1 / 0

Cryptography

Cryptography . Cryptography Issues. Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message End-Point Authentication: sender, receiver want to confirm identity of each other

moira
Download Presentation

Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography

  2. Cryptography Issues Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message End-Point Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
  3. Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages Alice Bob data, control messages channel secure sender secure receiver data data Trudy
  4. Who might Bob, Alice be? … well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates
  5. Simple encryption scheme substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E.g.: Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc Key: the mapping from the set of 26 letters to the set of 26 letters
  6. Breaking an encryption scheme Cipher-text only attack: Trudy has cipher text that she can analyze Two approaches: Search through all keys: must be able to differentiate resulting plaintext from gibberish Statistical analysis Known-plaintext attack:trudy has some plaintext corresponding to some cipher text e.g.in monoalphabetic cipher, trudy determines pairings for a,l,i,c,e,b,o, Chosen-plaintext attack:trudy can get the cipher text for some chosen plaintext
  7. Computationally Secure Algorithms The cost of breaking the cipher exceeds the value of the encrypted information The time required to break the cipher exceeds the useful lifetime of the information
  8. Where should I implement my security?
  9. Types of Cryptography Crypto often uses keys: Algorithm is known to everyone Only “keys” are secret Public key cryptography Involves the use of two keys Symmetric key cryptography Involves the use one key Hash functions Involves the use of no keys Nothing secret: How can this be useful?
  10. Block VS Stream Ciphers Stream ciphers encrypt one bit at time Block ciphers Break plaintext message in equal-size blocks Encrypt each block as a unit
  11. Stream Ciphers pseudo random keystream generator key keystream Combine each bit of keystream with bit of plaintext to get bit of ciphertext m(i) = ith bit of message ks(i) = ith bit of keystream c(i) = ith bit of ciphertext c(i) = ks(i)  m(i) ( = exclusive or) m(i) = ks(i)  c(i)
  12. Block ciphers Message to be encrypted is processed in blocks of k bits (e.g., 64-bit blocks). 1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext Example with k=3: inputoutput 000 110 001 111 010 101 011 100 inputoutput 100 011 101 010 110 000 111 001 What is the cipher text for 010110001111 ?
  13. Alice Bob 1. Construct m 2. Compute c= F(m,k) c 3. Send c to Bob 4. Receive c from Alice 5. Compute d=F-1(c,k) 6. m = c Symmetric Key Encryption System Alice encrypts a message with the same key that Bob uses to decrypt. Trudy can see c, but cannot compute m because k is only known to Alice and Bob
  14. DES (Data Encryption Standard Adopted in 1977 by NIST Input: 64-bit plaintext, 56-bit key (64 w/ parity) Parity Bits: redundancy to detect corrupted keys Output: 64-bit Ciphertext Susceptible to Brute-Force (try all 256 keys) 1998: machine Deep Crack breaks it in 56 hours Subsequently been able to break even faster Key size should be at least 128 bits to be safe
  15. General Schematic of DES
  16. Initial Permutation (IP) first step of the data computation IP reorders the input data bits even bits to LH half, odd bits to RH half quite regular in structure (easy in h/w)
  17. DES round structure uses two 32-bit L & R halves The overall process at each iteration Li= Ri–1 Ri= Li–1 XOR F(Ri–1, Ki) Concerns about: The algorithm and the key length (56 bits) Longer key lengths essentials for critical applications
  18. Triple DES Use three keys and three executions of DES algorithm (Encrypt-Decrypt-Encrypt) C=EK3(DK2(EK1(P))) Decryption is the reverse P=DK1(EK2(DK3(C))) Effective Key Length of 168 bits
  19. Need for a new standard DES had been used for a long time A replacement for DES is needed Can use triple DES but SLOW US NIST called for ciphers in 1997 15 candidates accepted in June 1998 5 were short-listed in August 1999 Rijndael was selected as the Advanced Encryption Standard in October 2000
  20. The AES crypto systems In the Rijndael proposal, the block length and the key length can be independently specified to be 128, 192 or 256 bits The AES standard limit the block length to 128 bits Key length can be 128, 192 or 256 bits Easy to implement, both in hardware and software Resistant against all know attacks
  21. Public Key Cryptography Uses two keys for every simplex logical communication link Public Key Private Key The use two keys has profound consequences in the area of Confidentiality Key Distribution Authentication
  22. Illustration::Encryption
  23. Applications Three categories Encryption/Decryption The sender encrypt a message with receivers public key Digital signature/Authentication The sender sign a message with his private key Key Exchange Two sides cooperate to send a session key
