Cryptography & Network Security

Transcription

1 Cryptography & Network Security Lecture 1: Introduction & Overview Common Terms(1) Cryptography: The study of mathematical techniques related to aspects of information security Cryptanalysis: The study of mathematical techniques for attempting to defeat cryptographic techniques Cryptology: The study of cryptography and cryptanalysis Cryptosystem: A general term referring to a set of cryptographic primitives used to provide information security Symmetric key primitives; Public key primitives Steganography: The method of concealing the existence of message Cryptography is not the only means of providing information security, but rather one set of such techniques 1

2 Common Terms(2) Cipher: Block cipher, Stream cipher, Public key cipher Plaintext/Cleartext ( ), Ciphertext ( ) Encryption/Encipherment, Decryption/Decipherment Key (or Cryptographic key) Secret key Private key / Public key Authentication essage authentication User authentication Digital signature Security Threats Interruption/Denial of service Interception: eavesdropping, wiretapping, theft odification Fabrication/Forgery Unauthorized access Denial of facts 2

3 Security Services Security services A service that enhances information security using one or more security mechanisms Confidentiality/Secrecy Interception Authentication Forgery Integrity odification Nonrepudiation Denial of facts Access control Unauthorized access Availability Interruption Security echanisms Security mechanism A mechanism designed to detect, prevent, or recover from a security attack Encryption Authentication Digital signature Key exchange Access control onitoring & Responding 3

4 odels for Evaluating Security Conditional vs Unconditional Unconditional security Computational security Provable vs Ad hoc Provable security Ad hoc security Summary: Security Needs for Network Communications Confidentiality Authentication Availability Interception Is Private? Forgery Who am I dealing with? Denial of Service Wish to access!! Integrity Non-Repudiation Access Control odification Has been altered? Not SENT! Claim Who sent/received it? Unauthorised access Have you privilege? 4

5 Solutions for Security Needs Physical Solutions CONFIDENTIAL Temper-evident sealed envelope ID-card, Passport, Drivers license Signature Cryptographic Solutions Encryption with AC : Confidentiality, Authentication, Integrity Protection Digital Certificate : Identification Digital Signature : Authentication, Integrity Protection, Non-Repudiation Security mechanisms are combined to provide a security service Virtual Private Network(VPN), Firewall, IDS, etc. Classical Encryption Techniques Basic building blocks of all encryption techniques Substitution: replacement Transposition: relocation Substitution ciphers Caesar cipher onoalphabetic ciphers Playfair cipher Hill cipher Polyalphabetic ciphers: Vigenere cipher Vernam cipher/one-time pad: perfect cipher Transpotition techniques Rotor machines: Enigma, Purple 5

6 Diffusion Confusion and Diffusion Ideally, ciphertext should look as if it is a random string of letters. Distributes or disperses the statistical structure of plaintext over the ciphertext. Hides the statistical relationships between the ciphertext and the underlying plaintext. Changes in the plaintext should affect many parts of the ciphertext. Substitution + Transposition Confusion The principle of confusion prevents the cryptanalyst from using ciphertext to figure out the secret encryption key. Hides the statistical relationship between ciphertext and secret key. The interceptor should not be able to predict what changing one character in the plaintext will do to the ciphertext. Substitution (Well-designed & Complex) Cryptographic Primitives Unkeyed Primitives Hash functions One-way Permutations Random Sequence Symmetric Key Primitives Symmetric Key Ciphers : Block ciphers, Stream ciphers essage authentication schemes: Keyed hash functions(ac) Pseudorandom Sequences Public Key Primitives Public Key Ciphers Digital Signatures Identification Primitives 6

7 Symmetric Encryption odel Cryptanalyst Adversary K E Insecure Channel D Plaintext Ciphertext C Secure Channel Plaintext Key K Shared Secret Key C = E K () D K (C) = Asymmetric Encryption odel Bob Cryptanalyst Adversary KA_d Alice E Insecure Channel D Plaintext Ciphertext C Plaintext Authentic Channel Alice s Public Key Obtain Alice s KA_e public Key Alice s Private Key KA_d C = E KA_e () D KA_d (C) = 7

8 Symmetric Authentication odel Cryptanalyst Adversary K mac Received essage AC + mac Insecure Channel Secure Channel AC =? Regenerated Success Or Failure Key K Shared Secret Key mac = AC K () AC K ( ) = mac? Regenerated mac = Received mac? Asymmetric Authentication odel Alice Cryptanalyst Adversary KA_d Bob essage SIGN + sig Alice s Private Key KA_d Insecure Channel Obtain Alice s public Key + sig Authentic Channel VERIFY Alice s Public Key KA_e Success Or Failure sig = SIGN KA_d () VERIFY KA_e (, sig ) = Success? 8

9 Secret Key vs Public Key Systems Symmetric Key Cryptosystem Both parties must share the same secret key Encrypt/Decrypt & AC generate/verify Very fast : Bulk data encryption, User/message authentication Block/Stream Cipher : AES, DES, IDEA, SEED, Crypton ; RC4, SEAL AC schemes: Keyed hash (HAC), CBC-AC Problem of Key Sharing ; Cannot provide Non-repudiation Public Key Cryptosystem A pair of (Public Key, Private Key) for each user Encrypt/Verify with peer s Public Key; Decrypt/Sign with its own Private Key Encryption scheme: RSA, ElGamal Key exchange: DH(Diffie-Hellman), ECDH Signature schemes: RSA, DSA, KCDSA, ECDSA, EC-KCDSA Slow : Key exchange, Authentication, Non-repudiation Problem : How to get the right peer s Public Key Hash Functions Hash Function Generate a fixed length Fingerprint for an arbitrary essage No Key involved One Way Function D5, SHA1, SHA2, HAS160 Applications Keyed hash: used to generate/verify AC(essage Authentication Code) or Integrity Check Value(ICV) HAC Unkeyed hash: used to produce Digital Signature essage H essage Digest D D = H() 9

10 essage Authentication Code(AC) Purposes Secure tag for authentication essage origin authentication User authentication essage integrity Schemes Keyed hash: HAC Block cipher: CBC-AC, XCBC-AC Dedicated AC: UAC AC AC SEND Shared Secret Key AC Digital Signature Digital Signature Combine Hash with Digital Signature and use PKC Provide Authentication and Non-Repudiation RSA; DSA, KCDSA, ECDSA, EC-KCDSA Hash Algorithm Sender s Public Key Signature Sender s Private Key Hash Signing Signature Signature SEND Hash Algorithm Hash1 Verifying Hash2 10