Upcoming SlideShare
×

# Cryptography

1,029 views
958 views

Published on

Cryptography

Published in: Education, Technology
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total views
1,029
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
73
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Cryptography

1. 1. Introduction to CryptographyIntroduction to Cryptography --- Foundations of information security ------ Foundations of information security --- Lecture 7Lecture 7
2. 2. CSE2500 System Security and Privacy 2 OutlineOutline Why study cryptologyWhy study cryptology?? Basic terms, notations and structure ofBasic terms, notations and structure of cryptographycryptography Private & public key cryptography examplesPrivate & public key cryptography examples Modern secret key ciphers : usage andModern secret key ciphers : usage and methodologymethodology Encryption and possible attacksEncryption and possible attacks Secret key ciphers designSecret key ciphers design Slides 23 to 26 for additional informationSlides 23 to 26 for additional information (and reading)(and reading)
3. 3. CSE2500 System Security and Privacy 3 Why Study cryptology(1)Why Study cryptology(1) A B Intruder Communications security
4. 4. CSE2500 System Security and Privacy 4 Why Study cryptology(2)Why Study cryptology(2) Customer Merchant TTP Electronic Commerce Security
5. 5. CSE2500 System Security and Privacy 5 Why Study cryptology(3)Why Study cryptology(3) A B LEA Law enforcement
6. 6. CSE2500 System Security and Privacy 6 The Basic ProblemThe Basic Problem We consider theWe consider the confidentialityconfidentiality goal:goal: Alice and Bob are FriendsAlice and Bob are Friends Marvin is a rivalMarvin is a rival Alice wants to send secret messages (MAlice wants to send secret messages (M11,M,M22,…),…) to Bob over the Internetto Bob over the Internet Rival Marvin wants to read the messages (MRival Marvin wants to read the messages (M11,M,M22,, …) - Alice and Bob want to prevent this!…) - Alice and Bob want to prevent this! Assumption:Assumption: The network is OPEN: Marvin isThe network is OPEN: Marvin is able to eavesdrop and read all data sent fromable to eavesdrop and read all data sent from Alice to Bob.Alice to Bob. Consequence:Consequence: Alice must not send messagesAlice must not send messages (M(M11,M,M22,…) directly – they must be “scrambled” or,…) directly – they must be “scrambled” or encryptedencrypted using a ‘secret code’ unknown tousing a ‘secret code’ unknown to Marvin but known to Bob.Marvin but known to Bob.
7. 7. CSE2500 System Security and Privacy 7 CryptographyCryptography plaintext (data file or messages) encryption ciphertext (stored or transmitted safely) decryption plaintext (original data or messages)
8. 8. CSE2500 System Security and Privacy 8 E D Message (cleartext, plaintext) Encrypted message (ciphertext) Encrypted message (ciphertext) Encryption Decryption key Alice Bob Private key cipherPrivate key cipher Message (cleartext,plaintext)
9. 9. CSE2500 System Security and Privacy 9 Basic termsBasic terms Cryptology (to be very precise)Cryptology (to be very precise) Cryptography --- code designingCryptography --- code designing Cryptanalysis --- code breakingCryptanalysis --- code breaking Cryptologist:Cryptologist: Cryptographer & cryptanalystCryptographer & cryptanalyst Encryption/enciphermentEncryption/encipherment Scrambling data into unintelligible toScrambling data into unintelligible to unauthorised partiesunauthorised parties Decryption/deciphermentDecryption/decipherment Un-scramblingUn-scrambling
10. 10. CSE2500 System Security and Privacy 10 Types of ciphersTypes of ciphers Private key cryptosystems/ciphersPrivate key cryptosystems/ciphers The secret key is shared between twoThe secret key is shared between two partiesparties Public key cryptosystems/ciphersPublic key cryptosystems/ciphers The secret key is not shared and twoThe secret key is not shared and two parties can still communicate using theirparties can still communicate using their public keyspublic keys
11. 11. CSE2500 System Security and Privacy 11 Examples of “Messages”Examples of “Messages” Types of secret “Messages” AliceTypes of secret “Messages” Alice might want to send Bob (in increasingmight want to send Bob (in increasing length):length): Decision (yes/no),Decision (yes/no), eg. as answer to theeg. as answer to the question “Are we meeting tomorrow?”question “Are we meeting tomorrow?” Numerical ValueNumerical Value, eg. as answer to the, eg. as answer to the question “at what hour are we meeting?”question “at what hour are we meeting?” DocumentDocument SoftwareSoftware,, ImagesImages etc.etc.
