15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 –...
-
Upload
dorcas-newton -
Category
Documents
-
view
220 -
download
0
Transcript of 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 –...
![Page 1: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/1.jpg)
15-349
Introduction to Computer and Network Security
Iliano Cervesato
24 August 2008 – Introduction to Cryptography
![Page 2: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/2.jpg)
2
Where we are
Course intro Cryptography
Intro to crypto Modern crypto Symmetric encryption Asymmetric encryption Beyond encryption Cryptographic protocols Attacking protocols
Program/OS security & trust Networks security Beyond technology
![Page 3: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/3.jpg)
3
Outline
Basic concepts Protecting information Goals of cryptography Brief history
Cryptographic toolbox (preview) Cryptanalysis
Traditional attack models Side-channel attacks
Early ciphers Substitution ciphers Transposition ciphers
![Page 4: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/4.jpg)
4
Confidentiality of Communication
Implement a virtual trusted channel over an insecure medium
E D
![Page 5: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/5.jpg)
5
Confidentiality of storage
Implement a virtual trusted safebox over an insecure storage medium
E
![Page 6: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/6.jpg)
6
Insecure Channels
External observer can
Read traffic Interception
Inject new traffic Fabrication
Block traffic … (sometimes) Interruption
Modify traffic … (sometimes) Modification
Activeattack
Passiveattack
![Page 7: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/7.jpg)
7
Representing Data
Divide data into blocksCharacter, records, …
Represent each block by a numberE.g., ASCII
Why?Cryptography is based on
mathematics
![Page 8: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/8.jpg)
8
Encryption and Decryption
E, D realize a virtual trusted channel
ED
Message(cleartext,plaintext) Message
(cleartext, plaintext)
Encrypted message(ciphertext)
Encrypted message(ciphertext)
Encryption
Decryption
XX
![Page 9: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/9.jpg)
9
Keys
What are E and D? Channel-specific algorithm
Requires a lot ofalgorithms Hard
Universal algorithmsParameterized by key
Easier– 1 algorithm– Large space of keys
Em s
Em s
k
![Page 10: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/10.jpg)
10
Classical Cryptography
E, D realize a virtual trusted channel, given key
ED
Message(cleartext,plaintext) Message
(cleartext, plaintext)
Encrypted message(ciphertext)
Encrypted message(ciphertext)
Encryption
Decryption
key key
XX
![Page 11: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/11.jpg)
11
Goals of Cryptography
Not just about confidentiality! Integrity
Digital signatures Hash functions
Non-repudiation, fair exchange Contract signing
Anonymity Electronic cash Electronic voting
…Non-goals Denial of service
![Page 12: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/12.jpg)
12
A Brief History of Cryptography
~2000 years ago: Substitution ciphers
A few centuries later: Transposition ciphers
Renaissance: Polyalphabetic ciphers
1844: Mechanization
1976: Public-key cryptography
![Page 13: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/13.jpg)
13
Substitution Ciphers
Replace each letter with another
Key: substitution table How to break it?
Brute force? 26! possibilities (= 4x1026) Count the frequencies of letters, pairs, …
Koran was tabulated by 1412
Ciphertext is enough: ciphertext-only attack
Example:
A CB ED F
…X AY BZ C
Caesar’s cipher:
QVAQBCWZQRLWDVEFW
V XW MX TY JZ P
O SP RQ IR DS UT YU K
H LI QJ NK HL FM AN B
A VB EC ZD CE WF GG O
IAMINDECIPHERABLE
![Page 14: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/14.jpg)
14
Renaissance Ciphers
Use message and key letters for cipher
Key: a word (CRYPTO) Example:
Polyalphabetic cipher: Encryption of letter is context-dependent
Seed of modern cryptography
CRYPTOCRYPTOCRYPTWHATANICEDAYTODAY
ZZZJUCLUDTUNWGCQS
+ (mod 26)
![Page 15: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/15.jpg)
15
Book Ciphers
Same thing but with very long key Key: a poem, a book, …
(TOBEORNOTTOBETHATISTHEQUESTION…) Example:
… there are not all that many famous books, poems, etc.
TOBEORNOTTOBETHATWHATANICEDAYTODAY
PVBXOEVQXWOZXHKAR
+ (mod 26)
![Page 16: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/16.jpg)
16
One-Time Pad
Same thing, but now key is a infinite random string
Example:
This is a perfect cipher How to remember/transmit the key??
