introduction to computer security - foundations of cryptography
TRANSCRIPT
![Page 1: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/1.jpg)
Introduction to Computer SecurityFoundations of Cryptography
Pavel LaskovWilhelm Schickard Institute for Computer Science
![Page 2: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/2.jpg)
Secret communication
Encryption
Alice Bob
Decryption
key
unitue
plaintext
I love you
plaintext
I love you
ciphertext
C ywoy cih
key
unitue
![Page 3: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/3.jpg)
Cryptography and security objectives
Which security objectives are addressed by cryptography?
Confidentialitysymmetric cryptographyasymmetric cryptography
Integrityhashing
Authentication and non-repudiationdigital signatures
![Page 4: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/4.jpg)
Cryptography and security objectives
Which security objectives are addressed by cryptography?
Confidentialitysymmetric cryptographyasymmetric cryptography
Integrityhashing
Authentication and non-repudiationdigital signatures
![Page 5: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/5.jpg)
Symmetric cryptography
Encryption
Alice Bob
Decryption
shared key
unitue
plaintext
I love you
plaintext
I love you
ciphertext
C ywoy cih
shared key
unitue
any valid key
![Page 6: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/6.jpg)
Early permutation cipher: scytale
Encryption:Wrap a parchment strip over a woodenrod of a fixed diameter and write lettersalong the rod.
Decryption:Wrap a received strip over a wooden rodof the same diameter and read off thetext.
Example:troopsheadingnorthsendmorefood
−→ thgsr renee oaonf odrdo pitmo snhod
![Page 7: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/7.jpg)
Monoalphabetic substitution cipher: Caesar
EncryptionReplace each letter with the one threepositions to the right in the alphabet.
DecryptionReplace each letter with the one threepositions to the left in the alphabet.
Example:
HABES OPINIONIS MEAE TESTIMONIUM
MDEHV RSNQNRQNV PHDH XHVXNPRQNZP
![Page 8: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/8.jpg)
Polyalphabetic substitution cipher: Vigenere
EncryptionWrite the key over a message,repeating as necessary.Substitute each letter with the onefrom an appropriate column in theVigenere tableau.
DecryptionSame as encryption, use a rowinstead of a column.
Example:unitueuniloveyou
−→ cywoycih
![Page 9: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/9.jpg)
Polyalphabetic substitution: Enigma
Operating principle: electromechanicalvarying map substitutionMain components:
3–5 rotors with pre-defined connectivityinter-rotor rings: mapping between letters andconnectionsletter swap by jumper cables
Key definition: rotor types, ring positions,jumper settingsTag UKW Walzenlage Ringstellung ---- Steckerverbindungen ----
31 B I IV III 16 26 08 AD CN ET FL GI JV KZ PU QY WX
30 B II V I 18 24 11 BN DZ EP FX GT HW IY OU QV RS
29 B III I IV 01 17 22 AH BL CX DI ER FK GU NP OQ TY
![Page 10: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/10.jpg)
One-time pad ciphers
Encryption:Generate a random key sequence.Add a key to a message usingmodular arithmetic.
Decryption:Subtract a key from a message usingmodular arithmetic.
Example:7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message
+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key
= 30 16 13 21 25 message + key
= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) mod 26
![Page 11: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/11.jpg)
Feistel cipher: S and P boxes
S-boxComplex substitution controlled by a keySecure if enough internal statesUnrealizable for a large number of states
P-box
Block-wise permutation of digitsSimple transformation with maximalentropyInsecure against a “tickling attack”
![Page 12: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/12.jpg)
Feistel network
Revival of the idea of a product cipherStrong polyalphabetic substitution via multiple roundsFollows theoretical principles of Shannon
![Page 13: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/13.jpg)
A practical Feistel cipher
A multiple-round scheme withseparate keysEncryption:
Li+1 = Ri Ri+1 = Li ⊕ f (Ki, Ri)
Decryption: reverse the key order
Li+1 = Ri Ri+1 = Li⊕ f (Kn−i, Ri)
3 rounds suffice to achieve apseudorandom permutation
![Page 14: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/14.jpg)
DES: Digital Encryption Standard
Adopted in 1977 after two rounds of proposalsWon by IBM’s Lucifer cipher based on Feistel’s designKey length reduced by NIST from 128 bits to 56 bitsSubject to extensive cryptanalysis research in 1990s’Broken by specialized hardware crackers in 1997–1999(fastest result: 22 hours 15 minutes by Deep Crack)Still widely used in practice (as 3DES)Replaced by Advanced Encryption Standard (AES) in 2000
![Page 15: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/15.jpg)
DES overview
PermutedChoice 1
64 bit plaintext 56 bit key
InitialPermutation
Iteration 1PermutedChoice 2
Left CircularShift / 2
K1
Iteration 2PermutedChoice 2
Left CircularShift / 2
K2
Iteration 16PermutedChoice 2
Left CircularShift / 2
K16
32 bit Swap
Inverse InitialPermutation
64 bit ciphertext
...
