Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.



Similar documents
Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Symmetric Key cryptosystem

How To Understand And Understand The History Of Cryptography

Network Security. HIT Shimrit Tzur-David

Cryptography & Network Security

IT Networks & Security CERT Luncheon Series: Cryptography

7! Cryptographic Techniques! A Brief Introduction

Properties of Secure Network Communication

Lecture 9 - Network Security TDTS (ht1)

Secure Network Communication Based on Text-to-Image Encryption

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Cryptography and Network Security

Network Security. Outline of the Tutorial

Chapter 8. Network Security

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

The Misuse of RC4 in Microsoft Word and Excel

How To Understand Cryptanalysis

How To Encrypt With A 64 Bit Block Cipher

Application Layer (1)

Network Security - ISA 656 Introduction to Cryptography

Evaluation of the RC4 Algorithm for Data Encryption

Network Security. Omer Rana

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Overview of Symmetric Encryption

Chap 2. Basic Encryption and Decryption

Cyber Security Workshop Encryption Reference Manual

How To Use Pretty Good Privacy (Pgp) For A Secure Communication

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

Cryptography and Network Security Block Cipher

Chapter 10. Network Security

Cryptography Exercises

Sandeep Mahapatra Department of Computer Science and Engineering PEC, University of Technology

Introduction to Encryption

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

CRYPTOGRAPHY IN NETWORK SECURITY

Network Security. Modes of Operation. Steven M. Bellovin February 3,

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Overview/Questions. What is Cryptography? The Caesar Shift Cipher. CS101 Lecture 21: Overview of Cryptography

Application Layer (1)

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

1 Data Encryption Algorithm

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

CSE/EE 461 Lecture 23

CSE331: Introduction to Networks and Security. Lecture 20 Fall 2006

Cryptography and Network Security

Insight Guide. Encryption: A Guide

CSCE 465 Computer & Network Security

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Secure E-Commerce: Understanding the Public Key Cryptography Jigsaw Puzzle

CIS433/533 - Computer and Network Security Cryptography

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security Technology Network Management

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

Safer data transmission using Steganography

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Chapter 23. Database Security. Security Issues. Database Security

CS 758: Cryptography / Network Security

Techniques of Asymmetric File Encryption. Alvin Li Thomas Jefferson High School For Science and Technology Computer Systems Lab

A SOFTWARE COMPARISON OF RSA AND ECC


Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

EDA385 Embedded Systems Design. Advanced Course

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: Web:

Table of Contents. Bibliografische Informationen digitalisiert durch

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Network Security: Cryptography CS/SS G513 S.K. Sahay

An Introduction to RSA Public-Key Cryptography

Security in Distributed Systems. Network Security

Effective Secure Encryption Scheme [One Time Pad] Using Complement Approach Sharad Patil 1 Ajay Kumar 2

CSCE 465 Computer & Network Security

Message Authentication Codes

Chapter 23. Database Security. Security Issues. Database Security

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

About the Tutorial. Audience. Prerequisites. Disclaimer & Copyright. Cryptography

Symmetric and Public-key Crypto Due April , 11:59PM

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Three attacks in SSL protocol and their solutions

Simple Encryption/Decryption Application

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

Today. Network Security. Crypto as Munitions. Crypto as Munitions. History of Cryptography

Cryptography and Network Security Chapter 9

AC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014

SCP - Strategic Infrastructure Security

CS Computer Security Third topic: Crypto Support Sys

Lecture 9: Application of Cryptography

Fundamentals of Computer Security

Cipher Techniques on Networks. Amit Konar Math and CS, UMSL

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Transcription:

Cryptography: Motivation Many areas have sensitive information, e.g. Data Structures and Algorithms Cryptography Goodrich & Tamassia Sections 3.1.3 & 3.1.4 Introduction Simple Methods Asymmetric methods: public and private keys. Finance: many transactions encrypted, e.g. PIN on ATM card Commerce: sensitive negotiations, electronic commerce Military: battle plan, weapon control Diplomacy: sensitive negotiations In each case: Trying to communicate at a distance. Others could easily eavesdrop, or insert messages You don t want them to know the content of your message (e.g., credit card details; battle plan). 1 2 Secret Writing Methods Two alternatives: So use some secret writing technique(s) so the message can only be understood by intended recipient. Predates computing, although early computers were developed to break encryption, e.g. the Enigma code. Steganography: hidden writing, e.g. invisible ink, using low-definition bits of sound/graphics files. Big advantage: don t reveal to enemy that you have information to hide. Cryptology: scramble the message. Has two disciplines: Cryptography: developing codes/ciphers Cryptanalysis: breaking codes/ciphers 3 4

