Presentation is loading. Please wait.

Presentation is loading. Please wait.

CompSci 001 8.1 Today’s topics l Security ä Demo from RSA Security (www.rsa.com) ä Sildes taken from Tammy Bailey ä Slides taken from Kevin Wayne & Robert.

Published byEdwin Oswin Lee Modified over 9 years ago

Similar presentations

Presentation on theme: "CompSci 001 8.1 Today’s topics l Security ä Demo from RSA Security (www.rsa.com) ä Sildes taken from Tammy Bailey ä Slides taken from Kevin Wayne & Robert."— Presentation transcript:

1 CompSci 001 8.1 Today’s topics l Security ä Demo from RSA Security (www.rsa.com) ä Sildes taken from Tammy Bailey ä Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University ä For further reference “Applied Cryptography” by Bruce Schneier l Upcoming ä Complexity l Reading ä Sections 3.5, 4.5 and 11 in Brookshear.

2 CompSci 001 8.2 Information security l Computer Security is the prevention of, or protection against: ä Access to information by unauthorized recipients ä Intentional but unauthorized destruction or alteration of that information. l All measures taken to prevent unauthorized use of electronic data ä unauthorized use includes disclosure, alteration, substitution, or destruction of the data concerned l Provision of the following three services ä Confidentiality concealment of data from unauthorized parties ä Integrity assurance that data is genuine ä Availability system still functions efficiently after security provisions are in place l No single measure can ensure complete security

3 CompSci 001 8.3 Why is information security important? l Governments, commercial businesses, and individuals are all storing information electronically ä compact, instantaneous transfer, easy access l Ability to use information more efficiently has resulted in a rapid increase in the value of information l Information stored electronically faces new and potentially more damaging security threats ä can potentially be stolen from a remote location ä much easier to intercept and alter electronic communication than its paper-based predecessors l What are the relevant fields of study? ä Cryptography: science of creating secret codes. ä Cryptanalysis: science of code breaking ä Cryptology: science of secret communication.

4 CompSci 001 8.4 Building blocks of a secure system l Confidentiality: concealment from unauthorized parties ä identification – unique identifiers for all users ä authentication user: assurance that the parties involved in a real-time transaction are who they say they are data: assurance of message source ä authorization - allowing users who have been identified and authenticated to use certain resources l Integrity: assurance the data is has not been modified by unauthorized parties ä non-repudiation proof of integrity and origin of data which can be verified by any third party at any time

5 CompSci 001 8.5 Completing the security process l Confidentiality + integrity  system security l However, it is not enough for system to be secure l System must also be available ä must allow guaranteed, efficient and continuous use of information ä security measures should not prohibitively slow down or crash system or make it difficult to use what good is a secure system if you can’t use it? l Cryptographic systems ä high level of security and flexibility ä can potentially provide all objectives of information security: confidentiality, integrity, and availability

6 CompSci 001 8.6 Encryption ä Goal: information security in presence of malicious adversaries ä confidentiality ä integrity ä authentication ä authorization ä non-repudiation l Encryption can be used to … ä prevent your kid sister from intercepting, reading, and/or altering your messages and files ä prevent FBI, CIA, or NSA from intercepting, reading, and/or altering your messages and files

7 CompSci 001 8.7 Uses of Encryption?

8 CompSci 001 8.8 Process Plain Text Encryption encryption algorithm (cipher) encryption key Cipher Text Decryption decryption algorithm decryption key

9 CompSci 001 8.9 Terminology l Encryption ä process of obscuring or scrambling data to render it incomprehensible to unauthorized viewers. l Cipher text ä encrypted data or "code" l Plain text ä original, readable data prior to encryption l Cipher or encryption algorithm ä particular method for encrypting or scrambling data l Key ä data required by the encryption algorithm to process the plain text and convert it to cipher text l Decryption ä process of converting cipher text back into plain text ä requires a key and a decryption algorithm

10 CompSci 001 8.10 Participants l Sender & Receiver ä people who want to communicate securely or in private l Listener (eavesdropper) ä present on communication channel between sender and receiver l The Problem: Suppose that Bob (the sender) wants to send Alice (the receiver) a message but knows that Eve (the eavesdropper) is trying and may very well intercept it. Bob and Alice need to agree on an encryption algorithm and a key. But Eve could intercept this as well. How do they get around this problem?

