240 likes | 428 Views
Chapter 2: Foundations. The problem of providing secret communication over insecure media is the most traditional and basic problem of cryptography. ◎ Foundations. Terminologies: Sender vs. Receiver Messages vs. Encryption
E N D
Chapter 2: Foundations The problem of providing secret communication over insecure media is the most traditional and basic problem of cryptography.
◎Foundations Terminologies: Sender vs. Receiver Messages vs. Encryption Encryption vs. Decryption Algorithms vs. Ciphers Symmetric alg. vs. Public-Key alg. Cryptanalysis Security of Cryptosystems Classical Cryptography vs. PKC Plaintext Plaintext Original Encryption Ciphertext Decryption Plaintext A cryptographic algorithm, also called a cipher, is the mathematical function used for encryption and decryption. To encrypt a plaintext message, apply an encryption algorithm to the plaintext. To decrypt a ciphertext , apply a decryption algorithm to the ciphertext.
◎Foundations E(P) = C D(C) = P , D( E(P) ) = P ; describe these terms P, C, E, D ? If the security of an algorithm is based on keeping the nature of the algorithm secret, it is called RESTRICTED(algorithm). There are two general forms of key-based algorithms: symmetric and public-key. Symmetric algorithms are algorithms where the encryption key can be calculated from the decryption key and vice versa. In many such systems, the encryption key and the decryption key are the same. VS.
◎Foundations PS. Symmetric algorithm are also called secret-key alg, single-key alg. or one-key alg.. Symmetric algotithms can also be divided into two categories: (a) stream algorithms or stream ciphers (b) block algorithms or block ciphers KEY Plaintext Original Encryption Ciphertext Decryption Plaintext Encryption KEY (public key) Decryption KEY (private key) Plaintext Original Encryption Ciphertext Decryption Plaintext
◎Foundations In this class, ALGORITHM will refer specifically to the MATHEMATICAL TRANSFORMATIONS for encryption and decryption. CRYPTOSYSTEMS will refer to the algorithm, plus the way in which it is implemented. There are three kinds of cryptographic functions: hash functions, secret key functions, and public key functions. We will describe what each kind is, and what it is useful for. Public key cryptography involves the use of two keys. Secret key cryptography involves the use of one key. Hash functions involve the use of zero keys ! Try to imagine what that could possibly mean, and what use it could possibly have --- an algorithm everyone knows with no secret key, and yet it has uses in security.
◎Foundations CRYPTANALYSIS: 共有六種攻擊法,今依其難易度分成下述: (1) Ciphertext-only attack. Given: Deduce:Either ;or an algorithm to infer from (2) Known-plaintext attack. Given: Deduce:Either k, or an algorithm to infer from (3) Chosen-plaintext attack. Given:同上;where the cryptanalysis choose Deduce:同上
◎Foundations (4) Adaptive-chosen-plaintext attack. 動態選取明密文:由第一次選取而得之結果去決定第二次選取之明 密文對(pair) (5)Chosen-ciphertext attack. 給予數對 “密文→明文” 而求出key k (6) Chosen-key attack. This is not an attack when you are given the key. It is strange and obscure, not very practical.
◎Foundations Security of Cryptosystems All algorithms but one are theoretically breakable, given enough time and computing resources. If the time and money required to break an algorithm is more than the value of the encrypted data, then it is probably safe. An algorithm that is not breakable in practice is SECURE. Unconditionally secure VS. Computationally secure ,only a one-time pad is unbreakable given infinite resources(key 之長度大於明文長度). (針對 前者而言,這種僅用一次key的方法之管理成本高) The amount of computing time and power required to recover the encryption key is called the WORK FACTOR, and is expressed as an order of magnitude.
◎Foundations A cryptosystem is also called a CODE or a CIPHER. 參考資料:Substitution Ciphers & Transposition Cipher DES, Simple XOR均屬於此種類別, P XOR K = C C XOR K = P ( P XOR K ) XOR K = P Classical Cryptography This cryptosystem is called a stream cipher which is a classical cryptosystem.
