Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT443 – Network Security Administration Instructor: Bo Sheng

Published byBranden Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "IT443 – Network Security Administration Instructor: Bo Sheng"— Presentation transcript:

1 IT443 – Network Security Administration Instructor: Bo Sheng
Cryptography Basics IT443 – Network Security Administration Instructor: Bo Sheng

2 Outline Basic concepts in cryptography system Secret key cryptography
Public key cryptography Hash functions

3 Encryption/Decryption
Plaintext: a message in its original form Ciphertext: a message in the transformed, unrecognized form Encryption: the process that transforms a plaintext into a ciphertext Decryption: the process that transforms a ciphertext to the corresponding plaintext Key: the value used to control encryption/decryption. plaintext ciphertext plaintext encryption decryption key key

4 Cryptanalysis “code breaking”, “attacking the cipher”
Difficulty depends on sophistication of the cipher amount of information available to the code breaker Any cipher can be broken by exhaustive trials, but rarely practical

5 Caesar Cipher Replace each letter with the one 3 letters later in the alphabet ex.: plaintext CAT  ciphertext FDW plaintext alphabet ciphertext alphabet A B C D E F G H I J K A B C D E F G H I J K Trivial to break

6 Mono-Alphabetic Ciphers
Generalized substitution cipher: an arbitrary (but fixed) mapping of one letter to another 26! ( 4.0*1026  288) possibilities plaintext alphabet ciphertext alphabet A B C D E F G H I J K A B C D E F G H I J K

7 Attacking Mono-Alphabetic Ciphers
Broken by statistical analysis of letter, word, and phrase frequencies of the language Frequency of single letters in English language, taken from a large corpus of text:

8 Ciphertext Only Attacks
Ex.: attacker can intercept encrypted communications, nothing else Breaking the cipher: analyze patterns in the ciphertext provides clues about the encryption method/key

9 Known Plaintext Attacks
Ex.: attacker intercepts encrypted text, but also has access to some of the corresponding plaintext (definite advantage) Makes some codes (e.g., mono-alphabetic ciphers) very easy to break

10 Chosen Plaintext Attacks
Ex.: attacker can choose any plaintext desired, and intercept the corresponding ciphertext Allows targeted code breaking (choose exactly the messages that will reveal the most about the cipher)

11 The “Weakest Link” in Security
Cryptography is rarely the weakest link Weaker links Implementation of cipher Distribution or protection of keys … …

12 Secret Keys vs Secret Algorithms
Security by obscurity We can achieve better security if we keep the algorithms secret Hard to keep secret if used widely Reverse engineering, social engineering Publish the algorithms Security of the algorithms depends on the secrecy of the keys Less unknown vulnerability if all the smart (good) people in the world are examine the algorithms

13 Outline Basic concepts in cryptography system Secret key cryptography
Public key cryptography Hash functions

14 Secret Key Cryptography
Same key is used for encryption and decryption Also known as Symmetric cryptography Conventional cryptography plaintext ciphertext plaintext encryption decryption key Same key key

15 Secret Key Cryptography
Stream cipher Block cipher Converts one input plaintext block of fixed size k bits to an output ciphertext block of k bits DES, IDEA, AES, … AES Selected from an open competition, organized by NSA Joan Daemen and Vincent Rijmen (Belgium) Block size=128 bits, Key Size= 128/192/256 bits

16 Key Size Keys should be selected from a large potential set, to prevent brute force attacks Secret key sizes 40 bits were considered adequate in 70’s 56 bits used by DES were adequate in the 80’s 128 bits are adequate for now If computers increase in power by 40% per year, need roughly 5 more key bits per decade to stay “sufficiently” hard to break

17 Public Key Cryptography
A public/private key pair is used Public key can be publicly known Private key is kept secret by the owner of the key Much slower than secret key cryptography Also known as asymmetric cryptography Another mode: digital signature plaintext ciphertext plaintext encryption decryption Public key Private key

