830 likes | 1.24k Views
Cryptography (One Day Cryptography Tutorial). By Dr. Mohsen M. Tantawy. Definitions. Definitions. Plaintext : easy to understand form (original message) Ciphertext : difficult to understand form Encryption : encoding (plaintext -> ciphertext)
E N D
Cryptography(One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy
Definitions • Plaintext: easy to understand form(original message) • Ciphertext: difficult to understand form • Encryption: encoding (plaintext -> ciphertext) • Decryption: decoding(ciphertext -> plaintext) • Cryptology: study of encryption • Cryptography: use of encryption • Cryptanalysis: breaking encryption
Group of individuals Definitions • Alice—She is an end user/computer without malicious intentions, one of the main users of cryptography. • Bob—He is Alice’s friend and is also a main user of cryptography, without malicious intentions. • Cathy—Another user of cryptography; she does not usually have a large roll nor malicious intentions. • Eve—A malicious user that does not interfere with communications. She simply wants to eavesdrop on the conversation between two other characters, typically Alice and Bob, but does not actively try to attack the communication. • Mallory—The malicious user. Always trying to thwart attempts by other characters to communicate securely. • Trent—He is a trusted third party. He only communicates with Alice, Bob, or Cathy when they ask for his help. He can always be trusted to do what he says he will do.
Group of individuals • Hacker– is a general term that has historically been used to describe a computer programming expert. More recently, this term is commonly used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. • Cracker– is the term that is generally regarded as the more accurate word that is used to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
Group of individuals • Phreaker – is an individual that manipulates the phone network in order to cause it to perform a function that is normally not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. • Spammer– is an individual that sends large quantities of unsolicited email messages. Spammers often use viruses to take control of home computers in order to use these computers to send out their bulk messages. • Fisher– uses email or other means in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The Phisher will masquerade as a trusted party that would have a legitimate need for the sensitive information.
Group of individuals • White hat – is a term used to describe individuals that use their abilities to find vulnerabilities in systems or networks, and then report these vulnerabilities to the owners of the system so that they can be fixed. • Black hat – is another term for individuals that use their knowledge of computer systems to break into systems or networks that they are not authorized to use.
Definitions • Key—A random piece of data used with encryption and decryption. Encryption and decryption algorithms require a key and plain text or cipher text to produce cipher text or plain text, respectively. • Security Association— A set of information that describes how the communicating entities will utilize security.
Types of Cryptographic Systems • Symmetric-key cryptosystems • Asymmetric-key or Public-key cryptosystems • Hybrid (Symmetric-key and Asymmetric-key) cryptosystems
Symmetric Encryption • Uses conventional / secret-key / single-key • Sender and recipient share a common key • All classical encryption algorithms are private-key • The only type prior to invention of public-key in 1970’s
Requirements • Two requirements for secure use of symmetric encryption: • Strong encryption algorithm • Secret key known only to sender / receiver Y = EK(X) X = DK(Y) • Assume encryption algorithm is known • Implies a secure channel to distribute key
Block ciphers and Stream ciphers • Each secret-key cryptography algorithm or cipher typically works in two phases: • key set-up phase • ciphering or encrypt and decrypt phase. • There are two major classes of these algorithms: block ciphers and stream ciphers. • Block ciphers encrypt plaintext in units of blocks and likewise decrypt cipher text in units of blocks. • Stream ciphers encrypt plaintext in one stream and decrypt cipher text likewise.
