COSC 4607: Computer Security Lecture 9 - PowerPoint PPT Presentation

1 / 51
About This Presentation
Title:

COSC 4607: Computer Security Lecture 9

Description:

COSC 4607: Computer Security Lecture 9 Cryptography Contents Basic concepts Cipher Schemes Data Encryption Standard-DES Public Key Systems-RSA Digital Signature ... – PowerPoint PPT presentation

Number of Views:121
Avg rating:3.0/5.0
Slides: 52
Provided by: netw68
Category:

less

Transcript and Presenter's Notes

Title: COSC 4607: Computer Security Lecture 9


1
COSC 4607 Computer Security Lecture 9
  • Cryptography

2
Contents
  • Basic concepts
  • Cipher Schemes
  • Data Encryption Standard-DES
  • Public Key Systems-RSA
  • Digital Signature
  • Cryptography Analysis

3
Some basic definitions
  • Cryptography the study of mathematical
    techniques related to information security that
    have the following objectives
  • Authentication corroboration of the identity of
    an entity.
  • Confidentiality ensuring information is
    accessible only by authorized persons.
  • Data integrity ensuring information has not been
    altered by unauthorized or unknown means.
  • Non-repudiation preventing the denial of
    previous commitments or actions.

4
Definitions
  • Cryptography is one tool (not the only) useful
    for providing security services such as
  • Authorization conveyance of official sanction to
    do or be something to another entity.
  • Access Control restricting access to resources
    to privileged entities.
  • Availability ensuring a system is available to
    authorized entities when needed.
  • Anonymity concealing the identity of an entity
    involved in some process
  • Certification endorsement of information by a
    trusted entity.
  • Revocation retraction of certification or
    authorization

5
Cryptography
  • The most widely used tool for securing
    information and services is cryptography.
  • Cryptography relies on ciphers mathematical
    functions used for encryption and decryption of a
    message.
  • Encryption the process of disguising a message
    in such a way as to hide its substance.
  • Ciphertext an encrypted message
  • Decryption the process of returning an encrypted
    message back into plaintext.

6
Ciphers
  • The security of a cipher may rest in the secrecy
    of its restricted algorithm .
  • Whenever a users leaves a group, the algorithm
    must change.
  • Cant be scrutinized by people smarter than you.
  • Unfortunately, secrecy is a popular approach.
  • Modern cryptography relies on keys, a selected
    value from a large set (a keyspace), e.g., a
    1024-bit number. 21024 values!
  • Security is based on secrecy of the key, not the
    details of the algorithm.
  • Change of authorized participants requires only a
    change in key.

7
Ciphers
  • For some message M, lets denote the encryption
    of that message into cipher text as
  • MKab C
  • Kab is the key shared by participants A and B.
    The decryption into plain text is written as
  • CKab M
  • Notice,
  • MKabKab M symmetric key algorithms.
  • Some algorithms use different keys for each
    operation
  • MKK- M public-key algorithms.

8
Example Ciphers
  • Shift cipher each plaintext character is
    replaced by a character k to the right. (When
    k3, its a Caesar cipher).
  • Watch out for Brutus! gt Jngpu bhg sbe
    Oehghf!(k 13)
  • Only 25 choices! Not hard to break by brute
    force.
  • Substitution Cipher each character in plaintext
    is replaced by a corresponding character of
    ciphertext.
  • E.g., cryptograms in newspapers.
  • plaintext code a b c d e f g h i j k l m n o
    p q r s t u v w x y z
  • ciphertext code m n b v c x z a s d f g h j k
    l p o i u y t r e w q
  • (26!) Possible pairs.
  • Is it really that hard to break?

9
(No Transcript)
10
(No Transcript)
11
  • Give a serial number to each letter in the key
    (from a to z)
  • Arrange the message based on the key positions
  • For the ciphered text by get letters by columns
    with numbers from small to large.

12
Playfair Cipher
  • Firstly, the sender and receiver must agree on a
    keyword. In this example, the keyword is
    Wheatstone's name, CHARLES. The letters of the
    alphabet are written in a square, as shown,
    beginning with the keyword and with I-J combined
    into one element.
  • Break the message into pairs of letters-diagraph.
    The two letters in a digraph must be different,
    so an X has been added to split the double M in
    'hammersmith'.

