Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Elements of Cryptography

Published byWilfried Raske Modified over 5 years ago

Similar presentations

Presentation on theme: "The Elements of Cryptography"— Presentation transcript:

1 The Elements of Cryptography
(March 30, 2016) © Abdou Illia – Spring 2016

2 Learning Objectives Discuss Cryptography Terminology
Discuss Symmetric Key Encryption Discuss Asymmetric Key Encryption Distinguish between Hashing and Encryption

3 Cryptography? Traditionally, cryptography refers to
The practice and the study of encryption Transforming information in order to prevent unauthorized people to read it. Today, cryptography goes beyond encryption/decryption to include Techniques for making sure that encrypted messages are not modified en route Techniques for secure identification/authentication of communication partners.

4 Your knowledge about Cryptography
Which of the following do cryptographic systems protect? Data stored on local storage media (like hard drives) from access by unauthorized users. Data being transmitted from point A to point B in a network Both a and b

5 Your knowledge about Cryptography
Which of the following security issues is addressed by cryptographic systems? Confidentiality; i.e. protection against eavesdropping Authentication; i.e. assurance parties involved in a communication are who they claim to be Message integrity; i.e. assurance that messages are not altered en route Availability; i.e. making sure that communication systems are not shut down by intruders. All of the above

6 Basic Terminology 1 Plaintext: original message to be sent. Could be text, audio, image, etc. Encryption/Decryption Algorithm: mathematical tool (software) used to encrypt or decrypt Key: A string of bits used by to encrypt the plaintext or decrypt the ciphertext Ciphertext: encrypted message. Looks like a random stream of bits Encryption Algorithm + Encryption key Hello Ciphertext “ ” Plaintext “Hello” Network Interceptor Party A Decryption Algorithm Plaintext “Hello” Ciphertext “ ” + Decryption key Party B

7 Basic Terminology 2 Encryption:
Converting plaintext into ciphertext using algorithms and keys The size of the ciphertext is proportional to the size of the plaintext Ciphertext is reversible to plaintext Symmetric Key Encryption: Same key is used both for encryption and decryption Keys are usually identical or trivially identical* Asymmetric Key Encryption: Also called Public/Private Key Encryption Two different keys are used: one for encryption, one for decryption * Trivially identical means simple transformation could lead from one key to the another. Party A Party B Party A Party B Online Encrypt: |

8 Your knowledge about Cryptography
Based on how symmetric encryption systems work, which of the following is the worst thing to happen? An attacker gets a copy of the encryption and decryption algorithms An attacker gets the decryption key a and b are equally damaging Which of the following presents more challenge for exchanging keys between partners? Asymmetric encryption Symmetric encryption A and b are equally challenging

9 Exhaustive search and Key length
Attacker could use the right algorithm and do an exhaustive search (i.e. try all possible keys) in order to decrypt the ciphertext Most attacks require the capture of large amount of ciphertext Every additional bit in the length of the key doubles the search time Every additional bit in the length of the key doubles the requirements in terms of minimum processor’s speed to crack the key. Key Length in bits Number of possible keys (2key length in bits) 1 2 4 16 8 256 65536 56 112 or E+33 168 E+50 E+77 512 1.3408E+154

10 Your knowledge about Cryptography
If you increase the key length from 56 bits to 66 bits. How much more key combinations an attacker who captures enough ciphertext will have to try in order to decipher the captured ciphertext using the appropriate algorithm? _______________________________________ Assuming that it takes 7 days to try all possible combinations of a 56 bit key, how much time it would take to try all possible combinations when the key length is increased to 58 bits? ________________

11 Weak vs. Strong Keys Symmetric Key Encryption
Usually for private of customer e-business Keys < 100-bit long are considered weak today. Keys 100-bit long or more are considered strong today. Asymmetric Key Encryption Usually used for B2B e-commerce Key pairs must be much longer (512 bit and more) because of the disastrous consequences of breaking the decryption key Key Length in bits Number of possible keys (2key length in bits) Type of communication 1 21 = 2 2 22 = 4 16 216 = 65536 56 256 = Private, symmetric, weak asymmetric (e.g. DES) 100 2100 = Private, symmetric 112 2112 = or E+33 Business, asymmetric (e.g. 112-bit DES) 168 E+50 Business, asymmetric (e.g. 3DES) 256 E+77 Business, asymmetric (e.g. AES) 512 1.3408E+154 Business, asymmetric (e.g. RSA) 1024 to 4096 21024 to 24096

12 Your knowledge about Cryptography
Most attacks require the capture of large amount of ciphertext, which can take a certain amount of time. Beside using strong keys what else can be done to make it harder to crack the key?

