The Elements of Cryptography

Similar documents
Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

IT Networks & Security CERT Luncheon Series: Cryptography

CRYPTOGRAPHY IN NETWORK SECURITY

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

An Introduction to Cryptography as Applied to the Smart Grid

Overview. SSL Cryptography Overview CHAPTER 1

Computer Security: Principles and Practice

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Lecture 9: Application of Cryptography

CSE/EE 461 Lecture 23

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Savitribai Phule Pune University

7! Cryptographic Techniques! A Brief Introduction

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Lukasz Pater CMMS Administrator and Developer

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

CS 758: Cryptography / Network Security

Secure Network Communications FIPS Non Proprietary Security Policy

Center for Internet Security. INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO

Properties of Secure Network Communication

Table of Contents. Bibliografische Informationen digitalisiert durch

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

SSL A discussion of the Secure Socket Layer

The Misuse of RC4 in Microsoft Word and Excel

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Computer System Management: Hosting Servers, Miscellaneous

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How To Encrypt Data With Encryption

Secure Sockets Layer

Application Note: Onsight Device VPN Configuration V1.1

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Chapter 7 Transport-Level Security

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Network Security. Omer Rana

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

SECURITY IN NETWORKS

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Chapter 10. Network Security

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. HIT Shimrit Tzur-David

Public Key Cryptography Overview

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO

As enterprises conduct more and more

SBClient SSL. Ehab AbuShmais

Chapter 17. Transport-Level Security

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Wireless Mobile Internet Security. 2nd Edition

DRAFT Standard Statement Encryption

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Cryptography and Key Management Basics

Secure E-Commerce: Understanding the Public Key Cryptography Jigsaw Puzzle

Principles of Network Security

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Chapter 7: Network security

Chapter 8. Network Security

, ) I Transport Layer Security

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

TLS and SRTP for Skype Connect. Technical Datasheet

Cryptography & Network Security

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Lab 7. Answer. Figure 1

Overview of Public-Key Cryptography

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

A Novel Approach to combine Public-key encryption with Symmetric-key encryption

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Communication Systems SSL

Content Teaching Academy at James Madison University

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Network Security Part II: Standards

WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Lecture 9 - Network Security TDTS (ht1)

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

VoIP Security. Seminar: Cryptography and Security Michael Muncan

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

Wireless Local Area. Network Security

Communication Security for Applications

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Transport Level Security

IBM i Version 7.3. Security Digital Certificate Manager IBM

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Transcription:

The Elements of Cryptography (March 30, 2016) Abdou Illia Spring 2016 Learning Objectives Discuss Cryptography Terminology Discuss Symmetric Key Encryption Discuss Asymmetric Key Encryption Distinguish between Hashing and Encryption 2 Cryptography? Traditionally, cryptography refers to The practice and the study of encryption Transforming information in order to prevent unauthorized people to read it. Today, cryptography goes beyond encryption/decryption to include Techniques for making sure that encrypted messages are not modified en route Techniques for secure identification/authentication of communication partners. 3 1

Your knowledge about Cryptography 1) Which of the following do cryptographic systems protect? a) Data stored on local storage media (like hard drives) from access by unauthorized users. b) Data being transmitted from point A to point B in a network c) Both a and b #$%^@ #$5hh&*9(?>/@$#)> 4 Your knowledge about Cryptography 2) Which of the following security issues is addressed by cryptographic systems? a) Confidentiality; i.e. protection against eavesdropping b) Authentication; i.e. assurance parties involved in a communication are who they claim to be c) Message integrity; i.e. assurance that messages are not altered en route d) Availability; i.e. making sure that communication systems are not shut down by intruders. e) All of the above 5 Basic Terminology 1 Plaintext: original message to be sent. Could be text, audio, image, etc. Encryption/Decryption Algorithm: mathematical tool (software) used to encrypt or decrypt Key: A string of bits used by to encrypt the plaintext or decrypt the ciphertext Ciphertext: encrypted message. Looks like a random stream of bits Plaintext Hello Party A Encryption Algorithm Hello + Encryption key Ciphertext 11011101 Network Ciphertext 11011101 Interceptor Decryption Algorithm + Decryption key Plaintext Hello Party B 6 2

Basic Terminology 2 Encryption: Converting plaintext into ciphertext using algorithms and keys The size of the ciphertext is proportional to the size of the plaintext Ciphertext is reversible to plaintext Symmetric Key Encryption: Same key is used both for encryption and decryption Keys are usually identical or trivially identical* * Trivially identical means simple transformation could lead from one key to the another. Party A Party B Asymmetric Key Encryption: Also called Public/Private Key Encryption Two different keys are used: one for encryption, one for decryption Party A Party B 7 Online Encrypt: http://www.flexcrypt.com/flexcryptfree.html https://www.tools4noobs.com/online_tools/ Your knowledge about Cryptography 3) Based on how symmetric encryption systems work, which of the following is the worst thing to happen? a) An attacker gets a copy of the encryption and decryption algorithms b) An attacker gets the decryption key c) a and b are equally damaging 4) Which of the following presents more challenge for exchanging keys between partners? a) Asymmetric encryption b) Symmetric encryption c) A and b are equally challenging 8 Exhaustive search and Key length Attacker could use the right algorithm and do an exhaustive search (i.e. try all possible keys) in order to decrypt the ciphertext Most attacks require the capture of large amount of ciphertext Every additional bit in the length of the key doubles the search time Every additional bit in the length of the key doubles the requirements in terms of minimum processor s speed to crack the key. Key Length in bits Number of possible keys (2 key length in bits ) 1 2 2 4 4 16 8 256 16 65536 56 72057594037927900 112 5192296858534830000000000000000000 or 5.1923E+33 168 3.74144E+50 256 1.15792E+77 512 1.3408E+154 9 3

