CHAPTER 2 Elementary Cryptography 1. Objectives 2  Define the concept of encryption  Discuss different type of cryptography algorithms  Explain the.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Making “Good” Encryption Algorithms
Principles of Information Security, 2nd edition1 Cryptography.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering.
Chap 2: Elementary Cryptography.  Concepts of encryption  Cryptanalysis: how encryption systems are “broken”  Symmetric (secret key) encryption and.
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 2 Basic Encryption and Decryption (part B)
Lecture 1 Overview.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Cryptography Week-6.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
Lecture 2 Overview.
Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Computer System Security CSE 5339/7339
Linux Networking and Security Chapter 8 Making Data Secure.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.
Elementary Cryptography
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
Based on Applied Cryptography by Schneier Chapter 1: Foundations Dulal C. Kar.
TMK 264: COMPUTER SECURITY CHAPTER TWO: CRYPTOGRAPHY 1.
ITMS – 3153 Information Systems Security
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
R R R CSE870: Advanced Software Engineering: Cheng (Sp 2003)1 Encryption A Brief Overview.
Elementary Cryptography  Concepts of encryption  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public key) Encryption (RSA)(RSA)
Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 3 August 26, 2004.
TOTURIAL CRYPTOGRAPHY Ver :1. Things to learn about  Concepts of encryption  Cryptanalysis  Symmetric encryption  Asymmetric encryption  Protocols.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Lecture 3 Overview. Ciphers The intent of cryptography is to provide secrecy to messages and data Substitutions – ‘hide’ letters of plaintext Transposition.
Network Security Celia Li Computer Science and Engineering York University.
EEC 688/788 Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Lecture 2 Overview. Cryptography Secret writing – Disguised data cannot be read, modified, or fabricated easily – Feasibility of complexity for communicating.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Basics of Cryptography
Chapter 2 Basic Encryption and Decryption
Cryptography.
Cryptography II Jagdish S. Gangolly School of Business
Fluency with Information Technology Lawrence Snyder
Presentation transcript:

CHAPTER 2 Elementary Cryptography 1

Objectives 2  Define the concept of encryption  Discuss different type of cryptography algorithms  Explain the difference between symmetric and asymmetric encryption  Define and describe the knowledge, techniques and methods used in cryptography  Write and demonstrate encryption/decryption algorithm in the form of program  Define and describe the role of cryptography in security

Introduction 3  Cryptography : secret writing.  The strongest tool for controlling against many kind of security threats.  Fortunately, it is not necessary to understand the underlying mathematics to be able to use cryptography.

Consider this situation… 4  Sender S sending a message to recipient R. If S entrust the message to T who will delivers it to R, T become transmission medium.  If outsider O wants to access the message (read, change, destroy), O become interceptor or intruder.  So, any time after S transmits it via T, the message is vulnerable to exploitation.

5  the message is vulnerable to exploitation, and O might try to access the message in any of the following ways:  Block it, by preventing its reaching R, thereby affecting the availability of the message.  Intercept it, by reading or listening to the message, thereby affecting the confidentiality of the message.  Modify it, by seizing the message and changing it in some way, affecting the message's integrity.  Fabricate an authentic -looking message, arranging for it to be delivered as if it came from S, thereby also affecting the integrity of the message.

Terminology 6  Encryption : process of encoding a message so that its meaning is not obvious.  Decryption : reverse process, transforming an encrypted message back into its normal, original form.  Encode, decode, encipher, decipher.  A system for encryption and decryption is called cryptosystem.

Terminology (cont) 7  Plaintext : original form of a message.  Ciphertext : encrypted form of a message. EncryptionDecryption PlaintextCiphertext Original Plaintext Encryption Process

Terminology (cont) 8  Assume :  P : Plaintext.  C : Ciphertext.  E : Encryption Rules.  D : Decryption Rules.  So, it is true that Cryptosystem ≈ P = D(E(P))?  Try to understand by discussing among your group members.

