1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.

Slides:



Advertisements
Similar presentations
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Advertisements

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies
CSE401n:Computer Networks
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Public Key Cryptography
Public Encryption: RSA
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
Public Key Model 8. Cryptography part 2.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
 This Class  Chapter 8. 2 What is network security?  Confidentiality  only sender, intended receiver should “understand” message contents.
CS110: Computers and the Internet Encryption and Certificates.
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
Public-Key Cryptography CS110 Fall Conventional Encryption.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Chapter 8, slide: 1 ECE/CS 372 – introduction to computer networks Lecture 18 Announcements: r Final exam will take place August 13 th,2012 r HW4 and Lab5.
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 1: Principles of cryptography.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Digital Signatures, Message Digest and Authentication Week-9.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
CS 453 Computer Networks Lecture 25 Introduction to Network Security.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
 Last Class  Chapter 7 on Data Presentation Formatting and Compression  This Class  Chapter 8.1. and 8.2.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network security Cryptographic Principles
Public-Key Cryptography and Message Authentication
Encryption. Encryption Basics • Plaintext - the original message ABCDEFG • Ciphertext - the coded message DFDFSDFSD • Cipher - algorithm for.
What is network security?
Chapter 7 Network Security
Public-key Cryptography
ECE/CS 372 – introduction to computer networks Lecture 16
Basic Network Encryption
Network Security Basics
Intro to Cryptography Some slides have been taken from:
Basic Network Encryption
Presentation transcript:

1 Cryptography Troy Latchman Byungchil Kim

2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that the medium we use to transmit data is insecure, e.g. can be sniffed. Cryptography allows a sender to disguise data in hopes that an intruder can gain no information from the intercepted data. Cryptography allows a sender to disguise data in hopes that an intruder can gain no information from the intercepted data.

3 Fundamentals Alice and Bob are two innocent people. Alice and Bob are two innocent people. Trudy is an intruder. Trudy is an intruder.

4 Fundamentals Alice generates some data that is in plaintext. She then uses a key (Ka) and an encryption algorithm to transform the data into ciphertext. Alice generates some data that is in plaintext. She then uses a key (Ka) and an encryption algorithm to transform the data into ciphertext. The data is transmitted and sniffed along the way. Trudy gains no information about the contents of the message because the data is in ciphertext (encrypted). The data is transmitted and sniffed along the way. Trudy gains no information about the contents of the message because the data is in ciphertext (encrypted). Bob receives the ciphertext and uses a key (Kb) and a decryption algorithm to transform the data into plaintext. Bob receives the ciphertext and uses a key (Kb) and a decryption algorithm to transform the data into plaintext.

5 Fundamentals Shortened Notation: Alice starts with message ‘m’ and applies her key as well as ‘m’ to an encryption algorithm to get the ciphertext Ka(m) Alice starts with message ‘m’ and applies her key as well as ‘m’ to an encryption algorithm to get the ciphertext Ka(m) Bob receives Ka(m) and applies this as well as his key to the decryption algorithm to get the original message: Kb(Ka(m)) = m Bob receives Ka(m) and applies this as well as his key to the decryption algorithm to get the original message: Kb(Ka(m)) = m m => Ka(m) => Kb(Ka(m)) => m m => Ka(m) => Kb(Ka(m)) => m

6 Keys Symmetric Key Symmetric Key –Alice’s and Bob’s keys are identical and are private. Public Key Public Key –Two keys are used. One of the keys is public (the whole world knows it). The other key is known either by Alice or Bob, not both.

7 Symmetric Key Caesar cipher is a very old and simple symmetric key algorithm: Take each letter in the plaintext message and translate it into another letter. Take each letter in the plaintext message and translate it into another letter. The translation is done by adding a constant, k, to the plaintext letter. The translation is done by adding a constant, k, to the plaintext letter. The number for each letter is its position in the alphabet, e.g. A=1, Z=26. The alphabet has wrap around where A comes after Z. The number for each letter is its position in the alphabet, e.g. A=1, Z=26. The alphabet has wrap around where A comes after Z.

8 Symmetric Key Caesar cipher example: Let k=3 (the key) Let k=3 (the key) Plaintext: BOB, I LOVE YOU. ALICE Plaintext: BOB, I LOVE YOU. ALICE Ciphertext: ERE, L ORYH BRX. DOLFH Ciphertext: ERE, L ORYH BRX. DOLFH Note that Caesar cipher only has 25 possible keys, so a brute force method to break the encryption can be used.

