Presentation is loading. Please wait.

Presentation is loading. Please wait.

Week1: Intro to Cryptography

Published byΣάρρα Σπανός Modified over 6 years ago

Similar presentations

Presentation on theme: "Week1: Intro to Cryptography"— Presentation transcript:

1 Week1: Intro to Cryptography
Some slides have been taken from: Computer Networking: A Top Down Approach Featuring the Internet, 7th edition. Jim Kurose, Keith Ross. Addison-Wesley, All material copyright J.F Kurose and K.W. Ross, All Rights Reserved. Understanding Cryptography: A Textbook for Students and Practitioners, Christof Paar and Jan Pelzl, Springer-Verlag, 2010

2 Part 1 Roadmap What is network security? Principles of cryptography
Message integrity and digital signatures End-point authentication Securing Securing TCP connections: SSL Network layer security: IPsec and VPNs Securing wireless LANs Operational security: firewalls and IDS

3 Private Key Encryption
Also referred to as: conventional encryption symmetric key encryption secret-key or single-key encryption Only alternative before public-key encryption in 1970’s Still most widely used alternative

4 Private Key Cryptography
One key shared by both participators one key, two operations (encryption and decryption)

5 Example: Polyalphabetic encryption
500 years ago! n mono-alphabetic ciphers, C1, C2,…,Cn Cycling pattern: e.g., n=4, C1,C3,C4,C3,C2; C1,C3,C4,C3,C2; For each new plaintext symbol, use subsequent mono-alphabetic cipher in cyclic pattern dog: d from C1, o from C3, g from C4 Key: the n ciphers and the cyclic pattern

6 Polyalphabetic encryption example
Plaintext letter: a b c d e f g h i j k l m n o p q r s t u v w x y z C1(k=5) : f g h i j k l m n o p q r s t u v w x y z a b c d e C2(k=19) : t u v w x y z a b c d e f g h i j k l m n o p q r s Pattern: C1, C2, C2, C1, C2 Plaintext message: “bob, i love you” Cipher text message: “ghu, n etox dhz” Key? A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C1 C2 b o , i l v e y u g h n t x d z

7 Two types of modern private ciphers
Stream ciphers encrypt one bit at a time E.g. RC4 Block ciphers Break plaintext message in equal-size blocks Encrypt each block as a unit E.g. DES, IDEA, AES

8 Stream Ciphers pseudo random keystream generator input key keystream Combine each bit of keystream with bit of plaintext to get bit of ciphertext XOR operation (modulo 2 addition) m(i) = ith bit of message ks(i) = ith bit of keystream c(i) = ith bit of ciphertext c(i) = ks(i)  m(i) ( = exclusive or) m(i) = ks(i)  c(i)

9 Review: XOR For perfectly random key stream si , each ciphertext output bit has a 50% chance to be 0 or 1 Good statistic property for ciphertext Inverting XOR is simple, since it is the same XOR operation mi ksi ci 1

10 Stream Ciphers pseudo random keystream generator input key keystream Security of stream cipher depends entirely on the key stream ks(i) : Should be random , i.e., Pr(ks(i) = 0) = Pr(ks(i) = 1) = 0.5 Must be reproducible by sender and receiver Synchronous Stream Cipher Key stream depend only on the key (and possibly an initialization vector IV) Asynchronous Stream Ciphers Key stream depends also on the ciphertext (dotted feedback enabled)

11 Random Number Generators (RNGs)
True Random Number Generators Pseudorandom Random Number Generators Cryptographically Secure Random Number Generators

12 True Random Number Generators (TRNGs)
Based on physical random processes: coin flipping, dice rolling, semiconductor noise, radioactive decay, mouse movement, clock jitter of digital circuits Output stream ksi should have good statistical properties: Pr(ksi = 0) = Pr(ksi = 1) = 50% (often achieved by post-processing) Output can neither be predicted nor be reproduced Typically used for generation of keys, nonces (used only-once values) and for many other purposes