Your knowledge about Cryptography 4) If you increase the key length from 56 bits to 66 bits. How much more key combinations an attacker who captures enough ciphertext will have to try in order to decipher the captured ciphertext using the appropriate algorithm? 5) Assuming that it takes 7 days to try all possible combinations of a 56 bit key, how much time it would take to try all possible combinations when the key length is increased to 58 bits? 10 Weak vs. Strong Keys Symmetric Key Encryption Usually for private of customer e-business Keys < 100-bit long are considered weak today. Keys 100-bit long or more are considered strong today. Asymmetric Key Encryption Usually used for B2B e-commerce Key pairs must be much longer (512 bit and more) because of the disastrous consequences of breaking the decryption key Key Length Number of possible keys (2 key length in bits ) Type of communication in bits 1 2 1 = 2 2 2 2 = 4 16 2 16 = 65536 56 2 56 = 72057594037927900 Private, symmetric, weak asymmetric (e.g. DES) 100 2 100 = Private, symmetric 112 2 112 = 5192296858534830000000000000000000 or 5.1923E+33 Business, asymmetric (e.g. 112-bit DES) 168 3.74144E+50 Business, asymmetric (e.g. 3DES) 256 1.15792E+77 Business, asymmetric (e.g. AES) 512 1.3408E+154 Business, asymmetric (e.g. RSA) 1024 to 4096 2 1024 to 24096 Business, asymmetric (e.g. RSA) 11 Your knowledge about Cryptography 6) Most attacks require the capture of large amount of ciphertext, which can take a certain amount of time. Beside using strong keys what else can be done to make it harder to crack the key? 12 4

Symmetric Key Encryption Symmetric Key Encryption methods Two categories of methods Stream cipher: algorithm operates on individual bits (or bytes); one at a time Block cipher: operates on fixed-length groups of bits called blocks Only a few symmetric methods are used today Methods Year approved Comments Data Encryption Standard - DES 1977 1998: Electronic Frontier Foundation s Deep Crack breaks a DES key in 56 hours DES-Cipher Block Chaining Triple DES TDES or 3DES 1999 Advanced Encryption Standard AES 2001 Its versions among the most used today Other symmetric encryption methods IDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish 14 Data Encryption Standard (DES) DES is a block encryption method, i.e. uses block cipher DES uses a 64 bit key; actually 56 bits + 8 bits computable from the other 56 bits Problem: same input plaintext gives same output ciphertext 64-Bit Plaintext Block 64-Bit DES Symmetric Key (56 bits + 8 redundant bits) DES Encryption Process 64-Bit Ciphertext Block 15 5

DES-Cipher Block Chaining DES-CBC uses ciphertext from previous block as input making decryption by attackers even harder An 64-bit initialization vector is used for first block First 64-Bit Plaintext Block DES Key Initialization Vector (IV) DES Encryption Process Second 64-Bit Plaintext Block DES Key First 64-Bit Ciphertext Block DES Encryption Process Second 16 64-Bit Ciphertext Block Triple DES (3DES) 168-Bit Encryption with Three 56-Bit Keys Sender Receiver 1st Encrypts original plaintext with the Decrypts ciphertext with 1 st key the 3d key 3rd 2nd Decrypts output of first step with the 2 nd key Encrypts output of the first step with the 2 nd key 2nd 3rd Encrypts output of second step with the 3d key; gives the ciphertext to be sent Decrypts output of second step with the 1 st key; gives the original plaintext 1st 17 Triple DES (3DES) 112-Bit Encryption With Two 56-Bit Keys Sender Receiver 1st Encrypts plaintext with the 1 st key Decrypts ciphertext with the 1 st key 1st 2nd Decrypts output with the 2 nd key Encrypts output with the 2 nd key 2nd 1st Encrypts output with the 1 st key Decrypts output with the 1 st key 1st 18 6

Your knowledge about Cryptography 7) Based on the way DES and 3DES work, which of the following is true? a) 3DES requires more processing time than DES b) Compared 3DES, DES requires more RAM c) Both a and b 8) Given the increasing use of hand-held devices, 3DES will be more practical than DES. a) True b) False 19 Advanced Encryption Standard - AES Developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael", a portmanteau of the names of the inventors Offers key lengths of 128 bit, 192 bit, and 256 bit Efficient in terms of processing power and RAM requirements compared to 3DES Can be used on a wide variety of devices including Cellular phones PDAs Etc. 20 DES, 3DES, and AES DES 3DES AES Key Length (bits) 56 112 or 168 128, 192, 256 Key Strength Weak Strong Strong Processing Requirements Moderate High Modest RAM Requirements Moderate High Modest 21 7