1. Foundations, including terminology and concepts of cryptography. 2. Cryptographic Protocols, including protocol build blocks (secure cryptographic module), basic protocols (key exchange, authentication, secret sharing, etc.), intermediate protocols (subliminal channel, group signature, key escrow, etc.), advanced protocols (zero-knowledge proofs, blind signature, oblivious transfer, etc.), esoteric(奧秘的) protocols (secure elections, anonymous broadcast, digital cash, etc.).
3. Cryptographic Techniques, including key length, key management, and the using algorithms. 4. Cryptographic Algorithms, including mathematical backgrounds, DES and other block ciphers, one-way hash functions, public key cryptosystems. 5. Example Implementations, including some well-known commercial products and standards.
協定 (protocol) A protocol is a series of steps, involving two or more parties, designed to accomplish a task. Types of protocols Arbitrator:a trusted third party Adjudicator: is necessary in case of dispute Trent Alice Arbitrated protocol Bob
Bob Alice Adjudicated protocol Evidence Trent (After the fact) Self-enforcing protocol Alice Bob
Key Exchange (KE) A session key: used for only one particular communication session.(會議金鑰) {A common cryptographic technique is to encrypt each individual conversation between two people with a separate key} Q: 如何將此一session key k安全配送到送收雙方? Ans: 數種提案… (一) KE with symmetric cryptography(若KDC已然給A、B密鑰) (1) A ( KDC): 要求製作session key k (2) KDC ( A): ESKA (k) 及ESKB(IDA , k) (3) A: DSKA(ESKA(k)) = k ( B): ESKB(IDA , k) (4) B: DSKB(ESKB (IDA , k)) = (IDA , k) (5) A & B 從此有 k 可用. 若KDC被外人Mallet攻陷則慘矣!(由於此處以對稱式密碼為基,故用KDC/TTP取代CA)
傳統(對稱性)加密法之數位簽章需可信賴之第三者之助方得竟其功.{參考下圖}傳統(對稱性)加密法之數位簽章需可信賴之第三者之助方得竟其功.{參考下圖} M=Dka(C) C’=Ekb(M) TTP 3. C’ 2. C 1. C=Eka(M) M=Dkb(C’) Alice 與 Bob 沒有約定session key,兩人與TTP 分別約定 session keys ka 及 kb, Bob 收到密文后直接轉給 TTP,而 TTP 用與 Alice 約定之session key 解得明文,再用與Bob約定之 session key 加密后,送給Bob. TTP被完全信任?(否則2 passes即可)
(二) KE with public-key cryptography • B ( A): PKB {B 直接送自己的公鑰給 A 的確是奇怪之舉 !} • A : 產製 k (randomly) • ( B): PKB(k) • B : SKB(PKB(k)) = k • A & B 從此有 k 可用. Employing public-keys without CA’s support ? ( see next page for more details) 此協定雖說用PKC,但是太過簡略;因為(1)沒有CA之助, (2)沒有考量man-in-the-middle攻擊, (3) 竟然不加認證A之身分! (如果我們沒有CA概念則可理解)
(三) KE with public-key cryptography using a public-key database • A ( CA-like): PKB • A : 產製 k (randomly) • ( B): PKB(k) • B : SKB(PKB(k)) = k • A & B 從此有 k 可用. 若有攪局者, M, 在A與B之間宛如database之姿,則此種攻擊謂之 Man-in-the-Middle Attach(refer to next page now) Point: 這一類協定需要讓A與B交談雙方能夠相互印證對方;即mutual authentication;若需要透過CA之助,則A/B 與CA亦得相互認證. 注意上面兩協定均欠缺mutual authentication,當然不安全.
Man-in-the-Middle Attack • A B: PKA M B: PKM {M 用 PKM取代 PKA} • B A: PKB M A: PKM {M 用 PKM取代 PKB} • A B: EPKM(M) {Alice encrypts M with Bob’s public key, she thought} • M B: DSKM (EPKM(M))=M • EPKB(M) ( B) • (4) Similarly, when Bob sends message M’ to Alice, Mallet does the same tricky game.