13 Pseudorandom Number Generator (PRNG)
Generate sequences from initial seed value Typically, output stream has good statistical properties Output can be reproduced and can be predicted Often computed in a recursive way: ks0  seed ksi1  f (ksi ,ksi1,..., ksi t ) Example: rand() function in ANSI C: ks0  12345 𝑘𝑠 𝑖+1 = 𝑘𝑠 𝑖 +_12345 mod 231 Most PRNGs have bad cryptographic properties! Chapter 2 of Understanding Cryptography by Christof Paar and Jan Pelzl

14 Cryptanalyzing a Simple PRNG
Simple PRNG: Linear Congruential Generator ks0  seed ksi 1  A.ksi  B mod m Assume unknown A, B and S0 as key Size of A, B and Si to be 100 bit 300 bit of output are known, i.e. S1, S2 and S3 Solving ks2  Aks1  B mod m ks3  Aks2  B mod m …directly reveals A and B. All Si can be computed easily! Bad cryptographic properties due to the linearity of most PRNGs Christof Paar and Jan Pelzl

15 Cryptographically Secure Pseudorandom Number Generator (CSPRNG)
Special PRNG with additional property: Output must be unpredictable More precisely: Given n consecutive bits of output 𝑘𝑠 𝑛 , the following output bits 𝑘𝑠 𝑛+1 , ksn+2 cannot be predicted (in polynomial time). Needed in cryptography, in particular for stream ciphers Remark: There are almost no other applications that need unpredictability, whereas many, many (technical) systems need PRNGs. Christof Paar and Jan Pelzl

16 One-Time Pad Unconditionally secure cryptosystem: One-Time Pad
A cryptosystem is unconditionally secure if it cannot be broken even with infinite computational resources One-Time Pad A cryptosystem developed by Mauborgne that is based on Vernam’s stream cipher: Properties: Let the plaintext, ciphertext and key consist of individual bits xi, yi, ski  {0,1}. Encryption: Decryption: eki(xi) = xi  ski. dki(yi) = yi  ski OTP is unconditionally secure if and only if the key ski. is used once! Christof Paar and Jan Pelzl

17 Alice chooses the appropriate unused page from the pad
OTP operation Two pads of paper containing identical random sequences of letters are produced and securely issued to both Alice chooses the appropriate unused page from the pad The way to do this is normally arranged for in advance, as for instance 'use the 12th sheet on 1 May', or 'use the next available sheet for the next message'. The material on the selected sheet is the key for this message.

18 Christof Paar and Jan Pelzl
One-Time Pad Unconditionally secure cryptosystem: y0 = x0  k0 y1 = x1  k1 : Every equation is a linear equation with two unknowns for every yi are xi = 0 and xi = 1 equiprobable! This is true iff k0 , k1, ... are independent, i.e., all ki have to be generated truly random It can be shown that this systems can provably not be solved. Disadvantage: For almost all applications the OTP is impractical since the key must be as long as the message! (Imagine you have to encrypt a 1GByte attachment.) Christof Paar and Jan Pelzl

19 Christof Paar and Jan Pelzl
Linear Feedback Shift Registers (LFSRs) Concatenated flip-flops (FF), i.e., a shift register together with a feedback path Feedback computes fresh input by XOR of certain state bits Degree m given by number of storage elements If pi = 1, the feedback connection is present (“closed switch), otherwise there is not feedback from this flip-flop (“open switch”) Output sequence repeats periodically Maximum output length: 2m-1 Christof Paar and Jan Pelzl

20 Linear Feedback Shift Registers (LFSRs): m=3
clk FF2 FF1 FF0=si 1 2 3 4 5 6 7 8 LFSR output described by recursive equation: si3  si1  si mod 2 Maximum output length (of 23-1=7) achieved only for certain feedback configurations, .e.g., the one shown here. Christof Paar and Jan Pelzl

21 Christof Paar and Jan Pelzl
Security of LFSRs LFSRs typically described by polynomials: P(x)  xm  p xm1  ...  p x  p l 1 1 0 Single LFSRs generate highly predictable output If 2m output bits of an LFSR of degree m are known, the feedback coefficients pi of the LFSR can be found by solving a system of linear equations* Because of this many stream ciphers use combinations of LFSRs Christof Paar and Jan Pelzl

