15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 –...
-
Upload
dorcas-newton -
Category
Documents
-
view
220 -
download
0
Transcript of 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 –...
15-349
Introduction to Computer and Network Security
Iliano Cervesato
24 August 2008 – Introduction to Cryptography
2
Where we are
Course intro Cryptography
Intro to crypto Modern crypto Symmetric encryption Asymmetric encryption Beyond encryption Cryptographic protocols Attacking protocols
Program/OS security & trust Networks security Beyond technology
3
Outline
Basic concepts Protecting information Goals of cryptography Brief history
Cryptographic toolbox (preview) Cryptanalysis
Traditional attack models Side-channel attacks
Early ciphers Substitution ciphers Transposition ciphers
4
Confidentiality of Communication
Implement a virtual trusted channel over an insecure medium
E D
5
Confidentiality of storage
Implement a virtual trusted safebox over an insecure storage medium
E
6
Insecure Channels
External observer can
Read traffic Interception
Inject new traffic Fabrication
Block traffic … (sometimes) Interruption
Modify traffic … (sometimes) Modification
Activeattack
Passiveattack
7
Representing Data
Divide data into blocksCharacter, records, …
Represent each block by a numberE.g., ASCII
Why?Cryptography is based on
mathematics
8
Encryption and Decryption
E, D realize a virtual trusted channel
ED
Message(cleartext,plaintext) Message
(cleartext, plaintext)
Encrypted message(ciphertext)
Encrypted message(ciphertext)
Encryption
Decryption
XX
9
Keys
What are E and D? Channel-specific algorithm
Requires a lot ofalgorithms Hard
Universal algorithmsParameterized by key
Easier– 1 algorithm– Large space of keys
Em s
Em s
k
10
Classical Cryptography
E, D realize a virtual trusted channel, given key
ED
Message(cleartext,plaintext) Message
(cleartext, plaintext)
Encrypted message(ciphertext)
Encrypted message(ciphertext)
Encryption
Decryption
key key
XX
11
Goals of Cryptography
Not just about confidentiality! Integrity
Digital signatures Hash functions
Non-repudiation, fair exchange Contract signing
Anonymity Electronic cash Electronic voting
…Non-goals Denial of service
12
A Brief History of Cryptography
~2000 years ago: Substitution ciphers
A few centuries later: Transposition ciphers
Renaissance: Polyalphabetic ciphers
1844: Mechanization
1976: Public-key cryptography
13
Substitution Ciphers
Replace each letter with another
Key: substitution table How to break it?
Brute force? 26! possibilities (= 4x1026) Count the frequencies of letters, pairs, …
Koran was tabulated by 1412
Ciphertext is enough: ciphertext-only attack
Example:
A CB ED F
…X AY BZ C
Caesar’s cipher:
QVAQBCWZQRLWDVEFW
V XW MX TY JZ P
O SP RQ IR DS UT YU K
H LI QJ NK HL FM AN B
A VB EC ZD CE WF GG O
IAMINDECIPHERABLE
14
Renaissance Ciphers
Use message and key letters for cipher
Key: a word (CRYPTO) Example:
Polyalphabetic cipher: Encryption of letter is context-dependent
Seed of modern cryptography
CRYPTOCRYPTOCRYPTWHATANICEDAYTODAY
ZZZJUCLUDTUNWGCQS
+ (mod 26)
15
Book Ciphers
Same thing but with very long key Key: a poem, a book, …
(TOBEORNOTTOBETHATISTHEQUESTION…) Example:
… there are not all that many famous books, poems, etc.
TOBEORNOTTOBETHATWHATANICEDAYTODAY
PVBXOEVQXWOZXHKAR
+ (mod 26)
16
One-Time Pad
Same thing, but now key is a infinite random string
Example:
This is a perfect cipher How to remember/transmit the key??
Short key stretched by means of a random number generator
Vernam cipher Use (xor) to combine key and message
YKSUFTGOARFWPFWELWHATANICEDAYTODAY
ZZZJUCLUDTUNWGCQS
+ (mod 26)
17
Book Ciphers
Same thing, but now use a very long key
18
Transposition Ciphers
Switch letters around by a permutation
Example: HELLOWORLD Key: permutation
Breakable with ciphertext-only attack
1 2 3 4 5
3 5 4 1 2k =
LOLHERDLWO
19
More transposition
Write code in rows and read it in columns
A very regular type of permutation
THEGOALOFSUBSITUTIONISCONFUSIONXXXX
THE GOAL OF SUBSITUTION IS CONFUSION
TOTSIHFUCOESTONGUINXOBOFXASNUXLIISX
20
Confusion and Diffusion
Confusion Replace symbol with
another
Diffusion Mix up symbols
WHATANI
ZZZJUCL
WHATANI
ANWIHAT
Modern ciphers are a combination
21
Mechanization
1844: invention of telegraph Beginning of civilian crypto
Rotor machines Key: initial position of rotors Culminate in WW II
1975: DES 1996-2000 AES
1976: Public key cryptography
We willexaminein somedetail
Th
e E
nig
ma
22
Cryptographic Toolbox
EncryptionSymmetricAsymmetric
DigestsHashing
Digital signaturesCertificates
23
Symmetric Encryption
Dk(Ek(m)) = m
ED
MM
XX
kMessage(cleartext)
Message(cleartext)
Encrypted message(ciphertext)
Encrypted message(ciphertext)
Secret key
Decryption
box
Encryption
box
24
Asymmetric Encryption
Dk (Ek(m)) = m
ED
MM
XX
k
Cleartext
Cleartext
CiphertextCiphertext
Public key
Decryption
box
Encryption
box
k-1
Private key
-1
Public data
k
25
Digital Signatures
Vk (m,s) =
SV
MM
M, sM, s
kMessage
Message
SignatureSignature
signature key
Verification
box
Signature
box
k-1
Verification key
-1
Public data
k
true if s =Sk(m)
false otherwise
26
Certificates
How do you know this public key is mine?
CertificateBinding between key and ownerCertified by authority
Who is the authority?Public-key infrastructure
27
Message Digests
Short message to certify integrity Un-keyed
Checksums, hashesNo crypto
Anybody can calculate/modify it
KeyedMACsBased on a secret key
Only owners can calculate/modify it
28
Cryptanalysis
The art science of breaking a cipher Try all possible plaintext corresponding to a
ciphertext Plain silly!
Try all possible keys for an encryption algorithm Algorithm must be known Enormous space of keys
Exploit weaknesses, regularities, shortcuts Side-channel attacks E.g., basic substitution cipher
29
What is “breaking a cipher”?
Recover the key kHardOften not needed!
Decipher a single message Decipher all messages Modify messages
“Attack at dawn” “attack at dusk”
Exploit properties of the cipher
30
Attack Models
Good ciphers resist all attack models
x
Random
Ciphertext Only
m, x
Ek(m)
Known Plaintext
Random
x, m
Dk(x)
Chosen Ciphertext
Chosen
m, x
Ek(m)
Chosen Plaintext
Chosen
31
Sneaky Attacks
Obtain the key somehow Network sniffers, worms, backup tapes, … Blackmail, bribery, torture, …
Side-channel cryptanalysis Power consumption Encryption time Radiation
Be careful!
off-peak computation
random noise physical shielding
Better implementation and design
From http://www.cryptography.com/dpa/technical
Detail: Round 2 Round 3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Differential Power Analysis on DES