Introduction to Symmetric and Asymmetric Cryptography

Similar documents
Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography

CSE/EE 461 Lecture 23

CRYPTOGRAPHY IN NETWORK SECURITY

Client Server Registration Protocol

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Network Security Technology Network Management

Overview/Questions. What is Cryptography? The Caesar Shift Cipher. CS101 Lecture 21: Overview of Cryptography

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Introduction to Cryptography

Information Security

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Chapter 23. Database Security. Security Issues. Database Security

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Content Teaching Academy at James Madison University

Chapter 23. Database Security. Security Issues. Database Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Is your data safe out there? -A white Paper on Online Security

CPSC 467b: Cryptography and Computer Security

Network Security. HIT Shimrit Tzur-David

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Savitribai Phule Pune University

Chapter 6 Electronic Mail Security

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Cryptography & Network Security

CSCE 465 Computer & Network Security

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure

How To Understand And Understand The History Of Cryptography

The application of prime numbers to RSA encryption

Principles of Network Security

Three attacks in SSL protocol and their solutions

TELE 301 Network Management. Lecture 18: Network Security

SECURITY IN NETWORKS

SFWR ENG 4C03 - Computer Networks & Computer Security

Cyber Security Workshop Encryption Reference Manual

CS 758: Cryptography / Network Security

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

BRIEF INTRODUCTION TO CRYPTOGRAPHY. By PAGVAC. February 8, 2004

mod_ssl Cryptographic Techniques

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

7! Cryptographic Techniques! A Brief Introduction

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

CS Computer Security Third topic: Crypto Support Sys

Computer Security: Principles and Practice

Network Security Protocols

Chapter 10. Network Security

How To Use Pretty Good Privacy (Pgp) For A Secure Communication

Elements of Security

Outline. Digital signature. Symmetric-key Cryptography. Caesar cipher. Cryptography basics Digital signature

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

A SOFTWARE COMPARISON OF RSA AND ECC

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Why you need secure

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

How To Encrypt Data With Encryption

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

PGP - Pretty Good Privacy

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Lecture 6 - Cryptography

EXAM questions for the course TTM Information Security May Part 1

Overview. SSL Cryptography Overview CHAPTER 1

Chapter 7: Network security

Lecture G1 Privacy, Security, and Cryptography. Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007

Cryptography and Network Security

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 7 Security CS655! 7-1!

Authentication in WLAN

SSL/TLS: The Ugly Truth

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security Sensor Network. Biswajit panja

Cryptography & Digital Signatures

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Network Security. Omer Rana

Cryptography and Security

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Introduction to Encryption

A Standards-based Approach to IP Protection for HDLs

What is network security?

Elements of Applied Cryptography Public key encryption

Lecture 9: Application of Cryptography

Strong Encryption for Public Key Management through SSL

Message Authentication Codes

Computer System Management: Hosting Servers, Miscellaneous

Properties of Secure Network Communication

Transcription:

Introduction to Symmetric and Asymmetric Cryptography Ali E. Abdallah Birmingham CityUniversity Email: Ali.Abdallah@bcu.ac.uk

Lectures are part of the project: ConSoLiDatE Multi-disciplinary Cooperation for Cyber Security, Legal and Digital Forensics Education Supported by December 2014-March 2016

Objectives n Motivate the needs for cryptography n Explain the role of cryptography in everyday use n Symmetric Cryptography: n Describe the main concept n Analyse some examples n Discuss strength and limitations n Asymmetric Cryptography n Describe the main concept n Analyse some examples n Discuss strength and limitations n Questions.

Why Use Cryptography? To communicate secret information when other people (eavesdroppers) are listening. When attacker has access to the raw bits representing the information Ø Mitigation: Data encryption Cryptographic techniques

The Cast of Characters Alice and Bob are honest players. Eve and Malory are adversaries (intruders) Eve eavesdropper, is a passive intruder. Sniffs messages at will Malory is an active intruder. Aims to view, alter, delete and inject messages into the network

Confidentiality Malory Bob Alice Eve Problem: Alice and Bob would like to exchange messages over a public network (such as Internet) in such a way that information contents are not revealed to anyone but the intended recipient. Solution: Data Encryption + clever Cryptography Confidentiality 6

