Cryptography

Insecure communications Sender Snooper Recipient Insecure channel Confidential CSCE 548 - Farkas

Encryption and Decryption Ciphertext Plaintext Plaintext Requirements: Confidentiality Authentication Between communicating parties Third-party authentication Non-repudiation Integrity verification Key distribution Secret key (secure distribution) Public key (reliable distribution) CSCE 548 - Farkas

How can cryptography support these objectives? Security Objectives Confidentiality Integrity Availability Authenticity Non-repudiation How can cryptography support these objectives? CSCE 548 - Farkas

Security Objectives Confidentiality: Hiding message/file content Secret key, public key encryption Integrity: Detecting modification Hash function Availability: Not much – hiding existence of data Authenticity: Verify origin Public key encryption Non-repudiation: Verify activity CSCE 548 - Farkas CSCE 522 - Farkas 5

What makes a good cryptosystem? A good cryptosystem is one whose security does not depend upon the secrecy of the algorithm. From Bruce Schneier: “Good cryptographers rely on peer review to separate the good algorithms from the bad.'' CSCE 548 - Farkas

Cryptanalysis Cryptanalyst’s goal: Break message Break key Break algorithm CSCE 548 - Farkas

Breakable versus Practically breakable Unconditionally secure: impossible to decrypt. No amount of ciphertext will enable a cryptanalyst to obtain the plaintext Computationally secure: an algorithm that is not breakable in practice based on worst case scenario Breakable: all algorithms (except one-time pad) are theoretically breakable CSCE 548 - Farkas

Secret Key Cryptosystem Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel CSCE 548 - Farkas

Secret Key Cryptosystem Vulnerabilities (1 Passive Attacker (Eavesdropper) Obtain and/or guess key and cryptosystem use these to decrypt messages Capture text in transit and try a ciphertext-only attack to obtain plaintext. CSCE 548 - Farkas

Secret Key Cryptosystem Vulnerabilities Active Attacker Break communication channel (denial of service) Obtain and/or guess key and cryptosystem and use these to send fake messages CSCE 548 - Farkas

Inherent Weaknesses of Symmetric Cryptography Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) Need a key for each pair of users n users need n*(n-1)/2 keys If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages CSCE 548 - Farkas

Compare DES and AES DES AES Date 1976 1999 Block size 64 bits 128 bits Key length 56 bits 128, 192, 256 bits Encryption Substitution, permutation Substitution, shift, mixing Cryptography Confusion, diffusion Design Open Design rationale Closed Selection process Secret Secret with public comments Source IBM, enhanced by NSA Independent Dutch cryptographers CSCE 548 - Farkas

Public-Key Encryption Needed for security: One of the keys must be kept secret Impossible (at least impractical) to decipher message if no other information is available Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key CSCE 522 - Farkas 14

Confidentiality B A Insecure channel B’s private key B’s public key Ciphertext Plaintext Plaintext Encryption Alg. Decryption Alg. B Recipient A Sender B’s private key B’s public key (need reliable channel) CSCE 548 - Farkas 15

Signature and Encryption B A Encrypted Signed Plaintext Signed Plaintext Signed Plaintext Plaintext Plaintext D E D E B’s public key A’s public key B’s private key A’s private key CSCE 548 - Farkas 16

Non-repudiation Requires notarized signature, involving a third party Large system: hierarchies of notarization CSCE 548 - Farkas 17

RSA Med mod n = M mod n Both sender and receiver know n Sender knows e Only receiver knows d Modulus: Remainder after division, i.e., if a mod n=b then a=c*n+b Need: Find values e,d,n such that Easy to calculate Me, Cd for all M < n Infeasible to determine d give e Med mod n = M mod n CSCE 548 - Farkas 18

Next Class Review for Final CSCE 548 - Farkas