1 / 25

Introduction to Cryptography Techniques

Introduction to Cryptography Techniques. How secure is that banking network traffic?. Social and Computing Implications of Cryptography. The internet is a collection of networks designed to deliver data packets. Packets are easy to sniff.

archie
Download Presentation

Introduction to Cryptography Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Cryptography Techniques How secure is that banking network traffic?

  2. Social and ComputingImplications of Cryptography • The internet is a collection of networks designed to deliver data packets. • Packets are easy to sniff. • The internet is not secure, but is used to connect banks, the power grid, pipelines, transportation systems, etc.

  3. Terms • Plaintext – the readable message • Ciphertext – the coded message key key plaintext ciphertext plaintext Encryption Decryption

  4. Types of Attacks • Ciphertext Only– adversary uses just the ciphertext to gain either the key or the plaintext (really bad encryption) • Known Plaintext– adversary gets the key using some ciphertext and its plaintext • Chosen Plaintext– adversary introduces some plaintext to generate some ciphertext

  5. Symmetric Key Encryption • Both parties share a secret key • The single key is used for both encryption and decryption • Encryption and decryption are equal efforts

  6. Shift Ciphers key = amount to shift each character Example: Rotate13 ‘A’ + 13 = 1 + 13 = 14 = ‘N’ So, the message “aardvark” becomes “nneqinex”.

  7. Shift Ciphers Advantage of Rot13: Easy to implement. Rot13('A') = 'N' (1 + 13)%26 = 14 Rot13('N') = 'A' (14 + 13)%26 = 1 So, one function does both encoding and decoding. Disadvantage of Any Rotation: Very easy to break – just try all 26 possibilities. aka - Brute Force attack.

  8. Substitution Cipher Key = list of character substitutions Example: Key = “Chair” A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Y Z c h a i r B D E F G J K L M N O P Q S T U V W X Disadvantage: Susceptible to Character Frequency Analysis

  9. Character Frequencies

  10. Character Frequencies

  11. Polyalphbetic Ciphers Key is repeated and used to shift characters. Example plaintext now is the time for all + key aar dv ark aard var kaa Ciphertext opo mo uzp ujei bpj lmm

  12. Polyalphbetic Ciphers Advantage: Thwarts character frequency analysis. For example, an “e” will encrypt to several different letters. Disadvantage: Statistics can still be used to break the code.

  13. Polyalphbetic Ciphers How to Break Them: 1 - Look for repeated strings. For example, if the characters “thi” appear together frequently, then it could be because the key is hitting a common word. Text = and we need to test and retest Key = ste ve stev es teve ste vestev Sum = thi sj gyjz yh njoy thi njmyxp

  14. Polyalphbetic Ciphers How to Break Them: 2 – Determine Probable Key Length The start of strings “thi” are frequently separated by distances that are multiples of 5. So, key length is probably five. 3A – Try keys of that length. 3B – Use CharFreqAnal on characters separated by that length.

  15. One-Time Pad • Key is used to shift the plaintext. • Key is used only once. • Key has same length as the message. • Advantage: Unbreakable! • Disadvantage: Requires lots of keys.

  16. DES History • Data Encryption Standard • Solicited in 1973 by the National Bureau of Standards (National Institute of Standards and Technology) • Developed by IBM and the NSA • Adopted in 1977

  17. DES Design Principles • Confusion – complicate the relationship between key and ciphertext • Diffusion – spread structure of plaintext around the ciphertext

  18. DES Design Overview • http://www.itl.nist.gov/fipspubs/fip46-2.htm • Key = 56 bits plus 8 parity bits • 70,000,000,000,000,000 possible keys of 56 bits • Key generates 16 subkeys • 16 rounds of functions

  19. Breaking DES • 1993 – design of $1M machine to search entire key space in one day • 1997 – design of $1M machine to search entire key space in one hour • 1999 - “DES Challenge” prize claimed in 22 hours by distributed.net • 2006 - University of Bochum and Kiel, Germany, uses $10,000 hardware cost to get average time of 6.4 days. • triple DES is much less breakable

  20. Unix Crypt “man 3 crypt” #include <unistd.h> char *crypt(const char *key, const char *salt); crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.

  21. Password Salt • Based on time when password created • First two letters in the passwd field • Used to discourage a brute force attack Encrypting every dictionary word then comparing that list to passwd entries will not work since every dictionary word can yield 4096 different possibilities. • Even if my password is the same for two systems, they have different salts so they look different

  22. Public Key Encryption • Two Keys : encryption and decryption • Encryption key is public • Decryption key is private • Once sender encrypts a message, even they can’t decrypt it

  23. Public Key Encryption • Receiver sends their public key to the sender • Sender encrypts message using that public key • Sender sends encrypted message • Receiver decrypts message using their private key

  24. Summary Nothing on a public network is completely safe.

More Related