13
PlayFair Cipher
  • Encryption depends on the type of digraph. The
    digraphs fall into one of three categories
  • If both letters are in the same row, then they
    are replaced by the letters to the immediate
    right of each one 'mi' becomes 'NK'. If a letter
    is at the end of a row , it is replaced by the
    letter at the beginning 'ni' becomes 'GK'.
  • If both letters are in the same column, then they
    are replaced by the letter immediately beneath
    each one 'ge' becomes 'OG'. If a is at the
    bottom of a column, it is replaced by the letter
    at the top 've' becomes 'CG'.
  • If the digraph letters are neither in the same
    row nor the same column, the rule differs. To
    encipher the first letter, look along its row
    until you reach the column containing the second
    letter the letter at this intersection replaces
    the first letter. To encipher the second letter,
    look along its row until you reach the column
    containing the first letter the letter at the
    intersection replaces the second letter. Hence,
    'me' becomes 'GD'.

http//www.simonsingh.net/The_Black_Chamber/playfa
ircipher.htm
14
Hashes
  • Hashes are going to be a tool we use primarily
    for authentication.
  • While related, these are not the same hashes you
    would use as the function in a hash table.
  • They have stricter requirements.

15
Hash Functions
  • A hash H is a one-way function that operates on
    arbitrary-length message m, and returns a
    fixed-length value h.
  • hH(m)
  • Given a message m, it is easy to compute H(m)
  • Given h, it is hard to compute m such that
    H(m)h.
  • Given specific m, it is hard to find another
    message m, such that H(m)H(m).
  • Given a large set of messages M, its difficult
    to find any pair (mi,mj) that hash to the same
    value.
  • Hashes provide a fingerprint of m.

16
Modular Arithmetic
  • a b mod m if only if a-b ?m
  • (a mod m)(b mod m) (ab) mod m
  • (a mod m)(b mod m) (ab) mod m
  • Multiplicative order modulo
  • Let p be a prime and a an arbitrary integer. The
    multiplicative order modulo of a modulo p is the
    smallest integer n so that an 1 mod p.
  • For example, if p 3, a 5, then n 2

17
Modular Arithmetic
  • Fermats Little Theorem
  • For every a 0 mod p, p prime, we have
  • ap-1 1 mode p
  • Discrete logarithm problem (DLP)
  • Given a prime modulus p, the basis a, and the
    value y ax mod p, find the discrete logarithm x
    of y
  • n-th root problem given integers m, n, a find an
    integer ban mod m
  • Factorization given an integer n, find its prime
    factors.

18
Common Tools
  • The most common cryptographic tools are
  • Symmetric key ciphers
  • DES, 3DES, AES, Blowfish, Twofish, IDEA
  • Fast and simple (based on addition, masks, and
    shifts)
  • One key shared and kept secret
  • Typical key lengths are 40, 128, 256, 512
  • Asymmetric key ciphers
  • RSA, El Gamal
  • two keys
  • Slow, but versatile (usually requires
    exponentiation)
  • Typical key lengths are 512, 1024, 2048

19
Encryption, Decryption, and Key Generation
  • Encryption Algorithm E(KE,M) gt C
  • Decryption Algorithm D(KD,C) gt M
  • Key-pair (KE, KD)
  • Correctness D(KD, E(KE,M) ) M

20
Key Symmetry
  • Symmetric key system private-key system
  • KE KD or
  • KD be easily computed from KE
  • Asymmetrical public-key system
  • It is hard to compute KD from KE

21
Symmetric Key System
  • X-OR Scheme
  • KE KD ( k1 k2 ... kL)
  • M ( m1 m2 ... mL)
  • Encryption E(KE,M) ( c1 c2 ... cL), where
    ci ki xor mi
  • Decryption
  • D(KE,C) (ki xor c1 k2 xor c2 ... kL xor cL) M

22
Security
  • Key generation choose KE uniformly at random
  • Implying C is uniformly at random
  • Strength Implying perfect security or
    unconditional security
  • Weakness
  • it can only be used once (one-time pad)

23
Data Encryption Standard
  • DES is a symmetric block cipher algorithm
  • DES was developed in 1970s
  • Based on IBM Lucifer cipher
  • U.S. government standard
  • DES development was controversial
  • NSA was secretly involved
  • Design process not open
  • Key length was reduced
  • Subtle changes to Lucifer algorithm

24
DES
  • DES is a Feistel cipher
  • 64 bit block length
  • 56 bit key length
  • 16 rounds
  • 48 bits of key used each round (subkey)
  • Each round is very simple
  • Security depends primarily on S-boxes
  • Each S-boxes maps 6 bits to 4 bits

25
DES round
26
DES Expansion Permutation
  • Input 32 bits
  • 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
  • 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
  • Output 48 bits
  • 31 0 1 2 3 4 3 4 5 6 7 8
  • 7 8 9 10 11 12 11 12 13 14 15 16
  • 15 16 17 18 19 20 19 20 21 22 23 24
  • 23 24 25 26 27 28 27 28 29 30 31 0