How does it work? Two functions are needed: 7 Confidentiality

Example encoder function is next letter in the alphabet decoder function is attack at midnight buubdl bu njeojhiu buubdl bu njeojhiu attack at midnight Confidentiality 8

Encryption and Decryption attack at midnight - plaintext buubdl bu njeojhiu - ciphertext Encoding the contents of the message (the plaintext) in such a way that hides its contents from outsiders is called encryption. The process of retrieving the plaintext from the cipher-text is called decryption. Encryption and decryption usually make use of a key, and the coding method is such that decryption can be performed only by knowing the proper key. Confidentiality 9

The Encryption Process Aim: to hide a message content by making it unreadable Key Plaintext Scrambling data Ciphertext: unreadable version Confidentiality 10

Encryption and Decryption The encryption and decryption functions take a key as an additional input. 11 Confidentiality

Shared Keys In a symmetric cryptosystem the encryption key and the decryption key are identical. A longer key implies stronger encryption. 12 Confidentiality

Symmetric Cryptosystems Use the same key (the secret key) to encrypt and decrypt a message

Symmetric Encryption Shared Key Encryption Algorithm Decryption Algorithm Alice Sender and recipient Must both know the key. This is a weakness! Bob Confidentiality 14

Symmetric XOR Cipher P encrypts to C with key K and C decrypts P to with same key K. Plain Key Cipher P 0 1 1 0 1 0 0 1 0 K 1 0 0 1 1 0 0 1 0 C 1 1 1 1 0 0 0 0 0 = K 1 0 0 1 1 0 0 1 0 = P 0 1 1 0 1 0 0 1 0 Confidentiality 15

One Time Pad The perfect encryption Pad: perfectly random list of letters Ø Use each letter exactly once to encrypt one letter of message and to decrypt the one letter of message Ø Discard each letter once used (hence, pad) Ø Method: Add the message letter and the key letter Mod 26. This is reversible like XOR. The message can never, ever, be found (unless you have the pad). Confidentiality 16

Example one time pad P encrypts to C with key K and C decrypts P to with same key K. Plain Key Cipher P a t t a c k a t K a l i a b d a l C b f c a d m d b f = K a l i a b d a l = P a t t a c k a t Confidentiality 17

Symmetric Encryption 1. Agree on a Shared Key Alice would like to send a confidential file to Bob PASSWORD IS GREEN! 2. Encrypt using Shared Key CJG5%jARGONS8* %K23##hsgdfey9 826. 3. Email file CJG5%jARGONS8* %K23##hsgdfey9 826. 4. Decrypt using Shared Key PASSWORD IS GREEN! Confidentiality 18

Emailing an encrypted message Alice wants to send a confidential CREDIT CARD message CODE IS 5206 to Bob

Symmetric Encryption 1. Agree on a Shared Key CREDIT CARD CODE IS 5206 2. Encrypt using Shared Key CJG5%jARGONS8* %K23##hsgdfey9 826. 3. Email file CJG5%jARGONS8* %K23##hsgdfey9 826. 4. Decrypt using Shared Key CREDIT CARD CODE IS 5206 Confidentiality 20

Symmetric Cryptosystems 1. Data Encryption Standard (DES) Ø Developed in the 1970s; made a standard by the US government, was adopted by several other governments worldwide and was widely used in the financial industry until 2004. Ø Block cipher with 64-bit block size. Ø Uses 56-bit keys: Strong enough to keep most random hackers and individuals out, but it is easily breakable with special hardware. Ø A variant of DES, Triple-DES or 3DES is based on using DES three times (normally in an encrypt-decrypt-encrypt sequence with three different, unrelated keys). Many people consider Triple-DES to be much safer than plain DES. Confidentiality 21

Advanced Encryption Standard (AES) Current standard. DES was perceived as breakable in mid 2000. AES was a stronger replacement to DES. Confidentiality 22

