principles of cryptography
TRANSCRIPT
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 1/20
1
Principles of Cryptography
Section 8.2
Ali Erkan & John BarrIthaca College
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 2/20
2
Chapter Outline
8.1: What is network security?
8.2: Principles of cyrptography
8.3: Message Integrity and End-Point Authentication
8.4: Securing e-mail
8.5: Securing TCP connections: SSL
8.6: Network layer security: IPsec and VPNs
8.7: Securing wireless LANs
8.8: Operational Security: Firewalls and Intrusion Detection
Systems
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 3/20
3
What Is Network Security?
Conventional use:
Sender encrypts message, receiver decrypts message
Confidentiality:
A
Authentication:A
Message Integrity:
A
Access and Availability:
Services must be accessible and available to users
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 4/20
4
An Issue That Cuts Across The Protocol Stack
Application Layer:
A
Transport Layer:
A
Network Layer:A
Data-link Layer:
A
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 5/20
5
Who Might Alice And Bob Be?
Secure
sender
Alice
Trudy
Channel
Control, data messages
Secure
receiver
Bob
Data Data
Web browser/server for electronic transactionsOn-line banking client/server
Surveillance systems
DNS servers
Routers exchanging routing table updates
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 6/20
6
What Can Trudy Do? Just Look At That Face...
Secure
sender
Alice
Trudy
Channel
Control, data messages
Secure
receiver
Bob
Data Data
Eavesdrop: Intercept messages
Inject: Actively insert messages into connectionImpersonate: Spoof source address (or any field in packet) in packet
Hijack : Take over ongoing connection by removing sender or
receiver, inserting himself in place
Overload: Prevent service from being used by others (DoS)
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 7/20
7
Notation And Variables
Encryption
algorithm
Ciphertext
Channel
Alice Bob
Decryption
algorithm
Plaintext Plaintext
KA KB
m: A
K A: A
K A(m): A
K B: A
K B(K A(m)): A
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 8/20
8
Notation And Variables
Encryption
algorithm
Ciphertext
Channel
Alice Bob
Decryption
algorithm
Plaintext Plaintext
KA KB
Symmetric key systems:• K A = K B; both are private
Public key systems:• K A,priv used to A
• K A,public used to A
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 9/20
9
Sym. Key Systems: The “Old” Ones
Ceaser cipher, k=3:
plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphertext d e f g h i j k l m n o p q r s t u v w x y z a b c
With brute force, it takes 26 tries to figure out mapping
Monoalphabetic cipher:
plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphertext m n b v c x z a s d f g h j k l p o i u y t r e w q
With brute force, it takes 26! tries to figure out mapping
With statistical observations, much easier to crack
Polyalphabetic cipher:plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
C 1(k = 5) f g h i j k l m n o p q r s t u v w x y z a b c d e
C 2(k = 19) t u v w x y z a b c d e f g h i j k l m n o p q r s
pattern C 1, C 2, C 2, C 1, C 2
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 10/20
10
Sym. Key Systems: Data Encryption Standard
DES:
• US encryption standard [NIST 1993]
• OK for commercial and non-classified use
• 56-bit symmetric key, 64-bit plaintext input
NIST STATEMENT
“The goal is completely scramble the data and key so that every bit of
the ciphertext depends on every bit of the data and every bit of the
key... With a good algorithm, there should be no correlation between
the ciphertext and either the original data or key”.
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 11/20
11
Sym. Key Systems: Data Encryption Standard
f(L2,R2,K2)
64-bit input 56-bit key
permute
R1L1
R2L2
f(L1,R1,K1)
48-bit K16
48-bit K2
48-bit K1
64-bit output
permute
R3L3
R17L17
What happens in f ()?
The 64-bit input and the 48-bit
key for the ith round are taken as
input to f () that involves
expansion of 4-bit input chunks
into 6-bit chunks, XOR-ing withthe expanded 6-bit chunks of the
48-bit key K i, a substitution,
XOR-ing with the leftmost 32
bits of the input.
