Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography. What We Will Learn Basic cryptographic primitives Attacks on cryptography When to use which cipher If you want to learn more about this.

Published byWilfrid Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography. What We Will Learn Basic cryptographic primitives Attacks on cryptography When to use which cipher If you want to learn more about this."— Presentation transcript:

1 Cryptography

2 What We Will Learn Basic cryptographic primitives Attacks on cryptography When to use which cipher If you want to learn more about this topic take CISC 499 with Shanghua Teng in Fall 2013.

3 What Is Cryptography? Goal: Protect private communication in the public world Alice and Bob are shouting messages in a crowded room Everyone can hear what they are saying but no one can understand (except them) We have to scramble the messages so they look like nonsense or alternatively like innocent text Only Alice and Bob know how to get the real messages out of the scramble

4 Cryptography Is Also Useful For … Authentication – Bob should be able to verify that Alice has created the message Integrity checking – Bob should be able to verify that message has not been modified Non-repudiation – Alice cannot deny that she indeed sent the message

5 Cryptography Is Also Useful For … Exchanging a secret with someone you have never met, shouting in a room full of people Proving to someone you know some secret without giving it away Sending secret messages to any m out of n people so only those m can retrieve messages and the rest n-m cannot Sending a secret message so that it can be retrieved only if m out of n people agree to retrieve it

6 So, How Do We Scramble Messages? Good cryptography assumes knowledge of algorithm by anyone, secret lies in a key!!! Alice could give a message covertly “Meeting at the old place” - Doesn’t work for arbitrary messages and - Doesn’t work if Alice and Bob don’t know each other Alice could change the message in a secret way - Bob has to learn a new algorithm - Secret algorithms can be broken by bad guys

7 Example: Ceasar’s Cipher Substitute each letter with a letter which is 3 letters later in the alphabet - HELLO becomes KHOOR Instead of using number 3 we could use n  [1,25]. n would be our key How can we break this cipher? Can you decipher this: Bpqa kzgxbwozixpg ammua zmit miag. Em eivb uwzm!

8 We can also choose a mapping for each letter: (H is A, E is M, L is K, O is Y). This mapping would be our key. This is monoalphabetic cipher. - HELLO becomes AMKKY How can we break this cipher? Example: Ceasar’s Cipher

9 Types Of Cryptographic Functions Symmetric key crypto: one key - We will call this secret key or shared key - Both Alice and Bob know the same key Asymmetric key crypto: two keys - Alice has public key and private key - Everyone knows Alice’s public key but only Alice knows her private key - One can encrypt with public key and decrypt with private key or vice versa Hash functions: no key -Output depends on input in non-linear fashion

10 Uses Of Symmetric Key Crypto Symmetric key crypto: one key Transmitting over an insecure channel - Classic use: Alice and Bob encrypt messages they exchange - They must first securely exchange the key Secure storage on insecure media - Encrypt stored data so someone who breaks in cannot read it

11 Uses Of Symmetric Key Crypto Alice Bob RARA K AB (R A ) RBRB K AB (R B ) Authentication – prove the identity - Pass phrase – what if Mallory asks for the pass phrase - Strong authentication without revealing the secret

12 Uses Of Asymmetric Key Crypto Asymmetric key crypto can do everything symmetric key crypto can but much (about 1,500 times) slower - However, it can do some things better! - However, it can do some extra things! Transmitting over an insecure channel - Secure key exchange is difficult for symmetric crypto – chicken and egg problem - With asymmetric keys, Alice can publicly broadcast her public key - How about scale? How many keys does Alice need to talk to 10 different recipients?

13 Uses Of Asymmetric Key Crypto Secure storage on insecure media - Same as with symmetric key crypto Authentication - Alice wants to verify Bob’s identity - She sends to Bob E PubBob (R A ) - Bob decrypts and sends back R A - Alice doesn’t need to store any secret info which is good if she is a computer

14 Uses Of Asymmetric Key Crypto Digital signatures - Alice orders books online from Bob - She signs every order using her private key - If she claims she didn’t place the order Bob can prove she did – non-repudiation - Can symmetric key crypto do this?

