250 likes | 525 Views
Cryptography. OverviewQuick History, Fundamentals, Threats
E N D
1. [3ICT1] Security- Cryptography - Karl Quinn
2. Cryptography Overview
Quick History, Fundamentals, Threats & Attacks.
Cryptographic Algorithms
Symmetric
Asymmetric
Cryptographic Ciphers
Cipher Block Chaining
Stream Cipher
Cryptographic Attacks
Brute Force
Chosen Plaintext
Man-in-the-middle
3. Cryptography History Ancient History
Polybios; ‘Polybios square’
Ceasar; simple ‘shifting’ substitution.
More Current
Pre-WWII
Scherbius; ‘Enigma Machine’
1970’s
Feistel; ‘Feistel Cipher’s’ (Pre-cursor to DES, 3DES)
Rivest, Shamir, and Adleman; ‘RSA’
WWW - Age
Schneider’s ‘Applied Cryptography’
Published algorithms w/ source code.
4. Fundamentals Why use cryptography…
Confidentiality
…msg contents remain secret.
Integrity
…msg contents not tampered/altered/etc.
Authentication
…msg recipient/sender is who they
states they are.
5. Threats & Methods of Attacks Security Threats
Leakage; unauthorised acquisitions.
Tampering; unauthorised alterations.
Vandalism; interference without gain.
Methods of Attack
Eavesdropping; Acquiring msg w/out authority.
Masquerading; fraudulent use of identity for comm’s.
Message Tampering; intercept, alter, and resend.
Replaying; storing msg’s and resending later.
Denial of Service; flood a channel to
deny legitimate access.
6. Cryptographic Key Two main approaches for successful encryption, with a hybrid third option.
(1) Shared Key Encryption [Symmetric]
Sender and recipient share knowledge of a secret key that is used to encrypt plaintext messages as cipher-text.
(2) Public/Private Key Encryption [Asymmetric]
Sender uses the recipients ‘public key’ to encrypt plaintext messages, which are then decrypted by the recipient using the corresponding ‘private key’.
(3) Hybrid Public/Private w/ Shared
Distribute shared via public/private key.
7. Cryptographic Terminology #1 Protagonists in security protocols
Alice; First participant
Bob; Second participant
Carol; participant in 3 or 4 party
Dave; participant in 4 party
Eve; eavesdropper
Mallory; Malicious attacker
Sara; A server
8. Cryptographic Terminology #1 Cryptographic Notation
KA : Alice’s Secret Key.
KB : Bob’s Secret Key.
KAB : Shared Key between Alice and Bob.
KApriv : Alice’s Private Key
KApub :Alice’s Public Key
{M}K : Message M encrypted with key K
[M]K : Message M signed with key K
9. Shared Key Encryption Communications between Alice and Bob using the shared key KAB
(1) Alice uses KAB and the encryption function E(KAB,M) to encrypt messages for Bob.
(2) Bob decrypts the cipher text using D(KAB, {M}K).
10. Shared Key Encryption Problems with previous example;
(1) How can Alice send the secret key to Bob securely?
(2) How can Bob know that the messages contents weren’t tampered with?
(3) How does Bob know that a message
hasn’t just been replayed?
11. Shared Key Examples Tiny Encryption Algorithm (TEA)
Simple, 128-bit key.
Uses rounds of integer addition, XOR, and bitwise logical shifts to achieve plaintext diffusion and confusion.
Void encrypt(unsigned long k[], unsigned long text[]){
unsigned long y = text[0], z = text[1];
unsigned long delta = 0x9e3779b9, sum = 0; int n;
for(n = 0; n < 32; n++){
sum+=delta;
y += ((z<<4)+k[0])^(z+sum)^((z>>5)+k[1]);
z += ((y<<4)+k[2])^(y+sum)^((y>>5)+k[3]);
}
text[0] = y; text[1] = z;
}
12. Shared Key Examples Data Encryption Standard (DES)
US encryption standard for years, 56-bit-key.
Triple-DES (3DES) applies DES three times with two keys. Therefore, 112-bit key.