![Page 16: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/16.jpg)
DES round structure
Li-1 Ri-1
ExpansionPermutation
Ci-1 Di-1
Left Shift Left Shift
Permutation Contraction(Perm. Choice 2)+
4848 Ki
S-Box: Choice Substitution
Permutation
+
Li Ri Ci Di
48
32
32 bit 32 bit 28 bit 28 bit
32
Data to be encrypted Key used for encryption
![Page 17: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/17.jpg)
Other symmetric ciphers
Block ciphersAlgorithm Key size Block size Rounds Applications3DES 112/168 64 48 Finance, PGP, S/MIMEAES 128/192/256 128 10/12/14 Repl. for DES/3DESIDEA 128 64 8 PGPBlowfish up to 448 64 16 Various softwareRC5 up to 2048 64 up to 255 Various software
Stream ciphersAlgorithm Key size IV State ApplicationsA5/2 54 114 64 GSMRC4 40-256 8 2064 WEP, WPA, SSL, SSH, Kerberos, etc.
![Page 18: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/18.jpg)
Resume of symmetric cryptography
Provides (with some exceptions) a reliable means forenforcing confidentialityHighly efficientKey distribution is a major problem!
![Page 19: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/19.jpg)
Asymmetric cryptography
Encryption
Alice Bob
Decryption
Bob’s public key
unitue
plaintext
I love you
plaintext
I love you
ciphertext
C ywoy cih
Bob’s private key
zxtr9y
specially generatedkeypair
![Page 20: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/20.jpg)
Prime numbers
An integer p is a prime number if its only divisors are ±1 and±p.A positive integer c is said to be the greatest common divisorof a and b if
c is a divisor of a and of b;any divisor of a and of b is a divisor of c.
Integers a and b are said to be relatively prime if
gcd(a, b) = 1.
![Page 21: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/21.jpg)
Euler’s totient function
A totient φ(n) of an integer n is the number of integers lessthan n that are relatively prime to n.Example:
φ(9) = 6 : {1, 2, 4, 5, 7, 8}
Two integers a and b are congruent modulo n, written asa ≡ b mod n, if
(a mod n) = (b mod n)
Euler’s Theorem: If a and n are relatively prime, then
aφ(n) ≡ 1 mod n.
![Page 22: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/22.jpg)
RSA overview
Alice sends her love message to Bob via RSA:
Alice BobGenerate a keypair Ku / Kr
Send Ku to AliceEncrypt plaintext M with Ku
Send ciphertext C to BobDecrypt C with Kr
![Page 23: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/23.jpg)
RSA key generation
Step ConditionSelect p, q p, q prime, p 6= qCompute n = p× qCompute φ(n) = (p− 1)(q− 1)Select 1 < e < φ(n) gcd(φ(n), e) = 1Compute d (de) mod φ(n) = 1 (∗)Public key Ku = {e, n}Private key Kr = {d, n}
![Page 24: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/24.jpg)
RSA encryption and decryption
Encryption:
Plaintext: M < nCiphertext: C = Me mod n
Decryption:
Ciphertext: CPlaintext: M = Cd mod n
![Page 25: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/25.jpg)
Correctness of RSA encryption
By the property (∗),
(de) mod φ(n) = 1 ⇒ ∃k : (de) = 1 + kφ(n).
Then,
M?≡ Cd mod n
≡ (Me)d mod n
≡ M(ed) mod n
≡ M1+kφ(n) mod n?≡ M mod n
![Page 26: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/26.jpg)
Correctness of RSA encryption (ctd.)
For prime numbers p,
φ(p) = (p− 1).
By the key generation algorithm and the multiplicative property ofthe totient function,
φ(n) = φ(p) · φ(q) = (p− 1) · (q− 1).
By Euler’s Theorem, if p does not divide M,
M(p−1) = 1 mod p
and since (p− 1) divides φ(n)
M1+kφ(n) ≡ M mod p.
Similar argument holds for q and hence for n = pq.
![Page 27: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/27.jpg)
What’s secret in RSA?
An attacker needs to know d to decrypt C.To find d, an attacker needs to solve (∗):
(de) mod φ(n) = 1.
For this, he needs to know φ(n).If p and q are known, then finding φ(n) is trivial:
φ(n) = (p− 1) · (q− 1)
However p and q are discarded during key generation.Factoring n into a product of two prime numbers is anintractable problem!Finding φ(n) directly is likewise intractable.
![Page 28: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/28.jpg)
Other asymmetric ciphers
Algorithm E/D D.S. KEX HardnessRSA Yes Yes Yes FactorizationElGamal Yes No No DLPDSS No Yes No DLPDiffie-Hellmann No No Yes DLPElliptic curve Yes Yes Yes EC DLP
![Page 29: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/29.jpg)
Summary
Cryptographic methods provide solutions for variousconfidentiality, integrity and authentication tasks.Symmetric cryptography is based on a single key that mustbe shared between the communication parties and keptsecret.Asymmetric cryptography is based two related keys; onlyone of them (private key) must be kept secret, the other one(public key) can be distributed over insecure media.
![Page 30: Introduction to Computer Security - Foundations of Cryptography](https://reader031.vdocuments.mx/reader031/viewer/2022021022/6204ed5b4c89d3190e0c9e48/html5/thumbnails/30.jpg)
Next lecture
Cryptographic hash functionsDigital signatures