ECE 646 - Lecture 3 Types of Cryptosystems Implementation of Security Services Types of Cryptosystems (1) Block vs. stream s 1
Cryptosystem (Cipher) n bits k bits cryptographic m bits text Block vs. stream s M 1, M 2,, M n m 1, m 2,, m n K Block K Internal state - IS Stream C 1, C 2,, C n c 1, c 2,, c n C i =f K (M i ) c i = f K (m i, IS i ) IS i+1 =g K (m i, IS i ) Every block of text is a of only one corresponding block of plaintext Every block of text is a of the current block of plaintext and the current internal state of the 2
Typical stream Sender initialization vector (seed) Receiver initialization vector (seed) Pseudorandom Key Generator Pseudorandom Key Generator k i stream k i stream m i plaintext c i text c i text m i plaintext Types of Cryptosystems (2) Secret- vs. public- s 3
Secret- (Symmetric) Cryptosystems of Alice and - K AB of Alice and - K AB Network Alice Encryption Decryption Key Distribution Problem N - Users N (N-1) 2 Keys Users Keys 100 5,000 1000 500,000 4
Digital Signature Problem Both corresponding sides have the same information and are able to generate a signature There is a possibility of the receiver falsifying the sender denying that he/she sent the Public Key (Asymmetric) Cryptosystems Public of - K B Private of - k B Network Alice Encryption Decryption 5
Classification of cryptosystems Terminology secret- symmetric public asymmetric symmetric- classical conventional One-way X f(x) Y EXAMPLE: f -1 (Y) f: Y=f(X) = A X mod P where P and A are constants, P is a large prime, A is an integer smaller than P Number of bits of P Average number of multiplications necessary to compute f f -1 1000 1500 10 30 6
Trap-door one-way Whitfield Diffie and Martin Hellman New directions in cryptography, 1976 PUBLIC KEY X f(x) Y f -1 (Y) PRIVATE KEY Alice Key Distribution s public s private s public text text s public Intruder text 7
Alice signature Digital Signature signature Alice s private Alice s public Alice s public Intruder signature Alice s public Judge signature Alice s public Implementation of Security Services 8
Non-repudiation Alice Signature Signature Hash Hash Hash value 1 Hash value yes no Public Hash value 2 Public Alice s private Alice s public Hash arbitrary length m h hash h(m) hash value fixed length 9
Hash s Basic requirements 1. Public description, NO 2. Compression arbitrary length input fixed length output 3. Ease of computation Hash s Security requirements It is computationally infeasible Given To Find h(m) m m and h(m) m m, such that h(m ) = h(m) m m, such that h(m ) = h(m) 10
Non-repudiation Alice Signature Signature Hash Hash Hash value 1 Hash value Public yes/no Hash value 2 Public Alice s private Alice s public Non-repudiation Alice Signature Signature Hash Hash Signature generation Hash value Public Alice s private yes/no Signature Hash value verification 1 Hash value 2 Public Alice s public 11
Alice Authentication MAC MAC K AB Secret of Alice and Secret algorithm K AB Secret of Alice and Secret algorithm MAC yes MAC no MAC - Autentication Codes (ed hash s) arbitrary length m secret K MAC MAC fixed length 12
MAC s Basic requirements 1. Public description, SECRET parameter 2. Compression arbitrary length input fixed length output 3. Ease of computation MAC s Security requirements Given zero or more pairs m i, MAC(m i ) i = 1..k it is computationally impossible to find any new pair m, MAC(m ) such that m m i i = 1..k 13
CBC-MAC (Cipher Block Chaining MAC) MAC M 1 M 2 M t 0.... Secret- Secret- Secret- K AB K AB K AB Relations among security services NON-REPUDIATION AUTHENTICATION CONFIDENTIALITY INTEGRITY 14
Non-repudiation Alice Signature Signature Hash Hash Hash value 1 Hash value yes no Public Hash value 2 Public Alice s private Alice s public Alice Authentication MAC MAC K AB Secret of Alice and Secret algorithm K AB Secret of Alice and Secret algorithm MAC yes MAC no 15
Hybrid Systems Features required from today s s STRENGTH PERFORMANCE FUNCTIONALITY easy distribution digital signatures 16
Features of secret- s STRENGTH PERFORMANCE FUNCTIONALITY easy distribution digital signatures Features of public- s STRENGTH PERFORMANCE FUNCTIONALITY easy distribution digital signatures 17
Average Decryption Speed for implementations based on the same technology software hardware AES deing speed RSA-1024 deing speed 100 1000 Basic operations of secret s - S-box S-box n x m n S m Substitution C ASM Software WORD S[1<<n]= { 0x23, 0x34, 0x56.............. } S DW 23H, 34H, 56H.. x 1 x 2 x n ROM direct logic... Hardware n-bit address 2 n words m-bit output... y 1 y 2 y m 18
Basic operations of secret s - P-box Software Hardware P-box n x n P n C sequence of instructions <<,, & x 1 x 2 x 3...... x n-1 x n n Permutation ASM sequence of instructions ROL, OR, AND y 1 y 2 y 3 y n-1 y n order of wires Encryption Basic Operations of the Public Key Cryptosystem RSA public exponent text = plaintext mod public modulus Decryption k-bits k-bits k-bits private exponent plaintext = text mod private modulus k-bits k-bits k-bits 19
Hybrid Systems Network Alice session (random secret-) s public s private Session encrypted using s public encrypted using session Hybrid Systems - Sender s Side (2) Alice 1 session random Secret Public 3 s public 2 Session encrypted using s public encrypted using session 20
Hybrid Systems - Receiver s Side (2) session random 1 Public s private 2 Secret Session encrypted using s public encrypted using session Evaluating the security of secret- s 21
Classification of attacks (1) Ciphertext-only attack Given: text Looked for: plaintext or Example: Frequency analysis of letters in the text (effective only for most simple historical s) Classification of attacks (2) Known plaintext attack Given: text guessed fragment of the plaintext Looked for: remaining plaintext or Example: exhaustive search (brute-force ) attack successive s 22
Classification of attacks (3) Given: Capability to en an arbitrarily chosen fragment of the plaintext Chosen plaintext attack Encryption module Looked for: Example: Differential cryptanalysis M i M i * Encryption module i=1..n C i C i * Classification of attacks (4) Given: Capability to de an arbitrarily chosen fragment of the text Chosen text attack Encryption module Looked for: 23