Encryption Algorithm 9  The cryptosystem involves a set of rules for how to encrypt the plaintext and how to decrypt the ciphertext.  This rules are called algorithm.  Often use a device called a key, denoted by K.  This create a dependency of C = E(K, P).  Key K selects one specific algorithm from the E set.

Encryption Algorithm (cont) 10  Sometimes the encryption and decryption key are the same, it is called symmetric encryption because D and E are mirror-image process.  At other times, encryption and decryption keys come in pairs, it is called asymmetric because converting C back to P involves a series of different steps of key.

Encryption Algorithm (cont) 11 EncryptionDecryption PlaintextCiphertext Original Plaintext Key Symmetric Cryptosystem

Encryption Algorithm (cont) 12 EncryptionDecryption PlaintextCiphertext Original Plaintext Encryption Key K1 Decryption Key K2 Asymmetric Cryptosystem

Encryption Algorithm (cont) 13  A key gives us flexibility in using an encryption scheme.  An encryption scheme that does not require the use of key is called keyless cipher.

The Wonderful of Crypto 14  Cryptography : hidden writing, practice of using encryption to conceal text.  Cryptanalyst : people studies encryption and encrypted messages, hoping to find hidden meanings, works for unauthorized interceptor.  Cryptographer : same people but works on behalf of a legitimate sender / receiver.  Cryptology : research or studies of E & D.

Cryptanalysis 15  A cryptanalyst’s chore is to break an encryption.  What cryptanalyst’s do are :  Attempt to break a single message.  Attempt to recognize patterns in encrypted message  Attempt to infer without breaking the encryption  Attempt to deduce the key  Attempt to find the weaknesses in implementation or environment  Attempt to find the general weaknesses without necessarily having intercept any messages

Representing Characters ABCDEFGHIJKLM NOPQRSTUVWXYZ A + 3 = D K – 1 = J Y + 3 = ??

Representing Characters (cont) 17  There is many types of encryption.  Two simple form of encryption :  Substitution : one letter is exchange to the another.  Transposition : the order of the letters is rearranged.

Substitution Cipher 18  Children sometimes devise “secret codes” that a correspondence table with which to substitute a character or symbol for each character of the original message.  This technique is called a manoalphabetic cipher or simple substitution.  Caesar Cipher, Permutation and One-Time Pads (Vernam and Book Cipher).

Caesar Cipher 19  The Caesar Cipher has an important place in history.  Each letter is translated to a letter a fixed number of places after it in alphabet.  Algorithm :  Caesar used a shift of 3. c = E(p) = p + n c = E(p) = p + 3

Caesar Cipher (cont) TREATYIMPOSSIBLE wuhdwblpsrvvleoh 20 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z d e f g h i j k l m n o p q r s t u v w x y z a b c

Caesar Cipher (cont) 21  Advantages :  Early one, most easy to perform in the field.  Quite simple, pattern formula was easy to memorize and implement.  Disadvantages :  Dangerous to perform for soldiers or spies.  Obvious pattern is major weakness

Permutation 22  Permutation : Reordering of the elements of a sequence.  One way to scramble an alphabet is to use a key, a word that controls the permutation.  Sender and receiver need to remember the ‘key’ to ensure encryption and decryption successful.

Permutation 23 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z w o r d a b c e f g h i j k l m n p q s t u v x y z Key : word Security : qartpfsy A B C D E F G H I J K L M N O P Q R S T U V W X Y Z p r o f e s i n a l b c d g h j k m q t u v w x y z Key : professional Security : qeoumaty Key : count by threes A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a d g j m p s v y b e h k n q t w z c f i l o r u x Security : cmgizyfu

One-Time Pads 24  Sometime considered the perfect cipher.  Encipher the plaintext with a prearrange chart called a Vigenère tableau.  Two problems of one-time pad :  The need for absolute synchronization between sender and receiver.  The need for an unlimited number of keys.  Vernam Cipher and Book Cipher.

