Types of Cryptosystems. Implementation of Security Services. Types of Cryptosystems (1)

Transcription

1 ECE Lecture 3 Types of Cryptosystems Implementation of Security Services Types of Cryptosystems (1) Block vs. stream s 1

2 Cryptosystem (Cipher) n bits k bits cryptographic m bits text Block vs. stream s M 1, M 2,, M n m 1, m 2,, m n K Block K Internal state - IS Stream C 1, C 2,, C n c 1, c 2,, c n C i =f K (M i ) c i = f K (m i, IS i ) IS i+1 =g K (m i, IS i ) Every block of text is a of only one corresponding block of plaintext Every block of text is a of the current block of plaintext and the current internal state of the 2

3 Typical stream Sender initialization vector (seed) Receiver initialization vector (seed) Pseudorandom Key Generator Pseudorandom Key Generator k i stream k i stream m i plaintext c i text c i text m i plaintext Types of Cryptosystems (2) Secret- vs. public- s 3

4 Secret- (Symmetric) Cryptosystems of Alice and - K AB of Alice and - K AB Network Alice Encryption Decryption Key Distribution Problem N - Users N (N-1) 2 Keys Users Keys 100 5, ,000 4

5 Digital Signature Problem Both corresponding sides have the same information and are able to generate a signature There is a possibility of the receiver falsifying the sender denying that he/she sent the Public Key (Asymmetric) Cryptosystems Public of - K B Private of - k B Network Alice Encryption Decryption 5

6 Classification of cryptosystems Terminology secret- symmetric public asymmetric symmetric- classical conventional One-way X f(x) Y EXAMPLE: f -1 (Y) f: Y=f(X) = A X mod P where P and A are constants, P is a large prime, A is an integer smaller than P Number of bits of P Average number of multiplications necessary to compute f f

7 Trap-door one-way Whitfield Diffie and Martin Hellman New directions in cryptography, 1976 PUBLIC KEY X f(x) Y f -1 (Y) PRIVATE KEY Alice Key Distribution s public s private s public text text s public Intruder text 7

8 Alice signature Digital Signature signature Alice s private Alice s public Alice s public Intruder signature Alice s public Judge signature Alice s public Implementation of Security Services 8

9 Non-repudiation Alice Signature Signature Hash Hash Hash value 1 Hash value yes no Public Hash value 2 Public Alice s private Alice s public Hash arbitrary length m h hash h(m) hash value fixed length 9

10 Hash s Basic requirements 1. Public description, NO 2. Compression arbitrary length input fixed length output 3. Ease of computation Hash s Security requirements It is computationally infeasible Given To Find h(m) m m and h(m) m m, such that h(m ) = h(m) m m, such that h(m ) = h(m) 10

11 Non-repudiation Alice Signature Signature Hash Hash Hash value 1 Hash value Public yes/no Hash value 2 Public Alice s private Alice s public Non-repudiation Alice Signature Signature Hash Hash Signature generation Hash value Public Alice s private yes/no Signature Hash value verification 1 Hash value 2 Public Alice s public 11

12 Alice Authentication MAC MAC K AB Secret of Alice and Secret algorithm K AB Secret of Alice and Secret algorithm MAC yes MAC no MAC - Autentication Codes (ed hash s) arbitrary length m secret K MAC MAC fixed length 12

13 MAC s Basic requirements 1. Public description, SECRET parameter 2. Compression arbitrary length input fixed length output 3. Ease of computation MAC s Security requirements Given zero or more pairs m i, MAC(m i ) i = 1..k it is computationally impossible to find any new pair m, MAC(m ) such that m m i i = 1..k 13

14 CBC-MAC (Cipher Block Chaining MAC) MAC M 1 M 2 M t Secret- Secret- Secret- K AB K AB K AB Relations among security services NON-REPUDIATION AUTHENTICATION CONFIDENTIALITY INTEGRITY 14

15 Non-repudiation Alice Signature Signature Hash Hash Hash value 1 Hash value yes no Public Hash value 2 Public Alice s private Alice s public Alice Authentication MAC MAC K AB Secret of Alice and Secret algorithm K AB Secret of Alice and Secret algorithm MAC yes MAC no 15

16 Hybrid Systems Features required from today s s STRENGTH PERFORMANCE FUNCTIONALITY easy distribution digital signatures 16

17 Features of secret- s STRENGTH PERFORMANCE FUNCTIONALITY easy distribution digital signatures Features of public- s STRENGTH PERFORMANCE FUNCTIONALITY easy distribution digital signatures 17

18 Average Decryption Speed for implementations based on the same technology software hardware AES deing speed RSA-1024 deing speed Basic operations of secret s - S-box S-box n x m n S m Substitution C ASM Software WORD S[1<<n]= { 0x23, 0x34, 0x } S DW 23H, 34H, 56H.. x 1 x 2 x n ROM direct logic... Hardware n-bit address 2 n words m-bit output... y 1 y 2 y m 18

19 Basic operations of secret s - P-box Software Hardware P-box n x n P n C sequence of instructions <<,, & x 1 x 2 x x n-1 x n n Permutation ASM sequence of instructions ROL, OR, AND y 1 y 2 y 3 y n-1 y n order of wires Encryption Basic Operations of the Public Key Cryptosystem RSA public exponent text = plaintext mod public modulus Decryption k-bits k-bits k-bits private exponent plaintext = text mod private modulus k-bits k-bits k-bits 19

20 Hybrid Systems Network Alice session (random secret-) s public s private Session encrypted using s public encrypted using session Hybrid Systems - Sender s Side (2) Alice 1 session random Secret Public 3 s public 2 Session encrypted using s public encrypted using session 20

21 Hybrid Systems - Receiver s Side (2) session random 1 Public s private 2 Secret Session encrypted using s public encrypted using session Evaluating the security of secret- s 21

22 Classification of attacks (1) Ciphertext-only attack Given: text Looked for: plaintext or Example: Frequency analysis of letters in the text (effective only for most simple historical s) Classification of attacks (2) Known plaintext attack Given: text guessed fragment of the plaintext Looked for: remaining plaintext or Example: exhaustive search (brute-force ) attack successive s 22

23 Classification of attacks (3) Given: Capability to en an arbitrarily chosen fragment of the plaintext Chosen plaintext attack Encryption module Looked for: Example: Differential cryptanalysis M i M i * Encryption module i=1..n C i C i * Classification of attacks (4) Given: Capability to de an arbitrarily chosen fragment of the text Chosen text attack Encryption module Looked for: 23