Rivest & Shamir針對此攻擊法(Man-in-the-Middle Attack) 提出 “Interlock protocol”: • { A要 B 給重要訊息 mB之安全協定} • A ( B): PKA • B ( A): PKB • A ( B): half( PKB ( mA)) = α {譬如 僅取奇數位元/ 或mA之hash值} • B ( A): half( PKA ( mB)) = γ • A ( B): half( PKB ( mA)) 之另一半 =β • B: SKB(α, β) = mA • ( A): half( PKA ( mB))之另一半 = δ {注意 此協定旨在保護 mB } • (7) A : SKA(γ , δ) = mB 何以如此設計? mA應該是讓Bob可以據以認證Alice身分之資訊 因 一半密文無法解密,等你送出此一半,則無法挽回 ! 想一想: M攔截A與B之訊息且取代之以自己之訊息,則兩訊息 無關聯性;要之,M僅能愚弄兩者.
(四) KE with digital signatures 引入數位簽章可防KE作業時遭受 man-in-the-middle 攻擊;由於KDC利用自己的密鑰對A與B之公鑰簽章,因此A與B可利用KDC之公鑰驗證自己收到的公鑰是欲通訊之對方所有,KDC之功能類似今日之CA. (五) Key and Message Transmission • In the protocol below, Alice sends Bob the message, M, without any previous key-exchange( KE) protocol: • A : 產製a random session key, k 且對訊息M加密; Ek(M) =α • A ( KDC): PKB • A : EPKB(k) = β • A ( B): α , β {為了加強安全, 也可簽章之: ESKA(α , β)} • B : DPKA(ESKA(α,β)) = (α,β); DSKB(EPKB(k)) = k; Dk(Ek(M)) = M This is how public-key cryptography is most often used in a communications system. It can be combined with digital signature, timestamps, and any other security protocols.
(六) Key and Message Broadcast (在上一個協定之延伸概念下) Alice can send the encrypted message to Bob, Carol, and Dave: (1) A: Ek(M) (2) A ( KDC): PKB , PKC , PKD (3) A ( Bob, Carol, and Dave): EPKB(k), EPKC(k), EPKD(k) and Ek(M) (4) Only Bob, Carol, and Dave can decrypt the k key using his or her private key. (5) Only Bob, Carol, and Dave can decrypt Alice’s message using k. 至此,我們體會到環環相扣(mutual authentication)之必要性.
Some things you should know: Privacy: the ability to keep anyone but the intended recipient from reading the message. Authentication: reassurance to the recipient of the identity of the sender. Integrity: reassurance to the recipient that the message has not been altered since it was transmitted by the sender. Non-repudiation: the ability of the recipient to prove to a third party that the sender really did send the message. (also called third party authentication.)
Two hard problems: • Factoring problem: n = p * q (knowing n, hard to get prime p or prime q) • Discrete Logarithm Problem (DLP) : y = gx mod p (knowing y and large prime p and g, hard to get x) Both are the main techniques to support PKI
Observations 1. 對任意一明文 M需滿足 gcd(M, n) = 1, 此處 n=p*q; p與q為兩大質數. 2. 如何求 e 與 d兩數? 可取一與(n)互質之數e, 根據 e*d mod (n) = 1之條件,可求解 d (refer to上一頁) 3. 若 e 與 n 公開, 而 d 與 (n) 保密, 則安全可保. 4. 若有人欲分解 n = p*q,若 n 是200位數,而電腦可處理 106指令/秒(即1 MIPS)則破解 需106年.(此因數分解是NP-complete 問題) 5. 公開金鑰與對稱金鑰兩者之系統整合現況: Encrypted session key 密文 明文 收方私鑰 產製亂數 RSA解密 DES解密 DES加密 通訊基碼 session key RSA解密 發方公鑰 通訊基碼 session key RSA加密 Encrypted session key 密文 PKDB RSA加密 發方私鑰 收方公鑰