Beruflich Dokumente
Kultur Dokumente
• Symmetric Encryption
• Public Encryption
• Digital Signature
• Key Distribution
Alice’s Bob’s
K encryption K decryption
A
key B key
KA-B KA-B
• unconditional security
– no matter how much computer power is
available, the cipher cannot be broken since
the ciphertext provides insufficient information
to uniquely determine the corresponding
plaintext
• computational security
– given limited computing resources (eg time
needed for calculations is greater than age of
universe), the cipher cannot be broken
Fall, 2005 CPSC499 Information Security Management
Classical Substitution Ciphers Computer Science
KA-B KA-B
• Statistical analysis
– Letters “e” and “t” are the most frequent
occurring letters
– Two and three letter occurrences of letters
appear quite often together, like “the”, “in”
– Guess the appearance of the words
• ciphertext only
– only know algorithm / ciphertext, statistical, can identify plaintext
• known plaintext
– know/suspect plaintext & ciphertext to attack cipher
• chosen plaintext
– select plaintext and obtain ciphertext to attack cipher
cipher(key,PIN)
Crook #2 eavesdrops
Crook #1 changes on the wire and learns
his PIN to a number ciphertext corresponding
of his choice to chosen plaintext PIN
-----
----- 10111101…
----- = 10111101…
10001111…
= 00110010… 00110010…
• Easy to compute
– Encryption and decryption are the same operation
– Bitwise XOR is very cheap to compute
• As secure as possible
– Given a ciphertext, all plaintexts are equally likely,
regardless of attacker’s computational resources
– …as long as the key sequence is truly random
• True randomness is expensive to obtain in large
quantities
– …as long as each key is same length as plaintext
• But how does the sender communicate the key to
receiver?
Fall, 2005 CPSC499 Information Security Management
Problems with One-Time Pad Computer Science
1 1
2 2
3 3
4 4
CODE becomes DCEO
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution
• public-key/two-key/asymmetric cryptography
involves the use of two keys:
– a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
– a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
• is asymmetric because
– those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
Requirements:
+ . - .
1 need KB ( ) and KB ( ) such that
- +
K (K (m)) = m
B B
Magic d
m = (m e mod n) mod n
happens!
c
Fall, 2005 CPSC499 Information Security Management
RSA example: Computer Science
letter m me c = me mod n
encrypt:
l 12 1524832 17
d
decrypt:
c c m = cd mod n letter
17 481968572106750915091411825223071697 12 l
e
(m mod n) d mod n = medmod n
ed mod (p-1)(q-1)
= m mod n
(using number theory result above)
1
= m mod n
(since we chose ed to be divisible by
(p-1)(q-1) with remainder 1 )
= m
Fall, 2005 CPSC499 Information Security Management
RSA: another important property Computer Science
- + + -
K (K (m)) = m = K (K (m))
B B B B
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution
large
H: Hash
message
Function
Computationally expensive m
to public-key-encrypt long
messages H(m)
Goal: fixed-length, easy- to-
compute digital
Hash function
“fingerprint” properties:
• many-to-1
• apply hash function H to
• produces fixed-size msg digest
m, get fixed size message (fingerprint)
digest, H(m). • given message digest x,
computationally infeasible to
find m such that x = H(m)
equal
Fall, 2005 CPSC499 Information Security Management
?
Digital Envelopes
Computer Science
-- Symmetric + Asymmetric
• Generate a secret key (session key) at random.
• Encrypt the message using the session key and
symmetric algorithm.
• Encrypt the session key with the recipient’s
public key. This becomes the “digital envelope”.
• Send the encrypted message and the digital
envelope to the recipient.
• Figure …
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution
KZ-KDC
KA-KDC KB-KDC
KDC
generates
KA-KDC(A,B) R1
Bob’s digital
+
public +
signature KB
key KB (encrypt)
CA
certificate for
K-
Bob’s private
identifying key CA Bob’s public key,
information signed by CA
Fall, 2005 CPSC499 Information Security Management
Certification Authorities
Computer Science
CA
public +
K CA
key
• Symmetric encryption
• Public encryption
• Digital Signature
• Key distribution