9/17/2015. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Transcription

1 Cryptography Basics IT443 Network Security Administration Instructor: Bo Sheng Outline Basic concepts in cryptography system Secret cryptography Public cryptography Hash functions 1 2 Encryption/Decryption Cryptanalysis encryption decryption code breaking, attacking the cipher Plaintext: a message in its original form Ciphertext: a message in the transformed, unrecognized form Encryption: the process that transforms a into a Decryption: the process that transforms a to the corresponding Key: the value used to control encryption/decryption. Difficulty depends on sophistication of the cipher amount of information available to the code breaker Any cipher can be broken by exhaustive trials, but rarely practical 3 4 Caesar Cipher Replace each letter with the one 3 letters later in the ex.: CAT FDW Mono-Alphabetic Ciphers Generalized substitution cipher: an arbitrary (but fixed) mapping of one letter to another 26! ( 4.0* ) possibilities Trivial to break 5 6 1

2 Attacking Mono-Alphabetic Ciphers Broken by statistical analysis of letter, word, and phrase frequencies of the language Frequency of single letters in English language, taken from a large corpus of text: Ciphertext Only Attacks Ex.: attacker can intercept encrypted communications, nothing else Breaking the cipher: analyze patterns in the provides clues about the encryption method/ 7 8 Known Plaintext Attacks Ex.: attacker intercepts encrypted text, but also has access to some of the corresponding (definite advantage) Makes some codes (e.g., mono-ic ciphers) very easy to break Chosen Plaintext Attacks Ex.: attacker can choose any desired, and intercept the corresponding Allows targeted code breaking (choose exactly the messages that will reveal the most about the cipher) 9 10 The Weakest Link in Security Cryptography is rarely the weakest link Weaker links Implementation of cipher Distribution or protection of s Secret Keys vs Secret Algorithms Security by obscurity We can achieve better security if we keep the algorithms secret Hard to keep secret if used widely Reverse engineering, social engineering Publish the algorithms Security of the algorithms depends on the secrecy of the s Less unknown vulnerability if all the smart (good) people in the world are examine the algorithms

3 Outline Basic concepts in cryptography system Secret cryptography Public cryptography Hash functions Secret Key Cryptography encryption Same decryption Same is used for encryption and decryption Also known as Symmetric cryptography Conventional cryptography Secret Key Cryptography Stream cipher Block cipher Converts one input block of fixed size k bits to an output block of k bits DES, IDEA, AES, AES Selected from an open competition, organized by NSA Joan Daemen and Vincent Rijmen (Belgium) Block size=128 bits, Key Size= 128/192/256 bits Key Size Keys should be selected from a large potential set, to prevent brute force attacks Secret sizes 40 bits were considered adequate in 70 s 56 bits used by DES were adequate in the 80 s 128 bits are adequate for now If computers increase in power by 40% per year, need roughly 5 more bits per decade to stay sufficiently hard to break Public Key Cryptography Public Key Cryptography encryption decryption Sign Verify Public Private Private Public A public/private pair is used Public can be publicly known Private is kept secret by the owner of the Much slower than secret cryptography Also known as asymmetric cryptography Another mode: digital signature Digital signature Only the party with the private can create a digital signature. The digital signature is verifiable by anyone who knows the public. The signer cannot deny that he/she has done so

4 Public Key Cryptography It must be computationally easy to generate a public / private pair hard to determine the private, given the public It must be computationally easy to encrypt using the public easy to decrypt using the private hard to recover the message from just the and the public Symmetric vs Asymmetric Symmetric algorithms are much faster In the order of a 1000 times faster Symmetric algorithms require a shared secret Impractical if the communicating entities don t have another secure channel Both algorithms are combined to provide practical and efficient secure communication E.g., establish a secret session using asymmetric crypto and use symmetric crypto for encrypting the traffic Outline Basic concepts in cryptography system Secret cryptography Public cryptography Hash functions Message of arbitrary length Hash Function Hash A fixed-length short message Also known as Message digest One-way transformation One-way function Hash Length of H(m) much shorter than length of m Usually fixed lengths: 128 or 160 bits Properties of Hash Consider a hash function H Performance: Easy to compute H(m) One-way property: Given H(m) but not m, it s computationally infeasible to find m Weak collision resistance (free): Given H(m), it s computationally infeasible to find m such that H(m ) = H(m). Strong collision resistance (free): Computationally infeasible to find m 1, m 2 such that H(m 1 ) = H(m 2 ) Hash Applications File / Message integrity Check if a downloaded file is corrupted Detect if a file has been changed by someone after it was stored Compute a hash H(F) of file F openssl dgst -md5 filename

5 Hash Applications Password verification Password cannot be stored in In a hashed format Linux: /etc/passwd, /etc/shadow Hash Applications User authentication Alice wants to authenticate herself to Bob Assuming they already share a secret K Alice Bob cat /etc/shadow computes Y=H(R K) time verifies that Y=H(R K) Modern Hash Functions MD5 (128 bits) Previous versions (i.e., MD2, MD4) have weaknesses. Broken; collisions published in August 2004 Too weak to be used for serious applications SHA (Secure Hash Algorithm) Weaknesses were found SHA-1 (160 bits) Broken, but not yet cracked Collisions in 2 69 hash operations, much less than the brute-force attack of 2 80 operations Results were circulated in February 2005, and published in CRYPTO 05 in August 2005 SHA-256, SHA-384, Birthday Attack What is the smallest group size k such that The probability that at least two people in the group have the same birthday is greater than 0.5? 23 Implication for hash function H of length m With probability at least 0.5 If we hash about 2 m/2 random inputs, Two messages will have the same hash image m=64, 1ns per hash Brute force (2 64 ): seconds over 300 thousand years Birthday attack (2 32 ): 4 seconds Lab 1 Sample codes eecs.mit.edu s IP is Assume their subnetwork use 28-bit prefix Scan ~ dig -x short /home/shengbo/it443/scanip.sh /home/shengbo/it443/scanip.pl Plaintext Key Electronic Code Book (ECB) M 1 M 2 M 3 M padding E E E E Ciphertext C 1 C 2 C 3 C

6 Cipher Block Chaining (CBC) M 1 M 2 M 3 M 4 Initialization Vector Key padding E E E E C 1 C 2 C 3 C