Encryption Algorithms Used by MS Operating Systems Default Algorithm Other Algorithms Operating System Windows 2000 DESX (none) Windows XP RTM DESX 3DES Windows XP SP1 AES 3DES, DESX Windows Server 2003 AES 3DES, DESX Windows Vista AES 3DES, DESX Windows Server 2008 AES 3DES, DESX (?) 22 Asymmetric Key Encryption Public Key Encryption For confidentiality Each Party uses other party s public key for encryption Each Party uses own private key for decryption No need to exchange private key, but key needs to be very strong (512+ bit) Encrypt with Party B s Public Key Encrypted Message Decrypt with Party B s Private Key Party A Decrypt with Party A s Private Key Encrypted Message Party B Encrypt with Party A s Public Key 24 8

Public Key Encryption methods Asymmetric encryption methods are used both for Encryption in order to provide confidentiality Digital signature in order to provide partners authentication Methods Year proposed Comments RSA by Ron Rivest, Adi Shamir, and 1977 1995: First attack in lab conditions was reported Leonard Adleman Elliptic Curve Cryptosystem - ECC 1985 Becoming widely used Other symmetric encryption methods: Dieffe-Hellman, El-Gamal 25 Basic Terminology 3 Hashing: Mathematical process for converting inputs into fixed-length outputs Hash function: Algorithm that does the hashing. Uses an input + a shared secret or password. Example: MD5, Secure Hash Algorithm. Hash: Fixed-length output of the hashing 26 Encryption Versus Hashing Use of Key Length of Result Encryption Uses a key as an input to an encryption method Output is similar in length to input Hashing Password is usually added to text; the two are combined, and the combination is hashed Output is of a fixed short length, regardless of input Reversibility Reversible; ciphertext can be decrypted back to plaintext One-way function; hash cannot be de-hashed back to the original string 27 9

Hashing & Public Key for authentication Asymmetric Key Encryption is also used for authentication Usually used along with hashing Public Key Encryption Hashing Confidentiality Sender encrypts with receiver s public key. Receiver decrypts with the receiver s own private key. Authentication Sender (supplicant) encrypts with own private key. Receiver (verifier) decrypts with the public key of the true party, usually obtained from a Certificate Authority. Used in MS-CHAP for initial authentication and in HMACs for message-by-message authentication Hashing and Public Key for authentication very used in cryptographic systems like SSL/TLS or IPSec 28 Cryptographic Systems Packaged set of cryptographic countermeasures used for protecting dialogues Example: Secure Socket Layer/Transport Layer Security SSL/TLS used in secured webservice Each cryptographic system includes different security standards (algorithms, hashing methods, security parameters) that comm. partners needs to agree on. Typical Process: Handshaking stages Ongoing communication stage: Message-by-Message authentication 29 Cryptographic Systems (cont.) Packaged set of cryptographic countermeasures used for protecting dialogues Handshaking Stage 1: Initial Negotiation of Security Parameters Client PC Handshaking Stage 2: Initial Authentication (Usually mutual) Handshaking Stage 3: Keying (Secure exchange of keys and other secrets) Server Time Ongoing Communication Stage with Message-by-Message Confidentiality, Authentication, and Message Integrity Electronic Signature (Authentication, Integrity) Plaintext Encrypted for Confidentiality 30 10

MS-CHAP * Hashing for Authentication CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients Shared secret 1) After the completion of the link establishment phase, the server sends a "challenge" message to the client. 2) The client responds with a value calculated using a one-way hash function, such as an MD5 or SHA (Secure Hash Algorithm). 3) The server checks the response against its own calculation of the expected hash value. If the values match, the server acknowledges the authentication; otherwise it should terminate the connection. 4) At random intervals the server sends a new challenge to the peer and repeats steps 1 through 3. * Microsoft s version of Challenge Handshake Authentication Protocol 31 Message-by-Message Authentication using Hashing and Public Key To Create the Digital Signature: 1. Hash the plaintext to create a brief Message Digest; this is NOT the Digital Signature. 2. Sign (encrypt) the message digest with the sender s private key to create the Digital Signature. Plaintext MD DS Hash Sign (Encrypt) with Sender s Private Key 3. Transmit the plaintext + digital signature, encrypted with symmetric key encryption. Sender DS Plaintext 4. Encrypted with Session Key Receiver 32 Message-by-Message Authentication (cont.) Plaintext Hash MD Sign (Encrypt) with Sender s DS Private Key 5. 6. Received Plaintext DS Hash MD Decrypt with True Party s Public Key 7. Are they equal? MD To Test the Digital Signature 5. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest. 6. Decrypt the digital signature with the sender s public key. This also should give the message digest. 7. If the two match, the message is authenticated. 33 11

Summary Questions See Questions on Your knowledge About Cryptography s slides in these class notes See ReadingQuestionCh3.doc file in Notes section of web site. Encryption Exercises posted to the course website 34 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information