Cryptography Intro

6,981 views
6,738 views

Published on

A very basic introduction to cryptography, used for a test teach at my old job.

Published in: Technology, Education
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,981
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
662
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • Cryptography Intro

    1. 1. Introduction to Cryptography Christopher Martin
    2. 2. What is Cryptography? <ul><li>“ There are two kinds of cryptography in the world: the kind that will keep your kid sister from reading your files, and the kind that will keep major governments from reading your files” - Bruce Schneier, preface to Applied Cryptography </li></ul><ul><li>Cryptography is the science of keeping things secret, this is known formally as confidentiality . </li></ul><ul><li>Cryptography can be asked to do other things as well. </li></ul>
    3. 3. But what can crypto do for me? <ul><li>Authentication </li></ul><ul><ul><li>Proof of identity </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Proof of content </li></ul></ul><ul><li>Nonrepudiation </li></ul><ul><ul><li>Proof of transmission </li></ul></ul>
    4. 4. Terminology <ul><li>Plaintext or Cleartext </li></ul><ul><ul><li>The message </li></ul></ul><ul><li>Ciphertext </li></ul><ul><ul><li>The encrypted message </li></ul></ul><ul><li>Encryption or Enciphering </li></ul><ul><ul><li>The process of turning plaintext into ciphertext </li></ul></ul><ul><ul><li>E(M) = C </li></ul></ul><ul><li>Decryption or Deciphering </li></ul><ul><ul><li>The opposite of the above </li></ul></ul><ul><ul><li>D(C) = M or D(E(M)) = M </li></ul></ul>
    5. 5. Son of Terminology <ul><li>Cryptography </li></ul><ul><ul><li>Art and science of keeping secrets secret </li></ul></ul><ul><ul><li>Practitioners are called Cryptographers </li></ul></ul><ul><li>Cryptanalysis </li></ul><ul><ul><li>The art and science of making secrets not. Breaking Cryptography </li></ul></ul><ul><ul><li>Practitioners are called Cryptanalysts </li></ul></ul><ul><li>Cryptology </li></ul><ul><ul><li>The branch of mathematics that encompasses both of the above. </li></ul></ul><ul><ul><li>Practitioners are called Cryptologists </li></ul></ul>
    6. 6. Return of Son of Terminology <ul><li>Key </li></ul><ul><ul><li>The “shared secret” used to keep the message secret. </li></ul></ul><ul><ul><li>Can be one value from any sized range, called the keyspace </li></ul></ul><ul><li>Cryptographic Algorithm </li></ul><ul><ul><li>The series of steps applied to the message and the key </li></ul></ul><ul><ul><li>Also called a cipher </li></ul></ul><ul><li>Cryptosystem </li></ul><ul><ul><li>A single algorithm, plus all possible plaintexts, ciphertexts, and keys </li></ul></ul>
    7. 7. A brief digression on secrecy <ul><li>All secrecy resides in the key </li></ul><ul><ul><li>Kerchoffs’ Law </li></ul></ul><ul><li>Restricted Algorithms </li></ul>
    8. 8. Types of encryption algorithms <ul><li>Asymmetric </li></ul><ul><ul><li>Also known as public key </li></ul></ul><ul><ul><li>Uses two keys, public and private </li></ul></ul><ul><li>Symmetric </li></ul><ul><ul><li>Uses one key that is shared between parties </li></ul></ul><ul><li>Historical/Classical </li></ul><ul><ul><li>Substitution ciphers, polyalphabetic cipers, codes </li></ul></ul><ul><li>Hash </li></ul><ul><ul><li>Not technically encryption algorithms but are part of cryptography </li></ul></ul>
