Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stephen S. Yau 1CSE465-591 Fall 2006 Cryptography.

Similar presentations


Presentation on theme: "Stephen S. Yau 1CSE465-591 Fall 2006 Cryptography."— Presentation transcript:

1 Stephen S. Yau 1CSE465-591 Fall 2006 Cryptography

2 Stephen S. Yau 2CSE465-591 Fall 2006 Cryptography In Greek means “secret writing” In Greek means “secret writing” An outsider (interceptor/intruder/adversary) can make following threats: An outsider (interceptor/intruder/adversary) can make following threats: Block message (affecting availability) Block message (affecting availability) Intercept message (affecting secrecy) Intercept message (affecting secrecy) Modify message (affecting integrity) Modify message (affecting integrity) Fabricate message (affecting integrity) Fabricate message (affecting integrity) Cryptography is the fundamental technique to counter these threats because the outsider does not understand the meaning of messages Cryptography is the fundamental technique to counter these threats because the outsider does not understand the meaning of messages T1: ch8.1 T2: ch9.1

3 Stephen S. Yau 3CSE465-591 Fall 2006 Cryptography (cont.) Cryptography: Study of mathematical techniques related to certain aspects of information security, such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography: Study of mathematical techniques related to certain aspects of information security, such as confidentiality, data integrity, entity authentication, and data origin authentication. The basic component of cryptography is a cryptosystem The basic component of cryptography is a cryptosystem Cryptanalyst: Person working for unauthorized interceptor Cryptanalyst: Person working for unauthorized interceptor Cryptographer: Person working for legitimate sender or receiver Cryptographer: Person working for legitimate sender or receiver Cryptology: Study of encryption and decryption, including cryptography and cryptanalysis. Cryptology: Study of encryption and decryption, including cryptography and cryptanalysis.

4 Stephen S. Yau 4CSE465-591 Fall 2006 Cryptosystem A cryptosystem is a 5-tuple ( , D, M, K, C), where M is the set of plaintexts, K is the set of keys, C is the set of ciphertexts,  :   K→C is the set of encipher (encryption) functions, and D: C  K→M is the set of deciphering (decryption) functions. A cryptosystem is a 5-tuple ( , D, M, K, C), where M is the set of plaintexts, K is the set of keys, C is the set of ciphertexts,  :   K→C is the set of encipher (encryption) functions, and D: C  K→M is the set of deciphering (decryption) functions. Plaintext M: set of messages in original form Plaintext M: set of messages in original form Ciphertext C: set of messages in encrypted form Ciphertext C: set of messages in encrypted form

5 Stephen S. Yau 5CSE465-591 Fall 2006 Cryptosystem (cont.) Encryption: Process of encoding (enciphering) a message so that its meaning is not obvious. Encryption: Process of encoding (enciphering) a message so that its meaning is not obvious. Provide confidentiality Provide confidentiality Principle of Encryption Principle of Encryption Very hard (impossible) to find out the message without knowing the key Very hard (impossible) to find out the message without knowing the key Very easy (and fast) to find out the message knowing the key Very easy (and fast) to find out the message knowing the key Decryption: Process of decoding (deciphering or transforming) an encrypted message to its original form. Decryption: Process of decoding (deciphering or transforming) an encrypted message to its original form.

6 Stephen S. Yau 6CSE465-591 Fall 2006 Types of Cryptosystems Symmetric cryptosystems (also called single-key cryptosystems) are classical cryptosystems: Symmetric cryptosystems (also called single-key cryptosystems) are classical cryptosystems: M = D(K, E(K, M)) The encryption key and decryption key are the same. The encryption key and decryption key are the same. Asymmetric cryptosystem: Asymmetric cryptosystem: M = D(K d, E(K e, M)) K d is the decryption key and K e is the encryption key K d is the decryption key and K e is the encryption key K d ≠ K e K d ≠ K e T1: ch8.2 T2: ch9.2