11 CompSci 001 8.11 Encrypted communication

12 CompSci 001 8.12 Padlock problem l Al and Sue are not allowed to directly communicate with each other in any way. Al has a box, a padlock for the box, a key for that padlock, and a diamond. Sue has a different padlock, and a key for that padlock. The only way Al and Sue can communicate, or send things to each other is through Ted, who will steal everything except a locked box, or an empty box. Ted will not try to pry open any locks with any tools, etc. But if a box is unlocked, and not empty, then Ted will steal its contents. l Question : How does Al get the diamond to Sue using Ted?

13 CompSci 001 8.13 Coin flipping over the phone l Alice and Bob are talking on the phone and want to decide whether they should go to a party in Durham or Chapel Hill. l Unable to arrive at a decision, they decide to have Alice flip a fair coin l They don’t trust each other! l How can Alice and Bob determine the oitcome of a fair coin flip without having to meet in person? ä Does your solution work even if none, one, or both of the participants are honest/dishonest?

14 CompSci 001 8.14 Algorithms & Keys Restricted Algorithm l If the security depends on keeping the working of the algorithm secret. l Can’t support a large or changing group of users…Why? l No quality control. Modern cryptology solves this with a KEY ( K ). l Key might be any of a large number of values. l Range of possible values called a keyspace. l Now security depends on the security of the Key. l The algorithms for encrypting and decrypting can be mass produced and optimized.

15 CompSci 001 8.15 Attacks l Compromise systems in ways that affect services of information security ä attack on confidentiality: unauthorized disclosure of information ä attack on integrity: destruction or corruption of information ä attack on availability: disruption or denial of services Prevention, detection, response ä proper planning reduces risk of attack and increases capabilities of detection and response if an attack does occur

16 CompSci 001 8.16 Substitution Ciphers l Each character in the message is replaced by another according to some rule l Order of the encrypted characters is the same as plaintext ä Caesar cipher letters of the alphabet shifted by 3 positions l Shift (additive) ciphers ä letters of the alphabet are shifted by k positions ä k is called the cipher or encryption key ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC

17 CompSci 001 8.17 Substitution ciphers are easy to break l Shift ciphers really only have 25 keys ä same ciphertext results from keys 10, 35, -20, 510, … ä easy to try all possible keys l What if we randomly order the alphabet? 26! possibilities l Still (relatively) easy to break using characteristics of the language to reduce solution space ä letter and word frequencies ä context ABCDEFGHIJKLMNOPQRSTUVWXYZ LCFRQWZKMGBXDSYNTAUJVOHPEI

18 CompSci 001 8.18 Additive tables & one time pads l Lists of random numbers l Shift first letter of message by first number, shift second letter by second number, etc. until message is completed l Harder to break because individual letters are not always encrypted to same code letter l Problem is both sender and receiver must have a copy of the table and/or know where to start in the table l If the same table is used every time, code can be broken by analyzing enough messages

19 CompSci 001 8.19 Encryption algorithms l Symmetric Key ä perform encryption and decryption with a single key ä substitution ciphers l Examples ä DES/3DES ä Blowfish ä IDEA l Asymmetric Key ä separate keys used for encryption and decryption public key private key l Examples ä RSA ä DSA

20 CompSci 001 8.20 Private Key Encryption Assume message is encoded as numbers (ASCII, Unicode)

21 CompSci 001 8.21 Symmetric key algorithms (private key) l Perform encryption and decryption with a single key l Advantages ä algorithms are very fast ä computationally less intensive l Security of system determined by protecting the secret key from disclosure l Applicable only in situations where the distribution of the key can occur in a secure manner l If every user is going to communicate with every other user, how many keys are required for a system with 1000 users?

22 CompSci 001 8.22 Public Key Encryption

23 CompSci 001 8.23 Asymmetric algorithms (public key) l Two separate keys used for encryption and decryption ä public key used for encryption, not secret, available for widespread dissemination ä private key used for decryption private to the individual who owns it l Plain text encrypted with one key can be decrypted with the other key only ä similar to a mailbox l Computationally infeasible to derive the private key from the known public key l If every user is going to communicate with every other user, how many keys are required for a system with 1000 users?