12. 12. CSE2500 System Security and Privacy 12 ConceptsConcepts A private key cipher is composed ofA private key cipher is composed of two algorithmstwo algorithms encryption algorithm Eencryption algorithm E decryption algorithm Ddecryption algorithm D The same key K is used for encryptionThe same key K is used for encryption & decryption& decryption K has to be distributed beforehandK has to be distributed beforehand
13. 13. CSE2500 System Security and Privacy 13 NotationsNotations Encrypt a plaintext P using a key K &Encrypt a plaintext P using a key K & an encryption algorithm Ean encryption algorithm E C = E(K,P)C = E(K,P) Decrypt a ciphertext C using the sameDecrypt a ciphertext C using the same key K and the matching decryptionkey K and the matching decryption algorithm Dalgorithm D P = D(K,C)P = D(K,C) Note: P = D(K,C) = D(K, E(K,P))Note: P = D(K,C) = D(K, E(K,P))
14. 14. CSE2500 System Security and Privacy 14 The Caesar cipher (e.g)The Caesar cipher (e.g) The Caesar cipher is a substitutionThe Caesar cipher is a substitution cipher, named after Julius Caesar.cipher, named after Julius Caesar. Operation principle:Operation principle: each letter is translated into the lettereach letter is translated into the letter a fixed number of positionsa fixed number of positions after itafter it in the alphabet table.in the alphabet table. The fixed number of positions is a keyThe fixed number of positions is a key both for encryption and decryption.both for encryption and decryption.
15. 15. CSE2500 System Security and Privacy 15 The Caesar cipher (cnt’d)The Caesar cipher (cnt’d) K=3 Inner: ciphertext Outer: plaintext
16. 16. CSE2500 System Security and Privacy 16 An exampleAn example For a key K=3,For a key K=3, plaintext letter:plaintext letter: ABCDEF...UVWXYZABCDEF...UVWXYZ ciphtertext letter:ciphtertext letter: DEF...UVWXYZABCDEF...UVWXYZABC HenceHence TREATY IMPOSSIBLETREATY IMPOSSIBLE is translated intois translated into WUHDWB LPSRVVLEOHWUHDWB LPSRVVLEOH
17. 17. CSE2500 System Security and Privacy 17 Breaking classic ciphersBreaking classic ciphers With the help of fast computers,With the help of fast computers, 99.99% ciphers used before 1976 are99.99% ciphers used before 1976 are breakable by using one of the 4 typesbreakable by using one of the 4 types of attacks (described later).of attacks (described later). Modern cluster computers and futureModern cluster computers and future quantum computers can break severalquantum computers can break several existing ciphers due to the power ofexisting ciphers due to the power of such computers.such computers.
18. 18. CSE2500 System Security and Privacy 18 Breaking the Caesar cipherBreaking the Caesar cipher By trial-and errorBy trial-and error By using statistics on lettersBy using statistics on letters frequency distributions of lettersfrequency distributions of letters letterletter percentpercent AA 7.49%7.49% BB 1.29%1.29% CC 3.54%3.54% DD 3.62%3.62% EE 14.00%14.00% ....................................................................
19. 19. CSE2500 System Security and Privacy 19 Toy example of private keyToy example of private key cryptography (TPC)cryptography (TPC) Assume that a message is broken into 64-bit blocks and eachAssume that a message is broken into 64-bit blocks and each 64-bit block of plaintext is encrypted separately:64-bit block of plaintext is encrypted separately: Key space are combinations of numerical digits – max: 7Key space are combinations of numerical digits – max: 7 digits-digits- (eg: key = [1]; or key = [1,3], or key = [1,4,2]).(eg: key = [1]; or key = [1,3], or key = [1,4,2]). Assume that all 8 bits of a byte is used and key digits startAssume that all 8 bits of a byte is used and key digits start from left to right.from left to right. Encryption: Each plaintext block is first shifted by the numberEncryption: Each plaintext block is first shifted by the number of binary digits before the last non-zero digit of the key. It isof binary digits before the last non-zero digit of the key. It is then exclusive-ored with the key starting from the first byte ofthen exclusive-ored with the key starting from the first byte of the block, repeatedly to the end of the block (the key moves athe block, repeatedly to the end of the block (the key moves a distance of its size from left to right of the plaintext block).distance of its size from left to right of the plaintext block). Decryption: do the reverse of encryption: the cipher-text isDecryption: do the reverse of encryption: the cipher-text is exclusive-ored and then shifted.exclusive-ored and then shifted. 0 0 0= 1 1 0= 0 1 1= 1 0 1= : exclusive: exclusive oror
