280 likes | 369 Views
Chap 1: Introduction. Some background The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext). C usually has the same length as M or even longer E(M) = C, D(C) = M D(E(M)) = M
E N D
Chap 1: Introduction • Some background • The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext). • C usually has the same length as M or even longer • E(M) = C, D(C) = M • D(E(M)) = M • Can you apply the encryption and decryption algorithm to some random sequence?
What functionality can the encryption algorithms provide: • Confidentiality • Authentication • Integrity • Non-repudiation
Introduction • Two kinds of cryptographic algorithms • Keep the method secret • Good: safe for low security requirement • Bad: user group dynamics, proof of correctness, how to communicate with outsider, reverse engineering • Make the algorithm public but keep the key secret • Now the encryption/decryption algorithms need the key as a parameter • Safety depends on the key only • Good: safety analysis can be conducted, have standard implementation (user can setup the key)
Introduction (cnt’d) • Symmetric algorithms • The encryption and decryption key can be calculated from each other easily (most of the time the same). • Block algorithms and stream algorithms • DES and XOR operation • Good: efficient and fast, easy to deploy • Bad: key pre-distribution, scalability, broadcast or multicast, proof to third party
Introduction (cnt’d) • Public-key encryption • First appear in 1970’s • Two keys: public key and private key • Private key cannot be derived from public key • Everyone can send a packet to Alice • Only Alice has the private key to recover the packet • If Alice uses the private key to encrypt a message, can be viewed as a digital signature • Strong, scalable, easy for broadcast and multicast, but very slow
Introduction (cnt’d) • Attack to encryption system • Cipher-text only attack • The amount of traffic matters • Known plaintext attack: try to get the key or a method to decrypt • Chosen plaintext attack: try to get the key or a method to decrypt • It is not difficult to have the 2nd or 3rd type of attack • Key point • Keep the cost to break the system higher than the gain of the information
Introduction (cnt’d) • Can you always break an encryption system? • One time pad • Brute-force attack: Try every possible key • Make it impossible in practical world • How much energy required to flip a bit in the memory, and how much memory we are generating per year. Real example at NASA • How much aluminum is needed to store 1TB data, and how much aluminum do we have on the Earth.
Introduction (cnt’d) • Several old fashion encryption algorithms • Substitution ciphers • Replace a character in the plaintext with another character • Replace a multi-char group with another multi-char group • Example: Caesar cipher • Try to figure out the length of the key • Transposition ciphers • Shuffle the order of characters • The frequency of characters does not change • XOR and one-time pad: • Many good properties of XOR • If the random bits repeat in cycle, it is dangerous • Synchronization at both side is always a problem
Vigenère Cipher • Like Caesar cipher, but use a longer key • Example • Message THE BOY HAS THE BALL • Key VIG (right shift 21, 8, 6 times, then start again) • Encipher using Caesar cipher for each letter: key VIG VIG VIG VIG VIGV plain THE BOY HAS THE BALL cipher OPKWWE CIY OPK WIRG
Chap 2: Building blocks • There are hundreds of security related protocols, fortunately, only a limited number of building blocks are involved • Secure blocks may construct not-secure protocols • How to organize these blocks shows the skills of the researchers • Security protocols: • Prevent eavesdroppers • Prevent or detect cheaters
Building blocks (cnt’d) • Classification of protocols • Arbitrated Protocols • Example: Buying a used car from a stranger • Good: simple, everyone feels safe • Bad: how to find the Trusted Third Party (TTP) on the network, who will pay the cost, bottleneck at TTP, single point of failure
Building blocks (cnt’d) • Classification of protocols • “Judge” Involved Protocols • TTP get in only when disagreement arise • Similar to the difference between prevention and detection • Good: avoid the bottleneck • Bad: still need to keep the TTP, and need to keep evidence now
Building blocks (cnt’d) • Classification of protocols • Self enforced protocols • The best group of protocols • If one party wants to cheat, the other party can detect and abort the procedure • Good: avoid the bottleneck • Bad: usually more complicated and more overhead
