Chapter 1' Overview of Cryptography

1
Chapter 1.Overview of Cryptography

• Jeong H. Yi
• jhyi_at_ics.uci.edu

2
Information security and cryptography

• Cryptography is the study of mathematical
  techniques related to aspects of information
  security
• Cryptographic goals
• Confidentiality
• Data integrity
• Authentication
• Non-repudiation

3
Taxonomy of cryptographic primitives.
Arbitrary length hash functions
Unkeyed Primitives
One-way permutations
Random sequences
Block ciphers
Symmetric-key ciphers
Stream ciphers
Arbitrary length hash functions(MACs)
Security Primitives
Symmetric-key Primitives
Signatures
Pseudorandom sequences
Identification primitives
Public-key ciphers
Public-key Primitives
Signatures
Identification primitives
4
Background on Functions

• Function
• f X ? Y is called a function f from set X to
  set Y.
• X domain
• Y codomain.
• for y f(x) where x ? X and y ? Y
• y image of x
• x preimage of y
• Im(f), image of f
• the set that all y ? Y have at least one preimage
  
• 1 - 1 function if
• each element in Y is the image of at most one
  element in X.
• onto function if
• Im(f) Y
• bijection function if
• f is 1-1 and onto.

5
Background on Functions (ctd)

• one-way function if
• f(x) is easy to compute for all x ? X, but
• it is computationally infeasible to find any x ?
  X such that f(x) y.
• trapdoor one-way function if
• given trapdoor information, it becomes feasible
  to find an x ? X such that f(x) y.

6
Symmetric-key ciphers

• Block cipher
• breaks up the plaintext into blocks of a fixed
  length, and then
• encrypts one block at a time.
• Stream cipher
• takes the plaintext string and produces a
  ciphertext string using keystream
• specific case of block cipher with the size of 1

7
Digital signatures

• Nomenclature
• M messages
• S signatures
• SA signing transformation for A
• VA verification transformation for A
• Definition
• SA and VA provide a digital signature scheme (or
  mechanism) for A.

8
Authentication

• Entity authentication (Identification)
• corroboration of the identity of an entity (e.g.,
  a person, a computer terminal, a credit card,
  etc.).
• Message authentication (Data origin
  authentication)
• corroborating the source of information

9
Symmetric-key cryptography

• Advantages
• high data throughput
• relatively short size
• primitives to construct various cryptographic
  mechanisms
• Disadvantages
• the key must remain secret at both ends.
• O(n2) keys to be managed.
• relatively short lifetime of the key

10
Public-key cryptography

• Advantages
• Only the private key must be kept secret
• relatively long life time of the key
• relatively efficient digital signature mechanisms
• smaller verification key
• O(n) keys to be managed
• Disadvantages
• low data throughput
• much larger key sizes

11
Summary of comparison

• public-key cryptography
• signatures (particularly, non-repudiation) and
  key management
• symmetric-key cryptography
• encryption and some data integrity applications
• Key sizes
• Private keys must be larger (e.g., 1024 bits for
  RSA) than secret keys (e.g., 64 or 128 bits)
• most attack on symmetric-key systems is an
  exhaustive key search
• public-key systems are subject to short-cut
  attacks (e.g., factoring)

12
Protocols and mechanisms

• Cryptographic protocol
• distributed algorithm defined by a sequence of
  steps precisely specifying the actions required
  of two or more entities
• Cryptographic mechanism
• more general term encompassing protocols,
  algorithms, and non-cryptographic techniques

13
Key establishment and management

• Key establishment
• process to establish a shared secret key
  available to two or more parties
• subdivided into key agreement and key transport.
• Key management
• the set of processes and mechanisms which support
  key establishment and
• the maintenance of ongoing keying relationships
  between parties

14
Key management through symmetric-key tech.

• Advantages
• easy to add and remove entities
• needs to store only one long-term secret key.
• Disadvantages
• initial interaction with the TTP.
• n long-term secret keys maintained by TTP
• TTP can read all messages.
• If TTP is compromised, all communications are
  insecure

15
Key management through public-key tech.

• Advantages
• No TTP is required.
• Only n public keys need to be stored
• Disadvantages
• Active adversary can compromise the key
  management scheme (e.g. man-in-the-middle attack)
• ? Need TTP (e.g., CA) to certify the public key
  of each entity.

16
Public-key certification

• Advantages
• prevents an active adversary from impersonation
• TTP cannot monitor communications.
• Disadvantages
• If the signing key of the TTP is compromised, all
  communications become insecure.

17
Attacks on encryption schemes

• Ciphertext-only attack
• deduce the decryption key or plaintext by only
  observing ciphertext.
• Known-plaintext attack
• using a quantity of plaintext and corresponding
  ciphertext.
• Chosen-plaintext attack
• chooses plaintext and is then given corresponding
  ciphertext.
• Adaptive chosen-plaintext attack
• chosen-plaintext attack where the choice of
  plaintext may depend on the ciphertext received
  from previous requests.
• Chosen-ciphertext attack
• selects the ciphertext and is then given the
  corresponding plaintext.
• Adaptive chosen-ciphertext attack
• chosen-ciphertext attack where the choice of
  ciphertext may depend on the plaintext received
  from previous requests.

18
Attacks on protocols

• known-key attack
• uses previously used keys to determine new keys
• replay attack
• records a communication session and replays that
  session
• impersonation attack
• deceives the identity of one of the legitimate
  parties
• dictionary attack
• using code book
• forward search attack
• if message space is small or predictable
• interleaving attack
• impersonation or other deception involving
  selective combination of information from
  parallel sessions

19
Models for evaluating security

• Unconditional security (perfect secrecy)
• Adversaries have unlimited computational
  resources
• Observation of the ciphertext provides no
  information to an adversary
• Complexity-theoretic security
• Adversaries have polynomial computational power.
• Asymptotic analysis and usually also worst-case
  analysis is used
• Provable security
• provably secure if the difficulty of defeating
  crypto system can be shown to be as difficult as
  solving a well-known number-theoretic problem

20
Models for evaluating security (ctd)

• Computational security (Practical security)
• computationally secure if the level of
  computation to defeat crypto system exceeds the
  computational resources of the adversary
• Most of the known public-key and symmetric-key
  schemes
• Ad hoc security (heuristic security)
• any variety of convincing computational security
• unforeseen attacks may remain