Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secret Key Cryptography

Published byAri Makmur Modified over 5 years ago

Similar presentations

Presentation on theme: "Secret Key Cryptography"— Presentation transcript:

1 Secret Key Cryptography
Dr. X Slides adopted by Dr. William Enck, NCSU

2 Why is crypto useful? Networks designed for data transport, not for data confidentiality or privacy Internet eavesdropping is (relatively) easy Crypto enables: e-commerce and e-banking confidential messaging digital identities protection of personal data electronic voting anonymity

3 Cryptographic History
hide secrets from your enemy ~4000 year old discipline Egyptians’ use of non-standard hieroglyphics Spartans used scytale to perform transposition cipher Italian Leon Battista Alberti (“father of western cryptography”) invents polyalphabetic ciphers in 1466

4 Enigma German WWII encryption device
Used polyalphabetic substitution cipher Broken by Allied forces Intelligence called Ultra Codebreaking at Bletchley Park See original at the International Spy Museum

5 Terminology cryptosystem: method of disguising (encrypting) plaintext messages so that only select parties can decipher (decrypt) the ciphertext cryptography: the art/science of developing and using cryptosystems cryptanalysis: the art/science of breaking cryptosystems cryptology: the combined study of cryptography and cryptanalysis

6 What can crypto do? Confidentiality Integrity Authenticity
Keep data and communication secret Encryption / decryption Integrity Protect reliability of data against tampering “Was this the original message that was sent?” Authenticity Provide evidence that data/messages are from their purported originators “Did Alice really send this message?”

7 Cryptography == Security
Is this correct?

8 Cryptography < security
Cryptography isn't the solution to security Buffer overflows, worms, viruses, trojan horses, SQL injection attacks, cross- site scripting, bad programming practices, etc. It's a tool, not a solution Even when used, difficult to get right Choice of encryption algorithms Choice of parameters Implementation Hard to detect errors Even when crypto fails, the program may still work May not learn about crypto problems until after they've been exploited

9 Crypto is really, really, really, really, really hard
Task: develop a cryptosystem that is secure against all conceivable (and inconceivable) attacks, and will be for the foreseeable future If you are inventing your own crypto, you’re doing it wrong Common security idiom: “no one ever got fired for using AES”* *Security Now, Episode 645: How NOT to (ever) learn the lesson: Announce yet another Wi-Fi specification developed in secret: Wi-Fi Alliance® introduces security enhancements How NOT to (ever) learn the lesson: Announce yet another Wi-Fi specification developed in secret: Wi-Fi Alliance® introduces security enhancements Introducing WPA3: yet another cryptic protocol that we will keep hidden so that it will not be broken. It will look for bad passwords, make security configurations easier, and introduce individualized crypto (Note from me: that is not verified because it is not open. Yay! Security through obscurity and violating yet again Kerchoff’s principles because we are awesome on our own and we do not need decades of mathematical and crypto research to be amazing.) From the show notes: “WEP(tm)... Hmmmmmm. Produced by the Wi-Fi Alliance and was nothing short of a massive embarrassment. ● WPA(tm) ... nope, better, but still readily hackable. ● WPS(tm) pushbutton configuration -- whoops, another disaster. Everyone urged to turn it off. ● WPA2(tm) ... more improvement, but they still didn't get it right. The utter absurdity that something as important as secure wireless networking is being developed under the cover of darkness, via a closed process requiring expensive annual dues and membership should embarrass everyone involved.”

10 Old crypto algorithms Caesar Cipher Substitution cipher
Polyalphabetic cipher One time pads Secret key ciphers But what is the problem with the key?

11 Substitution Plaintext alphabet:ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext alphabet:ZEBRASCDFGHIJKLMNOPQTUVWXY Encode: kill the queen Decode: racalr sfa azqs bzqsja Substitution cipher: traditionally, mixed alphabets may be created by first writing out a keyword, removing repeated letters in it, then writing all the remaining letters in the alphabet in the usual order. Using this system, the keyword "zebras" gives us the following alphabets: Plaintext alphabet:ABCDEFGHIJKLMNOPQRSTUVWXYZCiphertext alphabet:ZEBRASCDFGHIJKLMNOPQTUVWXY How can we guess? Frequency analysis – VIDEO KHAN Academy – 1:12

12 Vigenere How can we use frequency analysis for polyalphabetic ciphers?

13 One time pad In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent.

14 Problems with old algorithms
How can we break Vigenere? One time pad is not “unbreakable”. How can we “break” it?

15 Modern crypto: two flavors of confidentiality
Unconditional or probabilistic security: crypto system offers provable guarantees, irrespective of computational abilities of an attacker given ciphertext, the probabilities that bit i of the plaintext is 0 is p and the probability that it is 1 is (1-p) e.g., one-time pad - Why don’t we use one time pad and we use RSA, AES, SHA? often requires key sizes that are equal to size of plaintext Conditional or computational security: cryptosystem is secure assuming a computationally bounded adversary, or under certain hardness assumptions (e.g., P<>NP) e.g., DES, 3DES, AES, RSA, DSA, ECC, DH, MD5, SHA Key sizes are much smaller (~128 bits) Almost all deployed modern cryptosystems are conditionally secure

16 Cryptanalysis Goal: learn the key Classifications:
ciphertext-only attack: Eve has access only to ciphertext known-plaintext attack: Eve has access to plaintext and corresponding ciphertext chosen-plaintext attack: Eve can choose plaintext and learn ciphertext chosen-ciphertext attack: Eve can choose ciphertext and learn plaintext

17 Sources Strongly recommended: Khan Academy “Journey into Cryptography” science/cryptography Strongly recommended: Good additional reading from free electronic book ”Security Engineering”, by Ross Anderson

Download ppt "Secret Key Cryptography"

Similar presentations

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.

CS426Fall 2010/Lecture 21 Computer Security CS 426 Lecture 2 Cryptography: Terminology & Classic Ciphers.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques
Cryptography Lecture 1: Introduction Piotr Faliszewski.

Cryptography Lecture 1: Introduction Piotr Faliszewski.
Cis 4930 Introduction to cryptography

Cis 4930 Introduction to cryptography
CS110: Computers and the Internet Encryption and Certificates.

CS110: Computers and the Internet Encryption and Certificates.
Chapter 1 Introduction Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li

Chapter 1 Introduction Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li
Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.

Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Cryptology By Greg Buss Pat Shields Barry Burke. What is Cryptology? Cryptology is the study of “secret writing.” Modern cryptology combines the studies.

Cryptology By Greg Buss Pat Shields Barry Burke. What is Cryptology? Cryptology is the study of “secret writing.” Modern cryptology combines the studies.
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
1 Chapter 2-1 Conventional Encryption Message Confidentiality.

1 Chapter 2-1 Conventional Encryption Message Confidentiality.
An Introduction to Cryptography. What is cryptography? noun \krip- ˈ tä-grə-fē\ : the process of writing or reading secret messages or codes “Encryption”:

An Introduction to Cryptography. What is cryptography? noun \krip- ˈ tä-grə-fē\ : the process of writing or reading secret messages or codes “Encryption”:
Terminology and classical Cryptology

Terminology and classical Cryptology

Similar presentations

Ads by Google