Download presentation
Presentation is loading. Please wait.
Published byAndrew Simmons Modified over 9 years ago
1
Software Security Seminar - 1 Chapter 10. Using Algorithms 2002. 9. 25. 조미성 Applied Cryptography
2
Software Security Seminar - 2 Contents 10.1 Choosing An Algorithm 10.2 Public-Key Cryptography versus Symmetric Cryptography 10.3 Encrypting Communications Channels 10.4 Encrypting Data For Storage
3
Software Security Seminar - 3 Introduction Security data communication information The security of the entire system is only as strong as the weakest link Designer of a secure system Cryptanalyst Cryptography : only a part of security the mathematics of making a system secure which is different from actually making a system secure
4
Software Security Seminar - 4 10.1 Choosing an Algorithm Choosing an algorithm… - choose published algorithm - trust a manufacturer - trust a private consultant - trust government - write their own algorithm Algorithms for Export : approved by NSA - leak a key bit, embedded in the ciphertext - “dumb down” the efficient key to something in the 30-bit range - use a fixed IV or encrypt a fixed header at the beginning of each encrypted message - generate a few random bytes, encrypt them with the key and then put both the plaintext and the ciphertext of the random bytes at the beginning of the encrypted message
5
Software Security Seminar - 5 10.2 Public-key Cryptography versus Symmetric Cryptography Needham and Schroeder the symmetric alg. was more efficient than the public-key alg. Whitfield Diffie - hybrid system - Symmetric cryptography is best for encrypting data - Public-key cryptography is best for key management and a myriad of protocols discussed in Part I
6
Software Security Seminar - 6 10.3 Encrypting Communications Channels Alice M Bob secure encryption Link-by-link encryption : everything going through a particular data link is encrypted node1 node2 node3 node4 P E k 1 D k 1 E k 2 D k 2 E k 3 D k3 P link1 link2 link3
7
Software Security Seminar - 7 Link-by-Link encryption : Advantages and Disadvantages Advantages: - easier operation - only one set of keys per link is required - provides traffic-flow security - encryption is on-line Disadvantage: - data is exposed in the intermediate nodes 10.3 Encrypting Communications Channels
8
Software Security Seminar - 8 10.3 Encrypting Communications Channels End-to-end encryption : the data are encrypted selectively and stay encrypted until they are decrypted by the intended final recipient node1 node2 node3 node4 P E k D k P link1 link2 link3 End-to-end encryption : Advantages and Disadvantages Advantages: Higher secrecy level Disadvantages : - requires a more complex key-management system - traffic analysis is possible - encryption is offline
9
Software Security Seminar - 9 Alice M Bob secure Alice prevent unrecoverable errors from creeping in the ciphertext Problems to encrypting computer data for storage - the data may be exist in plaintext form known-plaintext attack - | ciphertext | |plaintext | - the speed of I/O device demands fast encryption and decryption require encryption hardware - safe, long-term storage for keys is required - key management is much more complicated 10.4 Encrypting Data For Storage
10
Software Security Seminar - 10 Dereferencing Keys encrypting a large hard drive - encrypt all the data using a simple key cryptanalyst : a large amount of ciphertext to analyze impossible to allow multiple users to see only parts of the drive - encrypt each file with a different key memorize a different key for each file Solution : encrypt each file with a separate key and encrypt the keys with another key known by the users 10.4 Encrypting Data For Storage
11
Software Security Seminar - 11 Driver-Level vs. File-Level Encryption two ways to encrypt a hard drive : at the file level and at the driver level - File-level encryption Benefits: ease of implementation and use, flexible relatively small performance penalty users can move files between different machines without problems Security Issues: potential leakage through security-unconscious programs bad implementation re-encrypt with the same key for same password Usability problems: user has to figure out what to do there may be different passwords for different files manual encryption of selected files is the only access control 10.4 Encrypting Data For Storage
12
Software Security Seminar - 12 - Drive-level encryption Benefits: temporary files, work files, and so forth can be kept on the secure drive it’s harder to forget to re-encrypt something on this kind of system Security Issues: lots of things can go wrong with a device-driver or memory-resident program bad implementation chosen-plaintext(ciphertext) attack if whole system is master-keyed under one password, loss of that password means that the attacker gets everything a more limited set of ciphers can reasonably be used for this kind Usability problems: there will be a performance penalty 10.4 Encrypting Data For Storage
13
Software Security Seminar - 13 Providing Random Access to an Encrypted Drive : access individual disk sectors randomly - Use the sector address to generate a unique IV for each sector being encrypted or decrypted - For the master key, generate a pseudo-random block as large as one sector. To encrypt any sector, first XOR in this pseudo-random block, then encrypt normally with a block cipher 10.4 Encrypting Data For Storage
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.