  24. The RSA public key algorithm RSA Algorithm, Developed by Ron Rivest, AdiShamir and Len Adleman at MIT in 1977 A block Cipher The most widely implemented
  25. RSA Key Generation
  26. RSA :: Encryption Plaintext: M<n Ciphertext: C=Me(mod n)
  27. RSA :: Decryption Ciphertext: C Plaintext: M=Cd(mod n)
  28. Example Select two prime numbers, p=7 and q=17 Calculate n=pq=7x17=119 Calculate Фn=(p-1)(q-1)=96 Select e such that e is relatively prime to Фn=96, and less than Фn In this case, e=5 Determine d such that, de=1(mod 96) and d<96 d=77, because 77x5=385=4x96+1 Public key KU={5,119} Private key KR={77,119}
  29. Example Encryption process: Say, Plaintext M = 19 Ciphertext C = 195(mod 119) = 2476099(mod 119) = 66 Decryption process: M=6677(mod 119) = 19
  30. Message Authentication Authentication using conventional encryption Only the sender and receiver share a key Message authentication without message encryption An authentication tag is generated and appended to each message Message authentication code Calculate the MAC as a function of a message and the key MAC=F(K,M)
  31. Message Authentication Code
  32. Digital Signatures A hand written signature is the function of the signer only, not the message Hand written signatures can be copied or forged The digital equivalent of a hand written signature would be useless in eCommerce Must be able to Compare with the real signature, and Must be sure it is not copied or forged How can A prove his identity in the internet?
  33. Digital Signatures One way Hash Function Hash Result Encrypted with KR Original Document Original Document Digital Signature Hash Digital Signature Digital Signature Computed by Applying one way Has function to original message Encrypting results with senders private key Receiver can verify by Applying one way has function to received document Decrypting signature by senders public key Comparing the two results: equality means document unmodified
  34. Identity Documents What is an identity document? (Passport, Birth Certificate, Driver’s License, etc) A piece of paper Issued by a third party With information verifying the identity of the holder Identity document id USELESS without a challenge Challenge: Protocol for holder to prove he is the person named in the document Photograph Signature Finger print
  35. Digital Certificate A digital identity document binding a public-private key pair to a specific person or organization Verifying a digital signature only proves that the signer had the private key corresponding to the public key used to encrypt the signature Does not prove that the public-private key pair belonged to the claimed individual We need a independent third party to verify the person’s identity (through non-electronic means) and issue a digital certificate
  36. Digital Certificate Contents Serial Number Name of Holder Public key of holder Name of the trusted third party (Certificate Authority) Digital Signature of certificate authority Data on which HAS and public-key algorithms have been used Other business or personal information
  37. X.509 version 2 certificate
  38. Electronic Payment Systems
  39. Payment Cards The term payment card describes all types of plastic cards used to make purchases Credit card Has a spending limit based on a user’s credit history Debit card Removes an amount from a cardholder’s bank account Transfers it to the seller’s bank account Charge card Carries no spending limit Amount charged is due at the end of the billing period
  40. Advantages & Disadvantages of payment cards Advantages: Widespread acceptance Usually have built-in security for merchants Disadvantage: Payment card service companies charge merchants per-transaction fees and monthly processing fees
  41. Payment card processing
  42. Smart Cards An electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card Smart Card Applications Ticketless travel: Seoul bus system Authentication, ID Medical records E-Cash Store loyalty programs Personal profiles Government Licenses Mall parking
  43. Secure Electronic Transaction (SET) Protocol Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM, GTE, SAIC, and others Designed to provide security for card payments as they travel on the Internet Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers and merchants in addition to providing secure transmission SET specification Uses public key cryptography and digital certificates for validating both consumers and merchants Provides privacy, data integrity, user and merchant authentication, and consumer non-repudiation
  44. The SET protocol
  45. SET Payment Transactions SET-protected payments work like this: Consumer makes purchase by sending encrypted financial information along with digital certificate Merchant’s website transfers the information to a payment card processing center while a Certification Authority certifies digital certificate belongs to sender Payment card-processing center routes transaction to credit card issuer for approval Merchant receives approval and credit card is charged Merchant ships merchandise and adds transaction amount for deposit into merchant’s account
  46. SET uses a hierarchy of trust
More Related