410 likes | 436 Views
King Fahd University of Petroleum & Minerals College of Computer Science & Engineering. SEC511 Principles of Information Assurance and Security Lecture 3 Cryptography Overview. Cryptography Definition. Comes from Greek word meaning “secret writing”
E N D
King Fahd University of Petroleum & Minerals College of Computer Science & Engineering SEC511 Principles of Information Assurance and Security Lecture 3 Cryptography Overview
Cryptography Definition • Comes from Greek word meaning “secret writing” • It refers to the science of transforming information into a secure form while it is being transmitted or stored so that unauthorized users cannot access it
Goals of Cryptography Secure communication
Goals of Cryptography Secure storage
Terminology • Plaintext:Original unencrypted information. • Ciphertext: The information after being encrypted by an encryption algorithm. • Encryption: Producing ciphertext from plaintext using cryptosystem (also called encipherment). • Decryption: Reverse process of encryption (also called decipherment). • Algorithm:Process of encrypting and decrypting information based on a mathematical procedure .
Terminology Key: Value used by an algorithm to encrypt or decrypt a message, and should only be known by sender/receiver. Cipher: Encryption or decryption algorithm tool used to create encrypted or decrypted a text.
Symmetric-Key Cryptography In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared.
Modes of operation* Figure 8.1 Modes of operation * See: Forouzan, Chapter 8
Electronic Code Book (ECB) Figure 8.2 Electronic codebook (ECB) mode
Cipher Block Chaining (CBC) Figure 8.3 Cipher block chaining (CBC) mode
Cipher Feedback (CFB) Figure 8.4 Encryption in cipher feedback (CFB) mode
CFB as a Stream Cipher Figure 8.5 Cipher feedback (CFB) mode as a stream cipher
Output Feedback (OFB) Each bit in the ciphertext is independent of the previous bit or bits. This avoids error propagation. Figure 8.6 Encryption in output feedback (OFB) mode
OFB as a Stream Cipher Figure 8.7 Output feedback (OFB) mode as a stream cipher
Counter (CTR) In the counter (CTR) mode, there is no feedback. The pseudorandomness in the key stream is achieved using a counter. Figure 8.8 Encryption in counter (CTR) mode
CTR mode as a stream cipher Figure 8.9 Counter (CTR) mode as a stream cipher
Modern Symmetric-key Ciphers • Symmetric-key: A shared secret key is used for both encryption and decryption. • Block Ciphers: • Each block of data is encrypted at once • Examples: DES, AES • Stream Ciphers: • Small unit of data (bit, byte, character) is encrypted individually. • Examples: RC4, A5/1
Data Encryption Standard (DES) • DES: was published by NIST in 1975 • Block size: 64 bits • Key size: 56 bits • Phase-out: NIST adopted 3DES in 1999 • Encryption and decryption with DES:
Advanced Encryption Standard (AES) • AES: adopted by NIST in 2001 to replace 3DES. • Block size: 128 bits • Key sizes: 128/192/256 bits • AES Security: • More secure than DES and 3DES due to larger blocks and keys. • Most of the known attacks on DES were already tested on AES. • AES Implementation: • Can be implemented in software, hardware, and firmware. • Implementation can use table lookup process or routines. • Simplicity and Cost: • AES is design to run efficiently on an 8-bit processor.
Asymmetric-Key Cryptography • Asymmetric key cryptosystem: • Uses two separate keys: • Public: for encryption (receiver’s public key) • Private: for decryption (receiver’s private key). • Examples: • RSA • ElGamal • Rabin
Kerckhoff’s principle • Based on Kerckhoff’s principle, one should always assume that the adversary knows the encryption/decryption algorithm. The resistance of the cipher to attack must be based only on the secrecy of the key. • Claude Shannon (father of Information Theory) reformulated the principle simply: The enemy knows the system • This to contrast to: Security through obscurity
Cryptanalysis As cryptography is the science and art of creating secret codes, cryptanalysisis the science and art of breaking those codes.
Cryptanalysis: Ciphertext-Only Attack • The attacker has only a ciphertext
Cryptanalysis: Known-Plaintext Attack • The attacker has access to a plaintext/ciphertext pair, in addition to the intercepted ciphertext.
Cryptanalysis: Chosen-Plaintext Attack • The attacker chooses the pair plaintext/ciphertext
Cryptanalysis: Chosen-Ciphertext Attack • The attacker chooses the ciphertext and decrypts it.
The Need for Integrity The cryptography systems that we have studied so far provide secrecy, or confidentiality, but not integrity. However, there are occasions where we may not even need secrecy but instead must have integrity. See: Forouzan Chapter 11
Document and Fingerprint One way to preserve the integrity of a document is through the use of a fingerprint. If Alice needs to be sure that the contents of her document will not be changed, she can put her fingerprint at the bottom of the document.
Message and Message Digest The electronic equivalent of the document and fingerprint pair is the message and digest pair.
Cryptographic Hash Function • A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string. • The data to be encoded is often called the "message," and the hash value is sometimes called the message digest or simply digest. • The ideal cryptographic hash function has four main or significant properties: • it is easy (but not necessarily quick) to compute the hash value for any given message • it is infeasible to generate a message that has a given hash • it is infeasible to modify a message without changing the hash • it is infeasible to find two different messages with the same hash
Summary • How to guarantee each combination of the following: • Confidentiality • Authentication • Integrity • Non-Repudiation
The end Reading: Forouzan Chapters: 3, 6, 7, 8, 10, and 11