Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Cryptography.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security – Additional material.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Session 4 Asymmetric ciphers.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Cryptography.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Chapter 12 Cryptography (slides edited by Erin Chambers)
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Prime Numbers Prime numbers only have divisors of 1 and self
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
I-4 security.
RSA Ramki Thurimella.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
CSCE 201 Introduction to Information Security Fall 2010 Data Protection.
Midterm Review Cryptography & Network Security
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Cryptography Part 1: Classical Ciphers Jerzy Wojdyło May 4, 2001.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Security Lecture 5 Ch.9 Public-Key Cryptography And RSA Prepared by Dr. Lamiaa Elshenawy.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Asymmetric-Key Cryptography
CH15 –Security & Crypto.
PART VII Security.
Introduction to Cryptography
Presentation transcript:

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Cryptography

CMSC 621, Fall URL: Protection vs Security The protection mechanisms (ACLs, etc) discussed earlier assist us in preventing unauthorized access and use of computer resources what happens if an intruder bypasses the protection mechanisms? Cryptography can be used so that an intruder is unable to understand or use information obtained without authorization

CMSC 621, Fall URL: Cryptography Terminology Plaintext (or cleartext) is the intelligible message Ciphertext is the unintelligible message Encryption and decryption Are the processes to convert between plaintext and ciphertext Key Is the parameter used in an encryption/decryption algorithm

CMSC 621, Fall URL: Cryptography Terminology Cryptosystem A system for encryption/decryption of information Symmetric cryptosystem use the same key for both encryption and decryption Asymmetric cryptosystem use the different keys for encryption and decryption Cryptology the designing & breaking of cryptosystems Cryptography the practice of using cryptosystems for confidentiallity of information Cryptoanalysis the breaking cryptosystems

CMSC 621, Fall URL: Basic Structure of a Cryptosystem EncryptDecrypt Break Encryption Key K e Decryption Key K d Plaintext M Ciphertext C Plaintext M Side Information Alice Bob Eve

CMSC 621, Fall URL: Basic Attacks to Cryptosystems Cryptosystem attacks are classified based on the amount of side information available to an intruder Attack classification ciphertext-only intruder only has access to the ciphertext known-plaintext intruder has access to the ciphertext and considerable amount of plaintext chosen-plaintext intruder has access to a chosen plaintext and its corresponding ciphertext

CMSC 621, Fall URL: Design Principles for Cryptosystems Shannon’s principles Diffusion principle spread the correlations and dependencies among key and words over the text as much as possible in order to maximize the length of plaintext needed to break the system Confusion principle change a piece of information so that ciphertext has no obvious relationship with plaintext Computational Intractability principle “every” algorithm for determining a key needed to break cryptosystem is “believed” to require exhaustive search of a very large search space

CMSC 621, Fall URL: A Taxonomy of Cryptosystems Conventional systems Modern systems private key systems public key systems

CMSC 621, Fall URL: Conventional Cryptosystems Conventional cryptosystems are based on substitution ciphers Caesar’s cipher E(M) = (M + k) modulo 26 where M is a letter and k=3 is the key Simple substitution cipher E(M) = Key[M] where Key is an arbitrary permutation of a single alphabet Vigenere cipher choose N simple substitution ciphers and encrypt the jth letter using the (j mod N) substitution cipher One-time pad encrypt by Xoring message with a key, whose size equals the size of the message

CMSC 621, Fall URL: DES The Data Encryption Standard (DES) is a modern private-key cryptosystem It is a block cipher that uses two basic operations permutation, and substitution It breaks a message in 64-bit blocks and encrypts/decrypts each block individually It uses a 56-bit secret key, which is expanded to 64-bits using parity bits

CMSC 621, Fall URL: DES Has three stages plaintext block undergoes an initial permutation IP permuted block undergoes for 16 times a complex transformation A block at the ith iteration is broken into two 32-bit blocks Li & Ri transformed block undergoes the inverse IP’ of the permutation IP at the 1st stage DES transformation in the ith iteration, i=1,2,…,16 K i = Phi(Key, i) 48-bit key of ith iteration L i = R i-1 R i = L i xor F (R i-1, K i )

CMSC 621, Fall URL: DES Function F does the following expands R i into a 48-bits quantity E(R i ) by permuting and duplicating some bits of R Xors E(R i ) with K i and partitions the result into eight 6-bit blocks Q 1, Q 2,…,Q 8 passes each Q j 6-bit block through a separate 6-to-4 bit substitution box concatenates all transformed 4-bit Q j blocks and then permutes them

CMSC 621, Fall URL: DES Decryption is done by executing the three stages in reverse order and each time using the inverse function/operation permute cipher text using IP’ undo the 16 transformations, for i=16,15,…,1, using the same keys K 1, K 2, …, K 16 R i-1 = R i L i-1 = R i xor f ( L i, K i ) permute transformed ciphertext with IP For added security, block chaining can be used each plaintext block is Xored with the ciphertext of the previous plaintext block triple encryption (DES does not form a group) Rijdael: new private key standard

CMSC 621, Fall URL: Public-Key Cryptosystems Private key cryptosystems requires a secure mechanism for distributing the private keys to communicating parties Diffie and Hellman proposed public key cryptosystems public key systems make the encryption key publicly available and keep the decryption key secret public key systems are based on the computational intractability principle (using problems such as factoring primes, discrete logarithm, knapsack, etc)

