1 資訊安全 Network Security Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
2 Textbook: C. Kaufman, R. Perlman, and M. Speciner, Network Security, Second Edition, Prentice-Hall PTR, Reference Books: 1. W. Ford, Computer Communications Security: principles, Standard Protocols, and Techniques, Prentice Hall, W. Stallings, Network Security Essentials, Second Edition, Prentice Hall, Grading Scheme: Project 50%, Paper 25%, Exams 25%
3 Chapter 2 Introduction to Cryptography Instructor: 孫宏民
4 2.1 What is Cryptography Plaintexts (cleartexts): A message is a plaintext. Code (digits): representation of data (e.g., ASCII) Another code: A = 00, B = 01, C = 02,..., Z = 25 Sender, Receiver, and Intruder (or Interceptor): (Senders and receivers want to make sure an intruder cannot read the messages.)
5 Cipher(Cryptosystem): secret method of writing Ciphertexts: An encrypted messages Sender Receiver Intruder Model of Conventional Cryptosystem
6 Cryptography is the study of creating and using secret writing, or the art and science of keeping messages secure. Encryption (Enciphering): The encryption is the process of disguising a message in such a way as to hide its substance. Notation: C=E(M) or E K (M) or E K1 (M) Decryption (Deciphering): The process of turning ciphertext back into plaintext. Notation: M=D(C) or D K (C) or D K2 (C)
7 Cryptanalysis: The art and science of breaking ciphertexts. Cryptographers v.s. Cryptanalysts Cryptology = Cryptography+ Cryptanalysis
8 Four Basic Services of Cryptography Confidentiality (Secrecy): The intruder cannot read the encrypted message form the ciphertext. Authentication: It should be possible for the receiver of a message to ascertain its origin; an intruder should not be able to masquerade as someone else.
9 Four Basic Services of Cryptography Integrity: It should be possible for the receiver of a message to verify that it has not been modified in transit; an intruder cannot substitute a false message for a legitimate one. Nonrepudiation: A sender should not be able to falsely deny later that he sent a message.
Breaking an Encryption Scheme(1) A cipher is breakable if it is possible to find plaintext or key from ciphertext, or to find the key from plaintext-ciphertext pairs. Cryptanalysis = study (methods) of breaking system, that is, deciphering without the key (K2), using :
Breaking an Encryption Scheme(2) (a) Ciphertext only (C) Most difficult to break (b) Known plaintext (M, C) E.g., encrypted programs (while, if, else,...) (c) Chosen plaintext (M*, C) Get the sender to encipher M* (your choice) for you. (d) Chosen ciphertext (M, C*) Get the receiver to decipher C* (your choice) for you.
Breaking an Encryption Scheme(3) (e) Chosen text (M*, C) and (M, C*) Combine (c) and (d).
13 Some other types of Cryptanalytic Attacks(1) Adaptive-chosen-plaintext Attacks (a special case of a chosen-plaintext attack): The intruder not only can choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption. Chosen-key Attacks: The intrduer has some knowledge about the relationship between different keys.
14 Some other types of Cryptanalytic Attacks(2) Bruce-force Attacks (Exhaustive search): To try every possible key one by one and to check whether the resulting plaintext is meaningful.
Type of Cryptographic Function Hash Function Secret Key Function Public Key Function
Secret Key Cryptography Secret Key Cryptosystems: The encryption & decryption keys are the same.(E K (M)= C & D K (C)= M). Stream ciphers: The operation unit on the plaintext is a single bit (or byte), such as RC4 and A5. Block ciphers: The operation unit on the plaintext is a group of bits (a block), such as DES, IDEA, and AES.
17 plaintext encryption ciphertext key ciphertext plaintext decryption
18 Example of a Cipher m i, c i {00, 01, 02,..., 25} To encipher: M=m1m1 m2m2 m3m3 … C=c1c1 c 2 c 3 …
19 To decipher:
20 Caesar Cipher Shift each letter in the English alphabet forward by K positions (shift past Z cycle back to A). K is the key to the cipher. Example: k=3 TSINGHUAUNIVERSITY WVLQJKXDXQLYHUVLWB
21 Code Book Plaintext words or phrases are entered into the code book together with their ciphertext substitutes. The code book is the key. Example: ATTACK JAPAN WordCode BOMB1701 JAPAN5603 ATTACK4008 NIGHT3790
Public Key Cryptosystems Public Key Cryptosystems: Encryption & decryption keys are different (E K1 (M)=C & D K2 (C)=M), such as RSA, ElGamal, and McEliece. The encryption key (public key) can be public while the decryption key (secret key) cannot be calculated from the public key.
23 Encryption and decryption are two mathmatical functions that incerses of each other. plaintext encryption ciphertext Private key ciphertext plaintext decryption Public key
24 There is an additional thing one can do with public key technology, which is to generate a digital signature on a message. plaintext signing Signed message public key Signed message plaintext verification private key
Hash Algorithm A cryptographic hash function is a mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length number. We will call the hash of a message m, h(m).
26 It has the following property: For any message, it is easy to compute h(m). Given h(m), there is no way to find a m that hashes to h(m) in a way that is substantially easier than going through all possible values of m and computing h(m) for each one. It is computationally infeasible to find two value that hash to the same thing.
27 Security Attacks Normal flow: Interruption: Interception:
28 Modification: Fabrication:
29 Interruption This is an attack on availability. Examples: cutting of a communication line, or destruction of a piece of hardware. Interception This is an attack on secrecy. Examples: wiretapping to capture data in network, or illicit copying of files or programs.
30 Modification This is an attack on integrity. Examples: changing values in a data file, or altering a program so that it performs differently. Fabrication This is an attack on authenticity. Examples: insertion of fake messages in network, or addition of records to a file.
31 Security Threats Passive threats Interception (Secrecy) Active threats Interruption (Availability) Modification (Integrity) Fabrication (Authenticity)
32 Data Security(1) Data security is the science and study of methods of protecting data in computer and communications systems. Data security studies four kinds of control: Cryptography Access Information flow Prevent leakage Inference People shouldn't be able to infer something that shouldn't be inferred
33 Data Security(2) Threats to data in computer systems Secrecy Browsing, Leakage, Inference Authenticity Tampering, Accidental destruction Browsing Searching through main memory or secondary storage
34 Data Security(3) Leakage Transmission of data to unauthorized users by processes with legitimate access to the data (e.g., compilers, text editors,...) Inference In a statistical database, you may infer the info of an individual from average.
35 Data Security(4) Tampering Replay insert Delete Accidental destruction Unintentional overwriting Caused by faulty software (e.g., an array subscript is out-of-range) Access controls are needed to prevent programs from writing into memory regions of other programs
36 Data Security(5) Unintentional deletion Caused by software or hardware failure or user mistakes (e.g., a disk crash) Backup is needed to recover from destruction
37 Other Threats to Data Security Ciphertext searching xyzxyz salary (example) You don't know what xyz is, but know they are the same. Know one of them Know both Masquerading Write programs to simulate login procedure to get other people's password.
38 Computer System
39 Cryptographic System For a given K, DK is the inverse of E K ; that is, D K (E K (M)) = M Requirements for cryptosystems: K, E K and D K are efficient (run in polynomial time) System is easy to use (no 200 digits keys has to be typed) Security depends only on the secrecy of K, not on E or D