15 Hash Algorithms Known also as one-way functions or message digests Take an arbitrary-length message M and transform it into fixed-length hash h(M) Properties: - Knowing M is easy to calculate h(M), but it is very hard to calculate M knowing h(M) - It is very hard to find M1  M so that h(M1) = h(M), this is collision-free property - E.g., take the message M as a number, add a large constant to it, square it, and take middle n digits as the hash

16 Uses Of Hash Algorithms Storing hashed password info Message integrity - Use message M and a shared secret S, run this through hash function and produce MIC = secure hash - Send only M and MIC - Why do we need a shared secret? Message fingerprint - Hash the files to detect tampering - Works for download security too Signing message hash instead of the whole message is faster

17 Attacks On Cryptography Alice and Bob exchange encrypted text. Eve and Mallory are the enemies that want to get the decryption key - Eve can only observe messages - Mallory can insert or modify messages Cyphertext-only attack Known-plaintext attack Chosen-plaintext attack Man-in-the-middle attack Brute-force attack

18 Ciphertext-Only Eve can gather and analyze ciphertext to learn decryption key How does Eve know she got the right key? Eve has to have enough ciphertext – having XYZ with monoalphabetic cipher would not be enough

19 Known-Plaintext Eve can attempt to learn decryption key by observing many ciphertexts for known messages How does Eve learn about plaintext input? Could be a well-known, public protocol

20 Chosen-Plaintext Mallory can feed chosen messages M into encryption algorithm and look at resulting ciphertexts C. Learn either decryption key or messages M that produce C. Assumption is that extremely few messages M can produce same C. For a monoalphabetic cipher she could feed a message containing all the letters of the alphabet

21 Man-In-The-Middle Mallory can substitute messages Mallory can modify messages - So that they have different meaning - So that they are scrambled Mallory can drop messages Mallory can replay messages to Alice, Bob or the third party

22 Brute-Force Eve has caught a ciphertext and will try every possible key to try to decrypt it. This can be made infinitely hard by choosing a large keyspace. What if decryption key depends on a password in a known way?

23 Cryptographic Techniques Substitution – Goal: obscure relationship between plaintext and ciphertext – Substitute parts of plaintext with parts of ciphertext Transposition (shuffling) – Goal: dissipate redundancy of the plaintext by spreading it over ciphertext – This way changing one bit of plaintext affects many bits of the ciphertext (if we have rounds of encryption)

24 Substitution Monoalphabetic – each character is replaced with another character – Ceasar’s cipher – each letter is shifted by 3, a becomes d, b becomes e, etc. – Keep a mapping of symbols into other symbols – Drawback: frequency of symbols stays the same and can be used to break the cipher

25 Substitution Homophonic – each character is replaced with a character chosen randomly from a subset – Ciphertext alphabet must be larger than plaintext alphabet – we could replace letters by two-digit numbers – Number of symbols in the subset depend on frequency of the given letter in the plaintext – The resulting ciphertext has all alphabet symbols appearing with the same frequency

26 Substitution Polygram – each sequence of characters of length n is replaced with another sequence of characters of length n – Like monoalphabetic cipher but works on n- grams

27 Substitution Polyalphabetic – many monoalphabetic ciphers are used sequentially – First mapping is used for the first letter, second mapping for the second letter and so on – XOR is a polyalphabetic cipher in binary domain

28 One-Time Pad Polyalphabetic cipher with infinite key – Combine letters from the message with the letters from an infinite key, randomly generated – Never reuse the key – Key needs to be generated using a very good RNG (to avoid any patterns) This cipher cannot be broken Sender and receiver must be perfectly synchronized

29 Symmetric Crypto Algorithms Stream ciphers: polyalphabetic – Work on message a bit or a byte at a time – Assume XOR with the key – Same bit/byte will encrypt differently, depending on the position of the key Block ciphers: polygram – Work on message block by block – Block size is usually the same as key size – Same plaintext block may encrypt into the same ciphertext block, depending on the cipher mode

30 Stream Cipher Example plaintext key ciphertext S A N T A C L A U S S U P E R C A L I F R A G I L I S T I C L V D Y S F M M D Y K B U C M L E U D V Bonus question: What was the encryption algorithm I used here?

