Cryptography Lecture 3 - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Cryptography Lecture 3

Description:

Security Focus Online, cryptanalysis tools http://online. ... Crypt Breaker's Workbench, http://wombat.doc.ic.ac.uk/foldoc ... PGP, http://web.mit.edu ... – PowerPoint PPT presentation

Number of Views:139
Avg rating:3.0/5.0
Slides: 25
Provided by: far1
Category:

less

Transcript and Presenter's Notes

Title: Cryptography Lecture 3


1
CryptographyLecture 3
  • Cryptography
  • Terminology
  • Secret-Key Encryption
  • Public-Key Encryption

2
Reading Assignment
  • Reading assignments for lecture 3
  • Required
  • Pfleeger Ch 2.1, 2.2
  • Recommended
  • U.S. Senate hearings on Internet Security B.
    Schenier http//www.senate.gov/commerce/hearings
    /071601Schneier.pdf
  • Crypto-Gram Newsletters http//www.counterpane.com
    /crypto-gram.html
  • Security Focus Online, cryptanalysis tools
    http//online.securityfocus.com/tools/category/54
  • Reading assignments for next class
  • Required
  • Pfleeger Ch 2.3, 2.4

3
Cryptography Tools
  • Crypt Breaker's Workbench, http//wombat.doc.ic.ac
    .uk/foldoc/foldoc.cgi?CryptBreakersWorkbench
  • PGP, http//web.mit.edu/network/pgp.html
  • Crypto and Security, http//www.programmersheaven.
    com/zone16/cat731/index.htm

4
Insecure communications
Confidential
5

Cryptographic Protocols
  • Messages should be transmitted to destination
  • Only the recipient should see it
  • Only the recipient should get it
  • Proof of the senders identity
  • Message shouldnt be corrupted in transit
  • Message should be sent/received once only

6
Terminology
  • Plaintext (cleartext) a message in its original
    form
  • Ciphertext (cyphertext) an encrypted message
  • Encryption transformation of a message to hide
    its meaning
  • Cipher cryptographic algorithm. A mathematical
    function used for encryption (encryption
    algorithm) and decryption (decryption algorithm).

7
Terminology
  • Decryption recovering meaning from ciphertext
  • Cryptography art and science of keeping messages
    secure
  • Cryptanalysis art and science of breaking
    ciphertext
  • Cryptology study of both cryptography and
    cryptanalysis

8
Encryption and Decryption
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
9
Conventional (Secret Key) Cryptosystem
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Sender
Recipient
K
CE(K,M) MD(K,C)
K needs secure channel
10
Public Key Cryptosystem
Recipients public Key (Kpub)
Recipients private Key (Kpriv)
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Sender
Recipient
CE(Kpub,M) MD(Kpriv,C)
Kpub needs reliable channel
11
Cryptanalysis
  • Cryptanalysts goal
  • Break message
  • Break key
  • Break algorithm

12
Taxonomy of Attacks
  • Ciphertext-only attack attacker has ciphertext
    for messages encrypted with E. Deduce keys
    and/or plaintext messages.
  • Known plaintext attack attacker additionally
    knows the plaintext of the messages. Deduce keys
    or a decryption algorithm.
  • Chosen plaintext attack attacker can obtain the
    ciphertext for selected plaintext messages.
    Deduce as above.
  • Chosen ciphertext attack attacker can obtain
    decrypted (plaintext) versions of selected
    ciphertext. Deduce as above.

13
Breakable versus Practically breakable
  • Unconditionally secure impossible to
    decrypt. No amount of ciphertext will enable a
    cryptanalyst to obtain the plaintext
  • Computationally secure an algorithm that is not
    breakable in practice based on worst case
    scenario
  • Breakable all algorithms (except one-time pad)
    are theoretically breakable

14
What makes a good cryptosystem?
  • A good cryptosystem is one whose security does
    not depend upon the secrecy of the algorithm.
  • From Bruce Schneier
  • Good cryptographers rely on peer review to
    separate the good algorithms from the bad.''

15
Secret Key Cryptosystem
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Sender
Recipient
K
CE(K,M) MD(K,C)
K needs secure channel
16
Secret Key Cryptosystem Vulnerabilities (1
  • Passive Attacker (Eavesdropper)
  • Obtain and/or guess key and cryptosystem use
    these to decrypt messages
  • Capture text in transit and try a ciphertext-only
    attack to obtain plaintext.

17
Secret Key Cryptosystem Vulnerabilities
  • Active Attacker
  • Break communication channel (denial of service)
  • Obtain and/or guess key and cryptosystem and use
    these to send fake messages

18
Inherent Weaknesses of Symmetric Cryptography
  • Key distribution must be done secretly (difficult
    when parties are geographically distant, or don't
    know each other)
  • Need a key for each pair of users
  • n users need n(n-1)/2 keys
  • If the secret key (and cryptosystem) is
    compromised, the adversary will be able to
    decrypt all traffic and produce fake messages

19
Basic Encryption Techniques
  • Substitution
  • Permutation
  • Combinations and iterations of these

20
Caesar cipher
  • CE(K,M), e.g., C(Mn) mod 26
  • plaintext placement A B C D E
  • ciphertext placement A B C D E F
  • e.g., MCAB
  • C ECD
  • Advantages simple to implement
  • Disadvantages easy to break (25 possibilities
    for English alphabet)

21
Simple Alphabetic Substitution
  • Assign a new symbol to each plain text symbol
    randomly, e.g.,
  • C ?K, A ?H, B ? L
  • MCAB
  • C KHL
  • Advantages large key space 26!
  • Disadvantages trivially broken for known
    plaintext attack

22
One-Time Pad
  • Perfect Secrecy!
  • Large, non-repeating set of keys
  • Key is larger than the message
  • Advantages immune to most attacks
  • Disadvantages
  • Need total synchronization
  • Need very long, non-repeating key
  • Key cannot be reused

23
Summary of Substitution
  • Advantages
  • Simple
  • Easy to encrypt
  • Disadvantages
  • Easy to break!!!

24
  • Next class
  • Transpositions
  • Characterization of good encryption algorithms
Write a Comment
User Comments (0)
About PowerShow.com