210 likes | 337 Views
Cryptography I. Dimitrios Delivasilis Department of Information and Communication Systems Engineering University of Aegean. Who am I …. Dr. Dimitrios Delivasilis E-mail: d.delivasilis@isecure-e.com
E N D
Cryptography I Dimitrios Delivasilis Department of Information and Communication Systems Engineering University of Aegean
Who am I … • Dr. Dimitrios Delivasilis • E-mail: d.delivasilis@isecure-e.com • Web:http://www.icsd.aegean.gr/info-sec-lab/userpages/fellows/d.delivasilis/d.delivasilis_start.htm • Office: 2nd Floor, Lymberis Building • Office Telephone: TBA • Office Hours: Monday all day
Course Breakdown • Objective: Introduce main principles of conventional cryptography and explore modern cryptographic techniques • The module is approximately consisted of 12 three-hour lectures and 2 revision sessions. • Overall course mark: 60% Exam + 40% Coursework
Bibliography • B. Schneier, “Applied Cryptography,” Second Edition, John Wiley & Sons, 1996 • A. Menezes, P. van Oorschot, S. Vanstone, “Handbook of Applied Cryptography,” CRC Press, 1996 http://www.cacr.math.uwaterloo.ca/hac • I. Niven, H. S. Zuckerman, H. L. Montgomery, “An Introduction to the Theory of Numbers,” John Wiley and Sons Inc., 1991. • T.M. Cover, J. A. Thomas, “Elements of Information Theory,” John Wiley and Sons Inc., 1991
Topics to be covered • One way and trap door functions • Pseudorandom bit generators and functions • Block ciphers and modes of operation • Stream ciphers • Private key encryption • Public key encryption • Message authentication • Digital signatures • Key distribution • Cryptographic protocols • Mathematics for cryptography
Need for Security We describe the IT industry as s $2-3 trillion business but do we really have an idea of the value of data that the IT industry support? Security is a necessity, we cannot afford to treat it as a luxury.
Current Security Attitude • Information security hasn’t yet adopted risk management as a philosophy • Instead of creating a culture of security, we are often creating a culture of getting around security • We treat any information security activity as burning corporations’ money without any return value
Consequences • Security breaches with catastrophic monetary implications: • “Melissa” in 1999 caused $80 million damages worldwide • “I Love You” in 2000, within one day, caused $100 million in United States damages and over $1billion worldwide. • Security reported incidents are seriously mining corporation’s profile, creating more complications and spreading fear among its customers
The Security Trinity The security trinity should be the foundation for all security policies and measures that an organisation develops and deploys
Get to know your opponent • Hacker or else adversary: People trying to access and even use/alter data on sites without the necessary permission • They are divided into three categories: • Amateurs • Crackers • Career Criminals
Security Requirements Computer security may be described in terms of its main six characteristics: 1. Integrity 2. Confidentiality 3. Availability 4. Authentication 5. Non-repudiation 6. Access control
Source Destination Source Destination (a) Normal flow of information from a source to a destination (b) Interruption Source Destination Source Destination Non authorised Destination Non authorised Destination (d) Fabrication (c) Modification Source Destination Non authorised Destination (e) Interception Security Threats and Attacks The main four categories of possible security attacks
Passive Threats Interception Release of message contents Traffic Analysis Active Threats Masquerade Replay Modification of message contents Denial of Service Passive vs. Active Attacks
Basics of Conventional Cryptography… Definition: Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication (Menezes et al., 1997)
Milestones of Cryptography 1918 William F. Friedman, “The index of Coincidence and its applications in Cryptography.” • Edward H. Herbern filed the first patern for a rotor machine • Claude Shannon, “The Communication Theory of Secrecy Systems.” • David Kahn, “The codebreakers.” • W. Diffie and M. Hellman proposed Public Key Cryptography 1978 Rivest, Shamir and Adleman: 1st public encryption and signature scheme, referred to as RSA. 1980 NSA via the American Council on Education seek Congress’s approval to obtain legal control of publications in the field of cryptography
Cryptographic Objectives • Confidentiality • Data Integrity • Authentication • Non-repudiation
Cryptosystem Evaluation • Level of security • Functionality • Methods of Operation • Performance • Ease of Implementation
Background on functions… • What is function f? • 1-1, onto, bijection • Inverse function • One way functions: • Function f from X to Y, one-way, if f(x) “easy” to compute for all x X, but for “essentially all” y Im(f) “computationally infeasible” to find any x X such that f(x)=y
… Background on functions • Trapdoor one-way functions: • Trapdoor one-way function is a one-way function with the additional property that given some extra information (trapdoor information) it becomes feasible to find for any given y Im(f), an x X such that f(x)=y • Permutation • Involution
Basic Terminology • A: denotes a finite set called the alphabet of definition • M: denotes a set called the message space • C: denotes a set called the ciphertext space
Encryption and Decryption… • Encryption is the transformation of text or other data into coded form, often compressed in addition, for transmission over a public network or for protection of data stored on disks. • "Encryption is basically an indication of users' distrust of the security of the system, the owner or operator of the system, or law enforcement authorities." L. Rose, 1995. • K: denotes a set called the key space.