Vernam Cipher 25  Devised by Gilbert Vernam for AT&T.  Immune to most cryptanalytic attacks. V E R N A M C I P H E R t a h r s p i t x m a b Plaintext Numeric Equivalent + Random Number = Sum = Mod 26 Ciphertext

Book Cipher 26  Randomly take a key from any book, piece of music or other object with which the structure can be analyzed.  Any book can provide a key.  This key is formed from the letters of the text, in order.

Book Cipher (cont) 27 Message : MACHINES CANNOT THINK Descarte’s meditation passage : I am, I exist, that is certain i a m i e x i s t t h a t i s c e r t M A C H I N E S C A N N O T T H I N K u a o p m k m k v t u n h b l j m e d Descarte’s key Message Vigenère tableau

28 Vigenre Tableau

Transpositions 29  The goal of substitution is confusion.  Transposition : an encryption in which the letters of the message are rearranged.  Aims for diffusion.  DES Algorithm and AES Algorithm.

Sample of Transpositions THISI SAMES SAGET OSHOW HOWAC OLUMN ARTRA NSPOS ITION WORKS 30  Columnar Transpositions tssoh oaniw haaso lrsto imghw utpir seeoa mrook istwc nasns THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS Original Message Ciphertext Message

Diagram and Trigrams DiagramsTrigrams ENENT REION ERAND NTING THIVE 31  There are also characteristic patterns of pairs of adjacent letters, called Diagrams.  Groups of three letters called Trigrams.

Combinations of Approaches 32  Substitution and transposition can be considered as building blocks for encryption.  A combination of two ciphers is called a product cipher.  A formula can be conclude as E 2 (E 1 (P,k 1 ), k 2 )

Making “Good” Encryption Algorithm 33  Claude Shannon’s (1949)  The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption.  The set of keys and the enciphering algorithm should be free from complexity.  The implementation of the process should be as simple as possible.

Making “Good” Encryption Algorithm (cont) 34  Errors in ciphering should not propagate and cause corruption of further information in the message.  The size of the enciphered text should be no larger than the text of the original message.

Properties of “Trustworthy” Encryption Systems 35  It is based on sound mathematics.  Good cryptographic are not just invented but they are derived from solid principles.  It has been analyzed by competent experts and found to be sound.  Experts can think of only so many possible attacks.  It has stood the “test of time”.  Successful use and analysis is not a guarantee of a good algorithm!!!

Symmetric and Asymmetric Encryption System Secret Key (Symmetric) Public Key (Asymmetric) Number of keys12 Protection of keyMust be kept secretOne key must be kept secret; the other can be freely exposed Best usesCryptographic workhorse Key exchange; authentication Key distributionMust be out-of-bandPublic key can be used to distribute other keys SpeedFastSlow; 10,000 times slower 36

Stream and Block Ciphers  Stream Ciphers : convert one symbol of plaintext immediately into a symbol of ciphertext. 37 Y ISSOPMIwdhuw… Key (Optional) Plaintext Ciphertext Encryption

Stream and Block Ciphers  Block Ciphers : encrypt a group of plaintext symbols as one block (ex : columnar). 38 IH Key (Optional) Ciphertext Encryption YR CN ES ba qc kd

Comparing Stream and Block Algorithms Stream Encryption Algorithms Block Encryption Algorithms AdvantagesSpeed of informationHigh diffusion Low error propagationImmunity to insertion of symbols DisadvantagesLow DiffusionSlowness of encryption Susceptibility to malicious insertion and modifications Error propagation 39

Weaknesses 40  A cryptanalyst works against human.  Not only are people fallible, but so are hardware and software implementations.  The only rule that applies to the attacker is that there are no rules.  That why we need to know about widely encryption scheme such as DES, AES and RSA.

The Data Encryption Standard (DES) 41  The DES, a system developed for the U.S government.  Intended for use by the general public.  Many hardware and software systems have been designed with the DES.  Recently, its adequacy has been questioned.