20. 20. CSE2500 System Security and Privacy 20 Using TPCUsing TPC Use TPC to encrypt the plaintext “12345”, keyUse TPC to encrypt the plaintext “12345”, key = [1,4,2]= [1,4,2] Use TPC to encrypt the plaintext “TREATYUse TPC to encrypt the plaintext “TREATY IMPOSSIBLE”; key = [4];IMPOSSIBLE”; key = [4]; Use TPC to encrypt the plaintext “100Use TPC to encrypt the plaintext “100 dollars”, key = [2,4];dollars”, key = [2,4];
21. 21. CSE2500 System Security and Privacy 21 Principles of Private Key EncryptionPrinciples of Private Key Encryption Devise cryptographic algorithms:Devise cryptographic algorithms: a set of fast functions (E1, E2, E3, ..En) that when in turna set of fast functions (E1, E2, E3, ..En) that when in turn applied to an input (initial or intermediate input) willapplied to an input (initial or intermediate input) will produce a more potentially scrambled output.produce a more potentially scrambled output. and a set of functions (D1,D2,D3, .. Dn) that when in turnand a set of functions (D1,D2,D3, .. Dn) that when in turn applied to the cipher text (final or intermediate) willapplied to the cipher text (final or intermediate) will produce the original input text.produce the original input text. Devise algorithms, tests and proofs to validateDevise algorithms, tests and proofs to validate your cryptographic algorithmsyour cryptographic algorithms Analysing algorithms.Analysing algorithms. Tests with powerful computers such as specialised,Tests with powerful computers such as specialised, parallel, cluster, or quantum computers.parallel, cluster, or quantum computers. Mathematical proofs.Mathematical proofs.
22. 22. CSE2500 System Security and Privacy 22 Toy example of public keyToy example of public key cryptographycryptography Definition: The multiplicative inverse ofDefinition: The multiplicative inverse of xx with modulowith modulo nn isis yy such that (such that (xx**yy) mod) mod nn = 1= 1 E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1E.g:x=3; n=10, => y=7; since (3*7) mod 10 = 1 The above multiplicative inverse can be used to create aThe above multiplicative inverse can be used to create a simple public key cipher: eithersimple public key cipher: either xx oror yy can be thought of as acan be thought of as a secret key and the other is the public key. Letsecret key and the other is the public key. Let xx = 3,= 3, yy = 7,= 7, nn == 10, and M be the message:10, and M be the message: M = 4 ;M = 4 ; 3*4 mod 10 = 2; (ciphertext) - encrypting3*4 mod 10 = 2; (ciphertext) - encrypting 2*7 mod 10 = 4 = M ; (message) - decrypting2*7 mod 10 = 4 = M ; (message) - decrypting M =6 ;M =6 ; 3*6 mod 10 = 8;3*6 mod 10 = 8; 8*7 mod 10 = 6 = M (message)8*7 mod 10 = 6 = M (message)
23. 23. CSE2500 System Security and Privacy 23 What is PKE used for?What is PKE used for? Private Key Encryption (PKE) can bePrivate Key Encryption (PKE) can be used:used: Transmitting data over an insecureTransmitting data over an insecure channelchannel Secure stored data (encrypt & store)Secure stored data (encrypt & store) Provide integrity check:Provide integrity check: (Key + Mes.) -> MAC (message authentication(Key + Mes.) -> MAC (message authentication code)code)
24. 24. CSE2500 System Security and Privacy 24 Morden Cryptography applicationsMorden Cryptography applications Not just about confidentiality!Not just about confidentiality! IntegrityIntegrity Digital signaturesDigital signatures Hash functionsHash functions Fair exchangeFair exchange Contract signingContract signing AnonymityAnonymity Electronic cashElectronic cash Electronic votingElectronic voting Etc.Etc.