13 Symmetric Key Encryption

14 Symmetric Key Encryption methods
Two categories of methods Stream cipher: algorithm operates on individual bits (or bytes); one at a time Block cipher: operates on fixed-length groups of bits called blocks Only a few symmetric methods are used today Methods Year approved Comments Data Encryption Standard - DES 1977 1998: Electronic Frontier Foundation’s Deep Crack breaks a DES key in 56 hours DES-Cipher Block Chaining Triple DES – TDES or 3DES 1999 Advanced Encryption Standard – AES 2001 Its versions among the most used today Other symmetric encryption methods IDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish

15 Data Encryption Standard (DES)
DES is a block encryption method, i.e. uses block cipher DES uses a 64 bit key; actually 56 bits + 8 bits computable from the other 56 bits Problem: same input plaintext gives same output ciphertext DES Encryption Process 64-Bit Ciphertext Block 64-Bit DES Symmetric Key (56 bits + 8 redundant bits) 64-Bit Plaintext

16 DES-Cipher Block Chaining
DES-CBC uses ciphertext from previous block as input making decryption by attackers even harder An 64-bit initialization vector is used for first block First 64-Bit Plaintext Block DES Key Initialization Vector (IV) DES Encryption Process Second 64-Bit Plaintext Block DES Key First 64-Bit Ciphertext Block DES Encryption Process Second 64-Bit Ciphertext Block

17 168-Bit Encryption with Three 56-Bit Keys
Triple DES (3DES) 168-Bit Encryption with Three 56-Bit Keys Sender Receiver Encrypts original plaintext with the 1st key Decrypts ciphertext with the 3d key 1st 3rd Decrypts output of first step with the 2nd key Encrypts output of the first step with the 2nd key 2nd 2nd Encrypts output of second step with the 3d key; gives the ciphertext to be sent Decrypts output of second step with the 1st key; gives the original plaintext 3rd 1st

18 112-Bit Encryption With Two 56-Bit Keys
Triple DES (3DES) 112-Bit Encryption With Two 56-Bit Keys Sender Receiver Encrypts plaintext with the 1st key Decrypts ciphertext with the 1st key 1st 1st Decrypts output with the 2nd key Encrypts output with the 2nd key 2nd 2nd Encrypts output with the 1st key Decrypts output with the 1st key 1st 1st

19 Your knowledge about Cryptography
Based on the way DES and 3DES work, which of the following is true? 3DES requires more processing time than DES Compared 3DES, DES requires more RAM Both a and b Given the increasing use of hand-held devices, 3DES will be more practical than DES. True False

20 Advanced Encryption Standard - AES
Developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael", a portmanteau of the names of the inventors Offers key lengths of 128 bit, 192 bit, and 256 bit Efficient in terms of processing power and RAM requirements compared to 3DES Can be used on a wide variety of devices including Cellular phones PDAs Etc.

21 DES, 3DES, and AES DES 3DES AES Key Length (bits) 56 112 or 168
128, 192, 256 Key Strength Weak Strong Strong Processing Requirements Moderate High Modest RAM Requirements Moderate High Modest

22 Encryption Algorithms Used by MS Operating Systems
Default Algorithm Other Algorithms Windows 2000 DESX (none) Windows XP RTM 3DES Windows XP SP1 AES 3DES, DESX Windows Server 2003 Windows Vista Windows Server 2008 3DES, DESX (?)