The Data Encryption Standard (DES) (cont) 42  Desirable criteria :  Able to provide high level of security.  Specified and easy to understand.  Available to all users.  Adaptable for use in diverse application.  Economical to implement in electronic devices.  Efficient to use.  Able to be validate.  Exportable.

The Data Encryption Standard (DES) (cont) 43  Overview :  Careful and complex combination of : substitution and transposition.  Derives its strength from repeated application of these two techniques for 16 cycles.  The algorithm begin with encrypting plaintext as block of 64 bits. (but in fact it can be any 56-bit number- The extra 8 bits are often used as check digits and do not affect encryption in normal implementations )  It is suitable for implementation in software on most computers.

Double DES 44  Researcher suggest using a double encryption for greater secrecy.  Take two keys and perform two encryption, one on top of the other.  Assumption is FALSE : two encryptions are no better than one.  The double encryption only double the work for the attacker.

DES Flow (cont) 45 Right Half Text Left Half Text New Left Half Text Key New Right Half Text Combine Key Substitute Permute Add Halves Repeat 16 Times

Triple DES 46  Using two keys and applying them into three operations adds apparent strength.  Encrypt with one key, decrypt with the second, and encrypt with the first again.  So that 112 bits effective key length is quite strong and it is effective against all feasible known attacks.

The Advanced Encryption Standard (AES) 47  Desirable criteria :  Unclassified.  Publicly disclosed.  Available royalty-free for use worldwide.  Symmetric block cipher algorithm for blocks of 128 bits  Usable with key sizes of 128, 192 and 256 bits.

Overview of Rijndael 48  Implemented easily on simple processors.  Uses substitution, transposition, shift, exclusive OR and addition operations.  Use 9, 11 or 13 cycle (round) for keys of 128, 192 and 256 bits.

Overview of Rijndael (cont) 49  Each cycle consist of :  Byte substitution.  Shift row.  Mix column.  Add sub key.

AES Algorithm. 50

Comparison of DES and AES DESAES Date Block size64 bits128 bits Key length56 bits (effective length)128, 192, 256 (and possibly more) bits Encryption primitivesSubstitution, permutationSubstitution, shift, bit mixing Cryptographic primitivesConfusion, diffusion DesignOpen Design rationaleClosedOpen Selection processSecretSecret, but accepted open public comment SourceIBM, enhanced by NSAIndependent Dutch cryptographic 51

Rivest-Shamir-Adelman (RSA) Encryption 52  RSA cryptosystem is a public key system.  RSA has been the subject of extensive cryptanalysis, and no serious flaws have yet been found.  Confidence in the method grows as time passes without discovery of a flaw.

Rivest-Shamir-Adelman (RSA) Encryption (cont) 53  Procedures (key setup) :  Select any two prime numbers (p and q)  Calculate n=p*q  Φ =(p-1)*(q-1)  Selecting at random the encryption key (e) where (1<e< Φ n),gcd (e, Φ n)=1  Find d:  e*d mod Φ n=1 or e*d=1 mod Φ n where 0<d<n  public key =(e,n)  private key =(d,n)

Rivest-Shamir-Adelman (RSA) Encryption (cont) 54  Key may be applied in either order:  P = E(D(P)) = D(E(P))  Encryption algorithm: C=P e mod n.  Decryption algorithm: P=C d mod n  It is a solid basis for a secure crytosystem.

55 P P P

Example 56 e,n d,n 187

57

58

The Uses of Encryption 59  Cryptographic Hash Function  Key Exchange  Digital Signature  Certificates

Cryptographic Hash Function 60  Hash used to detect changes to the message  Can use in various ways with message, One technique for providing the seal is to compute a cryptographic function, sometimes called a hash or checksum or message digest of the file.  The checksum value is stored with the file. Then, each time the file is accessed or used, the checksum is recomputed. If the computed checksum matches the stored value, it is likely that the file has not been changed.