9 Symmetric Key Monoalphabetic cipher - an improvement over Caesar cipher Each letter gets translated to a set random letter by a 1 to 1 algorithm. Each letter gets translated to a set random letter by a 1 to 1 algorithm. 26! possible pairings (keys). 26! possible pairings (keys). Monoalphabetic cipher was later improved by polyalphabetic encryption. Monoalphabetic cipher was later improved by polyalphabetic encryption.

10 Symmetric Key Data Encryption Standard (DES) Data Encryption Standard (DES) Created in 1977 and updated in The algorithm works by manipulating input on the bit level. Created in 1977 and updated in The algorithm works by manipulating input on the bit level. The algorithm needs an input (limited to 64 bits) and a 64 bit key (effectively only 56 bits due to 8 parity bits) The algorithm needs an input (limited to 64 bits) and a 64 bit key (effectively only 56 bits due to 8 parity bits)

11 Symmetric Key Basic operation of DES

12 Symmetric Key The 56-bit DES is considered too insecure. The encryption was cracked in 22 hours in 2002 using a special purpose computer. The 56-bit DES is considered too insecure. The encryption was cracked in 22 hours in 2002 using a special purpose computer. 3DES is more secure. This runs DES 3 times with 3 different keys. 3DES is more secure. This runs DES 3 times with 3 different keys. Advanced Encryption Standard (AES) is the successor to DES. It uses key lengths of 128, 192, and 256 bits. It is estimated that a computer that could break 56-bit DES encryption in 1 second would take approximately 149 trillion years to crack 128-bit AES encryption. Advanced Encryption Standard (AES) is the successor to DES. It uses key lengths of 128, 192, and 256 bits. It is estimated that a computer that could break 56-bit DES encryption in 1 second would take approximately 149 trillion years to crack 128-bit AES encryption.

13 Public Key One short fall to using a symmetric key is that both parties must know the key before they start the encrypted communication. One short fall to using a symmetric key is that both parties must know the key before they start the encrypted communication. How do the parties initially get the key? How do the parties initially get the key? They could meet in person so that the communication would be secure, but this is usually inconvenient. They could meet in person so that the communication would be secure, but this is usually inconvenient. Elegant Solution: public key encryption. Elegant Solution: public key encryption.

14 Public Key Instead of Alice and Bob having the same secret key. Bob will have 2 keys, a public key (Kb+) which the whole world knows, and a private key that only Bob knows (Kb-). Instead of Alice and Bob having the same secret key. Bob will have 2 keys, a public key (Kb+) which the whole world knows, and a private key that only Bob knows (Kb-). This eliminates the need for distributing secret keys. This eliminates the need for distributing secret keys.

15 Public Key Overview of public key encryption

16 Public Key Alice fetches Bob’s pubic key (Kb+) Alice fetches Bob’s pubic key (Kb+) She encrypts her message with the key to get: Kb+(m) She encrypts her message with the key to get: Kb+(m) Bob receives the ciphertext and applies his private key in order to extract the message: Bob receives the ciphertext and applies his private key in order to extract the message: Kb-(Kb+(m)) = m IMPORTANT: Kb+(Kb-(m)) = m (We will see the importance of this later)

17 Public Key RSA – a public key encryption algorithm named after its founders (Ron Rivest, Adi Shamir, and Leonard Adleman): Choose 2 large prime numbers ‘p’ and ‘q’. Choose 2 large prime numbers ‘p’ and ‘q’. Compute n = p*q Compute n = p*q Compute z = (p-1)*(q-1) Compute z = (p-1)*(q-1) Choose a number ‘e’ that is less than ‘n’ which has no common factors (besides 1) with z Choose a number ‘e’ that is less than ‘n’ which has no common factors (besides 1) with z Find a number ‘d’ such that e*d-1 is divisible by ‘z’ with no remainder Find a number ‘d’ such that e*d-1 is divisible by ‘z’ with no remainder Kb+ = (n,e) Kb+ = (n,e) Kb- = (n,d) Kb- = (n,d)

18 Public Key We now have (n,e) and (n,d), that is Kb+ and Kb-. We now have (n,e) and (n,d), that is Kb+ and Kb-. Alice obtains (n,e) and does the following to each letter of her message (again A=1 and Z=26): Alice obtains (n,e) and does the following to each letter of her message (again A=1 and Z=26): c = m^e mod n c = m^e mod n where ‘m’ is the numeric value of the letter and ‘c’ is the cipher output