Cryptographic Terminology There are two main encryption methods: Transposition: reorder character/word by another Substitution: replace 1 character/word by another Either method can be applied to words or characters: Codes operate on words, where Ciphers operate on characters. Encryption methods may be Symmetric: same key used by sender and receiver. Hence vital that key doesn t get into hands of the enemy. Asymmetric: sender uses one key to encrypt, receiver uses another to decrypt. Hence senders key may be public. Encryption Example PLAINTEXT: attack at dawn +---+ +---+ +---+ KEY +---+ ===============> CIPHERTEXT / \ ---------------> / \ / \ \ / \ SENDER \ RECEIVER v +---+ +---+ / \ / \ ENEMY 5 6 A typical method: Sender transmits key to reciever (may need to be over a secure channel) Sender encrypts plaintext using key to produce ciphertext Sender transmits ciphertext over insecure channel Receiver uses key to decrypt ciphertext. Enemy or cryptanalyst intercepts message and attempts to break the encryption, i.e. decrypt it without the key. Must be sufficiently hard to break the encryption that it isn t worth the enemies time! Symmetric Methods Columnar Transposition Cipher To encrypt: Write the plaintext in columns of depth k (= key), padding (with *) the end as necessary, read off in rows, e.g. if key = 4. Plaintext: Transposition ciphers are easy! T s i n p s e s r p t _ h y a o i c e a e! n s o i r r a * Ciphertext: Tsinpsesrpt h yaoiceae!nsoirra* To decrypt: write ciphertext as rows of (message length/k), and read off columns. To break: try every key between 1 and message length (easy) 7 8

Better Method Caesar Cipher A Substitution Cipher Key = k (some small integer) To encrypt: replace Nth letter of alphabet with (N+k)th, e.g. k = 2 a b c d e f g h i j k l m n o p q r s t u v w x y z _ c d e f g h i j k l m n o p q r s t u v w x y z _ a b So plaintext attack is encrypted as cvvcem. To decrypt: Replace Nth letter by (N-k)th. To break: Try all values of k until get something meaningful (very easy!) To encrypt: Use a fixed permutation of the alphabet as the key, i.e. map each character to another e.g., a b c d e f g h i j k l m n o p q r s t u v w x y z _ q w e r t y u i o p a s d f g h j k l z x c v b n _ m So plaintext badly is encrypted as wqrsn. To break: You might think this would be hard to break: there is an enormous choice of keys (26!), but providing there s enough cipher text it s easy to break using simple statistical methods. The occurrence frequencies of each character in a language is well known, e.g. in English e is most common, then t etc. Also look for common short words, e.g. digrams ( an, at, as ) and trigrams ( the, and ) Exercise: Use the permutation above to encrypt 9 10 Vigenere Cipher Like simple Caeser cipher, but use a repeated key to specify k for each character in plaintext: key: abc = (k values 1, 2 3) three million plaintext: attack key abcabc.. k 123123 ciphertext: bvwben Harder to decrypt. Can t use character frequencies, and with long key, will take a long time to try all possible keys. Exercise: Use the Vignere cipher to encrypt three million using key bad 11 12

Vernam Cipher (One time pad) Use above method, but with key as long as plaintext Only use it once! VERY secure; no way to decrypt as equally likely to end up with any message at all. Problems memorizing/distributing key. But useful in situations where a key can be sent ahead of time. Possible keys: A book: Alice in Wonderland, edition X, starting on page 102, line 4. Pads containing 100s of pages of keys. Simple Cryptanalysis Methods How do we break ciphertexts? Brute force: try all possible keys. Statistical: look at character frequencies. Cribs: Look for known parts of message e.g., email/html header, date, time, spaces. Or a combination. Try all likely combinations, once other methods have suggested most likely ones. Exercise: Use the Vignere cipher to encrypt three million using key sadbadmadladhad Exercise: Is sadbadmadladhad a good key? Why? 13 14 Pseudo keys How do we approximate the security of the one-time pad, without the overhead of needing a very long key? Generate a very long (longer than plaintext) key from a shorter ones, in a pseudo- random fashion. For example a simple encryption machine, takes the true key (cryptovariable): Generates long key from it as a stream of bits. XORs this with the binary of the plaintext. Exercise: Locate and experiment with a Java pseudorandom number generator true key: 16256 pseudokey: 100101100011.. plaintext: 1001110100.. ciphertext: 0000101100 Decrypt using exactly same method. 15 16

DES Operation DES - The Data Encryption Standard The Data Encryption Standard, or DES, was the first official U.S. government cipher intended for commercial use. DES is the most widely used cryptosystem in the world. DES is a block cipher, which operates on 64-bit data fragments, using a 56-bit key. 64-bit Plaintext \/ 56-bit key Transposition 1 \/ \/ Substitution 1 <--------- Pseudo Key Generator \/ /. /. / / Substitution 16<----- \/ Transposition 2 \/ Transposition 3 \/ 64-bit Ciphertext 17 18 DES In Practice The substitution stages in DES re-arrange the order of the bits from the previous stage, and use XOR to combine them with the key. The effectiveness of DES is based on the complexity of the 19 stages. In the above diagram, two identical 64-bit plaintexts will result in identical ciphertexts. This is called the Electronic Code Book (ECB) mode of operation. The ECB mode of operation is now rarely used, since it is now generally agreed that it is breakable given sufficient resources In the Chain Block Cipher (CBC) mode, each block of plaintext is exclusive-ored with the ciphertext output from the previous encryption operation. Thus, the next block of ciphertext is a function of its corresponding plaintext, the 56-bit key and the previous block of ciphertext. Identical blocks of plaintext no longer generate identical ciphertext, which makes this system much more difficult to break. The CBC mode of DES is the normal method for encryption in modern business data communications. 19 20

