Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Cryptography Summarized from “ Applied Cryptography, Protocols, Algorithms, and Source Code in C ”, 2nd. Edition, Bruce Schneier, John.

Published byCarmel Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Cryptography Summarized from “ Applied Cryptography, Protocols, Algorithms, and Source Code in C ”, 2nd. Edition, Bruce Schneier, John."— Presentation transcript:

1

2 Introduction to Cryptography Summarized from “ Applied Cryptography, Protocols, Algorithms, and Source Code in C ”, 2nd. Edition, Bruce Schneier, John Wiley & Sons, Inc.

3 Outline Introduction Cryptographic Protocols

4 Introduction

5 Terminology Scenario A sender wants to sent a message to a receiver securely, that is, to make sure an eavesdropper cannot read the message Messages and Encryption Plaintext: the message Ciphertext: the encrypted message Encryption: disguising a message to hide its substance Decryption: turning ciphertext back into plaintext Plaintext Encryption Ciphertext Decryption Plaintext

6 Mathematical Notations Symbols Plaintext: M (for message) or P (for plaintext) Ciphertext: C Encryption function: E Decryption function: D Formulations E(M)=C, the encryption function operates on plaintext to produce ciphertext D(C)=M, the decryption function operates on ciphertext to produce plaintext D(E(M))=M, the quality must hold in order to recover the original identity

7 Goals of Cryptography Confidentiality Authentication Receiver must be able to ascertain the message’s origin Integrity Receiver shall be able to verify that the message is not modified in transit Non-repudiation Sender should not be able to falsely deny later that he sent a message

8 Restricted Algorithms Basics of Restricted Algorithms The security of an algorithm is based on keeping the way that algorithm works a secret Of historical interests only, inadequate in today’s applications Frequent changes of algorithm due to user-leaving Difficult to test the security of adopted algorithms Widely used in low-security applications

9 Keys and Algorithms Modern cryptography solves the problems of restricted algorithms with key (or keys), usually denoted by K The key may be any one of a large number of values The range of possible values of the key is called the keyspace All of the security in these algorithms is based in the keys; none is based in the details of the algorithm

10 Cryptosystem A cryptosystem is composed of An algorithm All possible plaintexts All possible ciphertexts All keys

11 Encryption/Decryption with Keys Both encryption and decryption operations use the same key Different encryption and decryption keys are used Plaintext Encryption Ciphertext Decryption Plaintext Key Plaintext Encryption Ciphertext Decryption Plaintext Encryption Key Decryption Key E K (M)=C D K (C)=M D K (E K (M))=M E K1 (M)=C D K2 (C)=M D K2 (E K1 (M))=M

12 Symmetric Algorithms Symmetric Algorithms (Conventional Algorithms) Algorithms where the encryption key can be calculated from the decryption key and vice versa In most symmetric algorithms, the encryption key and the decryption key are the same Categories Stream algorithms Block algorithms

13 Asymmetric Algorithms Asymmetric Algorithms (Public-key Algorithms) The key used for encryption is different from the key used for decryption The decryption key cannot be calculated from the encryption key The encryption key can be made public (public key) The decryption key (private key)

14 Cryptanalysis Overview of cryptanalysis The science of recovering the plaintext of a message without access to the key Successful cryptanalysis may recover The plaintext The key Weakness in a cryptosystem that eventually lead to the results above

15 Cryptanalytic Attacks Basic Assumptions The secrecy must reside entirely in the key The cryptanalyst has complete knowledge of the encryption algorithms used General types of cryptanalytic attacks Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack Adaptive-chosen-plaintext attack Chosen-ciphertext attack Rubber-hose cryptanalysis

16 Several Advises The strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm’s inner workings The best algorithms are the ones that have been made public, have been attacked by the world’s best cryptographers for years, and are still unbreakable

17 Cryptographic Protocols

18 Protocols What is a protocol? Definition A series of steps A protocol has a sequence, from start to end Two or more parties are involved At least two persons are required to complete the protocol Designed to accomplish a task Otherwise, it’s a waste of time

19 Characteristics of Protocols What is a protocol? Characteristics Everyone involved must know the protocol in advance Everyone involved must agree to follow it The protocol must be unambiguous The protocol must be complete Steps in a protocol Computations by one or more of the parties Messages sent among the parties

20 Cryptographic Protocols What is a cryptographic protocol? A protocol that uses cryptography To prevent or detect eavesdropping or cheating Involved parties can be friends and trust each other or they can be adversaries and not trust on another to give the correct time of day It should not be possible to do more or learn more than what is specified in the protocol

21 Purposes of Protocols Why do we need cryptographic protocols? More and more human interaction takes place over computer network instead of face-to-face It is naïve to assume that people on computer networks are honest It is naïve to assume that managers of computer networks are honest It is naïve to assume that designer of computer networks are honest By formalizing protocols, subversion can be avoided.