61 Hash Function guarantee a message's integrity (address the nonalterability and nonreusability) A change or reuse will be flagged by the checksum, so the recipient can know something is amiss and the recipient can make sure the message was not altered (intentionally or by chance) during the communication. The most widely used cryptographic hash functions are MD4, MD5 (where MD stands for Message Digest), and SHA/SHS (Secure Hash Algorithm or Standard). the hash can be said to represent the document's fingerprint

Integrity verification 62 Sender sending a message along with its hash the recipient simply has to calculate the received message's hash and compare it with the hash accompanying the document If the message (or the hash) was falsified during the communication, the two fingerprints will not match. Using a hash function makes it possible to verify that the fingerprint corresponds to the received message, but nothing proves the message was actually sent by the person claiming to be the sender.

Data sealing 63  Using a hash function makes it possible to verify that the fingerprint corresponds to the received message, but nothing proves the message was actually sent by the person claiming to be the sender.  To guarantee the message's authenticity, the sender simply has to encrypt (we generally say sign) the hash using his private key (the signed hash is called a seal) and send the seal to the recipient.  When receiving the message, the recipient simply has to decrypt the seal with the sender's public key, then compare the hash obtained with the hash function with the hash received as an attachment. This seal creation function is called sealing.

64

Key Exchange/public key 65  keys exists in pairs:  A public key for encryption;  A secret key for decryption.  If a user wants to send a message, he needs to encrypt the message using the recipient's public key  Receiver will decrypting the message with his private key  Can address authentication: only the valid receiver can decrypt the message

Digital Signatures 66  Used to demonstrating the authenticity of a digital message or document  Electronic signatures address non-repudiation, that is, they make it possible to ensure the sender really sent the message (sender cannot deny having sent the message).  A digital signature must :  It must be unforgeable.  It must be authentic  It is not alterable.  It is not reusable.

 The sender encrypts the message using his or her own private key, allowing anyone to decrypt the message using the sender's public key.  The accurate decryption proves that the message came from the sender, as he or she is the only one who has a copy of the corresponding private key. 67

Digital certificates  A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web.  Certificates are small files that are divided into two parts:  The part containing information  The part containing the certification authority's signature  It is issued by a certification authority (CA).  Digital certificates can be kept in registries so that authenticating users can look up other users' public keys 68

 he structure of certificates is standardized by the ITU's X.509 standard (more precisely X.509v3), which defines the information contained in the certificate:  The version of X.509 the certificate corresponds to;  The certificate's serial number;  The encryption algorithm used to sign the certificate;  The name (DN, for Distinguished Name) of the issuing certification authority;  The certificate's starting validity date;  The certificate's ending validity date;  The public key's subject;  The public key of the certificate's owner;  The certificate issuer's signature (thumbprint). 69

Example 70

 to create Diana’s cerificate  1. Diana creates her public key pairs, put the public key in a message together with her identity and passes the message to Edward.  2. Edward signs it by creating a hash value and then encrypting the message and the hash with his private key. This message is called Diana’s certificate. 71

 Certificates are mainly used in three types of contexts:  Client certificates, stored on the user's workstation or embedded in a container such as a chip card, make it possible to identify a user and associate him with rights. In most cases, they are transmitted to the server when a connection is made, and the server assigns rights in function of the user's accreditation. They are real digital ID cards that use an asymmetric key pair ranging from 512 to 1024 bits long.  Server certificates, installed on a web server, make it possible to connect a service with the service's owner. In the case of a website, they make it possible to guarantee that the web page's URL and particularly its domain really belong to such or such a company. They also make it possible to protect transactions with users.URL  VPN certificates are a type of certificate installed in network equipment that make it possible to encrypt communication flows from start to finish between two points (for example, two company sites). In this type of scenario, the users have a client certificate, the servers apply a server certificate and the communication equipment uses a special certificate (generally an IPSec certificate.IPSec 72