Mode of Operation There are three important block cipher modes: • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Cipher Feedback Mode (CFB)
Symmetric-key cryptosystems Examples of symmetric key algorithms are as follows: • Data Encryption Standard (DES) (56bits) • Triple DES (3DES) (168 bits) • Advanced Encryption Standard (AES) • International Data Encryption Algorithm (IDEA) (128 bits) • Rivets Cipher 4 (RC4) (variable length key)
Initial Permutation IP • first step of the data computation • IP reorders the input data bits • even bits to LH half, odd bits to RH half • quite regular in structure (easy in h/w)
DES Round Structure • uses two 32-bit L & R halves • as for any Feistel cipher can describe as: Li= Ri–1 Ri= Li–1 xor F(Ri–1, Ki) • takes 32-bit R half and 48-bit subkey and: • expands R to 48-bits using perm E • adds to subkey • passes through 8 S-boxes to get 32-bit result • finally permutes this using 32-bit perm P
Substitution Boxes S • have eight S-boxes which map 6 to 4 bits • each S-box is actually 4 little 4 bit boxes • outer bits 1 & 6 (row bits) select one rows • inner bits 2-5 (col bits) are substituted • result is 8 lots of 4 bits, or 32 bits • row selection depends on both data & key • feature known as autokeying
Triple DES • clear a replacement for DES was needed • theoretical attacks that can break it • demonstrated exhaustive key search attacks • AES is a new cipher alternative • prior to this alternative was to use multiple encryption with DES implementations • Triple-DES is the chosen form
Triple-DES with Two-Keys • hence must use 3 encryptions • would seem to need 3 distinct keys • but can use 2 keys with E-D-E sequence • C = EK1[DK2[EK1[P]]] • if K1=K2 then can work with single DES • standardized in ANSI X9.17 & ISO8732 • no current known practical attacks
Triple-DES with Three-Keys • although are no practical attacks on two-key Triple-DES have some indications • can use Triple-DES with Three-Keys to avoid even these • C = EK3[DK2[EK1[P]]] • has been adopted by some Internet applications, eg PGP, S/MIME
Triple DES (3DES) The technique used by 3DES is known as EDE (Encrypt-Decrypt-Encrypt). • The plaintext message is encrypted using the first 8 bytes of the 3DES. • Then the message is decrypted using the middle 8 bytes of the key. • Finally, the message is encrypted using the last 8 bytes of the key to produce an 8-byte block.
AES Requirements • private key symmetric block cipher • 128-bit data, 128/192/256-bit keys • stronger & faster than Triple-DES • active life of 20-30 years (+ archival use) • provide full specification & design details • both C & Java implementations
Rijndael • data block of 4 columns of 4 bytes is state • key is expanded to array of words • has 9/11/13 rounds in which state undergoes: • byte substitution (1 S-box used on every byte) • shift rows (permute bytes between groups/columns) • mix columns (subs using matrix multipy of groups) • add round key (XOR state with key material) • view as alternating XOR key & scramble data bytes • initial XOR key material & incomplete last round • with fast XOR & table lookup implementation
Asymmetric-key or Public Key Encryption • Based on mathematical algorithms • Asymmetric • Use two separate keys • Public Key issues • Plain text • Encryption algorithm • Public and private key • Cipher text • Decryption algorithm
Public Key Encryption - Operation • One key made public • Used for encryption • Other kept private • Used for decryption • Infeasible to determine decryption key given encryption key and algorithm • Either key can be used for encryption, the other for decryption
Steps • User generates pair of keys • User places one key in public domain • To send a message to this user, encrypt using public key • User decrypts using private key
Digital Signature • Sender encrypts message with their private key • Receiver can decrypt using senders public key • This authenticates sender, who is only person who has the matching key • Does not give privacy of data • Decrypt key is public
Asymmetric-key or Public-key Cryptosystems There are many examples of commonly used public-key systems including: • Diffie-Hellman • Rivest, Shamir, Adleman (RSA) • Digital Signature Algorithm (DSA) / • Al Gamal • Elliptic Curve Cryptosystem (ECC)
Diffie-Hellman Key Exchange • first public-key type scheme proposed • by Diffie & Hellman in 1976 along with the exposition of public key concepts • note: now know that James Ellis (UK CESG) secretly proposed the concept in 1970 • is a practical method for public exchange of a secret key
We’re using Big Integers here: Choose large secret prime numbers p and q Calculate N = p * q Choose exponent e such that gcd(e, (p-1)(q-1)) = 1 Normally choose 3, 17 or 65537 Public key is pair N and e Choose d so that e * d = 1 (mod (p-1)(q-1)) Private key is d (for efficiency d, p, q) Encryption: c = me (mod N) Decryption: m = cd (mod N) RSA Algorithm • Baby example p=7, q=11 N=77 37 gcd (37,(7-1)(11-1)) = 1 77, 37 13 37*13=481=1(mod 60) 13 237 mod 77 = 51 5113 mod 77 = 2