23 Asymmetric Key Encryption

24 Public Key Encryption For confidentiality
Each Party uses other party’s public key for encryption Each Party uses own private key for decryption No need to exchange private key, but key needs to be very strong (512+ bit) Party A Party B Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Party B’s Public Key Party B’s Private Key Encrypted Message

25 Public Key Encryption methods
Asymmetric encryption methods are used both for Encryption in order to provide confidentiality Digital signature in order to provide partners’ authentication Methods Year proposed Comments RSA by Ron Rivest, Adi Shamir, and Leonard Adleman 1977 1995: First attack in lab conditions was reported Elliptic Curve Cryptosystem - ECC 1985 Becoming widely used Other symmetric encryption methods: Dieffe-Hellman, El-Gamal

26 Basic Terminology 3 Hashing: Hash function: Hash:
Mathematical process for converting inputs into fixed-length outputs Hash function: Algorithm that does the hashing. Uses an input + a shared secret or password. Example: MD5, Secure Hash Algorithm. Hash: Fixed-length output of the hashing

27 Encryption Versus Hashing
Use of Key Uses a key as an input to an encryption method Password is usually added to text; the two are combined, and the combination is hashed Length of Result Output is similar in length to input Output is of a fixed short length, regardless of input Reversibility Reversible; ciphertext can be decrypted back to plaintext One-way function; hash cannot be “de-hashed” back to the original string

28 Hashing & Public Key for authentication
Asymmetric Key Encryption is also used for authentication Usually used along with hashing Confidentiality Authentication Public Key Encryption Sender encrypts with receiver’s public key. Receiver decrypts with the receiver’s own private key. Sender (supplicant) encrypts with own private key. Receiver (verifier) decrypts with the public key of the true party, usually obtained from a Certificate Authority. Hashing Used in MS-CHAP for initial authentication and in HMACs for message-by-message authentication Hashing and Public Key for authentication very used in cryptographic systems like SSL/TLS or IPSec

29 Cryptographic Systems
Packaged set of cryptographic countermeasures used for protecting dialogues Example: Secure Socket Layer/Transport Layer Security – SSL/TLS used in secured webservice Each cryptographic system includes different security standards (algorithms, hashing methods, security parameters) that comm. partners needs to “agree” on. Typical Process: Handshaking stages Ongoing communication stage: Message-by-Message authentication

30 Cryptographic Systems (cont.)
Packaged set of cryptographic countermeasures used for protecting dialogues

31 MS-CHAP* Hashing for Authentication
CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients After the completion of the link establishment phase, the server sends a "challenge" message to the client. The client responds with a value calculated using a one-way hash function, such as an MD5 or SHA (Secure Hash Algorithm). The server checks the response against its own calculation of the expected hash value. If the values match, the server acknowledges the authentication; otherwise it should terminate the connection. At random intervals the server sends a new challenge to the peer and repeats steps 1 through 3. Shared secret * Microsoft’s version of Challenge Handshake Authentication Protocol

32 Message-by-Message Authentication using Hashing and Public Key
To Create the Digital Signature: 1. Hash the plaintext to create a brief Message Digest; this is NOT the Digital Signature. 2. Sign (encrypt) the message digest with the sender’s private key to create the Digital Signature. 3. Transmit the plaintext + digital signature, encrypted with symmetric key encryption. Plaintext MD DS Hash Sign (Encrypt) with Sender’s Private Key 4. Encrypted with Session Key DS Plaintext Sender Receiver

33 Message-by-Message Authentication (cont.)
Plaintext MD DS Hash Sign (Encrypt) with Sender’s Private Key Message-by-Message Authentication (cont.) MD Received Plaintext DS 5. 6. Hash Decrypt with True Party’s Public Key 7. Are they equal? To Test the Digital Signature 5. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest. 6. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 7. If the two match, the message is authenticated.

34 Summary Questions See Questions on Your knowledge About Cryptography’s slides in these class notes See ReadingQuestionCh3.doc file in Notes’ section of web site. Encryption Exercises posted to the course website

Download ppt "The Elements of Cryptography"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.

Review For Exam 3 (April 15, 2010) © Abdou Illia – Spring 2010.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
The Elements of Cryptography (April 1, 2015) © Abdou Illia – Spring 2015.

The Elements of Cryptography (April 1, 2015) © Abdou Illia – Spring 2015.

Similar presentations

Ads by Google