Beruflich Dokumente
Kultur Dokumente
NETWORK SECURITY-ITIE533
Cryptography
At the end of the period, the students should be able to: Overview of Cryptography and encryption techniques Explain the Cryptography Key Fundamentals and History Distinguish the different types of encryption modes
Cryptography
The purpose of cryptography is to protect transmitted information from being read and understood by anyone except the intended recipient. In the ideal sense, unauthorized individuals can never read an enciphered message. In practice, reading an enciphered communication can be a function of time the effort and corresponding time, which is required for an unauthorized individual to decipher an encrypted message may be so large that it can be impractical. By the time the message is decrypted, the information within the message may be of minimal value.
Cryptography
Definitions Block Cipher
Obtained by segregating plaintext into blocks of n characters or bits and applying the identical encryption algorithm and key, K, to each block.
Cipher
A cryptographic transformation that operates on characters or bits.
Ciphertext or Cryptogram
An unintelligible message.
Clustering
A situation in which a plaintext message generates identical ciphertext messages using the same transformation algorithm, but with different cryptovariables or keys.
Cryptography
Codes
A cryptographic transformation that operates at the level of words or phrases.
Cryptanalysis
The act of obtaining the plaintext or key from the ciphertext that is used to obtain valuable information to pass on altered or fake messages in order to deceive the original intended recipient; breaking the ciphertext.
Cryptographic Algorithm
A step-by-step procedure used to encipher plaintext and decipher ciphertext.
Cryptography
Cryptography
The art and science of hiding the meaning of a communication from unintended recipients. The word cryptography comes from the Greek, kryptos (hidden) and graphein (to write).
Cryptology
Encompasses cryptography and cryptanalysis.
Cryptosystem
A set of transformations from a message space to a ciphertext space
Decipher
To undo the encipherment process and make the message readable
Encipher
To make the message unintelligible to all but the intended recipients.
Cryptography
Cryptography science of encrypting information. scrambles data so only authorized parties can unscramble and read data How do we scramble data? Substitution (confusion) Transposition (diffusion)
Basic Idea
Cryptographic Terminology
Cryptography - a method of storing and transmitting data in a form only intended for authorized parties to read or process. Cryptanalysis* - science of studying, breaking, and reverse engineering algorithms and keys.
Cryptographic Terminology
Encryption the method of transforming data (plaintext) into an unreadable format. Plaintext the format (usually readable) of data before being encrypted Cipher text the Scrambled format of data after being encrypted
Cryptographic Terminology
Decryption the method of turning cipher text back into Encryption algorithm a set or rules or procedures that dictates how to encrypt and decrypt data. Also called an encryption cipher Key (crypto variable) a values used in the encryption process to encrypt and decrypt
Cryptosystem Definitions
Key space the range of possible values used to construct keys example:
if a key can be 4 digits (0-9) key space = 10,000 if it can be 6 digits key space = 1,000,000
Key Clustering Instance when two different keys generate the same cipher text from the same plaintext Work factor estimated time and resources to break a cryptosystem
Cryptography History
Cryptography History
Romans used a shift cipher called a CEASAR cipher. Shift Ciphers simply shift characters in an alphabet.
Figure 2.0:ROT13
Source: www.it.wikipedia.org
Transposition Cipher
Jumbles up the ordering of characters in a message. The Spartans of Greece used a form of this called the Scytale Cipher.
Scytale
Vigenere Cipher
Polyalphabetic Substitution Cipher A more advanced substitution cipher as it any letter can have multiple letters substituted for it! That is an A will not always map to an N Harder to break!
Vigenere Cipher
Symmetric Encryption
Symmetric Encryption
Idea same key is used to BOTH encrypt and decrypt data!
Symmetric Encryption
Called Symmetric or Private Key encryption Must securely distribute keys to both parties.
Chicken in the egg situation with networks
Anyone with the key can either encrypt or decrypt Very Fast to encrypt or decrypt Key Management is the big issue
Key Management
n: number of parties who want to securely communicate # keys = (n*(n-1)) / 2
Encryption Modes
Block
Block Encryption
Problems with Block Encryption? -If a block has the same contents, the resulting cipher text block will have the same cipher text.
