Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099"— Presentation transcript:

1 Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099 keith.martin@rhul.ac.uk

2 Introduction to Cryptography and Security Mechanisms 2005 2 Learning Outcomes Explain the concept of perfect secrecy Recognise that there exists “unbreakable” ciphers Appreciate the limitations of theoretical security Identify some of the issues involved in assessing practical security Recognise that there are two significantly different levels of computational complexity Formulate a notion of practical security

3 Introduction to Cryptography and Security Mechanisms 2005 3 Sections 1.Perfect secrecy 2.Practical security

4 1. Perfect secrecy

5 Introduction to Cryptography and Security Mechanisms 2005 5 An “attack” on the plaintext We have seen that there is one attack that can always be launched against a cipher system to obtain the decryption key – an exhaustive key search. There is however another “attack” that can always be launched against a cipher system that does not involve trying to obtain the decryption key. What is it?

6 Introduction to Cryptography and Security Mechanisms 2005 6 Perfect secrecy A cipher system is said to offer perfect secrecy if, on seeing the ciphertext the interceptor gets no extra information about the plaintext than he had before the ciphertext was observed. In a cipher system with perfect secrecy the interceptor is “forced” to guess the plaintext. Note however that there may be practical attacks that are better than guessing the plaintext.

7 Introduction to Cryptography and Security Mechanisms 2005 7 Simple one-time pad Consider a simple scenario where there are only two possible plaintexts: BUY and SELL Why is the simple substitution cipher a bad choice in this case?

8 Introduction to Cryptography and Security Mechanisms 2005 8 Simple one-time pad Key k1E k1 (BUY) = 0E k1 (SELL) = 1 Key k2E k2 (BUY) = 1E k2 (SELL) = 0 Each key must be equally likely to be chosen

9 Introduction to Cryptography and Security Mechanisms 2005 9 One-time pad The number of possible keys is equal to the number of possible plaintexts The key is selected at random from the choice of all possible keys Any key should only be used once There are many different versions and ways of describing the perfectly secure cipher system most often described as the one-time pad. However these all have the same three essential properties:

10 Introduction to Cryptography and Security Mechanisms 2005 10 One-time pad Why is the one-time pad “one-time”? (In other words, why must the key only be used once?) The one-time pad is important to understand. Make sure that you attempt Exercises 2 and 3 for this unit.

11 Introduction to Cryptography and Security Mechanisms 2005 11 One-time pad questions 1.What should be done with a one-time pad key after it has been used to encrypt a plaintext? 2.How can random keys of the length required by the one-time pad be generated in practice? 3.In what type of situations is the one-time pad practical to use?

12 Introduction to Cryptography and Security Mechanisms 2005 12 Stream ciphers Although the one-time pad is rather impractical to implement in most real systems, its desirable security properties make it attractive to “simulate”. Stream ciphers attempt to simulate the one-time pad by using short keys to generate longer keys that can then be used in a one-time pad encryption.

13 2. Practical security

14 Introduction to Cryptography and Security Mechanisms 2005 14 More wise words A theoretically secure cipher system may not be secure in practice A theoretically breakable cipher system may be secure in practice

15 Introduction to Cryptography and Security Mechanisms 2005 15 Cover time How do we formulate a notion of practical security? The cover time of a plaintext is the length of time for which the plaintext must be kept secret. Clearly the cover time of different data items is likely to vary considerably: Cover time for a daily password might simply be twenty-four hours. Cover time for some stored government records could be one hundred years.

16 Introduction to Cryptography and Security Mechanisms 2005 16 Cover time Ensure that no known attacks on the cipher system can be conducted in less than the cover time of the plaintext. A good design principle is thus: Given that there might be attacks that you don’t know about, take some time to write down a strategy for trying to minimise your exposure to the risks of unknown attacks. What kind of things should you do? What procedures might you put in place?

17 Introduction to Cryptography and Security Mechanisms 2005 17 The challenge of cryptography If we are going to have to use a cipher system that is theoretically breakable, the challenge of cryptography is to design cipher systems that appear to require longer than any required cover time to break. Cryptographers normally design cipher systems that are theoretically breakable, but where the theoretical break is based on overcoming a problem that is perceived to be hard to solve. So what does it mean for a problem to be hard?