31 Stream Ciphers If Eve can get hold of plaintext/cyphertext pair she can retrieve the key Keystream is generated continuously and is the function of the secret stored inside the RNG Key should be pseudorandom – hard to break but easily reproduced for decryption Security depends entirely on RNG generating the key

32 Generating Random Numbers We need to generate a sequence that looks random but is reproducible There shouldn’t be any obvious regularities, otherwise Eve can learn the pattern after seeing several numbers, and guess the next ones We would like to cover the whole range of numbers (e.g. 2 n if the number has n bits)

33 Linear Congruential Generators Generators of the form – A period of a generator is number of steps before it repeats the sequence – If a, b and m are properly chosen, this generator will be maximal period generator and have period of m – It has been proven that any polynomial congruential (modulo) generator can be broken

34 Linear Feedback Shift Registers Used for cryptography today A shift register is transformed in every step through feedback function – Contents are shifted one bit to the right, the bit that “falls out” is the output – New leftmost bit is XOR of some bits in the shift register - tap sequence – If we choose a proper tap sequence period will be 2 n -1

35 Linear Feedback Shift Registers 1111 0111 1 1011 1 0101 1 1010 1 1101 0 0110 1 0011 0 1001 1 0100 1 0010 0 0001 0 1000 1 1100 0 1110 0 1111 0 Tap sequence

36 Linear Feedback Shift Registers Proper tap sequences are those where a polynomial from a tap sequence + 1 is a primitive polynomial in GF(2) There are tables of primitive polynomials LFSR is fast in hardware but slow in software LFSR are not themselves secure but they are used as building blocks in encryption algorithms

37 Block Cipher Example plaintext key S A N T A C L A U S S U P E R

38 Block Cipher Example plaintext key ciphertext S U P E R L V D Y S S A N T A C L A U S

39 L V D Y SV G Q Z K Block Cipher Example plaintext key ciphertext S U P E R S A N T A C L A U S

40 Block Cipher Example plaintext key ciphertext S U P E R L V D Y SV G Q Z KL V D Y S S A N T A C L A U S

41 Block Cipher Example plaintext key ciphertext S U P E R L V D Y SV G Q Z KL V D Y SV G Q Z K S A N T A C L A U S

42 Block Encryption In Rounds SSSSSSSS round substitution permutation

43 Encrypting A Large Message Electronic Code Book (ECB) Cipher Block Chaining (CBC) Things to consider: – Can we encrypt/decrypt efficiently (as soon as bits arrive) – How hard it is to break encryption – What if a bit is flipped on the channel – What if we lose a bit on the channel

44 Electronic Code Book (ECB) Store mapping for every possible block – Fast encryption/decryption – just a table lookup – Ability to process text in any order and in parallel – Table size could be enormous so we need to make the mapping depend on the key Eve can detect which blocks map to other blocks, by seeing several plaintext and corresponding ciphertext messages Due to language redundancy even partial decryption might provide enough information Bit error invalidates one block Bit loss/addition is not recoverable

45 Electronic Code Book (ECB) plaintext key ciphertext Encryption Decryption plaintext key ciphertext

46 Block Replay Mallory does this couple of times, looks for similar block sequences – She can generate messages to transfer different sum to diff. acct. She can replay 12B7 7783 38AC CDC7 at will Bank A Bank B E K (M)D K (C) Mallory Transfer $100 to my account in Bank B 12B7 7783 38AC CDC7