19 Public Key Bob is the only one who has (n,d), that is Kb-, and does the following on each letter once he receives the ciphertext form Alice: Bob is the only one who has (n,d), that is Kb-, and does the following on each letter once he receives the ciphertext form Alice: m = c^d mod n m = c^d mod n where ‘m’ is the recovered message

20 Public Key RSA example: Bob does the following: Chooses p=5 and q=7 Chooses p=5 and q=7 - Thus, n=35 and z=24 Chooses e=5 since 5 and 24 have no common factors Chooses e=5 since 5 and 24 have no common factors Chooses d=29 since 5*29-1 is divisible by 24 Chooses d=29 since 5*29-1 is divisible by 24 So we have Kb+ = (35,5) and Kb- = (35,29) Suppose Alice wants to send ‘l’ ‘o’ ‘v’ ‘e’ to Bob…

21 Public Key

22 Integrity There is a short fall to using public key encryption - Trudy, the intruder, can claim she is Alice! There is a short fall to using public key encryption - Trudy, the intruder, can claim she is Alice! We didn’t have to worry about these false claims in symmetric key encryption because the mere fact that the user on the other end had the correct key (which is private) was proof enough they were who they said they were. We didn’t have to worry about these false claims in symmetric key encryption because the mere fact that the user on the other end had the correct key (which is private) was proof enough they were who they said they were. How do we regain the integrity that we lost? How do we regain the integrity that we lost?

23 Integrity Bob can sign his message – proving that the messages are coming from Bob. Bob can sign his message – proving that the messages are coming from Bob. All he has to do is a apply his private key to the data he sends Alice: Kb-(m) All he has to do is a apply his private key to the data he sends Alice: Kb-(m) Alice then receives this and applies Bob’s public key: Kb+(Kb-(m)) = m Alice then receives this and applies Bob’s public key: Kb+(Kb-(m)) = m (This is the important part from slide 16)

24 Integrity

25 Integrity But signing over the entire message is computationally expensive. But signing over the entire message is computationally expensive. Want a less costly way to have integrity. Want a less costly way to have integrity. Answer: Message Digest Answer: Message Digest

26 Integrity Message digest algorithms take a message ‘m’ or arbitrary length and compute a fixed- length output known as a message digest: H(m) Message digest algorithms take a message ‘m’ or arbitrary length and compute a fixed- length output known as a message digest: H(m) The algorithm is basically a many to one hash function. The algorithm is basically a many to one hash function. A good algorithm will make it inconceivable for 2 messages to hash to the same value (message digest). A good algorithm will make it inconceivable for 2 messages to hash to the same value (message digest).

27 Integrity Now that we have a small “summary” of what is in the message, we can use this to obtain integrity when using public key encryption. Now that we have a small “summary” of what is in the message, we can use this to obtain integrity when using public key encryption. All Bob needs to do is to apply his private key to the message digest. This is much more efficient than applying it to the entire message: All Bob needs to do is to apply his private key to the message digest. This is much more efficient than applying it to the entire message: Kb-(H(m)) which is called a digital signature

28 Integrity Now when Bob wants to communicate, he can just send ‘m’ and Kb-(H(m)) Now when Bob wants to communicate, he can just send ‘m’ and Kb-(H(m)) When Alice receives these two items, she computes H(m) two different ways: When Alice receives these two items, she computes H(m) two different ways: Directly from ‘m’ (like Bob did when sending the message) By applying Bob’s public key to the digital signature: Kb+(Kb-(H(m)) = H(m) Alice then compares the two message digests and see if they match. Alice then compares the two message digests and see if they match.

29 Integrity

30 Integrity

31 Integrity How do we compute H(m)? How do we compute H(m)? There are widely used algorithms to do so. There are widely used algorithms to do so. MD5 and SHA-1 are examples of such algorithms. MD5 and SHA-1 are examples of such algorithms. MD5 computes a 128-bit message digest in a four-step process

32 The Lab Be sure to thoroughly read and understand the previous slides. Be sure to thoroughly read and understand the previous slides. We will be doing exercises with built in functions in Linux. We will be doing exercises with built in functions in Linux. We will examine: DES, RSA, MD5, and SHA-1. We will examine: DES, RSA, MD5, and SHA-1.

33 References All figures and tables throughout this presentation came from one source: Kurose, Charlie and Ross, Keith. Computer Networking: A Top-Down Approach Featuring the Internet. New York, NY: Addison Wesley, Kurose, Charlie and Ross, Keith. Computer Networking: A Top-Down Approach Featuring the Internet. New York, NY: Addison Wesley, 2003.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.