7 7 One-Time Pad One-Time Pad (OTP) is the only mathematically secure cryptosystem. One-Time Pad (OTP) is the only mathematically secure cryptosystem. Mathematical Security: using theory of statistics and probability, the ciphertext C generated by the encryption algorithm E has been proven to be undecipherable, except using the right decryption algorithm D. Mathematical Security: using theory of statistics and probability, the ciphertext C generated by the encryption algorithm E has been proven to be undecipherable, except using the right decryption algorithm D. OTP uses a symmetric key, which should be statistically proven to be random OTP uses a symmetric key, which should be statistically proven to be random Message Key 00101011 … Cipher 10111101 … 10010110 … Sender Message Key 00101011 … Cipher 10111101 … 10010110 … Receiver T1: ch8.2.2 T2: ch9.2.2

8 Stephen S. Yau 8CSE465-591 Fall 2006 One Time Pad (cont.) A and B wish to communicate privately using the one-time pad (it uses a symmetric key K) A and B wish to communicate privately using the one-time pad (it uses a symmetric key K) They have previously agreed upon secret key K which is a string of n randomly chosen bits They have previously agreed upon secret key K which is a string of n randomly chosen bits If A wishes to send an n-bit message M to B, A sends to B the ciphertext C = M XOR K, If A wishes to send an n-bit message M to B, A sends to B the ciphertext C = M XOR K, The received ciphertext can be decrypted by B to obtain M, since M = C XOR K. The received ciphertext can be decrypted by B to obtain M, since M = C XOR K. When another message is to be sent, another key K must be used, hence the name “one- time pad” When another message is to be sent, another key K must be used, hence the name “one- time pad”

9 Stephen S. Yau 9CSE465-591 Fall 2006 Difficulties of OTP To ensure the security of the system, key size should not be less than message size (not necessary for other cryptosystems) To ensure the security of the system, key size should not be less than message size (not necessary for other cryptosystems) Generating a fully random key is practically very difficult Generating a fully random key is practically very difficult Sending an unrepeated key with the same size of the message through a secure channel to the receiver is not practical Sending an unrepeated key with the same size of the message through a secure channel to the receiver is not practical

10 Stephen S. Yau 10CSE465-591 Fall 2006 Computational Security An encryption scheme is computationally secure if it takes exponentially long time to break the ciphertext. An encryption scheme is computationally secure if it takes exponentially long time to break the ciphertext. Lifetime of a cryptosystem: The minimum time for unauthorized decoding of encrypted message Lifetime of a cryptosystem: The minimum time for unauthorized decoding of encrypted message Defined for each application, Defined for each application, Examples: Examples: Military orders = 1 hour to 3 years Military orders = 1 hour to 3 years Check transactions = 1 year Check transactions = 1 year Business agreements = 10-15 years Business agreements = 10-15 years

11 Stephen S. Yau 11CSE465-591 Fall 2006 Classical Cryptography Basic techniques for classical ciphers Basic techniques for classical ciphers Substitution: One letter is exchanged for another Substitution: One letter is exchanged for another Transposition: The order of the letters is rearranged Transposition: The order of the letters is rearranged Classical ciphers Classical ciphers Mono-alphabetic: Letters of the plaintext alphabet are mapped into other unique letters Mono-alphabetic: Letters of the plaintext alphabet are mapped into other unique letters Poly-alphabetic: Letters of the plaintext alphabet are mapped into letters of the ciphertext space depending on their positions in the text Poly-alphabetic: Letters of the plaintext alphabet are mapped into letters of the ciphertext space depending on their positions in the text Stream: Key stream is generated and used to encrypt the plaintext (Symmetric Key Algorithms) Stream: Key stream is generated and used to encrypt the plaintext (Symmetric Key Algorithms)

12 Stephen S. Yau 12CSE465-591 Fall 2006 Substitution Substitute each letter in the plaintext for another one Substitute each letter in the plaintext for another one Goal: Confusion – difficult to determine how a message and key were transformed into ciphertext. Goal: Confusion – difficult to determine how a message and key were transformed into ciphertext. Example (Caesar Cipher) Example (Caesar Cipher) a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z q e r y u i o p a s d f g w h j k l z x c v b n m t q e r y u i o p a s d f g w h j k l z x c v b n m t under attack we need help under attack we need help  cwyul qxxqrd bu wuuy pufj T1: ch8.2.2 T2: ch9.2.2