25. 25. CSE2500 System Security and Privacy 25 Modern private key ciphersModern private key ciphers DES (US, 1977) (3DES)DES (US, 1977) (3DES) key -- 56 bits, plaintext/ciphertext -- 64 bitskey -- 56 bits, plaintext/ciphertext -- 64 bits LOKI (ADFA, Australia, 1989)LOKI (ADFA, Australia, 1989) key, plaintext/ciphertext -- 64 bitskey, plaintext/ciphertext -- 64 bits FEAL (NTT, Japan, 1990)FEAL (NTT, Japan, 1990) key -- 128 bits, plaintext/ciphertext -- 64 bitskey -- 128 bits, plaintext/ciphertext -- 64 bits IDEA (Lai & Massey, Swiss, 1991)IDEA (Lai & Massey, Swiss, 1991) key -- 128 bits, plaintext/ciphertext -- 64 bitskey -- 128 bits, plaintext/ciphertext -- 64 bits SPEED (Y Zheng in 1996)SPEED (Y Zheng in 1996) Key/(plaintext/ciphertext) -- 48,64,80,…,256 bitsKey/(plaintext/ciphertext) -- 48,64,80,…,256 bits AES (Joan Daemen & Vincent Rijmen 2000)AES (Joan Daemen & Vincent Rijmen 2000) Key/(plaintext/ciphertext) -- 128, 192 and 256 bitsKey/(plaintext/ciphertext) -- 128, 192 and 256 bits
26. 26. CSE2500 System Security and Privacy 26 General approaches to CryptographyGeneral approaches to Cryptography There are two general encryption methods:There are two general encryption methods: Block ciphers &Block ciphers & Stream ciphersStream ciphers Block ciphersBlock ciphers Slice message M into (fixed size blocks)Slice message M into (fixed size blocks) mm11, …,, …, mmnn Add padding to last blockAdd padding to last block Use EUse Ekk to produce (ciphertext blocks)to produce (ciphertext blocks) xx11, …,, …, xxnn Use DUse Dkk to recover M fromto recover M from mm11, …,, …, mmnn E.g: DES, etc.E.g: DES, etc. Stream ciphersStream ciphers Generate a long random string (or pseudo random)Generate a long random string (or pseudo random) calledcalled one-time padone-time pad.. MessageMessage one-time padone-time pad (exclusive or)(exclusive or) E.g: EC4E.g: EC4
27. 27. CSE2500 System Security and Privacy 27 Design of Private Key Ciphers(1)Design of Private Key Ciphers(1) A Cryptographic algorithm should be efficient forA Cryptographic algorithm should be efficient for good usegood use It should be fast and key length should be of the rightIt should be fast and key length should be of the right length – e.g.; not too shortlength – e.g.; not too short Cryptographic algorithms are not impossible toCryptographic algorithms are not impossible to break without a keybreak without a key If we try all the combinations, we can get the originalIf we try all the combinations, we can get the original messagemessage The security of a cryptographic algorithm dependsThe security of a cryptographic algorithm depends on how much work it takes for someone to break iton how much work it takes for someone to break it E.g If it takes 10 mil. years to break a cryptographicE.g If it takes 10 mil. years to break a cryptographic algorithm X using all the computers of a state, X can bealgorithm X using all the computers of a state, X can be thought of as a secure one – reason: cluster computersthought of as a secure one – reason: cluster computers and quantum computers are powerful enough to crackand quantum computers are powerful enough to crack many current cryptographic algorithms.many current cryptographic algorithms.
28. 28. CSE2500 System Security and Privacy 28 Design of Private Key Ciphers(2)Design of Private Key Ciphers(2) Encryption Algorithm DesignEncryption Algorithm Design Should the strength of the algorithm beShould the strength of the algorithm be included in the implementation of theincluded in the implementation of the algorithm? Should we hide the algorithm?algorithm? Should we hide the algorithm? Should the block size be small or large?Should the block size be small or large? Should the keyspace be large?Should the keyspace be large? Should we consider other search ratherShould we consider other search rather than brute-force search?than brute-force search? Should we consider the hardwareShould we consider the hardware technology?technology?
29. 29. CSE2500 System Security and Privacy 29 4 types of cryptanalysis4 types of cryptanalysis Depending on what a cryptanalyst hasDepending on what a cryptanalyst has to work with, attacks can be classifiedto work with, attacks can be classified intointo ciphertext only attackciphertext only attack known plaintext attackknown plaintext attack chosen plaintext attackchosen plaintext attack chosen ciphertext attack (most severe)chosen ciphertext attack (most severe)
30. 30. CSE2500 System Security and Privacy 30 4 types of attacks4 types of attacks Ciphertext only attackCiphertext only attack the only data available is a targetthe only data available is a target ciphertextciphertext Known plaintext attackKnown plaintext attack a target ciphertexta target ciphertext pairs of other ciphertext and plaintextpairs of other ciphertext and plaintext (say, previously broken or guessing)(say, previously broken or guessing)
31. 31. CSE2500 System Security and Privacy 31 4 types of attacks4 types of attacks Chosen plaintext attacksChosen plaintext attacks a target ciphertexta target ciphertext can feed encryption algorithm withcan feed encryption algorithm with plaintexts and obtain the matchingplaintexts and obtain the matching ciphertextsciphertexts Chosen ciphertext attackChosen ciphertext attack a target ciphertexta target ciphertext can feed decryption algorithm withcan feed decryption algorithm with ciphertexts and obtain the matchingciphertexts and obtain the matching plaintextsplaintexts