22 Notations of Players Alice, Bob, Carol, Dave Participants in protocols Eve Eavesdropper Mallory Malicious active attacker Trent Trusted arbitrator Walter Warden Peggy Prover Victor Verifier AliceBobEveMalloryTrent

23 Arbitrated Protocol AliceBob Trent An arbitrator is a disinterested third party trusted to complete a protocol Arbitrators can help complete protocols between two mutually distrustful parties An example of an arbitrated protocol in daily life (lawyers or banks as arbitrators ) Alice is selling a car to Bob, and Bob would like to pay by check 1.Alice gives the title of the car to the lawyer 2.Bob gives the check to Alice 3.Alice deposits the check 4.After the check clears, the lawyer gives the title to Bob. If the check is not clear after a specific period of time, the lawyer returns the title to Alice

24 Problems about Arbitrators The ideal of arbitrated protocol can be translated to the computer world, however, there are several problems about computer arbitrators: Difficult to find and trust a neutral third party since you do not know who the party is Who will bear the cost of maintaining an arbitrator? The inherent delay caused by arbitrators The arbitrators will be a bottleneck in large scale implementations of any protocol Arbitrators will be a vulnerable point for attackers

25 Adjudicated Protocol AliceBobTrent Evidence Due to the cost of hiring arbitrators, an arbitrated protocol can be divided into two low-level sub-protocols - non-arbitrated sub-protocols executed every time - adjudicated sub-protocol executed only in exceptional circumstance to check whether a protocol was performed fairly Judges are professional adjudicators An example Contract signing

26 Self-Enforcing Protocols AliceBob A self-enforcing protocol is the best type of protocol. The protocol itself guarantees fairness No arbitrator is required to complete the protocol No adjudicator is required to resolve disputes If one of the parties tries to cheat, the other party immediately detects the cheating and the protocol stops. Unfortunately, there is not a self-enforcing protocol for every situation

27 Attack against Protocols Targets of cryptographic attacks Cryptographic algorithms used in protocols Cryptographic techniques used to implement the algorithms and protocols Protocols themselves Passive attacks Eavesdropping Observe the protocol and attempt to gain information The attacker does not affect the protocol

28 Attack against Protocols (cont.) Active attacks An attacker could try to alter the protocol to his own advantage Active intervention is involved E.g. Pretend to be someone else Introduce/delete/substitute messages in the protocol Interrupt a communication channel Cheaters Attackers who are one of the parties involved in the protocol

29 Communication Using Symmetric Cryptography AliceBob Both agree on a cryptosystem Both agree on a key Alice sends the ciphertext message to Bob Alice encrypts her plaintext message and encrypts it to create a ciphertext message Bob decrypts the ciphertext message and reads it Eve Ciphertext-only Attack public secret Mallory Break communication Send false ciphertext Secret leaking

30 Problems of Symmetric Cryptosystems Keys must be kept secret before/during/after the protocol Knowing the key  Knowing all the messages A separate key is used for each pair in the network, the total number of keys increases rapidly as the number of users increases N(N-1)/2 keys for N users

31 One-Way Functions The concept of a one-way functions is central to public-key cryptography One-way functions are relatively easy to compute, but significantly harder to reverse (maybe 1,000,000,000,000 years of computations) Given x, we can easily compute f(x) Given f(x), it’s hard to compute x Strictly speaking, there is no evidence that true one-way function really exists True one way function cannot be adopted in cryptography since messages encrypted with one way function is impossible to be decrypted

32 Trapdoor One-way Function A trapdoor one-way function is a special type of one-way function with a secret trapdoor It is easy to compute in one direction, and hard to compute in the other direction But if you know the secret, you can easily compute the function in the other direction

33 One-Way Hash Function One-way hash function Compression function Contraction function Message digest Fingerprint Cryptographic checksum Message integrity check (MIC) Manipulation detection code (MDC) A hash function is a function that takes a variable-length input string (pre-image) and converts it to a fixed-length (usually smaller) string (called a hash value), The hash value fingerprints the pre-image, that is, it can indicate that if a pre-image candidate is the same as the pre-image. A one-way hash function is a hash function that works for one direction Useful in transactions/login sessions Pre-imageHash Value