13 Stephen S. Yau 13CSE465-591 Fall 2006 Transposition Change the positions of the characters in the plaintext Change the positions of the characters in the plaintext Goal: Diffusion – spread the information from the message or the key across the ciphertext. Goal: Diffusion – spread the information from the message or the key across the ciphertext. Example: Example: message: meet me after the toga party message: meet me after the toga party m e m a t r h t g p r y m e m a t r h t g p r y e t e f e t e o a a t e t e f e t e o a a t Ciphertext: MEMATRHTGPRYETEFETEOAAT Ciphertext: MEMATRHTGPRYETEFETEOAAT T1: ch8.2.1 T2: ch9.2.1

14 Stephen S. Yau 14CSE465-591 Fall 2006 Four Secure Key Distribution Strategies for Symmetric Cryptosystems 1. A key K can be selected by A to be shared with B, and K needs to be physically delivered to B 2. A third party can select the same key K and physically deliver K to A and B 3. If A and B have previously used a key K’, one party can transmit the new key K to the other, encrypted using the old key K’ 4. If A and B each has an encrypted connection to a third party C, C can transmit the new key K on the encrypted links to both A and B

15 Stephen S. Yau 15CSE465-591 Fall 2006 Asymmetric Key Cryptosystem (Public Key Cryptosystem) Uses public and private keys Uses public and private keys Public key for encryption Public key for encryption Private key for decryption Private key for decryption Examples: Examples: RSA RSA Trapdoor one-way function Trapdoor one-way function Elliptical curve cryptography Elliptical curve cryptography T1: ch8.3 T2: ch9.3

16 Stephen S. Yau 16CSE465-591 Fall 2006 RSA Principle Developed by Ron Rivest, Adi Shamir, and Leonard Adleman. (MIT, 1977) Developed by Ron Rivest, Adi Shamir, and Leonard Adleman. (MIT, 1977) C = m e mod (pq) p, q: any two large prime numbers (more than 512 bits) p, q: any two large prime numbers (more than 512 bits) e: public key e: public key d: private key d: private key Knowing C and e, it is “infeasible” to calculate m without knowing d, p and q Knowing C and e, it is “infeasible” to calculate m without knowing d, p and q Knowing d, p and q, it is easy to find the original plaintext message m = C d mod (pq) Knowing d, p and q, it is easy to find the original plaintext message m = C d mod (pq) T1: ch8.3.1 T2: ch9.3.2

17 Stephen S. Yau 17CSE465-591 Fall 2006 RSA Principle (cont.) Sender Intruder Receiver C {m, e, p, q; C= m e mod(pq)} {C, e, p, q; m=C d mod(pq)} {C, e}

18 Stephen S. Yau 18CSE465-591 Fall 2006 Public Key Distribution and Authentication Using the “Right” Public Key: Using the “Right” Public Key: Must be authentic, not necessarily secret Must be authentic, not necessarily secret Obtaining the “Right” Public Key: Obtaining the “Right” Public Key: Directly from its owner Directly from its owner Indirectly, in a signed message from a Certification Authority (CA): Indirectly, in a signed message from a Certification Authority (CA): A Certificate is a digitally signed message from a CA binding a public key to a name A Certificate is a digitally signed message from a CA binding a public key to a name Certificates can be passed around, or managed in directories Certificates can be passed around, or managed in directories Protocols: X.509 (RFC 2459), SPKI/SDSI, etc. Protocols: X.509 (RFC 2459), SPKI/SDSI, etc.

19 Stephen S. Yau 19CSE465-591 Fall 2006 References Matt Bishop,, Addison- Wesley, 2004, ISBN: 0321247442 Matt Bishop, Introduction to Computer Security, Addison- Wesley, 2004, ISBN: 0321247442 Matt Bishop, Computer Security: Art and Science, Addison- Wesley, 2002, ISBN: 0201440997 Matt Bishop, Computer Security: Art and Science, Addison- Wesley, 2002, ISBN: 0201440997

20 Stephen S. Yau 20CSE465-591 Fall 2006 Steganography

21 Stephen S. Yau 21CSE465-591 Fall 2006 Secure Communication Two parties, Alice and Bob, can exchange information over an insecure medium in such a way that even if an intruder (Willie) is able to intercept, read and perform computation on the intercepted information, Willie will not be able to decipher the content of the exchanged information.