International Data Encryption Algorithm (IDEA)
All round option, successor to DES. 128-bit key.
Encrypts/Decrypts ~3 times faster than DES.
Advanced Encryption Standard (AES)
Widely used symmetric encryption algorithm.
AKA ‘Rijndael’, AES is fast, relatively easy to implement, and requires little memory.
13. Public Key Encryption Communications between Alice and Bob using Bob’s Public key KBpub
(1) Alice uses KBpub to encrypt message M, E(KBpub, M).
(2) Bob receives the encrypted message and decrypts its contents using KBpriv.
D(KBpriv, {M}K ).
14. Public Key Encryption Problems with previous example?
(1) How/Where does Alice get Bob’s public key?
(2) Can require 100 to 1000 times more processing power than shared key encryption.
15. Public Key Examples. Rivest, Shamir, Adelman (RSA)
Uses ‘trap-door functions’, which is a one way function with a secret exit… it is easy to compute in one direction but infeasible to compute the inverse unless secret is known.
To find a key pair ‘e’, ‘d’…
Choose 2 large prime numbers P and Q to form
N = P x Q
Z = (P-1) x (Q-1)
For d, chose any number relatively prime with Z.
To find e, solve e x d = 1 mod Z.
Function to encrypt; Me mod N.
E(KE, M) = {M}K
Function to decrypt; Cd mod N.
D(KD, {M}K) = M
16. Public Key Examples. RSA with workable numbers…
(1) Let P = 13, and Q = 17,
Using N = P x Q, N = 221
Z = (P-1) x (Q-1), Z = 192.
(2) Chose d = 5.
Solving e x d = 1 mod 192 = 1, 193, 385, …
385 is divisible by d,
Therefore, e = 385/5 = 77.
Function to encrypt; M77 mod 221.
Function to decrypt; C5 mod 221.
17. Public Key Examples Elliptical Curve Cryptography
Public Key not shared.
Generates key through the properties of elliptic curve equations not based on difficulties associated with factoring large numbers.
Shorter keys are secure.
Lower processing overhead than RSA.
18. Hybrid Key Encryption In e-commerce public key security needs no secure key distribution mechanism.
Public key encryption as a large computational overhead in relation to shared key encryption.
Therefore, one can use public key encryption to authenticate a party and to also encrypt secret keys for secure distribution.
This securely distributed secret key is then used for all subsequent transaction. See SSL.
19. Cryptographic Ciphers Block Ciphers
Most encryption algorithms work with fixed sized blocks of data, 64-bits is popular.
A message is divided into 64-bit blocks w/ padding on the last block if necessary.
Each block is encrypted independently.
Simple block cipher can allow pattern recognition between the ciphertext and plaintext.
Integrity of message is not guaranteed.
Cipher Block Chaining overcomes above weaknesses.
20. Cryptographic Ciphers Plaintext blocks
Ciphertext blocks
21. Cryptographic Ciphers
plaintext
stream
22. Confusion and Diffusion Shannon’s principle of confusion and diffusion conceals content of ciphertext.
(1) Confusion
XOR and circular shifting to combine plaintext blocks with a key to produce pattern that obscures the relationship between encrypted and unencrypted blocks.
(2) Diffusion
Dissipates repetition patterns and redundancy that are found in plaintext.
Unavailable to stream ciphers as they
don’t use blocks.
23. Cryptographic Attacks Brute Force Attack
Try every possible mathematical value of K in computing E(K, M) until result matches {M}K.
Chosen Plaintext Attack
Try to guess ciphertext by using a public key to encrypt known plaintext and hope they match.
Man-in-the-middle
Mallory positioned between Alice and Bob, and substitutes a known shared key.
24. Summary Summary of main concepts
(1) Cryptographic Algorithms
Symmetric
Asymmetric
(2) Cryptographic Ciphers
Cipher Block Chaining
Stream Cipher
(3) Cryptographic Attacks
Brute Force
Chosen Plaintext
Man-in-the-middle
25. Reference Coukouris, G., Dollimore, J., Kindberg, T., ‘Distributed Systems, Concepts and Designs’, Addison-Wesley, Third Edition, 2001.