1 Chap 1: Introduction Some background –The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext). –C usually has the same length as M or even longer –E(M) = C, D(C) = M –D(E(M)) = M –Can you apply the encryption and decryption algorithm to some random sequence?

2 What functionality can the encryption algorithms provide: –Confidentiality –Authentication –Integrity –Non-repudiation

3 Introduction Two kinds of cryptographic algorithms –Keep the method secret Good: safe for low security requirement Bad: user group dynamics, proof of correctness, how to communicate with outsider, reverse engineering –Make the algorithm public but keep the key secret Now the encryption/decryption algorithms need the key as a parameter Safety depends on the key only Good: safety analysis can be conducted, have standard implementation (user can setup the key)

4 Introduction (cnt’d) Symmetric algorithms –The encryption and decryption key can be calculated from each other easily (most of the time the same). –Block algorithms and stream algorithms DES and XOR operation –Good: efficient and fast, easy to deploy –Bad: key pre-distribution, scalability, broadcast or multicast, proof to third party

5 Introduction (cnt’d) Public-key encryption –First appear in 1970’s –Two keys: public key and private key –Private key cannot be derived from public key –Everyone can send a packet to Alice –Only Alice has the private key to recover the packet –If Alice uses the private key to encrypt a message, can be viewed as a digital signature –Strong, scalable, easy for broadcast and multicast, but very slow

6 Introduction (cnt’d) Attack to encryption system –Cipher-text only attack The amount of traffic matters –Known plaintext attack: try to get the key or a method to decrypt –Chosen plaintext attack: try to get the key or a method to decrypt –It is not difficult to have the 2 nd or 3 rd type of attack Key point –Keep the cost to break the system higher than the gain of the information

7 Introduction (cnt’d) Can you always break an encryption system? –One time pad –Brute-force attack: Try every possible key –Make it impossible in practical world How much energy required to flip a bit in the memory, and how much memory we are generating per year. Real example at NASA How much aluminum is needed to store 1TB data, and how much aluminum do we have on the Earth.

8 Introduction (cnt’d) Several old fashion encryption algorithms –Substitution ciphers Replace a character in the plaintext with another character Replace a multi-char group with another multi-char group Example: Caesar cipher Try to figure out the length of the key –Transposition ciphers Shuffle the order of characters The frequency of characters does not change –XOR and one-time pad: Many good properties of XOR If the random bits repeat in cycle, it is dangerous Synchronization at both side is always a problem

9 Vigenère Cipher Like Caesar cipher, but use a longer key Example –Message THE BOY HAS THE BALL –Key VIG ( right shift 21, 8, 6 times, then start again ) –Encipher using Caesar cipher for each letter: key VIG VIG VIG VIG VIGV plain THE BOY HAS THE BALL cipher OPKWWE CIY OPK WIRG

10

11 Chap 2: Building blocks There are hundreds of security related protocols, fortunately, only a limited number of building blocks are involved Secure blocks may construct not-secure protocols How to organize these blocks shows the skills of the researchers Security protocols: –Prevent eavesdroppers –Prevent or detect cheaters

12 Building blocks (cnt’d) Classification of protocols –Arbitrated Protocols Example: Buying a used car from a stranger Good: simple, everyone feels safe Bad: how to find the Trusted Third Party (TTP) on the network, who will pay the cost, bottleneck at TTP, single point of failure

13 Building blocks (cnt’d) Classification of protocols –“Judge” Involved Protocols TTP get in only when disagreement arise Similar to the difference between prevention and detection Good: avoid the bottleneck Bad: still need to keep the TTP, and need to keep evidence now

14 Building blocks (cnt’d) Classification of protocols –Self enforced protocols The best group of protocols If one party wants to cheat, the other party can detect and abort the procedure Good: avoid the bottleneck Bad: usually more complicated and more overhead