Symmetric Cryptosystems (2) 2. RC2, RC4 and RC5 (RSA Data Security, Inc.) Ø Variable-length keys as long as 2048 bits Ø Algorithms using 40-bits or less are used in browsers to satisfy export constraints Ø The algorithm is very fast. Its security is unknown, but breaking it seems challenging. Because of its speed, it may have uses in certain applications. 3. IDEA (International Data Encryption Algorithm) Ø Developed at ETH Zurich in Switzerland. Ø Uses a 128 bit key, and it is generally considered to be very secure. Ø Patented in the United States and in most of the European countries. The patent is held by Ascom-Tech. Non-commercial use of IDEA is free. Commercial licenses can be obtained by contacting idea@ascom.ch. Ø Used in email encryption software such as PGP and RSA Confidentiality 23

Symmetric Cryptosystems (3) 4. Blowfish Ø Developed by Bruce Schneider. Ø Block cipher with 64-bit block size and variable length keys (up to 448 bits). It has gained a fair amount of acceptance in a number of applications. No attacks are known against it. Ø Blowfish is used in a number of popular software packages, including Nautilus and PGPfone. 5. SAFER Ø Developed by J. L. Massey (one of the developers of IDEA). It is claimed to provide secure encryption with fast software implementation even on 8-bit processors. Ø Two variants are available, one for 64 bit keys and the other for 128 bit keys. An implementation is in ftp:// ftp.funet.fi/pub/crypt/cryptography/symmetric/safer. Confidentiality 24

Limitations Parties that have not previously met cannot communicate securely Many people need to communicate with a server (many-to-one communications) Ø cannot keep server key secret for long Once the secret key is compromised, the security of all subsequent messages is suspect and a new key has to be generated Authentication service must know private key Ø privacy implications---someone else knows your key Ø two possible points of attack Ø changing authentication service requires a new key Digital signatures are difficult Cross realm authentication Ø accessing services outside the domain or realm of your authentication server is problematic Ø requires agreement and trust between authentication services Ø introduces another potential point of attack Confidentiality 25

Analysis Private or symmetric key systems rely on symmetric encryption algorithms where information encrypted with a key K can only be decrypted with K. Secret key is exchanged via some other secure means (hand-delivery, over secured lines, pre-established convention). Time to crack known symmetric encryption algorithms KEY LENGTH SPEND $$THOUSANDS SPEND $$MILLIONS SPEND $100 MILLION 40 bits seconds < 1 second <.01 second 56 bits hours minutes 1 second 64 bits days hours minutes 80 bits years months days 128 bits > million years > million years > centuries Confidentiality 26

Symmetric Cryptosystems Problems How to transport the secret key from the sender to the recipient securely and in a tamperproof fashion? If you could send the secret key securely, then, in theory, you wouldn't need the symmetric cryptosystem in the first place -- because you would simply use that secure channel to send your message. Frequently, trusted couriers are used as a solution to this problem. Confidentiality 27

Asymmetric Cryptosystems In asymmetric-key cryptography, users do not need to know a symmetric shared key; everyone shields a private key and advertises a public key

Key Agreement Alice and Bob don t already share a key and can t meet to do so. How can they make their future communications confidential? The main protocol we study is the celebrated Diffie-Hellmann Key Exchange (DHKE) protocol. 29

Diffie-Hellman Key Exchange Idea Alice Bob g 1/3 key is public g Alice fills up another 1/3 of key using her part (x) and sends the mix to Bob x g y g Bob fills up another 1/3 of key using his part (y) and sends the mix to Alice Alice completes the key by adding her secret part (x) x y g Two keys are the same: it doesn t matter if x if filled first or y. y x g Bob completes the key by adding his secret part (y)

An alternative interpretation Alice & Bob each think of a secret color (known only to them) They mix their color with yellow (agreed upon openly ahead of time) and exchange. They mix their color with what they ve received. Both have the same color but observer cannot duplicate. Alice Bob

Asymmetric Encryption B B Encryption Algorithm Decryption Algorithm Alice Sender knows public key Recipient knows private key. B B Bob A 32

Signing and verification A A Signing Algorithm Verification Algorithm Alice A A Sender knows private key Recipient knows public key. Bob 33

Properties These algorithms are based on computationally intensive problems such as finding the prime factors of large numbers. Ø Longer the length of the key pair, the more time it takes to crack the private key Ø Keys used in today s internet will take millions of years to crack using today s technologies Confidentiality 34