    9. 9. Symmetric Encryption <ul><li>E k (M) = C, D k (C) = M, D k (E k (M)) = M </li></ul><ul><li>The encryption key can be calculated from the decryption key, and vice versa </li></ul><ul><ul><li>Usually, however, there is only one key </li></ul></ul><ul><li>The primary Achilles heel is that the key must be shared between n parties </li></ul><ul><li>DES, 3DES, Blowfish, Twofish, Serpent, IDEA, AES (Rijndael) </li></ul><ul><li>Can operate in two modes: stream and block, and most modern algorithms have variable key size </li></ul>
    10. 10. One Time Pads <ul><li>Subset of Symmetric ciphers </li></ul><ul><li>Offers theoretically perfect security </li></ul><ul><ul><li>Key is comprised of a large sheet of truly random letters. </li></ul></ul><ul><ul><li>Each key is used only once </li></ul></ul><ul><ul><li>Encryption is the addition modulo 26 of the key letter, and the plaintext letter </li></ul></ul>
    11. 11. Asymmetric Encryption <ul><li>E k-pub (M) = C, D k-priv (C) = M, D k-priv (E k-pub (M)) = M </li></ul><ul><li>Given the public key, it is computationally infeasible to calculate the private key </li></ul><ul><li>Can also be used for digital signatures </li></ul><ul><li>Examples: RSA, DSA, ElGamal,Diffe-Hellman </li></ul>
    12. 12. Hashing Algorithms <ul><li>Hashing is about integrity </li></ul><ul><li>There is no key involved in hashing </li></ul><ul><ul><li>Takes an arbitrary sized input, and produces a unique fixed size output </li></ul></ul><ul><ul><li>The smallest change in the input should produce a totally different output </li></ul></ul><ul><li>The process is non reversible </li></ul><ul><li>Examples: MD4, MD5, SHA-1, SHA-128, SHA-256 </li></ul>
    13. 13. Attacking Cryptography <ul><li>Cryptanalysis </li></ul><ul><ul><li>Ciphertext Only Attack </li></ul></ul><ul><ul><li>Known Plaintext Attack </li></ul></ul><ul><ul><li>Chosen Plaintext Attack </li></ul></ul><ul><ul><ul><li>Adaptive chosen plaintext </li></ul></ul></ul><ul><ul><li>Chosen Ciphertext Attack </li></ul></ul><ul><ul><li>Chosen Key Attack </li></ul></ul><ul><ul><li>Rubber Hose Cryptanalysis </li></ul></ul>
    14. 14. Where to use cryptography? <ul><li>Anywhere you want to have something remain secret </li></ul><ul><ul><li>SSL, TLS, IPv6, SSH, IPSec all keep information secure in transit </li></ul></ul><ul><ul><li>Any Symmetric Algorithm can keep your files safe in storage </li></ul></ul><ul><ul><ul><li>There are file systems available that will encrypt your data on the fly. EncFS and Loop-AES for unix, EFS for windows, FileVault for Mac OS X </li></ul></ul></ul><ul><ul><ul><li>You can add encryption at the application level, or at the server level for storing database information securely </li></ul></ul></ul>
    15. 15. Where can I get cryptography? <ul><li>Your best bet it to have it bundled with the Operating System, or to buy supported add-on hardware that does what you want. </li></ul><ul><ul><li>OpenBSD is the de facto standard for operating system supported cryptography. </li></ul></ul><ul><li>Add on libraries like OpenSSL and libTomCrypt are also available for most unix like platforms. </li></ul><ul><li>Roll Your Own </li></ul><ul><ul><li>Not really recommended unless you are an expert </li></ul></ul>
    16. 16. Conclusions <ul><li>Cryptography is only one part of a multi layered security system </li></ul><ul><li>It’s not a magic bullet </li></ul><ul><li>It’s fun </li></ul>
    17. 17. Sources <ul><li>Applied Cryptography , Bruce Schneier 1996, Wiley and Sons </li></ul><ul><li>Practical Cryptography , Bruce Schneier and Niels Ferguson 2003, Wiley Publishing </li></ul><ul><li>Silence on the Wire , Michael Zalewski 2005, No Starch Press </li></ul>

    ×