Block 1: one way functions • One way function is easy to calculate in one direction, but not the other. • Given x, easy to get f(x) • Given f(x), even f() is known, still not easy to get a x that satisfies f(x) • Trap door one way function • Given x, easy to calculate f(x) • Given f(x), difficult to get x • Given f(x) and a secret y, easy to get x • Think about asymmetric encryption
Block 1: one way hash function • Map a variable-length input string to a fixed length string: fingerprint the file • Easy to get Hash(x) when giving x • Almost impossible to find a x that satisfies Hash(x) • Almost impossible to find two files x and x’ to have the same hash value • Minor change in x, large changes in Hash(x) • Since the hash value is shorter, we have conflict: • We can easily rule out files, but not guarantee this is the origin file • Still good enough in courts, like DNA tests
Block 1: one way hash function • Usage of hash function • Timestamp a file and prove that you are the creator (can be used to timestamp the homework) • MD5 values of the downloaded files • A commitment that cannot be easily changed • Verify the integrity of the files in a file system • Security problems: how and where to save the hash values • Use a secret key k, do not store k on the computer, use Hash(x, k) to prevent change on the computer: usually called MAC code (message authentication code)
Block 2: communication using symmetric crypto algorithms • Steps: (1) Alice and Bob agree on a key k and an encryption algorithm (2) Alice calculates E_k (message) and sends the cipher text to Bob (3) Bob decrypts the message and gets the plaintext • Problems • How to determine the key: must in a secret place • How to convince other people it is from Alice instead of Bob • Number of keys increases fast, not scalable
Block 3: communication using asymmetric crypto algorithms • First appeared in 1976, proposed by Diffie and Hellman • Two keys: public key and private key, it is almost impossible to get private key from public key. • A certain kind of trap door one way functions: private key is the secret • Steps: • Alice and Bob agree on a public key encryption algorithm • Bob sends his public key to Alice (3) Alice calculates E_pubB(message) and sends the cipher text to Bob (4) Bob decrypts the message with the private key and gets the plaintext
Block 3: communication using asymmetric crypto algorithms • Solve the problem in symmetric crypto methods: the key can be transferred in public • More scalable, easy for multicast • New problems: • How can we make sure it is Bob’s public key • Trusted Third Party • Certificate for the public key • How to guarantee the sender’s identity • Some story about public key • NSA says it is unnecessary • But claims credit for it
Hybrid crypto systems • Symmetric methods are fast, easy to implement, but require special attention during key distribution • Asymmetric methods are slow, but more secure • Careful about the forward search attack • Hybrid: • Using asymmetric method to distribute key • Using symmetric method to encrypt data
Communication using hybrid crypto systems • Steps • Bob sends Alice his public key • Alice encrypts the session key with this public key and sends to Bob • Both Alice and Bob know the session key and can use it for data traffic Open question: why should B trust A’s capabilities to generate keys?
Merkle’s puzzle • Make the life of an eavesdropper difficult • The receiver can randomly choose one message • The eavesdropper has to try almost all of them
Block 4: Digital signature • Signature by symmetric encryption: • TTP will get involved • Who should store the encrypted messages? • How to send to a third party: through TTP again • Signature with asymmetric encryption • Using the private key for signature • If the signature is like “I owe Bob $100”, a timestamp should also be included in the signature to avoid replay attack.
Never ever sign a random message or something you cannot see the plaintext
Block 5: Random number • Pseudo random numbers: • Usually will repeat after a long sequence • Must long enough • Real random numbers: • Lava lamp • Earthquake strength or interval
Dual encryption • Let’s assume that everyone in the network has a public-private key pair. Alice wants to send a message to Bob and convince that it is from Alice. • Two possible format: which is better??
Dual encryption • Answer: • Alice should first sign the message, then use Bob’s public key to encrypt the packet • Reason 1: If Alice’s private key is the outer layer, everyone with Alice’s public key will be able to decrypt it. • Reason 2: never sign a random string that you do not know what it is (Example of RSA) • Two pair of public-private keys for everyone: one for encryption, one for digital signature