24 CompSci 001 8.24 RSA encryption l Rivest, Shamir, and Adleman, MIT, 1977 l Most widely-used cryptosystem l Security relies on the on the difficulty of factoring very large integers into prime factors ä primes are positive integers that are divisible only by 1 and themselves ä for example, first 50 prime numbers are … 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229

25 CompSci 001 8.25 Prime factorization l A prime factorization is the expression of a positive integer as a product of prime numbers 12 = 3  2  2 4453 = 73  61 10584 = 7  7  3  3  3  2  2  2 124937125 = 2003  499  5  5  5 l Large primes are easy to multiply l Factoring large integers is hard 8876044532898802067 = 1500450271  5915587277 easy hard

26 CompSci 001 8.26 Encrypting and decrypting l Alice and Bob would like to communicate with each other in private l Alice uses RSA algorithm to generate public & private keys ä Alice makes key (k, n) publicly available to Bob and anyone else wanting to send her private messages l Bob uses Alice’s public key (k, n) to encrypt message M: ä compute E(M) =(M k )%n ä Bob sends encrypted message E(M) to Alice l Alice receives E(M) and uses private key (d, n) to decrypt it: ä compute D(M) = (E(M) d )%n ä decrypted message D(M) is original message M

27 CompSci 001 8.27 RSA algorithm l Select two large prime numbers p, q l Compute n = p  q v = (p-1)  (q-1) l Select small odd integer k relatively prime to (not a factor of) to v l Compute d such that (d  k)%v = (k  d)%v = 1 l Public key is (k, n) l Private key is (d, n) l How large should n be? ä Number Theory ä n / ln n prime numbers between 2 and n. l example p = 11 q = 29 n = 319 v = 280 k = 3 d = 187 l public key (3, 319) l private key (187, 319)

28 CompSci 001 8.28 Attacks l Ciphertext-only Attack.. l Known-plaintext Attack.. l Chosen-plaintext Attack.. l Chosen-ciphertext Attack.. l Rubber-hose cryptanalysis.. Factoring. l Factor n = pq. Then compute v. l Then compute d. Timing attacks. l Send C l How long does it takes to compute C d (mod n)? l Compute d Other means? l Long-standing open research question.

29 CompSci 001 8.29 Digital Signature Alice sends Bob a response. l Bob wants to be really sure Alice really sent it, and not some imposter. Alice wants to send Bob a response S. l Alice uses private key d and computes: S’= S d (mod n). l Alice sends ( S, S’). Bob receives digital signed response ( S, S’). l Bob uses Alice’s public key e ä Checks if S = (S’) e (mod n ). l If yes, then Bob concludes S sent by Alice. l If no, then Bob concludes S or S’ corrupted in transmission, or message is forgery. Third party. l Bob verifies Alice’s signature on digitally signed message (e.g. electronic check). l Bob forwards digitally signed message to bank. l Bank re-verifies Alice’s signature.

30 CompSci 001 8.30 Certification authority l A third party trusted by all users that creates, distributes, revokes, & manages certificates l Certificates bind users to their public keys l For example, if Alice wants to obtain Bob's public key ä she retrieves Bob's certificate from a public directory ä she verifies the CA's signature on the certificate itself ä if signature verifies correctly, she has assurance from the trusted CA this really is Bob's public key ä she can use Bob's public key to send confidential information to Bob or to verify Bob's signatures, protected by the assurance of the certificate l Integrity is provided by the certification authority

31 CompSci 001 8.31 Bad Cryptology? Good introductory explanation & details on Gregory Kesden’s site (CMU) http://www-2.cs.cmu.edu/~dst/DeCSS/Kesden/ Content Scrambling System (CSS). l Use to encrypt DVD’s. l Each disc has 3 40-bit keys. l Each DVD decoder (software/hardware) has unique 40-bit key. l “Not possible” to play back on computer without disc. DeCSS. (Canman and SoupaFrog, 1999). l Decryption algorithm written by two Norwegians. l Used “in-circuit emulator” to monitor hardware activity. Why CSS is fatally flawed. (Technica, Policy, and Legal issues..)

32 CompSci 001 8.32 Breaking RSA l The Cold-boot attack l RSA Challenge ä Publish list of numbers ä Prizes given to anyone who can factor the numbers ä Largest number factored was a 200 digit (663 bit) number in 2005 before challenge ended l The Digital Millennium Copyright Act (DMCA) criminalized the use of cryptanalytic techniques to circumvent copy protection ä Why? ä What possible positive or negative effects?

Download ppt "CompSci 001 8.1 Today’s topics l Security ä Demo from RSA Security (www.rsa.com) ä Sildes taken from Tammy Bailey ä Slides taken from Kevin Wayne & Robert."

Similar presentations

Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.

Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Information Security. Information security  All measures taken to prevent unauthorized use of electronic data –unauthorized use includes disclosure,

Information Security. Information security  All measures taken to prevent unauthorized use of electronic data –unauthorized use includes disclosure,
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google