Counter Mode
Sometimes You have to encrypt and you dont know the previous blocks cipher text ahead of time (example if you encrypt in parallel). Then we simply use a additional component (like the IV) that is predetermined. A counter
Counter Mode
Stream Encryption
XORing (n/b)
XORing is a Boolean mathematical function which creates an output bit based on two input bits. It outputs a 1 IF and ONLY if one bit of input is 1 and the other is a 0. INPUT1 INPUT 2 XOR OUTPUT -----------------------------------------------------------------0 0 = 0 0 1 = 1 1 0 = 1 1 1 = 0
Stream Encryption
The key is used as a key stream generator, which creates a series of bits each are is mathematically combined with the bit stream of plaintext to produce cipher text. This is done for small pieces of information, or information not in blocks. Keyboard input Morse code Any input that arrives one bit or byte at a time
Stream Encryption
Plain Text Bit Keystream Bit Output Bit
0
1 1
1
1 0
0
1 XOR
1
1 = 0
Cipher text = 0
Stream Encryption
Plain Text Bit Keystream Bit Output Bit
0 1
1 1
1
0 XOR
0
1 = 1
Cipher text = 0 1
Stream Encryption
Plain Text Bit Keystream Bit Output Bit
1
1 XOR
1
0 = 1
Cipher text = 0 1 1
Stream Encryption
Plain Text Bit Keystream Bit Output Bit
0
1 XOR
1
1 = 0
Cipher text = 0 1 1 0
Stream Encryption
Plain Text Bit Keystream Bit Output Bit
XOR
Cipher text = 0 1 1 0 1
One Time Pad 1011 plain text 0101 pad ------ XOR 1110 cipher text
In a one time pad you use a different key/pad each time you send a message
Symmetric Algorithms
Triple DES
Nothing but DES 3 times 3DES EEE3 3DES EDE3 3DES EEE2 3DES EDE2
AES
Developed as a replacement to DES Actual algorithm is called Rinjdael Block cipher 128 bit blocks Key sizes of 128,192, 256 Rounds depend on key size
9: for 128 keys 11: for 192 keys 13: for 256 bit keys
RC5
Block cipher Block size 32, 64, 128 Key Size up to 2048 bits Rounds up to 255, minimum of 12 recommended
RC6
Block cipher based on RC5, same attributes as RC5 Developed to be a AES candidate Faster that RC5
RC4
Stream cipher what was that again? Was proprietary, but released on Internet in 1994, ARC4 is the open version of RC4 Key length 8 2048 bits Used in SSL and WEP communication
Blowfish
Block cipher 64 bit blocks Keys 32 - 448 bits 16 rounds is the full version Free algorithm
IDEA
International Data Encryption Algorithm Proposed AES candidate Block cipher 64 bit blocks 128 bit keys Used in PGP
Symmetric
Thats Symmetric Encryption For the exam Understand the concept (shared keys) Understand its strengths (fast for bulk encryption and decryption) Understand its weaknesses (key management, non-repudiation) Understand the different algorithm properties on the slides.
Symmetric Cons
Keys must be shared
This is difficult to really do? How to you get a key to someone you want to talk to? Requires secure mechanism to deliver keys Number of keys becomes needed becomes crazy large as number of people involved increases Does Not provide Authenticity or Non-repudiation
Asymmetric Encryption
Asymmetric Encryption
Use 2 keys, public key to encrypt a message, private key can decrypt
Asymmetric Encryption
Called Public key encryption Requires 2 related keys
Public key given to anyone Private key kept secret
Public key is used to encrypt message Private key is used to decrypt message Private key is used to sign messages Public key is used to validate signed messages
Asymmetric Encryption
Key exchange is simple! Asymmetric Encryption is SLOW, not suitable for encrypting large amounts of data What is a problem with Asymmetric Encryption and key exchange? (MiM) Asymmetric Encryption uses trapdoor functions to make hard work easier. (just memorize this) Can be used to digitally sign a message (next slides)
Provides integrity Provides non-repudiation
Diffie-Hellman
The original Asymmetric algorithm Developed to address shortfalls of key distribution in symmetric key distribution. Enables two people to receive a symmetric key securely without a previous relationship Generates session keys for secure SYMETRIC encryption communications Algorithm is based on difficulty of calculating discrete logarithms in a finite field Vulnerable to man in the middle attacks
El-Gamal
Encryption, key exchanges or digital signatures Actually an extension of Diffie-Hellman Free Security based on computing discrete logarithms in a finite field?!? Yeah.. I dont even know what that means time to go back to math class. Slowest of all methods we will discuss
Asymmetric Overview
Uses 2 keys, one for encryption, one for decryption This mitigates the key management, key distribution problem (kind of) Can provide integrity and proof of sender (nonrepudiation) Is VERY slow (orders of magnitude slower) Often used in a hybrid system (along with private key encryption)
Encrypt symmetric keys using asymmetric algorithms Actually do large scale encryption with these asymmetric keys!
Hashing
Hashing
Hashing is similar to encryption but different. Hashing is a one way operation. 1. Take input message 2. Put through hashing function 3. Retrieve fixed length value (hash digest)
Hash
Hashes
Once hashed, no way to get back the original message. Hash digests are fixed, so multiple messages theoretically could produce the same hash digest (collision)
Hashes
Hashing can provide integrity (assuming no MiM) Hashes can be combined with a private key to provide protection against MiM attacks (visualization on next slide) The more bits in the digest, generally the more secure (less change for collisiongenerally) One Example of a hash that you are probably familiar with is called a CRC
MD2
Developed by Ronald Rivest (of RC and RSA fame) 128 bit digest 128 bit blocks
MD4
Optimized for 32 bit computers 128 bit digest Collisions can be found in under 1 minute on a PC
MD5
Similar to MD4, but more secure Slower and more secure 128 bit digest 512 bit blocks Was part of the NTLM authentication protocol Collisions in 8 hours on a PC Moving away from, to SHA
Hash overview
Know what a hash is
Concept Fixed length digest What is a hash used for Know what a collision is Know its susceptible to MiM Know what HMAC is, and what it tries to accomplish
Understand a good hash function should not make it predictable on how to force a collision. Otherwise you could create a message what would generate the same hash as another (why is this bad?)
Hash Overview
Be familiar with MDx, and SHA-x Understand that SHA is considered the best algorithm
HMAC
HMAC uses a secret hey in combination to a hash algorithm to verify that a hash is not tampered with. Rather than just doing the hash algorithm on the message, append your secret key to the message to create a new message and run the hash on the new message. The returned value is called a MAC (Message Authenticating Code)
HMAC
HMAC
Provide integrity and data original authentication (how?) Does not provide confidentiality Does not provide specific person authentication (as keys are shared)
Summary
In this lesson, you have learned: Cryptography Encryption Modes Cipher Symmetric Algorithm Symmetric Encryption Asymmetric Encryption Attacks against Hash Hashing HMAC
Any Questions?
Thank You!