22 Symmetric key crypto: DES
DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input block cipher with cipher block chaining how secure is DES? DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a day no known good analytic attack making DES more secure: 3DES: encrypt 3 times with 3 different keys

23 Block Cipher Primitives:
Confusion and Diffusion Claude Shannon: There are two primitive operations with which strong encryption algorithms can be built: Confusion: An encryption operation where the relationship between key and ciphertext is obscured. Today, a common element for achieving confusion is substitution, which is found in both AES and DES. Diffusion: An encryption operation where the influence of one plaintext symbol is spread over many ciphertext symbols with the goal of hiding statistical properties of the plaintext. A simple diffusion element is the bit permutation, which is frequently used within DES. Both operations by themselves cannot provide security. The idea is to concatenate confusion and diffusion elements to build so called product ciphers.

24 Christof Paar and Jan Pelzl
Product Ciphers Most of today‘s block ciphers are product ciphers as they consist of rounds which are applied repeatedly to the data. Can reach excellent diffusion: changing of one bit of plaintext results on average in the change of half the output bits. Example: Christof Paar and Jan Pelzl

25 Christof Paar and Jan Pelzl
Overview of the DES Algorithm DES 56 k 64 y Encrypts blocks of size 64 bits. Uses a key of size 56 bits. Symmetric cipher: uses same key for encryption and decryption Uses 16 rounds which all perform the identical operation Different subkey in each round derived from main key Christof Paar and Jan Pelzl

26 Christof Paar and Jan Pelzl
The DES Feistel Network (1) DES structure is a Feistel network Advantage: encryption and decryption differ only in keyschedule Bitwise initial permutation, then 16 rounds Plaintext is split into 32-bit halves Li and Ri Ri is fed into the function f, the output of which is then XORed with Li Left and right half are swapped Rounds can be expressed as: Christof Paar and Jan Pelzl

27 Christof Paar and Jan Pelzl
The DES Feistel Network (2) L and R swapped again at the end of the cipher, i.e., after round 16 followed by a final permutation Christof Paar and Jan Pelzl

28 Initial and Final Permutation
Bitwise Permutations. Inverse operations. Described by tables IP and IP-1. Initial Permutation Final Permutation

29 The f-Function 3. S-box substitution 4. Permutation
main operation of DES f-Function inputs: Ri-1 and round key ki 4 Steps: Expansion E XOR with round key 3. S-box substitution 4. Permutation

30 Christof Paar and Jan Pelzl
The Expansion Function E 1. Expansion E main purpose: increases diffusion ! Christof Paar and Jan Pelzl

31 Christof Paar and Jan Pelzl
Security of DES After proposal of DES two major criticisms arose: Key space is too small (256 keys) S-box design criteria have been kept secret: Are there any hidden analytical attacks (backdoors), only known to the NSA? Analytical Attacks: DES is highly resistent to both differential and linear cryptanalysis, which have been published years later than the DES. This means IBM and NSA had been aware of these attacks for 15 years! So far there is no known analytical attack which breaks DES in realistic scenarios. Exhaustive key search: For a given pair of plaintext-ciphertext (x, y) test all 256 keys until the condition DES -1(x)=y is fulfilled.  Relatively easy given today’s computer technology! k Christof Paar and Jan Pelzl

32 3DES 2 keys used instead of 3 keys
equivalent key length is 112 bits 3DES operations: EDE for encryption, DED for decryption 3DES is inefficient and expensive Some systems implement 3DES with 3 keys Not standard If K1 =K2  3DES becomes equivalent of DES

33 3DES

34 AES: Advanced Encryption Standard
symmetric-key NIST standard, replaced DES (Nov 2001) processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES

Download ppt "Week1: Intro to Cryptography"

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 3 – The Data Encryption.

Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Chapter 3 – The Data Encryption.
Lecture 17 Network Security CPE 401/601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross All material copyright 1996-2009 J.F.

Lecture 17 Network Security CPE 401/601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross All material copyright J.F.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:

Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Similar presentations

Ads by Google