Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Published byAusten Lewis Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics."— Presentation transcript:

1 CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics

2 CS5262 Cryptography Basic assumptions –Message to be encrypted –Algorithms (publicly known) to encrypt/decrypt message –Key (known only to sender/recipient) –Given only algorithms and encrypted message, nobody knows a method to decrypt that is significantly faster than trying all keys Types of attacks –ciphertext only –known plaintext –chosen plaintext Real attacks generally don’t break cryptography! –Don’t pick the lock, tunnel into the vault

3 CS5263 Secret-Key (Symmetric) Cryptography: Uses Prevent eavesdropping –Must be secure channel for key exchange Secure storage –I have to remember my key Authentication –Challenge/response –Be careful Integrity Check –Checksum on the message –Encrypt the checksum

4 CS5264 Public Key (Assymetric) Cryptography First published in 1976 (Diffie-Hellman) –More common today: RSA Matched pair of keys –Public key (e) to encrypt –Private key (d) to decrypt For integrity, encrypt checksum with sender’s private key –Only sender’s public key will decrypt properly

5 CS5265 Public-Key Cryptography: Uses Prevent eavesdropping Authentication Integrity Problem: public key algorithms slow –Solution: Use to share secret key

6 CS5266 Public Key Cryptography: Non-repudiation Message Integrity Checksum (MAC) can convince Recipient that Sender created message –Message correct, from right source But can’t convince anyone else! –Sender, recipient share key –Either could generate message Public key solves this problem –Private key required to encrypt –Only known to sender

7 CS5267 Hash Algorithms Transform arbitrarily long message m into (short) fixed-length message h(m) –Must be easy to compute h(m) –Given h(m), hard to find (an) m –Hard to find m 1 and m 2 such that h(m 1 )=h(m 2 ) Uses –Password storage (easy to verify that it is probably correct) –Integrity: Send m, h(m|s) –Storage integrity

8 CS5268 Cryptographic Algorithms What have you covered? DES –3DES IDEA AES One-time Pad –RC4

9 CS5269 Cryptography: Algorithms Block encryption: Turn fixed-length block into fixed- length e(block) –Block needs to be large enough to prevent “discovery” of block/e(block) pairs –64 bits seems adequate in practice Goal: appear random –Changing one input bit should change each output bit with probability ½ Approaches: –Substitution: Table mapping input to output –Permutation: Move bits around Do (small) substitutions and permutations in rounds

10 CS52610 Encrypting More… Electronic Code Book –Obvious: Just encrypt each block –Leaks information –Open to tampering Cipher Block Chaining k-Bit Cipher Feedback Mode k-Bit Output Feedback Mode Counter Mode

11 CS52611 Cipher Block Chaining Xor first block with 64-bit random before encryption –Send random “in the clear” Xor each block with previous encrypted block before encryption Ensures –Identical blocks different in transmitted message –A repeated message will look different each time Problem: tampering –Tampering with one block makes predictable change in the next –But destroys first block

12 CS52612 Output Feedback Mode Use DES to generate one-time pad –Start with random value –Encrypt with DES to get pad –m xor pad to encrypt –Encrypt pad to get next pad Fast, resilient, can stream results bit at a time If adversary knows plaintext, ciphertext, can tamper to produce desired result!

13 CS52613 Cipher Feedback Mode One-time pad like OFB –But use ciphertext, not previous pad, to get new pad Tampering garbles following block –Better than OFB –But not as good as CBC Counter Mode –Increment random before encryption to get next pad

14 CS52614 Encryption to generate Message Authentication Codes Use CBC –Xor each block with previous cipher –Then encrypt Final block is integrity code –Will change if any block changes, or key changes Requires sending the plaintext message

15 CS52615 Integrity & confidentiality Idea: Encrypt, then checksum on encrypted message –Requires twice as much encryption! –Can we do better? Solution: Weak checksum then encrypt –Adversary can’t see weak checksum to attack it

16 CS52616 Hash Algorithms (Message Digest) Transform arbitrarily long message m into (short) fixed-length message h(m) –Must be easy to compute h(m) –Given h(m), hard to find (an) m –Hard to find m 1 and m 2 such that h(m 1 )=h(m 2 ) Goal: h(m) should appear random –Non-trivial to define “appear random”

17 CS52617 (Strange) Hash Uses Authentication –A sends challenge r A –B responds with h(k|r A ) and r B –A responds with h(k|r B ) Integrity / Message Authentication Code –h(m | k) Generate a one-time pad –h(k | r) gives first block, then h(k | b i-1 ) gives b i Can also generate a hash using symmetric encryption

18 CS52618 Hashing (MD5): How it Works Basic idea: Continuously update hash value with 512 bit blocks of message –128 bit initial value for hash –Bit operations to “compress” Compression function: Update 128 bit hash with 512 bit block –Pass 1: Based on bits in first word, select bits in second or third word –Pass 2: Repeat, selecting based on last word –Pass 3: xor bits in words –Pass 4: y xor (x or ~z)

19 CS52619 Public Key Cryptography Public key d, private key e –m = e(d(m)) = d(e(m)) Given d, d(m), hard to find m –same for e, e(m) Given d, hard to find e –same for e, d Most based on modular arithmetic –Modular exponentiation

20 CS52620 Algorithms: Diffie-Hellman Goal: Two parties agree on common number –E.g., learn shared key Initial: large prime p, g < p –publicly known Each chooses secret T = g s mod p Exchange and repeat –Result is the same

21 CS52621 Diffie-Helman: Problems Authentication –Am I talking to the right person? Man in the middle –Sets up session with either end

22 CS52622 Algorithms: RSA (Rivest, Shamir, Adleman) Key generation –Choose primes p,q –Choose e relatively prime to (p-1)(q-1) –Public key –Private key where d = 1/(e mod (p-1)(q-1)) Encrypt: c = m e mod n –Decrypt: m = c d mod n de = 1 mod (p-1)(q-1), so m = (m e ) d mod n Breakable if we can factor (why?)

23 CS52623 Problems with RSA Probing –If I get e(m), I can check if m=m’ –Solution: random pad Efficiency: Key concepts –x e mod n = (x * x) mod n * x e-1 mod n –x 2(e/2) = left shift of x (e/2) Generating keys expensive –Select large primes –Find e relatively prime to (p-1)(q-1) In practice, e=65537 Any x<n is a valid signature –Also, given a signatures for m1, m2; can compute signature for (some) other messages

24 CS52624 Public-Key Cryptography Standard Encryption Format –Octal: 0 2 (eight random values) 0 data –Data is typically a “session key” Signature Format –0 1 (64 bits of ones) 0 hash

25 CS52625 Digital Signature Standard ElGamal-based algorithm –Diffie-Helman style

Download ppt "CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics."

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google