270 likes | 368 Views
T101 Networks. 11 – Crypto Basics. Lesson Objectives. describe the goals of computer security explain some cryptographic terms describe simple encryption schemes such as substitution and transposition explain the difference between symmetric and asymmetric encryption. Network Security.
E N D
T101 Networks 11 – Crypto Basics
Lesson Objectives • describe the goals of computer security • explain some cryptographic terms • describe simple encryption schemes such as substitution and transposition • explain the difference between symmetric and asymmetric encryption
Network Security • computer networks have three major problems • security • security • security • network security, and computer security in general, are very large fields of research • T101 does the basics, T211 does more
Network Security • Think of your use of the Internet, then: • describe something that you would like to keep private • describe some transaction you do that you want to guarantee has not been altered • name a web site whose identity you want to be guaranteed • name a service on the Internet that would cause you major inconvenience if it was not available
What else do we need?(Part 2) • eCommerce and Online Banking • what are the risks? • how can you be sure that you are connected to kiwibank.co.nz and not some other site? • how can you be sure that someone hasn’t used Wireshark to capture your bank login details as the packets travel through the net? • how can you be sure that someone hasn’t modified your bank transactions in transit?
Cryptography Basics • Cryptography is… • protecting privacy • authentication of identities • preservation of integrity • …in an environment of mistrust
Some Terms • encryption • decryption • key • plaintext • ciphertext
Substitution Ciphers • some early examples include the Caesar cipher and Atbash in the Book of Jeremiah • Playfair cipher used in the Boer War • numerous examples in popular culture from Sherlock Holmes to Futurama • see http://en.wikipedia.org/wiki/Substitution_cipher#Substitution_ciphers_in_popular_culture
Transposition Ciphers • Scytale dates from about 500BC, maybe used by Spartans and Greeks
Try it • Have a go at the substitution and transposition ciphers in the notes
Modern Techniques • Modern encryption schemes can be classified into two major groups • Symmetric • Asymmetric • Symmetric encryption uses combinations of substitutions and transpositions • Asymmetric encryption uses a mathematical problem that is difficult to solve
Symmetric Ciphers • encryption key is the same as the decryption key • use combinations of substitutions and transpositions • security depends upon the length of the key because • if the key is too short, an attacker can try all different keys until one of them decrypts the message • this is called a brute force attack
Brute Force • Special machines are capable of trying all possible keys provided the key is not too long • 56 bit keys (for DES) can be checked at 282 billion keys per second • About 68 hours to try all keys
Symmetric ciphers • To prevent brute forcing of all possible keys, the minimum key size of 128 bits is recommended • This give 2128 possible keys (about 3x1038) • If you could try say a billion billion (1018) keys in a second, it would take 3 x 1020 seconds or 1013 years to try them all • This is longer than the age of the universe! • Symmetric ciphers are therefore secure provided you choose a random key
Just one problem with Symmetric Ciphers… • and it’s a big problem • what is it?
Asymmetric Encryption • encryption key and decryption key are different • the encryption key is made public • the decryption key is kept private • hence the terms public and private keys • and the term public key encryption • clearly the encryption and decryption keys are related to each other
Digression • in order to get a grip on how asymmetric ciphers work, consider solutions to a simpler problem • remote coin toss • two people want to play chess over the phone • how do they decide who plays white? • how can cheating be prevented? • a similar problem arises with online gambling sites, card playing etc…
Remote Coin Toss • what is your solution?
Remote Coin Toss • scientifically it can be proven that this problem has no solution … • …but practically it is fairly easy to solve • all solutions rely on a common theme • timing • the coin “tosser”, only gives the “caller” a limited amount of time to decide
Possible Solutions • the 250th digit of pi is 7; true or false? • what will happen if this scheme is used too often? • lab computers take 40s to calculate pi to 4,000 places • the last word on page 345 of my copy of Dickens’ Little Dorritt is “rumble”; true or false? • perhaps use google books to verify • given enough time, the caller can always discover the solution, provided that the solution is verifiable! • and the question has to be verifiable (over the phone), otherwise it isn’t a fair question!
Asymmetric Encryption • the same principle of timing is the basis for asymmetric encryption • it must take a long time to calculate the decryption key, if you only know the encryption key • how long is long enough? • longer than it would take to brute force all possible keys would be long enough
Example • RSA Encryption is the most widespread asymmetric algorithm in use today • although elliptic curve cryptography may soon surpass it in popularity • to calculate the decryption key, requires the factorisation of a very large integer (which is one part of the public key) • eg. what are the two factors of 35237
Example • 211 x 167 = 35237 • a computer can work this out quite quickly • what about 2741705033491671684660775633583877955888483196303212832139674169405024060173561809129616471979988615558491707675950107725691293368607252266140312259625177 ??? • that’s 154 digits (or 512 bits) • how long would that take a computer?
Factoring Speeds • in 1999, a 155 digit number (512 bits) was factorised using • a network of over 280 computers • a Cray supercomputer • over 5 months effort • in 2009, a 232 digit number (768 bits) was factorised • network of many hundreds of machines • over 2½ years in time • RSA uses 308-616 digit numbers
Problems with Asymmetric Ciphers • all current asymmetric systems rely on some awkward arithmetic • coding errors in the arithmetic have been known • about 1,000 times slower than symmetric • produce big chunks of ciphertext (because of those big numbers that are used) • so not suitable for encrypting a few bytes of data, especially if speed is important
Asymmetric Ciphers • … but asymmetric ciphers can solve the big problem that symmetric ciphers have • homework • work out how before next week! • they can also be used for digital signatures
Summary • terminology: ciphertext, plaintext, key, encryption and decryption • substitution and transposition ciphers • symmetric ciphers • just one problem! • asymmetric ciphers • no good for some jobs • solve the big problem of symmetric ciphers • enable digital signatures