cs166 mynote
TRANSCRIPT
1
CS166INFORMATION SECURITY
San Jose State UniversityComputer Science Department Spring 2017Kaya Ota
TEXT BOOK 2
• This note depends on this text book (required in the class)
3
CHAPTER 1introduction
4 DEFINITIONS 1CONFIDENTIALITY, INTEGRITY, DATA AVAILABILITY
• Confidentiality • Preventing unauthorized reading of information.
• Integrity • At least detecting unauthorized writing** of information.
• Data Availability• Hidden the information is not a solution. We need data.
Need different methods to support these properties. **Writing can mean to write, to update, or to delete
5 DEFINITION 2TERMS • Cryptology – the art of science of making and breaking “secret codes”• Cryptography – the making of “secret codes”• Cryptanalysis – the breaking of “secret codes”
• Plain text -- the original text • Cipher text – encrypted text
6 DEFINITION 3SECURITY• Cryptosystem is secure if the best known attack requires as
much work as exhaustive key search. • Per se,
• We do Never guarantee that a cryptosystem NEVER lets attackers find a key
7 DEFINITION 4Confusion And Diffusion• Claude Shannon offers the fundamental cipher deign principle • Confusion – obscuring relationship between the plaintext and the
cipher-text• i.e. changing the plaintext to something else. • Example: Simple Substitution and One-Time-Pad
• Diffusion – spreading the plaintext statistically through the cipher text • i.e. rearranging the plaintext to generate the cipher-text • Example: double transposition
8
CHAPTER 2Crypt basis
9 SIMPLE SUBSTITUTIONROT 13
From Wikipedia
The original set of letters “hello” does not appear in the cipher
text Confusion is satisfied.
10 SIMPLE SUBSTITUTION Caesar Cipher • General version of rot 13 cipher• Simple substitution is confusion cipher
• Although using E in the plain, E does not necessary appears in the chiphertxt
How (many) to shift / substitute is a
keyIn this case
key = 3 or 23Gaius Iulius Caesar
https://upload.wikimedia.org/wikipedia/commons/4/4a/Caesar_cipher_left_shift_of_3.svg
SIMPLE SUBSTITUTION 11
• Simple substation is weak at letter analysis.
• The attacker can determine the most frequently appeared letter is “E”
• The next most is then “T” …..and so on.
• So, the cipher is not SECURE.• There exist short cut key search
Winner!!!
ONE TIME PAD 12
• One time pad is made on the beauty of Xor
• repeat within the “one-time” pad made cryptanalysis possible
13
CHAPTER 3Symmetric key Crypto
14 STREAM CIPHER
Key stream bit (K)
Plaintext bit (P)
Key generator
Key seed
EncryptCiphe rtext bit
(C)
Ciphe rtext bit (C)
Plaintext bit (P) decrypt
Key stream bit (K)
Key generator
Key seed
15 STREAM CIPHERS
• A stream cipher takes a key K of n bits in length and stretches it into a long keystream
• A keystream is XORed with the plaintext P to get a ciphertext • Ciphertext = Keystream Xor Plaintext
• The function of streamcipher: StreamCipher(K) = S • Where K is the key and S is the keystream
• A keystream is NOT a cipher text
16 STREAM CIPHERS
• Encrypt • C0 = p0 xor s0• C1 = p1 xor s1• C2 = p2 xor s2
Given a keystream S= s0, s1, s2 …. Given a plaintext P = p0, p1, p2….. Given a ciphertext C=c0, c1, c2…
Decrypt p0 = c0 xor s0 p1 = c1 xor s1 p2 = c2 xor s2
17 LIST OF STREAM CIPHERS
• One time pad • A5/1• RC4
18 A5/1 - STREAM CIPHER
• A5/1 is used for confidentiality in GSM cell phone • A5/1 uses 3 liner feedback shift registers (LFSR)
• LFSR X holds 19 bits• LFSR Y holds 22 bits • LFSR Z holds 23 bits • So, LFSR hold total of 64 bits
• Key of A5/1, K holds 64 bits• The key is used as the initial fill of the 3 registers
• Key = initial value of 3 registers
19 STREAM CIPHER – REGISTERS IN DETAIL
• When register X steps, the following series of operation occurs:• t = x13 xor x16 xor x17 xor x18 • xi = x(i-1)
• x0 = t
20 BLOCK CIPHER
• Deterministic algorithm operating on fix-length groups of bits, called blocks, with unvarying transformation that is specified by a symmetric key.
21 FEISTEL CIPHER
• Plaintext P = (L0, R0) for I = 1,2,,,,n • Next round represented by:
• Li = R(i-1)• Ri = Li
22 MAC – Message Authentication Code --
• MAC uses a block cipher to ensure data integrity.• Encrypt the data in CBC mode,
23 FUNDAMENTAL PROBLEM SYMMETRIC KEY CRYPT
• How to exchange the key?