22 Stephen S. Yau 22CSE465-591 Fall 2006 Encryption may not be enough Prisoners Problem: – Alice and Bob are in jail and wish to hatch an escape plan. All their communications pass through the warden,Willie, and if Willie detects any encrypted messages, he can simply stop the communication. So they must find some way of hiding their secret message in an innocuous looking text.

23 Stephen S. Yau 23CSE465-591 Fall 2006 Steganography The art of hiding information in ways that prevent detection of hidden messages. In Greek means “covered writing” Steganography and cryptography are cousins in the spy craft family While the goal of the cryptography system is to conceal the content of the messages, the goal of information hiding or steganography is to conceal their existence

24 Stephen S. Yau 24CSE465-591 Fall 2006 Steganography What to hide – Texts – Images – Sound How to hide – embed text in text/images/audio/video files – embed image in text/images/audio/video files – embed sound in text/images/audio/video files

25 Stephen S. Yau 25CSE465-591 Fall 2006 Steganographic System

26 Stephen S. Yau 26CSE465-591 Fall 2006 Comparison Cryptography C = E k (P) Plain text P = D k (C) Key Steganography secret message cover image f Stego message f Ciphertext

27 Stephen S. Yau 27CSE465-591 Fall 2006 A Real Example During WW2 the following cipher message was actually sent by a German spy “Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils” Hidden Message “Pershing sails from NY June 1” Can be obtained by extracting the second letter in each word of the message sent

28 Stephen S. Yau 28CSE465-591 Fall 2006 Steganographic Techniques Genome Steganography: Encoding a hidden message in a strand of human DNA Hiding in Text: Information hidden in documents by manipulating the positions of lines and words Hiding in Images/Videos: least significant bit insertion masking and filtering applying more sophisticated image processing algorithms

29 Stephen S. Yau 29CSE465-591 Fall 2006 Steganographic Techniques (Cont.) Hiding data in audio files: Data can be hidden in the audio files. Slight alterations on sound, such as tiny shifts in phase angle, speech cadence, and frequency, can transport hidden information, but are indiscernible to human senses Hiding in video file: least significant bit insertion masking and filtering applying more sophisticated image processing algorithms

30 Stephen S. Yau 30CSE465-591 Fall 2006 Steganographic Techniques (Cont.) Hiding in the disk space: Hiding the data in unused or reserved space. Hiding data in software and circuitry: Data can be hidden in the layout of the code distributed in a program or the layout of electronic circuits on a board. Hiding in network packets: Hidden in packets transmitted through the Internet.

31 Stephen S. Yau 31CSE465-591 Fall 2006 Digital Watermarking Watermarking is used primarily for identification and entails embedding a unique piece of information within a medium without noticeably altering the medium Watermarking is used primarily for identification and entails embedding a unique piece of information within a medium without noticeably altering the medium The difference between Steganography and Watermarking is primarily intent. The difference between Steganography and Watermarking is primarily intent. Steganography conceals information; Steganography conceals information; Watermarks extend information and become an attribute of the cover image Watermarks extend information and become an attribute of the cover image Publishing and broadcasting industries are interested in techniques for hiding encrypted copyright marks and serial numbers in digital films, audio recordings, books and multimedia products. Publishing and broadcasting industries are interested in techniques for hiding encrypted copyright marks and serial numbers in digital films, audio recordings, books and multimedia products.

32 Stephen S. Yau 32CSE465-591 Fall 2006 References Stefan Katzenbeisser, Fabien A. P. Petitcolas, Information Hiding Techniques for Steganography and Digital Watermarking, Artech House Books, January 2000 Stefan Katzenbeisser, Fabien A. P. Petitcolas, Information Hiding Techniques for Steganography and Digital Watermarking, Artech House Books, January 2000


Download ppt "Stephen S. Yau 1CSE465-591 Fall 2006 Cryptography."

Similar presentations


Ads by Google