CMSC 621, Fall URL: Public Key Cryptosystems public key systems satisfy the following D SK (E PK (M)) = M for every message M The encryption and decryption functions E and D are computationally efficient Knowledge of E, D, and PK (public key) does not compromise SK (secret key) D PK (E SK (M)) = M for every message M, if message singing/verification is desired

CMSC 621, Fall URL: Trapdoor One-Way Functions One-way functions F F is invertible and easy to compute inverting F is computationally intractable, ie given y finding x such that y=F(x) is believed to be computationally infeasible Trapdoor one-way functions F y=F(x) can be solved efficiently provided some secret information for F is available Diffie and Hellman suggested that one way to implement public key systems is to use trapdoor one-way functions

CMSC 621, Fall URL: Number Theory Background GCD Recursion Theorem & the Extended Euclid’s algorithm

CMSC 621, Fall URL: Number Theory Background Euler’s phi function, Euler’s and Fermat’s Theorems

CMSC 621, Fall URL: Number Theory Background The Chinese Remainder Theorem Origins Sun-Tsu, circa 100 A.D. considered the problem of finding those integers x that leave remainders 2, 3, and 2 when divided by 3, 5, and 7 respectively (which are of the form x=23+105k). Its essence

CMSC 621, Fall URL: Number Theory Background A corollary of the Chinese Remainder Theorem states that

CMSC 621, Fall URL: RSA Rivest, Shamir, and Adleman introduced the RSA public-key cryptosystem based on Diffie and Hellman RSA works as follows

CMSC 621, Fall URL: RSA RSA’s encryption function is E PK (M) = M e mod n where PK=(e,n) RSA’s decryption function is D SK (M) = M d mod n where SK=(d,n) these two encryption/decryption functions satisfy D SK (E PK (M)) = M D PK (E SK (M)) = M can be computed efficiently given PK or SK knowledge of PK does not compromise SK

CMSC 621, Fall URL: RSA Correctness of RSA is based on Fermat’s theorem and on the Chinese Remainder Theorem Example values for RSA choose p=5 and q=11 set n=55 and N=40 choose d=23 compute e=7 using the extended Euclid algorithm encrypt M=8 to 2 using “repeated squaring”

CMSC 621, Fall URL: RSA A more realistic example set of values for RSA (courtesy of Prof. Stephens) n = p = q = e = d = sqrt(n) approximately = number of positive integers < n that are relative prime to n is equal to phi(n) phi(n) =

CMSC 621, Fall URL: Authentication Objective verify the identity of communicating entities Authentication services interactive communication (synchronous) one-way communication (asynchronous) signed communication (verifiable conversation by third party) Potential threats altering messages replaying old messages denial of service interference with ongoing communication impersonation

CMSC 621, Fall URL: Interactive Communication Protocols Require an authoritative Authentication Server (AS) for securely distributing conversation keys Each user registers its secret key with the AS, which is shared only between the AS and the user, and their public key if any Requirements – use case Alice wants to communicate with Bob so that the message is intelligible to Bob, but not Eve it should be evident that the message was sent by Alice, and that is not a replay of an older message from Alice

CMSC 621, Fall URL: Interactive Communication with Private Key Systems Alice wants to converse with Bob Denning-Sacco’s modification to handle compromised conversation keys A message is not a reply attack if |LocalClock-T|<LocalClock’s disrepancy from AS’s clock plus the estimated maximum network delay

CMSC 621, Fall URL: Interactive Communication with Public Key Systems Alice wants to communicate with Bob

CMSC 621, Fall URL: One-Way Communication with Private Key Systems Alice wants to message M to Bob Bob should be able to authenticate integrity of Alice’s message even if Alice is not currently available Eve should not be able to impersonate Alice Protocol is succeptible to playback attacks

CMSC 621, Fall URL: One-Way Communication with Public Key Systems Alice wants to message M to Bob

CMSC 621, Fall URL: Digital Signatures Must satisfy the following a user can not forge signatures sender of signed message can not deny the validity of his signature receipient can not modify the signature of a signed message

CMSC 621, Fall URL: Digital Signatures using Private Key Systems Alice wants to sign a message to be sent to Bob

CMSC 621, Fall URL: Digital Signatures using Public Key Systems Alice wants to sign a message to be sent to Bob

CMSC 621, Fall URL: Kerberos An authentication system for an open network computing environment where user’s machines are under their complete control and can not be trusted to identify users to network services Consists of Client (C) Kerberos Server (K) Ticket Granting Server (TGS) Server (S) User (U)

CMSC 621, Fall URL: Kerberos Phase I: Getting the Initial Ticket User provides the Client machine his/her identity Client sends to Kerberos server K the msg Kerberos server K Client upon receipt of msg

CMSC 621, Fall URL: Kerberos, Phase II: Getting a Server Ticket User/Client wants to use a network service S Ticket Granting Server TGS Client upon receiving msg from TGS

CMSC 621, Fall URL: Kerberos, Phase III: Requesting a Service Client requests service from server S Service server S upon receipt of the msg

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.