47 Bank adds timestamps Mallory picks specific blocks of message carrying her name and account number and replaces those in other messages between Bank A and Bank B Bank A Bank B E K (M)D K (C) Mallory Transfer $100 to my account in Bank B 3231 12B7 7783 38AC CDC7 Block Replay

48 Cipher Block Chaining (CBC) Problem with ECB is that Mallory can replace, add or drop blocks at will Chaining prevents this by adding feedback – Each ciphertext block depends on all previous blocks With CBC, same plaintext blocks will encrypt to different ciphertext blocks thus obscuring patterns in plaintext

49 Cipher Block Chaining (CBC) + plaintext key ciphertext ++ IV Initialization vector (IV) is just a block of random numbers, to ensure that no messages have the same beginning. Both the sender and the receiver must use the same IV. Can be transmitted with the message but must be unpredictable. Encryption

50 Cipher Block Chaining (CBC) Decryption plaintext key ciphertext +++ IV

51 Error Recovery An error in ciphertext affects one block and several bits of plaintext key ciphertext plaintext ++ Error extension

52 Potential Problems With CBC Mallory can: – Add blocks – Drop blocks – Introduce bit errors Bit loss/addition is not recoverable

53 Public Key Cryptography Everyone has two keys: – Public key K1 that everyone knows – Private key K2 that only he knows – Encryption algorithm and key properties ensure that

54 Modular Arithmetic Galois Field GF(n) – All operations are on numbers 0,…n-1 Observe all operations in Galois Field GF(n) – a  = b mod n if  k, a= k*n + b e.g. 26 mod 16 = 10 so 26  = 10 mod 16 – Modulo operation (modular reduction) can be performed at any point, e.g.

55 Modular Exponentiation Key step in asymmetric crypto How many operations are needed to calculate a x ? Exponentiation can be performed very efficiently (addition chaining): – We want to calculate a x mod n – Write x as a binary number, result=1 – Traverse x from left to right If digit is 1, result=result 2 *a If digit is 0, result=result 2 Perform modular reduction often to keep result small. This is cheap if n =2 m

56 Example

57 Prime Numbers A number n is prime if it is only divisible by 1 and itself Numbers x and y are relatively prime if they share no factors greater than 1 – E.g. 7 and 15 are relatively prime, 9 and 15 are not because they have 3 as common factor

58 Inverses Modulo a Number Multiplicative inverse y for x is a number that satisfies: In GF(n) inverse y for x modulo n is a number that satisfies: Inverse y in GF(n) can be found uniquely if x and n are relatively prime, otherwise it cannot be found If n is prime then it is relatively prime to all numbers {0, n-1} and each number has its inverse in GF(n) x and y will be our public/private key pair

59 Extended Euclidean Algorithm How to find an inverse y for x mod n Extended Euclidean algorithm will find y and k given x and n Generate one key starting from the other (e.g., have public key, generate private key)

