1 / 21

Chapter 5

Chapter 5 . Cryptography Protecting principals communication in systems. Cryptography . Security engineering meets math Cryptography science and art of designing ciphers Cryptanalysis science and art of breaking them Cryptology is both Input is plaintext output is ciphertext.

dleasure
Download Presentation

Chapter 5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5 Cryptography Protecting principals communication in systems

  2. Cryptography • Security engineering meets math • Cryptography science and art of designing ciphers • Cryptanalysis science and art of breaking them • Cryptology is both • Input is plaintext output is ciphertext

  3. Historical background • Early stream cipher • Vigenere • Early block cipher • Playfair • One-Way functions • Protect integrity and authenticity or message • Test key • Asymmetric primitives • Public and Private key

  4. Random Oracle Model • Elf is in a box with following items: • Scroll (infinite length) to store previously provided results • Die for randomness

  5. Random Function • Accepts input string of any length, outputs a random string of fixed length • Useful for storing passwords • Creates a message digest (hash value) • Useful for sending digital signature, since digital signature is long, it can stand for the signature. • Same as hashing as learned in database • Same string always produces same output string

  6. Random function • One-way • Given string can produce output string • Given hash value very difficult to produce original image • To attack must keep feeding in input strings until get lucky and match output string, even then not definate. • Collisions can occur but hard to find in a true pseudorandom function

  7. Random Generator • Stream Cipher • Short input, long output • Also know as key stream • Go to key stream generator, enter a key, get a long string of characters to xor with • Good for encrypting back-up data for instance • Must know key to get proper key stream • Do not re-use key, or can decrypt • Can prevent this by using a seed with each subsequent message

  8. Random permutations • Block Ciphers • Input output fixed size • Given plaintext and key output cipher text • Given Cipher text and key output plaintext • Given plaintext and cipher text do nothing

  9. Public key Encryption • Elf will encrypt message for anyone, but will decrypt only for key owner. • So I can give away my public key and anyone can encrypt to me, but only I can decrypt.

  10. Digital signature • Can be created by only one person, but checked by anyone. • So these are the basic primitives of symmetric crypto schemes

  11. 5.4 Symmetric crypto primitives • Block ciphers confusion and diffusion • S-box • Maps numbers (look-up table) • Cipher must be wide enough • Must have enough “rounds” • S-boxes of good design • Advanced Encryption Standard (AES)

  12. DES • Used widely for banking government etc • 56 bits key • Always a weakness • 14,000 Pentium machines on the net broke a challenge in 4 months • Machine built that can do it in 3 days • Currently inadequate

  13. Modes of operation • Electronic code book (ECB) • Cipher Block Chaining (CBC) • Output feedback (OFB) • Cipher Feedback (CFB)

  14. Asymmetric Cypto Primitives • Public key encryption • Digital signatures • Based on number theory • Prime numbers • RSA current algorithm based on factoring • Used in SSL

  15. Asymmetric Cypto Primitives • PGP • Government systems • Based on discrete logarithms • DSA Digital Signature Algorithm • AKA Digital Signature Standard (DSS)

  16. Certification • We can do public key encryption and digital signatures • Now must bind keys to users • CA Certification Authority can do that • Signs users public encryption • Verifies signature • Third party trusted source

  17. Discussion topics • Breaks of Rijndael • Current uses of PGP • Current uses of certificates and digital signatures.

  18. List of resources • Cryptography • http://en.wikipedia.org/wiki/Cryptography • Random Oracle Model • http://en.wikipedia.org/wiki/Random_oracle_model • http://www-cse.ucsd.edu/users/mihir/papers/ro.pdf • Public Key • http://en.wikipedia.org/wiki/Public-key_cryptography • Block ciphers • http://www.rsasecurity.com/rsalabs/node.asp?id=2168

  19. List of resources • S boxes • http://en.wikipedia.org/wiki/S-box • AES • http://en.wikipedia.org/wiki/Advanced_Encryption_Standard • DES • http://www.rsasecurity.com/rsalabs/node.asp?id=2226

  20. List of resources • Modes of operation • http://www.faqs.org/faqs/cryptography-faq/part01/ • See 5.14 • http://en.wikipedia.org/wiki/Padding_(cryptography) • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci344947,00.html

  21. List of resources • Asymmetric • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci836964,00.html • DSA DSS • http://www.rsasecurity.com/rsalabs/node.asp?id=2239 • Certificates • http://www.verisign.com/products-services/security-services/index.html

More Related