15 Block 1: one way functions One way function is easy to calculate in one direction, but not the other. –Given x, easy to get f(x) –Given f(x), even f() is known, still not easy to get a x that satisfies f(x) Trap door one way function –Given x, easy to calculate f(x) –Given f(x), difficult to get x –Given f(x) and a secret y, easy to get x –Think about asymmetric encryption

16 Block 1: one way hash function Map a variable-length input string to a fixed length string: fingerprint the file –Easy to get Hash(x) when giving x –Almost impossible to find a x that satisfies Hash(x) –Almost impossible to find two files x and x’ to have the same hash value –Minor change in x, large changes in Hash(x) Since the hash value is shorter, we have conflict: –We can easily rule out files, but not guarantee this is the origin file –Still good enough in courts, like DNA tests

17 Block 1: one way hash function Usage of hash function –Timestamp a file and prove that you are the creator (can be used to timestamp the homework) –MD5 values of the downloaded files –A commitment that cannot be easily changed –Verify the integrity of the files in a file system Security problems: how and where to save the hash values Use a secret key k, do not store k on the computer, use Hash(x, k) to prevent change on the computer: usually called MAC code (message authentication code)

18 Block 2: communication using symmetric crypto algorithms Steps: (1) Alice and Bob agree on a key k and an encryption algorithm (2) Alice calculates E_k (message) and sends the cipher text to Bob (3) Bob decrypts the message and gets the plaintext Problems –How to determine the key: must in a secret place –How to convince other people it is from Alice instead of Bob –Number of keys increases fast, not scalable

19 Block 3: communication using asymmetric crypto algorithms First appeared in 1976, proposed by Diffie and Hellman Two keys: public key and private key, it is almost impossible to get private key from public key. A certain kind of trap door one way functions: private key is the secret Steps: (1)Alice and Bob agree on a public key encryption algorithm (2)Bob sends his public key to Alice (3) Alice calculates E_pubB (message) and sends the cipher text to Bob (4) Bob decrypts the message with the private key and gets the plaintext

20 Block 3: communication using asymmetric crypto algorithms Solve the problem in symmetric crypto methods: the key can be transferred in public More scalable, easy for multicast New problems: –How can we make sure it is Bob’s public key Trusted Third Party Certificate for the public key –How to guarantee the sender’s identity Some story about public key –NSA says it is unnecessary –But claims credit for it

21 Hybrid crypto systems Symmetric methods are fast, easy to implement, but require special attention during key distribution Asymmetric methods are slow, but more secure –Careful about the forward search attack Hybrid: –Using asymmetric method to distribute key –Using symmetric method to encrypt data

22 Communication using hybrid crypto systems Steps (1)Bob sends Alice his public key (2)Alice encrypts the session key with this public key and sends to Bob (3)Both Alice and Bob know the session key and can use it for data traffic Open question: why should B trust A’s capabilities to generate keys?

23 Merkle’s puzzle Make the life of an eavesdropper difficult –The receiver can randomly choose one message –The eavesdropper has to try almost all of them

24 Block 4: Digital signature Signature by symmetric encryption: –TTP will get involved –Who should store the encrypted messages? –How to send to a third party: through TTP again Signature with asymmetric encryption –Using the private key for signature –If the signature is like “I owe Bob $100”, a timestamp should also be included in the signature to avoid replay attack.

25 Never ever sign a random message or something you cannot see the plaintext

26 Block 5: Random number Pseudo random numbers: –Usually will repeat after a long sequence –Must long enough Real random numbers: –Lava lamp –Earthquake strength or interval

27 Dual encryption Let’s assume that everyone in the network has a public-private key pair. Alice wants to send a message to Bob and convince that it is from Alice. Two possible format: which is better??

28 Dual encryption Answer: –Alice should first sign the message, then use Bob’s public key to encrypt the packet Reason 1: If Alice’s private key is the outer layer, everyone with Alice’s public key will be able to decrypt it. Reason 2: never sign a random string that you do not know what it is (Example of RSA) –Two pair of public-private keys for everyone: one for encryption, one for digital signature