Confidentiality ensure content of email is
    decrypted by receiver with a proper private key.

20
Applications of asymmetric key - 2
  • Authentication ensure email can only be
    encrypted by sender private key. This is part of
    non-repudiation

21
Applications of asymmetric key - 3
  • Message Confidentiality and Authentication
  • Only B can view the message.
  • The message is confirmed to be sent by A.

22
Concepts of Asymmetric key cryptographic system
  • it is impossible (or extremely difficult) to
    determine the decryption key (private key) by
    providing just the encryption algorithm and
    encryption key (public key)
  • the public key usually can be found easily if the
    private key is known
  • the encryption and decryption algorithm may not
    be the same

23
Concepts of Asymmetric key cryptographic system
(2)
  • Based on the idea in mathematics
  • one-way functions with trap-door
  • it is easy to go in one direction but impossible
    to reverse the process unless you know the
    trap-door

f(x)
f( )
x
f(x)
x
unless thru the trap door
24
Cryptographic technique usingasymmetric
algorithms
  • RSA
  • based on Rivest, Shamir, Aldermann
  • Diffie-Hellman (a key exchange algorithm)
  • El Gamal
  • Knapsack
  • EC (Elliptic Curve)

Factoring the Product of large Prime numbers
Finding discrete Logarithm in a Finite field
25
Comparisons of Asymmetric and Symmetric
cryptographic system
  • Asymmetric
  • 512 bit
  • 1792 bit
  • 2304 bit
  • Symmetric
  • 64 bit
  • 112 bit
  • 128 bit
  • Public-key algorithms are more efficient for
    short messages, or a session key
  • session key is a random number generated as the
    symmetric key used for both encryption and
    decryption
  • It is commonly used to solve the problem of
    secret-key distribution (KDC)
  • e.g. Diffie-Hellman (DH) Key distribution

26
Hybrid cryptography
  • It is generally not to use public and private key
    to encrypt and decrypt the document directly
  • it is too slow
  • Sender generates a random session key and carry
    out two processes (symmetric and asymmetric)
  • use symmetric cryptography to encrypt the
    document using a random key (i.e. the session
    key)
  • use asymmetric cryptography to encrypt the
    session key itself
  • send the encrypted document with encrypted
    session key
  • Receiver decrypt these information in two
    processes
  • use his own private key to decrypt the session
    key
  • once it is successful, he can use this session
    key to decrypt the protected document

27
Key distribution
  • To have the advantages of both secret-key and
    public-key encryption, we can encrypt the secret
    key using the public key and encrypt the message
    using the secret key.

28
Diffie-Hellman (DH) Key distribution
  • DH is one of the most popular key exchange
    algorithm to address the problem of key exchange.
  • provides a way for two users, A and B, to
    establish a shared secret key that only they
    know.
  • need to agree on certain parameters, i.e. q and n
  • Alice side
  • Step 1
  • Alice select Xa (Alice private key)
  • Alice calculate Ya (Alices public key) using nXa
    mod q
  • send Ya to Bob
  • Step 2
  • use Yb received from Bob, Alice calculates DH key
    Kb
  • Kb (YbXa mod q)
  • Bob side
  • Step 1
  • Bob select Xb (Bob private key)
  • Bob calculate Yb (Bobs public key) using nXb mod
    q
  • send Yb to Alice
  • Step 2
  • use Ya received from Alice, Bob calculate DH key
    Kb
  • Kb (YaXb mod q)

29
example of DH key
  • assume q 53, n23
  • alice use Xa11
  • alice calculate Ya
  • 2311 mod 53 30
  • alice got Yb
  • alice calculate shared secret Kb
  • 2311 mod 53 30
  • assume q 53, n23
  • bob use Xb13
  • bob calculate Yb
  • 2313 mod 53 23
  • bob got Ya
  • bob calculate shared secret Kb
  • 3013 mod 53 30

