Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Published byChad O’Neal’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!"— Presentation transcript:

1 Cryptography Wei Wu

2 Internet Threat Model Client Network Not trusted!!

3 Cryptography issues Confidentiality – Only sender and intended receiver should “understand” message contents End-Point Authentication – Sender and receiver want to confirm identity of each other Message Integrity – Sender and receiver want to ensure message not altered without detection

4 Simple encryption scheme substitution cipher: substituting one thing for another – monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc E.g.: Key: the mapping from the set of 26 letters to the set of 26 letters

5 Encryption Schemes Symmetric Encryption – Single key Asymmetric Encryption – Paired keys

6 Symmetric Key Cryptography Symmetric key cryptography – Bob and Alice share same (symmetric) key – Simplest operation: XOR plaintext ciphertext K S encryption algorithm decryption algorithm K S plaintext message, m K (m) S m = K S (K S (m))

7 Two types of symmetric ciphers Stream ciphers – encrypt one bit at time Block ciphers – Break plaintext message in equal-size blocks – Encrypt each block as a unit

8 Stream Ciphers Combine each bit of keystream with bit of plaintext to get bit of ciphertext m(i) = ith bit of message k s (i) = ith bit of keystream c(i) = ith bit of ciphertext c(i) = k s (i)  m(i) (  = exclusive or) m(i) = k s (i)  c(i) keystream generator key keystream pseudo random

9 Block ciphers Message to be encrypted is processed in blocks of k bits (e.g., 64-bit blocks). 1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext Example with k=3: input output 000 110 001 111 010 101 011 100 input output 100 011 101 010 110 000 111 001

10 Symmetric key crypto: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES? – DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a day Making DES more secure: – 3DES: encrypt 3 times with 3 different keys procedure: performing encrypt, decrypt, encrypt

11 Public key cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message K (m) B + K B + Bob’s private key K B - m = K ( K (m) ) B + B -

12 Public key encryption algorithms need K ( ) and K ( ) such that B B.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm + - K (K (m)) = m B B - + + -

13 RSA: Creating public/private key pair 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B -

14 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt message m (<n), compute c = m mod n e 2. To decrypt received bit pattern, c, compute m = c mod n d m = (m mod n) e mod n d Recovery: c

15 RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z). bit pattern m m e c = m mod n e 00001100 12 24832 17 c m = c mod n d 17 481968572106750915091411825223071697 12 c d encrypt: decrypt: Encrypting 8-bit messages.

16 RSA: another important property The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same!

17 Session keys Exponentiation is computationally intensive DES is at least 100 times faster than RSA Session key, K S Bob and Alice use RSA to exchange a symmetric key K S Once both have K S, they use symmetric key cryptography

18 Message Integrity Allows communicating parties to verify that received messages are authentic. – Content of message has not been altered – Source of message is who/what you think it is – Message has not been artificially delayed (playback attack) – Sequence of messages is maintained Let’s first talk about message digests

19 Message Digests Function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature” – H( ) is often called a “hash function” – Note that H( ) is a many-to-1 function Desirable properties: – Easy to calculate – Irreversibility: Can’t determine m from H(m) – Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’) – Seemingly random output Large message M H(): Hash Function H(M)

20 Message Authentication Code (MAC) message H( ) s message s H( ) compare s = shared secret Authenticates sender Verifies message integrity No encryption Also called “keyed hash” Notation: MD m = H(s||m) ; send m||MD m

Download ppt "Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!"

Similar presentations

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,

Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 9.1: Network Security Dr. Nghi Tran.

ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 9.1: Network Security Dr. Nghi Tran.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks

CSE401n:Computer Networks
Network Security understand principles of network security:

Network Security understand principles of network security:
Public Key Cryptography

Public Key Cryptography
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.

CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Similar presentations

Ads by Google