DES Evaluation The original (IBM) algorithm which was the basis of DES used a 128 bit key. The US government changed this to a 56 bit key. This made DES considerably less secure. Many people believe that the US government has a backdoor (or trapdoor) decryption technique which is infeasible at 128 bits, but possible with 56. This has never been confirmed. 56 bit key DES is nowadays regarded as probably crackable. A variation called triple encryption DES uses two keys (112 bits) and is currently considered sufficiently secure. The Advanced Encryption Standard Other encryption standards exist. The Advanced Encryption Standard (AES) is intended to be a cipher that will remain secure for several decades from now. AES supports key sizes of 128 bits, 192 bits, and 256 bits, in contrast to the 56-bit keys offered by DES. The AES algorithm was published in November 2002, and is now gaining widespread use, and superseding DES. See good article on Wikipedia. 21 22 Java Cryptography Engine Java programs execute over insecure networks, and hence are vulnerable to security attacks The Java Cryptography Engine(JCE) is part of the java.security package & contains methods to: Generate key pairs Construct cipher objects, with encryption/ decryption methods, e.g. Cipher ciph = Cipher.getInstance( DES ) Initialise cipher objects, e.g. ciph.initencrypt(keys) Encrypt/Decrypt the data, e.g. Asymmetric Methods: Public Key Cryptosystems How to safely send key from sender to receiver? Avoid problem by using different keys to decrypt/encrypt. Sender uses PUBLIC key to encrypt. Receiver uses PRIVATE key to decrypt. Ciphertext can NOT be decrypted using public key. So public key can be published, like telephone directory. Private keys never transmitted. byte[] ciphertext = ciph.crypt(cleartext) 23 24

Public Key Example Suppose you want to send a secret message M to John. Look up John s public key. Encrypt your message using it, and transmit to John. John then uses his private key to decrypt. More formally, given message M, public key P, and private key S, then encrypted message is P(M) and decrypted message is S(P(M)). We must guarantee that S(P(M))=M, and can t decrypt knowing P. Challenge: How do we come up with suitable public and private keys to make it work? RSA Public Key Encryption Developed by Rivest, Shamir and Aldeman at MIT around 1977, represents public and private keys as pairs of big numbers (N, P) and (N, S). Message also represented as a number M. Prime number theory used to find suitable values for S, N and P, as follows: Choose three prime numbers x,y,z (say 3, 5, 7). S=largest (i.e. 7) N=product of other two (i.e. 15) P chosen so PxS % (x-1)(y-1) = 1 i.e. 7P % 8=1. e.g. P=23 25 26 To encrypt: C = M P % N. e.g., M=2, C = 2 23 % 15 = 8 To decrypt: M = C S % N. e.g., = 8 7 % 15 = 2 To break: Very hard! We know from number theory that factoring the product of large primes is computationally very expensive. In practice keys are primes with hundreds of digits. As it s believed to be relatively secure, RSA is widely used: e.g. in Internet Browsers (e.g. Mozilla, Netscape) and PGP (Pretty Good Privacy). RSA Session Keys Although secure RSA encryption needs hard maths to construct the keys! Encryption/decryption time consuming. So method often used to encrypt keys not whole message. You send a message with an RSA encrypted KEY. Decode it using RSA to get ordinary key. Then decode message with the ordinary key using symmetric methods. The ordinary key is referred to as the session key. Can be randomly generated, and only used once. 27 28

Internet Browser Encryption Browsers like Mozilla & Netscape use: RSA key encryption to encode a session key. Session key used to encrypt/decrypt subsequent messages. In practice: Client finds server s public key. Generates a random session key. Encrypts session key with server s public key (using RSA). Encrypts message with session key (using simpler methods) Sends encrypted session key + encrypted message. Server decrypts session key using private key. Decrypts message using session key. Social and Ethical Issues Encryption world is secretive: often organisations don t reveal if a code can be broken. Governments monitor communications, e.g. GCHQ and phone satellites scan phone calls and emails for keywords like bomb Columbia, CIA seek to break codes Individuals have a right to privacy, and commonly available software, e.g. PGP freeware, secure communication, encrypted disks: disliked by governments. In the context of terrorism, crime, drug trafficking and money laundering should secure communication be widely available? 29 30 Summary Simple Symmetric methods: Columnar trans. Caesar, Vernam Simple codes&ciphers broken using frequencies, cribs, brute force. Pseudo-keys: long keys generated from shorter ones; harder to break. Standards: DES, AES Asymmetric methods, e.g.rsa public key encryption: needn t transfer key. WWW: public key encryption of session keys. Social & Ethical Issues 31

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information