30
Digital signature - 1
  • Properties in e-commerce
  • Integrity the received message is unmodified
  • Confidentiality the message is seen by
    designated receiver
  • Authentication receiver is sure of the senders
    identify and that an imposter has not sent the
    message
  • Non-repudiation receiver can prove that a
    received message came from a specific sender and
    sender must not able to deny sending a message

31
Digital signature - 2
  • Properties
  • Detect unauthorized modification of data
    (Integrity)
  • Authenticate the identity of user
  • Non-repudiation (both parties cannot denial the
    signed document)
  • Digital signature can only address the 3 of the 4
    properties, it does not provide confidentiality.
  • it needed to be enforced by cryptographic system
  • another layer of encryption/decryption must be
    applied, such as SSL

32
Hash - 1
  • MD is fixed length, used to verify the integrity
    of data (c.f. CRC)
  • Convert a stream of data into check pattern
    known as message digest
  • Many algorithms (MD1 - 5, SHA-1)
  • The MD series is a group of one-way hash
    algorithm developed by Ron Rivest.
  • MD5 is stronger than MD4 and still produces a
    128-bit has. It is commonly used in mobile phone
    authentication. MD5 is discussed in RFC 1321.
  • Based on the concept of one-way function (cannot
    get the message back)

33
Hash - 2
  • The Message Digest is to be send along with the
    the message.
  • At the receiver end, the receiver calculate again
    the hash value from the received message.
  • If the calculated MD and received MD matches, the
    integrity of the message ensures ( the same
    concept as CRC).

34
Generation of Digital Signature
  • Digital Signature is the technique of appending a
    string of characters to an electronic message in
    order to authenticate the sender.
  • One method is the encryption of MD with
    asymmetric key (senders private key)

35
Verification of digital signature
  • verification at receiver site

36
PGP at the sender site
37
PGP at the receiver site
38
PGP Explanation - 1
  • Encrypted message digest, appended to doc, known
    as Digital Signature
  • Document gt encrypted with random key
  • Random number (session key) gt encrypted using
    receivers public key
  • Send document encrypted random numbers
    (envelope) encrypted document with digital
    signature (contents)

39
PGP Explanation - 2
  • Only Receiver with private key can open the
    envelope
  • Once opened, the session key, ciphertext,
    digital signature can be obtained
  • use symmetric algorithm to decrypted the
    ciphertext gtoriginal document
  • use hash algorithm to calculate a new Message
    Digest
  • use senders public key to decrypted the Message
    Digest from the Digital Signature gt
    authentication proved
  • if the new MD is same as the Message Digest, the
    document is un-altered gt integrity proved
  • use the concept of matched digital signature
    only can be generated sender private key, the
    document must be encrypted by the sender. gt
    non-reputation proved

40
Authentication using secret key -1
  • User A want to be authenticated by Server B
  • A sends a message to B (e.g. user ID)
  • B sends a number R, called nonce (number once) to
    challenge A
  • A encrypts the number using the secret key and
    send E(R) to B

41
Authentication using secret key -2
  • B decrypts the message using the same secret key
  • If B gets the original number, user A is
    authenticated
  • Point of attack intruder can listen to the line
    and make a copy of the packet containing E(R)
  • To prevent playback attack, R must be different
    every time

42
Authentication using public key - 1
  • User A want to be authenticated by Server B
  • A sends a message to B (e.g. user ID)
  • B sends a number R, called nonce (number once) to
    challenge A
  • A encrypts the number using the private key and
    send E(R) to B

43
Authentication using public key - 2
  • B decrypts the message using As public key
  • If B gets the original number, user A is
    authenticated
  • Point of attack intruder can listen to the line
    and make a copy of the packet containing E(R)
  • To prevent playback attack, R must be different
    every time

44
Summary
  • Encryption
  • Asymmetric (private key and public key)
  • Symmetric (secret key)
  • Provide confidentiality
  • Hashing
  • Provide data integrity
  • One-way method to create check pattern called
    message digest
  • Digital Signature
  • Symmetric encryption (fast and secure)
  • Asymmetric encryption (easy key management)
  • Message digest to provide integrity
  • Provide non-repudiation
Write a Comment
User Comments (0)
About PowerShow.com