24
CHAPTER 4Public key Crypt
25 Difference Between Symmetric And Public Key Crypt
Symmetric Key Crypt
• Use one key to encrypt and decrypt
• Efficient• Easy to compute encrypt and
decrypt • Problem
• How do we share the key? • i.e. Key exchange problem
Public Key Crypt • Use two keys
• Encrypt with public key • Decrypt with private / secret key
• Inefficient • Require computational effort
• Problem • Reliability
• Can we trust who made the public key?• i.e. key exchange problem
26 PUBLIC KEY CRYPTOSYSTEM
• Public key crypto-sys is based on a trap-door one-way function. • Trap-door features
• an attacker can not use the public information to recover private information
• One-way features • Easy to compute get , but difficult to find out from • Hash function
27 PUBLIC KEY CRYPTOSYSTEM
• Encrypt Message M with Alice’s public key: C = {M}alice • Decrypt the ciphertext C with Alice’s PRIVATE key: M = [C]alice
• The notation for Alice signing message M is S = [M]alice
[ {𝑀 }𝑎𝑙𝑖𝑐𝑒 ]𝑎𝑙𝑖𝑐𝑒= {[𝑀 ]𝑎𝑙𝑖𝑐𝑒 }𝑎𝑙𝑖𝑐𝑒=𝑀Important Relation
28 USES OF PUBLIC KEY CRYPTO
• What a symmetric key can do is doable with public key: but slower.• include Confidentiality • include Integrity : digital signature.
Integrity is provided bySymmetric: MAC
Public: digital signature
29 NON-REPUDIATION
• Non-repudiation is not a TECHNICAL problem, rather human error (maliciously).
• The concept of non-repudiation is essentially important for financial / e-commerse apps
• “Technically” required to prove that a unique user has made a transaction request.
http://world.std.com/~cme/non-repudiation.htm
Want to buy: order
I have never ordered!
Money Back!deriver
b
How do we prove she did buy?
30 Digital Signature
• Digital signature is used for integrity (detecting unAuth writing)• Technological solution for non-repudiation
• The signature is written and locked(encrypted) by only the sender and her PRIVATE key.
• The receiver will only unlocked(decrypt) by the sender’s public key
Public key crypt does not face to key
exchange problem because the receiver do
not need private key!OPEN
!
Public key IS accessible by anyone
31 DIGITAL SIGNATURE
• Signature is signed
only by The sender
Much: Verify the signature Miss-Much: not verify the
signature
32 ANALOGY OF PUBLIC KEY
• Every body can try with their public key
• But, only the expected person can open it.
http://yaplog.jp/tkgenmu/image/132/281
Every one can try to pull out the sword.But, only certain person can actually pull out
the sword
33
CHAPTER 5Hash Function ++
34 CRYPTOGRAPHIC HASH FUNCTION
• Compression • For any size input x, the output length of y = h(x) is small.
• Efficiency • Easy to compute h(x) for any input x • O(h(x)) should not grow too fast.
• One-way • Given any value y, it computationally infeasible to find a value x such that h(x) = y
• Weak Collision Resistance • Strong Collision Resistance
• It’s infeasible to find any x and y, such that x != y and h(x) == h(y)
Compression v.s. Strong Collison Resistance
Theoretically: contradict Practically: infeasible enough
So, OK!
35
• Given hash function h, Alice will sign M by the first hashing M then signing the hash • Alice computes
M,
S=[h (M ) ]Alice
Alice
Verify
Bob
More Secure > less SecureSigning(h( M )) >>
signing(M)
要確認
36 BIRTHDAY PROBLEM 1 Who has the same birthday with me in n-people?
• How large must N be before the probability that someone has the same birthday as you is greater then ½?
• Solve for N: • N = 253
My birthday is:1/1
How many people do I need to ask to find
one sharing birthday ?
37 BIRTHDAY PROBLEM 2WHO SHARES BIRTHDAY? • How large must N b e before we expect two or more people will have the
same birthday?
• Solve for N: N = 23
Does anyone share Birthday ?
38 Correlation Between Hash And Birthday Problem • Suppose h(x) generate an output with N bits long
• Then there are possible hash values • Since , birthday problem implies that • if we hash about different input, we can expect to find a collision.
Yes, repetition. choose value
independent from Previous event
Birthday problem tells how many inputs will be enough to
find a collision.
39 RANDOM NUMBERSnon-security app• Random number is often used for non-security application as well.
• Purpose: simulation, various statistical applications. • In non-security applications, random numbers only need to be statistically random
• i.e. they must be indistinguishable from random• Actually, there is repetitions in generating random.
• Persuade-random number commonly predictable • See mathematical modeling note
Random だけど Random じゃなかった!
出典 : となりのトトロ (さつきとメイ)
40 RANDOM NUMBERSsecurity applications • Random has to be statistically unpredictable • Let Alice’s key Ka, Bob’s key Kb, Charlie’s key Kc, and Dave has Kd • Assume Alice, Bob, Charlie do not like Dave. • They share(pool) their keys information
• Persuade-random is statically predictable, so pooling key-info might help them to figure out Dave’s key
• It is not secure if knowing Ka, Kb, Kc lets Alice, Bob, Charlie determines Kd (Dave’s key)
41
42
43
ADDITIONAL INFORMATION Reference and Credit
44 REFERENCE
• https://www.owasp.org/index.php/Guide_to_Cryptography#Non-Repudiation
45 CREDIT
• https://www.supinfo.com/articles/single/3654-modern-type-of-cryptography• http://www.stealthcopter.com/blog/2010/01/python-cryptography-decoding
-a-caesar-shift-frequency-analysis/
• https://clipartfest.com/categories/view/9acd078310c7d1d137c81e8cac2bb3ce5631a97b/signing-paper-clipart.html
• By Matt_Crypto - http://en.wikipedia.org/wiki/File:Caesar3.png, パブリック・ドメイン , https://commons.wikimedia.org/w/index.php?curid=30693472
• Gif anime http://popkey.co/m/AoZ7p-evil-witch-trapdoor• One time Pad image:
https://pt.slideshare.net/fadwa_stuka/lecture-2-12758871