Short key stretched by means of a random number generator
Vernam cipher Use (xor) to combine key and message
YKSUFTGOARFWPFWELWHATANICEDAYTODAY
ZZZJUCLUDTUNWGCQS
+ (mod 26)
![Page 17: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/17.jpg)
17
Book Ciphers
Same thing, but now use a very long key
![Page 18: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/18.jpg)
18
Transposition Ciphers
Switch letters around by a permutation
Example: HELLOWORLD Key: permutation
Breakable with ciphertext-only attack
1 2 3 4 5
3 5 4 1 2k =
LOLHERDLWO
![Page 19: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/19.jpg)
19
More transposition
Write code in rows and read it in columns
A very regular type of permutation
THEGOALOFSUBSITUTIONISCONFUSIONXXXX
THE GOAL OF SUBSITUTION IS CONFUSION
TOTSIHFUCOESTONGUINXOBOFXASNUXLIISX
![Page 20: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/20.jpg)
20
Confusion and Diffusion
Confusion Replace symbol with
another
Diffusion Mix up symbols
WHATANI
ZZZJUCL
WHATANI
ANWIHAT
Modern ciphers are a combination
![Page 21: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/21.jpg)
21
Mechanization
1844: invention of telegraph Beginning of civilian crypto
Rotor machines Key: initial position of rotors Culminate in WW II
1975: DES 1996-2000 AES
1976: Public key cryptography
We willexaminein somedetail
Th
e E
nig
ma
![Page 22: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/22.jpg)
22
Cryptographic Toolbox
EncryptionSymmetricAsymmetric
DigestsHashing
Digital signaturesCertificates
![Page 23: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/23.jpg)
23
Symmetric Encryption
Dk(Ek(m)) = m
ED
MM
XX
kMessage(cleartext)
Message(cleartext)
Encrypted message(ciphertext)
Encrypted message(ciphertext)
Secret key
Decryption
box
Encryption
box
![Page 24: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/24.jpg)
24
Asymmetric Encryption
Dk (Ek(m)) = m
ED
MM
XX
k
Cleartext
Cleartext
CiphertextCiphertext
Public key
Decryption
box
Encryption
box
k-1
Private key
-1
Public data
k
![Page 25: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/25.jpg)
25
Digital Signatures
Vk (m,s) =
SV
MM
M, sM, s
kMessage
Message
SignatureSignature
signature key
Verification
box
Signature
box
k-1
Verification key
-1
Public data
k
true if s =Sk(m)
false otherwise
![Page 26: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/26.jpg)
26
Certificates
How do you know this public key is mine?
CertificateBinding between key and ownerCertified by authority
Who is the authority?Public-key infrastructure
![Page 27: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/27.jpg)
27
Message Digests
Short message to certify integrity Un-keyed
Checksums, hashesNo crypto
Anybody can calculate/modify it
KeyedMACsBased on a secret key
Only owners can calculate/modify it
![Page 28: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/28.jpg)
28
Cryptanalysis
The art science of breaking a cipher Try all possible plaintext corresponding to a
ciphertext Plain silly!
Try all possible keys for an encryption algorithm Algorithm must be known Enormous space of keys
Exploit weaknesses, regularities, shortcuts Side-channel attacks E.g., basic substitution cipher
![Page 29: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/29.jpg)
29
What is “breaking a cipher”?
Recover the key kHardOften not needed!
Decipher a single message Decipher all messages Modify messages
“Attack at dawn” “attack at dusk”
Exploit properties of the cipher
![Page 30: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/30.jpg)
30
Attack Models
Good ciphers resist all attack models
x
Random
Ciphertext Only
m, x
Ek(m)
Known Plaintext
Random
x, m
Dk(x)
Chosen Ciphertext
Chosen
m, x
Ek(m)
Chosen Plaintext
Chosen
![Page 31: 15-349 Introduction to Computer and Network Security Iliano Cervesato 24 August 2008 – Introduction to Cryptography.](https://reader034.fdocuments.in/reader034/viewer/2022051115/56649ec15503460f94bccae3/html5/thumbnails/31.jpg)
31
Sneaky Attacks
Obtain the key somehow Network sniffers, worms, backup tapes, … Blackmail, bribery, torture, …
Side-channel cryptanalysis Power consumption Encryption time Radiation
Be careful!
off-peak computation
random noise physical shielding
Better implementation and design
From http://www.cryptography.com/dpa/technical
Detail: Round 2 Round 3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Differential Power Analysis on DES