Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORESEC Academy FORESEC Academy Security Essentials (IV)

Published byLuke Baldwin Woods Modified over 9 years ago

Similar presentations

Presentation on theme: "FORESEC Academy FORESEC Academy Security Essentials (IV)"— Presentation transcript:

1 FORESEC Academy FORESEC Academy Security Essentials (IV)

2 FORESEC Academy Why do I Care about Crypto?

3 FORESEC Academy Concepts in Cryptography

4 FORESEC Academy Concepts in Cryptography (2) Tractable ProblemsIntractable Problems “Easy” problems. Can be solved in polynomial time (i.e., “quickly”) for certain inputs Examples : constant problems linear problems quadratic problems cubic problems “Hard” problems. Cannot be solved in polynomial time (i.e., “quickly”) Examples : exponential or super-polynomial problems factoring large integers into primes (RSA) solving the discrete logarithm problem(ElGamal) computing elliptic curves in a finite field (ECC) Computational Complexity deals with time and space requirements for the execution of algorithms. Problems can be classified as tractable or intractable.

5 FORESEC Academy Concepts in Cryptography (3) An Example of an Intractable Problem... Difficulty of factoring a large integer into its two prime factors  A “hard” problem  Years of intense public scrutiny suggest intractability  No mathematical proof so far Example: RSA based on difficulty of factoring a large integer into its prime factors ~1000 times slower than DES considered “secure” de facto standard patent expired in 2000

6 FORESEC Academy Concepts in Cryptography (4)  A “hard” problem  Years of intense public scrutiny suggest intractability  No mathematical proof so far  The discrete logarithm problem is as difficult as the problem of factoring a large integer into its prime factors Another Intractable Problem… Difficulty of solving the discrete logarithm problem --for finite fields Examples El Gamal encryption and signature schemes Diffie-Hellman key agreement scheme Schnorr signature scheme NIST.s Digital Signature Algorithm (DSA)

7 FORESEC Academy Concepts in Cryptography (5)  A “hard” Problem  Years of intense public scrutiny suggest intractability  No mathematical proof so far  In general, elliptic curve cryptosystems (ECC) offer higher speed, lower power consumption, and tighter code Yet Another Intractable Problem... Difficulty of solving the discrete logarithm problem--as applied to elliptic curves Examples Elliptic curve El Gamal encryption and signature schemes Elliptic curve Diffie-Hellman key agreement scheme Schnorr signature scheme NIST.s Digital Signature Algorithm (DSA)

8 FORESEC Academy Voila! We Can Now Build...

9 FORESEC Academy DES: Data Encryption Standard  Released March 17, 1975  Rather fast encryption algorithm  Widely used; a de facto standard  Symmetric-key, 64 -bit block cipher  56 -bit key size ! Small 256 keyspace  Today, DES is not considered secure

10 FORESEC Academy DES Weaknesses  DES is considered non-secure for very sensitive encryption. It is crackable in a short period of time.  See the Cracking DES book by O’Reilly.  Multiple encryptions and key size will increase the security.  Double DES is vulnerable to the meet-in-the- middle attack and only has an effective key length of 57 bits.  Triple DES is preferred.

11 FORESEC Academy DES  In 1992 it was proven that DES is not a group. This means that multiple DES encryptions are not equivalent to a single encryption. THIS IS A GOOD THING.  If something is a group then - E(K 2,E(K,M)) = E(K 3,M)  Since DES is not a group, multiple encryptions will increase the security.

12 FORESEC Academy Meet-in-the-middle Attack

13 FORESEC Academy Triple DES USAGEVULNERABILITIES Supported in latest releases of Web clients, such as Microsoft Internet Explorer & Netscape Communicator Prefer Triple DES over DES (which is. officially. No longer considered to be secure) Cracking Triple DES means examining all possible pairs of crypto-variables (a task considered to be beyond today’s technology) So far, there have been no public reports claiming to have cracked Triple DES...

14 FORESEC Academy Triple DES (2)

15 FORESEC Academy AES THE FIVE “AES” FINALISTS !  MARS IBM  RC6 tm RSA Laboratories  Rijndael Joan Daemen, Vincent Rijmen  Serpent Ross Anderson, Eli Biham, Lars Knudsen  Twofish Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson Significance Developing “good” cryptographic algorithms that can be trusted is hard. The only practical way to develop such algorithms is to perform the development process in an open manner, and under intense public scrutiny of the global cryptographic community. Can you think of a recent example in which this was not followed? Advanced Encryption Standard AES is a new encryption algorithm(s) that is being designed to be effective well into the 21st century Countdown to AES ! 1/2/1997, the quest for AES begins... 8/9/1999, five finalist algorithms announced Announced winner – Rijndeal 12/26/2001 – AES approved!

16 FORESEC Academy AES Algorithm

Download ppt "FORESEC Academy FORESEC Academy Security Essentials (IV)"

Similar presentations

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Conventional Encryption: Algorithms

Conventional Encryption: Algorithms
Chapter 3  Symmetric Key Cryptosystems 1 Overview  Modern symmetric-key cryptosystems o Data Encryption Standard (DES)  Adopted in 1976  Block size.

Chapter 3  Symmetric Key Cryptosystems 1 Overview  Modern symmetric-key cryptosystems o Data Encryption Standard (DES)  Adopted in 1976  Block size.
Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn

Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn
History Applications Attacks Advantages & Disadvantages Conclusion.

History Applications Attacks Advantages & Disadvantages Conclusion.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Encryption CS 465 January 9, 2006 Tim van der Horst.

Encryption CS 465 January 9, 2006 Tim van der Horst.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
ECE578/7 #1 Spring 2010 © 2000-2010, Richard A. Stanley ECE578: Cryptography 7: Elliptic Curve Cryptographic Systems Professor Richard A. Stanley, P.E.

ECE578/7 #1 Spring 2010 © , Richard A. Stanley ECE578: Cryptography 7: Elliptic Curve Cryptographic Systems Professor Richard A. Stanley, P.E.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Similar presentations

Ads by Google