27
DES S-box
  • 8 substitution boxes or S-boxes
  • Each S-box maps 6 bits to 4 bits
  • S-box 1
  • input bits (0,5)
  • ? input bits (1,2,3,4)
  • 0000 0001 0010 0011 0100 0101 0110 0111 1000
    1001 1010 1011 1100 1101 1110 1111
  • --------------------------------------------------
    ----------------------------------
  • 00 1110 0100 1101 0001 0010 1111 1011 1000 0011
    1010 0110 1100 0101 1001 0000 0111
  • 01 0000 1111 0111 0100 1110 0010 1101 0001 1010
    0110 1100 1011 1001 0101 0011 1000
  • 10 0100 0001 1110 1000 1101 0110 0010 1011 1111
    1100 1001 0111 0011 1010 0101 0000
  • 11 1111 1100 1000 0010 0100 1001 0001 0111 0101
    1011 0011 1110 1010 0000 0110 1101

28
DES P-box
  • Input 32 bits
  • 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
  • 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
  • Output 32 bits
  • 15 6 19 20 28 11 27 16 0 14 22 25 4 17 30 9
  • 1 7 23 13 31 26 2 8 18 12 29 5 21 10 3 24

29
DES subkey
  • 56 bit DES key, 0,1,2,,55
  • Left half bits, LK
  • 49 42 35 28 21 14 7
  • 0 50 43 36 29 22 15
  • 8 1 51 44 37 30 23
  • 16 9 2 52 45 38 31
  • Right half bits, RK
  • 55 48 41 34 27 20 13
  • 6 54 47 40 33 26 19
  • 12 5 53 46 39 32 25
  • 18 11 4 24 17 10 3

30
DES subkey
  • For rounds i1,2,...,n
  • Let LK (LK circular shift left by ri)
  • Let RK (RK circular shift left by ri)
  • Left half of subkey SKi consists of LK bits
  • 13 16 10 23 0 4 2 27 14 5 20 9
  • 22 18 11 3 25 7 15 6 26 19 12 1
  • Right half of subkey SKi consists of RK bits
  • 12 23 2 8 18 26 1 11 22 16 4 19
  • 15 20 10 27 5 24 17 13 21 7 0 3

31
DES subkey
  • For rounds 1,2,9 and 16 the shift ri is 1, and in
    all other rounds ri is 2
  • Bits 8,17,21,24 of LK are omitted each round
  • Bits 6,9,14,25 of RK are omitted each round
  • The function that yields the 48 bit SKi is known
    as the compression permutation

32
DES
  • An initial perm P before round 1
  • A final permutation (inverse of P) is applied to
    (R16,L16) to yield cipher text
  • Security if DES depends on S-boxes
  • Everything else in DES is linear
  • 30 years of intense analysis has revealed no
    back door
  • Attacks today use exhaustive key search

33
Weakness of Symmetric Key System
  • Key exchange must be supported securely
  • Key maintenance is expensive imagine there are n
    users, then we need n(n-1)/2 keys, one for each
    pair
  • When a new user is joining the club, everyone is
    involved in key generation

34
Public-Key Systems
  • Public-key for encryption
  • Private-key for decryption
  • Requirement
  • Efficient encryption and decryption with keys
  • Without private, it is hard to obtain the
    plain-text from the cipher-text
  • Computational hard to obtain the key from each
    other

35
Key Generation for RSA
  • Choose two large random primes p , q and
  • A private decryption exponent d with
  • gcd(d, p-1)1 and gcd(d, q-1) 1
  • A public encryption key consisting n pq
  • And an exponent e with
  • ed 1 mod lcm (p-1, q-1)

36
RSA Encryption/Decryption
  • Encryption
  • ME(m) me mod n
  • Decryption
  • D(M) Md med mod n m mod n

37
RSA Algorithm (1)
  • To find a key pair e, d
  • 1. Choose two large prime numbers, P and Q (each
    greater than 10100), and form
  • N P Q
  • Z (P1) (Q1)
  • 2. For d choose any number that is relatively
    prime with Z (that is, such that d has no common
    factors with Z).
  • We illustrate the computations involved using
    small integer values for P and Q
  • P 13, Q 17 gt N 221, Z 192
  • d 5
  • 3. To find e solve the equation
  • e x d 1 mod Z
  • That is, e x d is the smallest element divisible
    by d in the series Z1, 2Z1, 3Z1, ... .
  • e d 1 mod 192 1, 193, 385, ...
  • 385 is divisible by d
  • e 385/5 77

38
RSA Algorithm (2)
  • To encrypt text using the RSA method, the
    plaintext is divided into equal blocks of length
    k bits where 2k lt N (that is, such that the
    numerical value of a block is always less than N
    in practical applications, k is usually in the
    range 512 to 1024).
  • k 7, since 27 128
  • The function for encrypting a single block of
    plaintext M is
  • E'(e, N, M) Me mod N
  • for a message M, the ciphertext is M77 mod 221
  • The function for decrypting a block of encrypted
    text c to produce the original plaintext block
    is
  • D'(d, N, c) cd mod N

39
RSA Algorithm (3)
  • Rivest, Shamir and Adelman proved that E' and D'
    are mutual inverses (that is, E'(D'(x))
    D'(E'(x)) x) for all values of P in the range 0
    P N.
  • The two parameters e, N can be regarded as a key
    for the encryption function, and similarly d, N
    represent a key for the decryption function.
  • So we can write Ke lte, Ngt and Kd ltd, Ngt, and
    we get the encryption function
  • E(Ke, M) MK (the notation here indicating that
    the encrypted message can be decrypted only by
    the holder of the private key Kd) and D(Kd, MK
    ) M.

