Internet Engineering Czesław Smutnicki Discrete Mathematics – Cryptography
CONTENTS DES algorithm Triple-DES algorithm RSA algorithm MD5 algorithm CRC algorithm ssh service
SECURITY IN COMPUTER NETWORKS Cryptography Algorithms with symmetrical keys Algorithms with public (non-symmetrical) keys Digital signature Management of public keys Security of communications Trustworthiness protocols Security of Security of www Social aspects of computer networks
CRYPTOGRAPHY Introduction: encryption = transformation (bit-after-bit, character-after-character), coding = replacing, open text, algorithm, key, encrypted text, intruder, cryptoanalysis, cryptologyIntroduction: encryption = transformation (bit-after-bit, character-after-character), coding = replacing, open text, algorithm, key, encrypted text, intruder, cryptoanalysis, cryptology Substituting ciphersSubstituting ciphers Transposition ciphersTransposition ciphers Once-used keys (XOR of data and key)Once-used keys (XOR of data and key) Quantized cryptography: phaeton, polarisation, strigth linear basis, diagonal basis, qubit, once-used keyQuantized cryptography: phaeton, polarisation, strigth linear basis, diagonal basis, qubit, once-used key Fundamental rules of cryptography: redundancy, timelinessFundamental rules of cryptography: redundancy, timeliness
ALGOR I T H M S WITH SYMMETRICAL KEYS P-box, S-box, cascadeP-box, S-box, cascade DESDES Triple DESTriple DES AESAES Encryption modes: coding book, linking of coding blocks, feedback, streaming code, counting methodEncryption modes: coding book, linking of coding blocks, feedback, streaming code, counting method Other coding: IDEA, RC4, RC5, Rijndael, Serpent, TwofishOther coding: IDEA, RC4, RC5, Rijndael, Serpent, Twofish Cryptoanalysis: differential, linearCryptoanalysis: differential, linear
ALGOR ITHM WITH SYMMETRICAL KEYS P-box: 8 lines S-box: 3 lines Aggregate (cascade): 12 lines Decoder 3->8 Decoder 8->3 P-box P1P2 P3 P4 S1 S2 S3 S4 S5 S6 S7 S8 S9 S10 S11 S12 permutation=key cascade: lines, >18 stages (hardware), >8 (software), 1 stage=iteration=P+S
DES = DATA ENCRYPTION STANDARD open text 64 bits starting transposition iteration 1 transposition of 32-bit halves iteration 2 iteration final transposition final transposition inverse to starting encrypted data 64 bits Key 56 bits L 32 bits (i-1) P 32 bits (i-1) L 32 bits (i) P 32 bits (i) L(i) XOR f(P(i-1),K(i))
DES c ont. L 32 bits (i-1) P 32 bits (i-1) L 32 bits (i) P 32 bits (i) L(i) XOR f(P(i-1),K(i)) 32 bits 32 bits 32 bits -> 48 bits XOR K S1S2S3S4S5S6S7S8 S-box: in 8 x 6 S-box: out 8 x 4 P-box indirect key indirect key has been obtained by certain transformation of fundamental key of 56 bits. Applied is so-called whitening operation (additional random keys)
TRIPLE DES 2 keys2 keys encryption(K1)-decryption(K2)-encryption(K1)encryption(K1)-decryption(K2)-encryption(K1)
AES= ADAVANCED ENCRYPTION STANDARD CompetitionCompetition Symmetrical keySymmetrical key Public projectPublic project Keys 128, 192, 256-bitsKeys 128, 192, 256-bits Easily implementable (hardware, software)Easily implementable (hardware, software) Free-access licenceFree-access licence Rijndael (86), Serpent (59), Twofish (31), RC6 (23), MARS (13)Rijndael (86), Serpent (59), Twofish (31), RC6 (23), MARS (13)
ALGORY ITHM WITH PUBLIC KEYS : RSA Choose two prime numbers p i qChoose two prime numbers p i q Find n=p*q and z=(p-1)*(q-1)Find n=p*q and z=(p-1)*(q-1) Find any d relatively prime with zFind any d relatively prime with z Find any number e such that (e*d) mod z=1Find any number e such that (e*d) mod z=1 Public key (e,n) Private key (d,n) Encryption of message Pdecryption of hiden text C
DIGITAL SIGNATURE Receiver can verify the authentity of Sender signatureReceiver can verify the authentity of Sender signature Sender cannot renege of sending the message with this contentsSender cannot renege of sending the message with this contents Receiver cannot change the obtained message contentsReceiver cannot change the obtained message contents Signature based on symmetric keys (certification institution)Signature based on symmetric keys (certification institution) Signature based on public keys (secret key theft, changing of secret key)Signature based on public keys (secret key theft, changing of secret key) Message shortcut (hashing): MD5, SHA-1,Message shortcut (hashing): MD5, SHA-1,
MANAGEMENT OF PUBL I C KEYS CertificatesCertificates Standard X.509Standard X.509 Infrastructure of public keys: confidence chain, certfication track, confidence anchors, certificate cancel,Infrastructure of public keys: confidence chain, certfication track, confidence anchors, certificate cancel,
S ECURITY OF COMMUNICATION IPsec: transport mode, tunel mode, trafic analysisIPsec: transport mode, tunel mode, trafic analysis Firewalls, packet filter, application gateway, DoS attack, DDoSFirewalls, packet filter, application gateway, DoS attack, DDoS Private virtual networksPrivate virtual networks Security in wireless networks: WEP (RC4), Bluetooth (SAFER+)Security in wireless networks: WEP (RC4), Bluetooth (SAFER+)
TRUSTWORTHINESS P ROTO COLS Trustworthiness on the base of shared secret keyTrustworthiness on the base of shared secret key Setting shared secret key: key exchangeSetting shared secret key: key exchange Trustworthiness with the use of key distribution centerTrustworthiness with the use of key distribution center Trustworthiness based on KerberosTrustworthiness based on Kerberos Trustworthiness with the use of public keysTrustworthiness with the use of public keys
S ECURITY OF PGPPGP PEMPEM S/MIMES/MIME
S ECURITY OF WWW EmergencesEmergences Secure namesSecure names SSLSSL Security of movable codeSecurity of movable code
S OCIAL ASPECTS OF COMPUTER NETWORKS Privacy protection policyPrivacy protection policy Freedom of a wordFreedom of a word Intelectual property rigthsIntelectual property rigths
Thank you for your attention DISCRETE MATHEMATICS Czesław Smutnicki