18 Public Key Cryptography
Digital signature Only the party with the private key can create a digital signature. The digital signature is verifiable by anyone who knows the public key. The signer cannot deny that he/she has done so. plaintext ciphertext plaintext Sign Verify Private key Public key

19 Public Key Cryptography
It must be computationally easy to generate a public / private key pair hard to determine the private key, given the public key easy to encrypt using the public key easy to decrypt using the private key hard to recover the plaintext message from just the ciphertext and the public key

20 Symmetric vs Asymmetric
Symmetric algorithms are much faster In the order of a 1000 times faster Symmetric algorithms require a shared secret Impractical if the communicating entities don’t have another secure channel Both algorithms are combined to provide practical and efficient secure communication E.g., establish a secret session key using asymmetric crypto and use symmetric crypto for encrypting the traffic

21 Outline Basic concepts in cryptography system Secret key cryptography
Public key cryptography Hash functions

22 Hash Function Also known as
Message digest One-way transformation One-way function Hash Length of H(m) much shorter than length of m Usually fixed lengths: 128 or 160 bits Message of arbitrary length A fixed-length short message Hash

23 Properties of Hash Consider a hash function H
Performance: Easy to compute H(m) One-way property: Given H(m) but not m, it’s computationally infeasible to find m Weak collision resistance (free): Given H(m), it’s computationally infeasible to find m’ such that H(m’) = H(m). Strong collision resistance (free): Computationally infeasible to find m1, m2 such that H(m1) = H(m2)

24 Hash Applications File / Message integrity
Check if a downloaded file is corrupted Detect if a file has been changed by someone after it was stored Compute a hash H(F) of file F openssl dgst -md5 filename

25 Hash Applications Password verification
Password cannot be stored in plaintext In a hashed format Linux: /etc/passwd, /etc/shadow cat /etc/shadow

26 Hash Applications User authentication Alice Bob
Alice wants to authenticate herself to Bob Assuming they already share a secret key K Alice Bob time  “I’m Alice” R computes Y=H(R|K) Y verifies that Y=H(R|K)

27 Modern Hash Functions MD5 (128 bits) SHA (Secure Hash Algorithm)
Previous versions (i.e., MD2, MD4) have weaknesses. Broken; collisions published in August 2004 Too weak to be used for serious applications SHA (Secure Hash Algorithm) Weaknesses were found SHA-1 (160 bits) Broken, but not yet cracked Collisions in 269 hash operations, much less than the brute-force attack of 280 operations Results were circulated in February 2005, and published in CRYPTO ’05 in August 2005 SHA-256, SHA-384, …

28 Birthday Attack What is the smallest group size k such that
The probability that at least two people in the group have the same birthday is greater than 0.5? 23 Implication for hash function H of length m With probability at least 0.5 If we hash about 2m/2 random inputs, Two messages will have the same hash image m=64, 1ns per hash Brute force (264): 1013 seconds over 300 thousand years Birthday attack (232): 4 seconds

29 Lab 1 Sample codes eecs.mit.edu’s IP is 18.62.1.6
Assume their subnetwork use 28-bit prefix Scan ~ dig -x short /home/shengbo/it443/scanip.sh /home/shengbo/it443/scanip.pl

30 Electronic Code Book (ECB)
128 M M M M4 46 + padding Plaintext  Key E C C C C4 128 Ciphertext 

31 Cipher Block Chaining (CBC)
M1 M2 M3 M4 46 + padding 128 128 128 Initialization Vector C1 C2 C3 C4 128 E Key

Download ppt "IT443 – Network Security Administration Instructor: Bo Sheng"

Similar presentations

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.

CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Introduction to Cryptography

Introduction to Cryptography
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography Week-6.

Cryptography Week-6.
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Basics Credit: Prof. Dr. Peng Ning Network.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Basics Credit: Prof. Dr. Peng Ning Network.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
CSCE 201 Introduction to Information Security Fall 2010 Data Protection.

CSCE 201 Introduction to Information Security Fall 2010 Data Protection.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Similar presentations

Ads by Google