40
Digital Signatures
  • Real signatures provide a number of features
  • Authentic Signature provides authenticity for a
    documents
  • Unforgeable Signatures are hard to forge
  • Non-repudiable
  • Signatures cant be repudiated. The signers
    cannot credibly deny that the document was signed
    by them.
  • Unalterable Signatures are unalterable or
    erasable.
  • Non-reusable Signatures, as parts of the
    document, arent reusable.
  • In reality there are ways around all of these for
    real signatures.

41
Signing with Hash Functions
  • 1. Alice produces a one-way has of the document.
  • A hH(D)
  • 2. Alice encrypts the hash
  • A hKA-
  • 3. Alice sends the document and the signed hash
    to Bob.
  • A-gtB D, hKA-
  • 4. Bob verifies by producing the same hash and
    decrypting the hash Alice sent.

42
Signing Documents with Private Keys
  • 1. Alice encrypts the hash of the document with
    her private key.
  • 2. Alice sends the document plus hash to Bob.
  • 3. Bob hashes the document and compares the
    result to what he decrypted, thereby verifying
    the signature.
  • - The sig is authentic (the hashes match)
  • - The sig is unforgeable (as long as no one has
    the private key but Alice)
  • - The sig is not reusable (its a function of the
    document)
  • - The signed doc is unalterable (the hashes
    wouldnt match)
  • - The document cant be repudiated.

43
Digital signatures with public keys
44
Low-cost signatures with a shared secret key
45
What can the hacker do?
  • He/She has to break almost all the 220
    messages to decrypt (expected 219) of them
  • Cryptoanalysis is the science of recovering the
    plaintext of a message without access to the key.
  • Doesnt have to discover the key necessarily.
  • The loss of a key without cryptoanalysis is
    called a compromise.

46
Cryptanalysis -- Attacks
  • Ciphertext-only attack
  • Learning from samples of Ciphertexts
  • Given C1 EK(M1) , C2 EK(M2) ,, Ci EK(Mi)
  • Deduce either M1, M2,,Mi, or k or infer Mi1
    from Ci1
  • Known-plaintext attack
  • Learning from samples of Ciphertext-plaintext
    pairs
  • Given M1 C1 EK(M1) , M2 C2 EK(M2),, Mi Ci
    EK(Mi)
  • Deduce either k or infer Mi1 from Ci1

47
Cryptanalysis -- Attacks
  • Chosen-plaintext attack
  • Learning from samples of Ciphertext-plaintext
    pairs where the hacker chooses the plaintext
  • Given M1 C1 EK(M1) , M2 C2 EK(M2),, Mi Ci
    EK(Mi)
  • Deduce either k or infer Mi1 from Ci1
  • Chosen-ciphertext attack
  • Learning from samples of Ciphertext-plaintext
    pairs where the hacker chooses the ciphertext
  • Given M1 C1 EK(M1) , M2 C2 EK(M2),, Mi Ci
    EK(Mi)
  • Deduce k
  • Rubbery-attack
  • Well.
  • Threats, blackmails, torture, pay-offs.

48
Compromising Security
  • Totally break e.g., obtain the decryption key
  • Global deduction find an alternative way to
    decryption
  • Instance (local) deduction find the plaintext of
    the intercepted ciphertext
  • Information deduction some information about the
    plaintext or the key

49
Cryptoanalysis
  • Ideally, the attacker has to use brute force in
    an exhaustive search of the key-space.
  • It is the complexity of launching the attack that
    secures us
  • Data complexity a large number of expected
    inputs (e.g., ciphertext)
  • Storage complexity a large amount of storage
    units required.
  • Processing complexity a large number of
    operations required.

50
Cryptoanalysis
  • A simple substitution cipher over a natural
    language can be easy.
  • Dont attack. We arent ready.
  • Vkju muumbf. Rc mocju ocmvw.
  • With 26! tries, you will definitely get a pattern
    to decrypt.

51
Summary
  • Basic concepts
  • Cipher Schemes
  • Data Encryption Standard-DES
  • Public Key Systems-RSA
  • Digital Signature
  • Cryptography Analysis
Write a Comment
User Comments (0)
About PowerShow.com