18 Introduction to Cryptography and Security Mechanisms 2005 18 Complexity The complexity of an algorithm gives, for each possible “length of input” to the algorithm, the maximum “time” that might be needed to run the algorithm for that “length of input”. The “length of input” is usually measured in terms of the number of bits of input. The “time” is usually measured in terms of the number of basic computer operations (such as adding two bits) that it takes to run the algorithm. This time is usually an approximation, and is not an attempt to measure the number of operations precisely.

19 Introduction to Cryptography and Security Mechanisms 2005 19 Complexity OperationComplexityComments Addition of two n-bit numbers n Essentially one addition for every bit in the lengths of the inputs. Multiplication of two n-bit numbers n2n2 Computer multiply in a similar way to “long multiplication” – essentially n additions. Raising a number to an n-bit power n3n3 Repeated Squares: n operations, each either a squaring or a multiplication. Exhaustive key search for n-bit key 2n2n Trying out every n-bit key.

20 Introduction to Cryptography and Security Mechanisms 2005 20 Polynomial v Exponential time Complexity is a polynomial in n (of the form n r ) Computers can “easily” run algorithms that run in polynomial time As n increases, the length of time necessary to run the algorithm increases “steadily” Complexity is exponential in n (of the form r n ) Computer have “difficulty” running algorithms that run in exponential time As n increases, the length of time necessary to run the algorithm increases “dramatically”

21 Introduction to Cryptography and Security Mechanisms 2005 21 Polynomial v Exponential time Is multiplication always efficient to compute? Is an exhaustive search always difficult to conduct? What about Moore’s Law? Find out what the latest version of Moore’s Law is – how much faster will computer processors be in 2010?

22 Introduction to Cryptography and Security Mechanisms 2005 22 Real computational time First make an estimate of your computer speed (number of operations per second). Then real time to run algorithm on an n-bit input is: Time complexity function evaluated at n ________________________________ secs Computer speed

23 Introduction to Cryptography and Security Mechanisms 2005 23 Example real time computation Exhaustive search has complexity 2 n. Thus if our computer is capable of processing one million operations per second then an exhaustive search for a 30-bit key will take: 2 30 __ seconds 10 6 Since 2 30 is approximately 10 9, the real time search will take approximately 10 3 = 1000 seconds, in other words approximately 17 minutes.

24 Introduction to Cryptography and Security Mechanisms 2005 24 Polynomial v Exponential time Complexityn=10n=30n=50 n0.00001 secs 0.00003 secs 0.00005 secs n3n3 0.001 secs0.027 secs0.125 secs 2n2n 0.001 secs17.9 mins37.7 years 3n3n 0.059 secs6.5 years200 000 000 centuries Note the dramatic difference in rate of increase:

25 Introduction to Cryptography and Security Mechanisms 2005 25 Limitations of complexity theory There may be unknown theoretical attacks The key space may not be as big as you think Complexity only gives you the general case Memory / processing tradeoffs Key management problems Establishing the complexity of any known attacks on a cipher system is important and useful, but brings no guarantees of practical security:

26 Introduction to Cryptography and Security Mechanisms 2005 26 Related exercises Practice some real computational time calculations by conducting Exercise 4 for this unit. Discover why the size of a key space can be deceiving by conducting Exercise 6 for this unit.

27 Introduction to Cryptography and Security Mechanisms 2005 27 Defining practical security Assessing the likely computing power of an adversary Determining the complexity of known attacks Evaluating the effectiveness of the key management processes Forming a notion of what levels of risk to accept Defining practical security (of a cipher system) is extremely difficult and it could be argued that this whole MSc programme is all about training you to try to form your own notions about the meaning of practical security. For a cipher system, issues that it involves include:

28 Introduction to Cryptography and Security Mechanisms 2005 28 Summary The one-time pad is effectively the only example of a perfectly secure (unbreakable) cipher. It is impossible to guarantee the security of a cipher system. Even if it is theoretically secure, it may be insecure in practice. It can be quite acceptable in practice to use cipher systems that are theoretically breakable. Every attempt should be made to formulate a notion of practical security for a given environment. This will inevitably involve tradeoffs, estimates and evaluations of what levels of risk to accept. Formulating this notion will be difficult. Regardless of whether a cipher system offers theoretical or practical security, the most likely way in which it will be “broken” is through bad key management processes.

Download ppt "Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099"

Similar presentations

Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
Introduction to Cryptography and Security Mechanisms

Introduction to Cryptography and Security Mechanisms
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Introduction to Cryptography and Security Mechanisms Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms Dr Keith Martin McCrea
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 28 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #3 Aug 28 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.

CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Similar presentations

Ads by Google