Slow Public key cryptosystems are slow, really slow! Ø three orders of magnitude (1000 times) slower than AES Ø mainly used as key exchange tool Scientists are supposed to be real smart and love to solve difficult problems Ø but even they hope to never solve factoring Ø if you can find a quick solution, Ø fame, dollars and danger lurk! Confidentiality 35

Problems Keys are usually very long and encryption is expensive Ø RSA encryption is a 1000 times slower than typical symmetric algorithms Ø hard to remember secret key - where do you store it? Ø typically only used for authentication, then a random key and a symmetric encryption algorithm is used for subsequent communication Multicast is problematic Ø Better to authenticate using public key algorithm, then use random key with symmetric algorithm How do you know you have the right public key for a principal? Ø Public key is usually distributed as a document ``signed'' by a well known and trusted certification authority (e.g. Verisign). This is called a certificate. How do you determine if signature is up to date? What if the key has been compromised? Confidentiality 36

Analysis Private (Symmetric) key: + encryption is fast Ø identity is not easily portable across authentication services Ø secret key must be held by server + good for structured, organizational security Public (Asymmetric) key: Ø encryption is slow + identity is inherently portable + secret key need not ever be revealed + provides digital signatures + good for individuals in loosely structured networks Confidentiality 37

Digital Envelopes 1. Agree on a Session Key CJG5%jARGONS8* %K23##hsgdfey9 826. 2. Use Session Key to Encrypt /Decrypt transmitted messages SKY IS Blue! SKY IS Blue! CJG5%jARGONS8* %K23##hsgdfey9 826. Confidentiality 38

Digital Envelope Combination of public-key (asymmetric) cryptography and symmetric systems Sender: Ø Generate a secret key at random called the session key (which is discarded after the communication session is done) Ø Encrypt the message using the session key and the symmetric algorithm of your choice Ø Encrypt the session key with the recipient s public key. This becomes the digital envelope Ø Send the encrypted message and the digital envelope to the recipient Confidentiality 39

Digital Envelope Recipient Ø Receive the envelope, uses private key to decrypt it recovering the session key. Ø The message is secure since it is encrypted using a symmetric session key that only the sender and recipient know. Ø The session key is also secure since only the recipient can decrypt it. Ø Can even act like a one time pad Confidentiality 40

Summary Cryptosystems: Symmetric & Asymmetric Ø Symmetric: Use the same key (the secret key) to encrypt and decrypt a message Ø Asymmetric: Use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Symmetric Cryptosystems Problems Ø How to transport the secret key from the sender to the recipient securely and in a tamperproof fashion? If you could send the secret key securely, then, in theory, you wouldn't need the symmetric cryptosystem in the first place -- because you would simply use that secure channel to send your message. Ø Frequently, trusted couriers are used as a solution to this problem. Modern solutions combine features from both Symmetric & asymmetric cryptosystems.

Questions?

Summary Cryptography enables parties to communicate on open networks without fear of being eavesdropped Ø all cryptographic schemes have their limitations Symmetric schemes use a common key for encryption and decryption. Asymmetric (public key) schemes use a public-private key pair where the public key is used by senders to encrypt and only the recipient with the private key can decrypt the message. Trade-offs between symmetric and asymmetric schemes. Digest functions (Hash-functions) can be used to maintain integrity of a message and make it tamper-proof. Digital envelopes combine the security of asymmetric schemes with the efficiency of symmetric schemes. Certification authorities allow authenticated access to public keys. A hierarchy of certification authorities (hierarchy of trust) can be used. Certification Revocation Lists maintain a list of invalid certificates. Confidentiality 44

Digital Envelope Combination of public-key (asymmetric) cryptography and symmetric systems Sender: Ø Generate a secret key at random called the session key (which is discarded after the communication session is done) Ø Encrypt the message using the session key and the symmetric algorithm of your choice Ø Encrypt the session key with the recipient s public key. This becomes the digital envelope Ø Send the encrypted message and the digital envelope to the recipient Confidentiality 45

Digital Envelope Recipient Ø Receive the envelope, uses private key to decrypt it recovering the session key. Ø The message is secure since it is encrypted using a symmetric session key that only the sender and recipient know. Ø The session key is also secure since only the recipient can decrypt it. Ø Can even act like a one time pad Source: Bob Thibadeau http:// dollar.ecom.cmu.edu/sec/lec02.ppt Confidentiality 46

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information