34 Message Authentication Code Message Authentication Code (MAC) The hash value is a function of both the pre-image and the key Only the one who has the key can verify the hash value

35 Communications Using Public-Key Cryptography AliceBob Both agree on a cryptosystem Bob sends Alice his public key Alice encrypts her message using Bob’s public key Alice sends the encrypted message to Bob Bob decrypts the message using his private key Database

36 Real-World Considerations In the real world, public key algorithms are not substitute for symmetric algorithms because Public-key algorithms are slow Computing power Bandwidth New needs emerge Public-key cryptosystems are vulnerable to chosen-plaintext attack Assume C=E(P), encrypt all possible P and compare to C can determine P, thus this type of attack is effective for few possible encrypted messages

37 Hybrid Cryptosystems AliceBob Bob sends Alice his public key Alice generates a random session key K, and encrypts it using Bob’s public key E B (K) Alice sends the encrypted key to Bob Bob decrypts the message using his private key to recover the session key D B (E B (K))=K Both encrypts their communications using the same session key Key management problem is solved.

38 Man-in-the-Middle Attack AliceBobMallory Alice sends Bob her public key Mallory sends Bob his public key Bob sends Alice his public key Mallory sends Alice his public key Alice sends the message encrypted with Mallory’s public key Mallory decrypts the message and re-encrypts it with Bob’s public key

39 The Interlock Protocol AliceBob Alice sends Bob her public key Bob sends Alice his public key Alice sends half of the message encrypted with Bob’s public key Bob sends half of the message encrypted with Alice’s public key Alice sends the other half of the message Bob sends the other half of the message The fist half of message cannot be decrypted alone

40 Digital Signature Characteristics of a Signature The signature is authentic The signature is unforgeable The signature is not uresable The signature is unalterable The signature cannot be repudiated Problems of Signatures in the Computer World Files are trivial to copy Files are easy to modify after they are signed

41 Signing with Symmetric Cryptosystems and an Arbitrator AliceBobTrent KAKA KBKB Alice encrypts her message to Bob with K A Alice sends the encrypted message to Trent Trent encrypts the bundle consisting of the decrypted message from Alice and a proving statement with K B Trent sends the encrypted message to Bob Bob decrypts his message with K B Bottleneck, Maintenance Problems

42 Signing Documents with Public-Key Cryptography AliceBob Alice encrypts her message with her private key Alice sends the encrypted message to Bob Bob decrypts his message with Alice’s public key

43 Digital Signature and Timestamps The document and signature may be together reused Consequently, digital signatures often include timestamps. The date and time of signature are attached to the message and signed along with the rest of the message

44 Digital Signature and One-Way Hash Functions In practical implementations, public-key algorithms are often too inefficient to sign long documents Instead of signing the document, the hash value of the document is signed and transmitted.

45 Digital Signature and Encryption Combining the security of encryption with the authenticity of digital signature Alice signs the message with her private key Alice encrypts the signed message with Bob’s public key and sends it to Bob Bob decrypts the message with his private key Bob verifies with Alice’s public key and recovers the message S A (M) E B (S A (M)) D B (E B (S A (M)))=S A (M) V A (S A (M))=M

46 Resending the Message as a Receipt E B (S A (M)) V A D B (E B (S A (M))))=M E A (S B (M))V B (D A (E A (S B (M))))=M AliceBob If V X =E X, S X =D X MalloryBob E B (D A (M)) E M D B (E B (D A (M))))=E M (D A (M)) E M (D B (E M (D A (M))))E A (D M (E B (D M (E M (D B (E M (D A (M))))))))=M

Download ppt "Introduction to Cryptography Summarized from “ Applied Cryptography, Protocols, Algorithms, and Source Code in C ”, 2nd. Edition, Bruce Schneier, John."

Similar presentations

Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lecture 1Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 1.

Lecture 1Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 1.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Protocol Building Blocks 1.Protocols are multi-agent algorithms 2.Agents know protocol 3.Protocol unambiguous, well-defined 4.Protocol complete, action.

Protocol Building Blocks 1.Protocols are multi-agent algorithms 2.Agents know protocol 3.Protocol unambiguous, well-defined 4.Protocol complete, action.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 Chap 1: Introduction Some background –The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext).

1 Chap 1: Introduction Some background –The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext).
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Similar presentations

Ads by Google