60 Extended Euclidean Algorithm x=13, n=225, y=? aqxy 225-10 1301 NOT ON TESTS

61 Extended Euclidean Algorithm a i-2 /a i-1 = q i-1 and the remainder a i aqxy 225-10 1301 NOT ON TESTS

62 Extended Euclidean Algorithm 225/13 = 17 remainder 4 aqxy 225-10 131701 4 NOT ON TESTS

63 Extended Euclidean Algorithm 13/4 = 3 remainder 1 aqxy 225-10 131701 43 1 NOT ON TESTS

64 Extended Euclidean Algorithm 4/1 = 4 remainder 0 aqxy 225-10 131701 43 14 stop, remainder is 0 NOT ON TESTS

65 Extended Euclidean Algorithm x i+1 = x i-1 - q i * x i aqxy 225-10 131701 43 14 NOT ON TESTS

66 Extended Euclidean Algorithm 1-17*0 =1 aqxy 225-10 131701 431 14 NOT ON TESTS

67 Extended Euclidean Algorithm 0-3*1 =-3 = 222 aqxy 225-10 131701 431 14222 NOT ON TESTS

68 Extended Euclidean Algorithm y i+1 = y i-1 - q i * y i aqxy 225-10 131701 431 14222 NOT ON TESTS

69 Extended Euclidean Algorithm 0- 17*1=-17=208 aqxy 225-10 131701 431208 14222 NOT ON TESTS

70 Extended Euclidean Algorithm 1- (3*208 mod 225)=-173=52 aqxy 225-10 131701 431208 1422252 52 is inverse for 13 mod 225 52*13 mod 225 = 1 NOT ON TESTS

71 Factorization of Large Numbers We have seen that exponentiation in GF(n) can be performed efficiently On the other hand, it is hard to factor large numbers (find possible x and y, given x*y) – Computationally intensive, must use brute-force search Generally factoring time of a large number n increases exponentially with each binary digit added to n

72 RSA Algorithm Created by Ron Rivest, Adi Shamir, sand Leonard Adleman Choose two prime numbers p and q of equal length Compute n=p*q, and Euler Totient function  (n)=(p-1)*(q-1) – We will work in GF(  (n)) Choose public key e relatively prime to  (n)

73 Using extended Euclidean algorithm calculate d which is inverse of e mod  (n) Publish e and n, remember d Encryption: Decryption: There are proofs that the last equation holds Public Key Cryptography (RSA)

74 We can easily perform exponentiation in GF in linear time We can calculate d out of e and n in polynomial time using extended Euclidean algorithm (because we know p and q, we can calculate  (n)=(p-1)*(q- 1)) Attacker must factor large number n to learn p and q which is expensive (exponentially with number of bits in n) Public Key Cryptography (RSA)

75 Digital Signatures Provide data integrity – Can it be done with symmetric systems? Verification requires shared key Doesn’t provide non-repudiation Need proof of provenance – Hash the data, encrypt with private key – Verification uses public key to decrypt hash – Provides non-repudiation Why?

76 One-Way Hash Functions Take a variable-length input M and produce fixed- length output (hash value or message digest or message integrity code) The idea is to fingerprint M – Given M easy to compute h – Given h very hard to compute M – One-bit change in M changes on the average half of the bits in h – Good one-way hash function is collision-free: given M it is very hard to find M such that H(M)=H(M) – One-way hash function is public

77 One-Way Hash Functions Sometimes what we also need is collision resistance: it is hard to find two random messages M 1 and M 2 such that H(M 1 )=H(M 2 ) For a hash function that produces m bit hash, it takes 2 m/2 trials to find any two messages that hash to the same value – We need large m, currently 128-160

78 One-Way Hash Functions Divide M into blocks, generate hash value iteratively Hash value of the whole message is obtained in the last step H MiMi h i-1 hihi

79 Confidentiality, integrity, non-repudiation – M, E(M), H(M), E(H(M)), H(E(M)) – M + H(M) – M + E(H(M)) – M + H(E(M)) – E(M) + H(M) – E(M) + E(H(M)) – E(M) + H(E(M)) When/How to Encrypt/Hash?

Download ppt "Cryptography. What We Will Learn Basic cryptographic primitives Attacks on cryptography When to use which cipher If you want to learn more about this."

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
 Security is multifaceted phenomenon o Confidentiality, integrity, availability  We spoke about various security threats  And some general defense approaches.

 Security is multifaceted phenomenon o Confidentiality, integrity, availability  We spoke about various security threats  And some general defense approaches.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
 We spoke about defense challenges  Crypto introduction o Secret key, public algorithms o Symmetric, asymmetric crypto, one-way hashes  Attacks on cryptography.

 We spoke about defense challenges  Crypto introduction o Secret key, public algorithms o Symmetric, asymmetric crypto, one-way hashes  Attacks on cryptography.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

Similar presentations

Ads by Google