Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Published byJamar Ansell Modified over 9 years ago

Similar presentations

Presentation on theme: "Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”"— Presentation transcript:

1

2 Intro 1 Introduction

3 Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

4 Intro 3 Good Guys and Bad Guys  Alice and Bob want to communicate securely o Typically, over a network  Alice or Bob might also want to store their data securely  Trudy wants to read Alice and Bob’s secrets  Or Trudy might have other devious plans… o Cause confusion, denial of service, etc.

5 Intro 4 CIA  Confidentiality, Integrity and Availability  Confidentiality: prevent unauthorized reading of information  Integrity: prevent unauthorized writing of information  Availability: data is available in a timely manner when needed o Availability is a “new” security concern o Due to denial of service (DoS) threats

6 Intro 5 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret codes”  Cryptanalysis  breaking “secret codes”  Crypto  all of the above (and more)

7 Intro 6 How to Speak Crypto  A cipher or cryptosystem is used to encrypt the plaintext  The result of encryption is ciphertext  We decrypt ciphertext to recover plaintext  A key is used to configure a cryptosystem  A symmetric key cryptosystem uses the same key to encrypt as to decrypt  A public key cryptosystem uses a public key to encrypt and a private key to decrypt o Private key can be used to sign and public key used to verify signature (more on this later…)

8 Intro 7 Crypto  Underlying assumption o The system is completely known to Trudy o Only the key is secret  Also known as Kerckhoffs Principle o Crypto algorithms are not secret  Why do we make this assumption? o Experience has shown that secret algorithms are often weak when exposed o Secret algorithms never remain secret o Better to find weaknesses beforehand

9 Intro 8 Crypto as a Black Box  Note P i is i th “unit” of plaintext  And C i is corresponding ciphertext  “Unit” may be bit, letter, block of bits, etc. plaintext key ciphertext encrypt decrypt PiPi PiPi CiCi plaintext

10 Intro 9 Who Knows What?  Trudy knows the ciphertext  Trudy knows the cipher and how it works  Trudy might know a little more  Trudy does not know the key plaintext key ciphertext encrypt decrypt PiPi PiPi CiCi plaintext AliceBobTrudy

11 Intro 10 Taxonomy of Cryptography  Symmetric Key o Same key for encryption as for decryption o Stream ciphers and block ciphers  Public Key o Two keys, one for encryption (public), and one for decryption (private) o Digital signatures  nothing comparable in symmetric key crypto  Hash algorithms

12 Intro 11 Cryptanalysis  This course focused on cryptanalysis  Trudy wants to recover key or plaintext  Trudy is not bound by any rules o For example, Trudy might attack the implementation, not the algorithm itself o She might use “side channel” info, etc.

13 Intro 12 Exhaustive Key Search  How can Trudy attack a cipher?  She can simply try all possible keys and test each to see if it is correct o Exhaustive key search  To prevent an exhaustive key search, a cryptosystem must have a large keyspace o Must be too many keys for Trudy to try them all in any reasonable amount of time

14 Intro 13 Beyond Exhaustive Search  A large keyspace is necessary for security  But a large keyspace is not sufficient  Shortcut attacks might exist  We’ll see many examples of shortcut attacks  In cryptography we can (almost) never prove that no shortcut attack exists  This makes cryptography interesting…

15 Intro 14 Taxonomy of Cryptanalysis  Ciphertext only — always an option  Known plaintext — possible in many cases  Chosen plaintext o “Lunchtime attack” o Protocols might encrypt chosen text  Adaptively chosen plaintext  Related key  Forward search (public key crypto only)  “Rubber hose”, bribery, etc., etc., etc.

16 Intro 15 Definition of Secure  A cryptosystem is secure if the best know attack is to try all possible keys  Cryptosystem is insecure if any shortcut attack is known  By this definition, an insecure system might be harder to break than a secure system!

17 Intro 16 Definition of Secure  Why do we define secure this way?  The size of the keyspace is the “advertised” level of security  If an attack requires less work, then false advertising  A cipher must be secure (by our definition) and have a “large” keyspace o Too big for an exhaustive key search

18 Intro 17 Theoretical Cryptanalysis  Spse that a cipher has a 100 bit key o Then keyspace is of size 2 100  On average, for exhaustive search Trudy tests 2 100 /2 = 2 99 keys  Spse Trudy can test 2 30 keys/second o Then she can find the key in about 37.4 trillion years

19 Intro 18 Theoretical Cryptanalysis  Spse that a cipher has a 100 bit key o Then keyspace is of size 2 100  Spse there is a shortcut attack with “work” equal to testing about 2 80 keys  If Trudy can test 2 30 per second o Then she finds key in 36 million years o Better than 37 trillion, but not practical

20 Intro 19 Applied Cryptanalysis  In this class, we focus on attacks that produce plaintext o Not interested in attacks that just show a theoretical weakness in a cipher  We call this applied cryptanalysis  Why applied cryptanalysis? o Because it’s a lot more fun… o And it’s a good place to start

21 Intro 20 Applied Cryptanalysis: Overview  Classic (pen and paper) ciphers o Transposition, substitution, etc. o Same principles appear in later sections  World War II ciphers o Enigma, Purple, Sigaba  Stream ciphers o Shift registers, correlation attack, ORYX, RC4, PKZIP

22 Intro 21 Applied Cryptanalysis: Overview  Block ciphers o Hellman’s TMTO, CMEA, Akelarre, FEAL  Hash functions o Nostradamus attack, MD4, MD5  Public key crypto o Knapsack, Diffie-Hellman, Arithmetica, RSA, Rabin, NTRU, ElGamal o Factoring, discrete log, timing, glitching

23 Intro 22 Why Study Cryptography?  Information security is a big topic o Crypto, Access control, Protocols, Software o Real world info security problems abound  Cryptography is the part of information security that works best  Using crypto correctly is important  The more we make other parts of security behave like crypto, the better

24 Intro 23 Why Study Cryptanalysis?  Study of cryptanalysis gives insight into all aspects of crypto  Gain insight into attacker’s mindset o “black hat” vs “white hat” mentality  Cryptanalysis is more fun than cryptography o Cryptographers are boring o Cryptanalysts are cool  But cryptanalysis is hard

Download ppt "Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Cryptography Introduction Last Updated: Aug 20, 2013.

Cryptography Introduction Last Updated: Aug 20, 2013.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Similar presentations

Ads by Google