How does decryption work?
By reversing the steps of the
operation.
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 12/20
12
Sym. Key Systems: Data Encryption Standard
How secure is DES?
• DES Challenge: 56-bit-key-encrypted phrase1 brute forcely
decrypted 4 months (Google ‘des challange’)
• No known “backdoor” decryption approach.
Making DES more secure:
• Use three keys sequentially (3-DES) on each datum
Advanced Encryption Standard:
• New (Nov. 2001) symmetric-key NIST standard, replacing DES
• Processes data in 128 bit blocks
• 128, 192, or 256 bit keys
• Brute force decryption (try each key) taking 1 sec on DES, takes
149 trillion years for AES
1“Strong cryptography makes the world a safer place”
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 13/20
13
Symmetric Key Cryptography
Matt and Griffin need to exchange a number of secret messages:
• Matt and Griffin buy a padlock , each keeping one of the two
identical keys to open it
• Matt puts the exam questions in a box, locks its with the padlock,
and sends it to Griffin
• Griffin receives the box and opens it with his copy of the key
• Griffin puts the money in the box and locks it with the padlock
• Matt receives the box, opens it with his copy of the key
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 14/20
14
Public Key Cryptography
Matt and Griffin need to exchange a number of secret messages:
• Griffin and Matt buy separate padlocks
• Matt asks Griffin to send his open padlock through regular mail
• Matt uses the received padlock to lock the box that will deliver the
message to Griffin
• Griffin receives the box and opens it with the key which only he has
• Griffin asks Matt to send Matt’s open padlock through the regular
• Griffin uses the received padlock to lock the box that will deliver
the message to Matt• Matt receives the box and opens it with the key which only he has
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 15/20
15
Public Key Encryption
Encryption
algorithm
Ciphertext
Decryption
algorithm
Plaintext
message, m
Plaintext
message, m
Private decryption key
m = KB–(KB
+(m))
KB–
KB+(m)
Public encryption keyKB+
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 16/20
16
Public Key Encryption Requirements
Need K +
B
and K −
B
such that
• K −B(K +B(m)) = m. Why? A
• K +B(K −B(m)) = m. Why? A
Given public key K +B , it should be impossible to compute K −B .
• How is this possible?
A
The RSA algorithm (Rivest, Shamir, Adelson) does exactly that.
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 17/20
17
RSA Choice of Keys
Choose two large prime numbers p and q .
Each might be 1024 bits.
Compute n = pq , z = ( p− 1)(q − 1).
Choose e (e < n) that has no common factors with z.
This means e and z are relatively prime.
Compute d such that ed− 1 is exactly divisible by z.
That is, ed mod z = 1.
Public key K +
B
is (n, e)
Private key K −B is (n, d)
What?
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 18/20
18
RSA Encryption, Decryption
To encrypt bit pattern m, compute
c = me mod n
This is the remainder when me is divided by n.
To decrypt received bit pattern c, compute
m = cd mod n
This is the remainder when cd
is divided by n.
This means that, somehow,
m = (me mod n)d
mod n
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 19/20
19
RSA Example
Bob chooses p = 5, q = 7.
Therefore, n = 5× 7 = 35Therefore z = (5− 1)× (7− 1) = 24
Let e be 5; therefore e and z are relatively prime.
Choose d so that ed− 1 is exactly divisible by z:
ed− 1 = kz
ed = kz + 1
d = kz + 1e
Let k = 6
d =6× 24 + 1
5
= 29
7/28/2019 Principles of Cryptography
http://slidepdf.com/reader/full/principles-of-cryptography 20/20
20
RSA Example
Transmit letter ‘l’ (i.e. lower case ‘L’):
m = 12
me = 125 = 248832
me mod n = 125 mod 35 = 17
Receive 17:
c = 17
cd = 1729 = 481968572106750915091411825223071697
cd mod n = 1729 mod 35 = 12