CRYPTOGRAPHY Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
39
CRYPTOGRAPHY Dr. Andy Wu BCIS 4630 Fundamentals of IT Security
-
Upload
vernon-william-jennings -
Category
Documents
-
view
225 -
download
0
Transcript of CRYPTOGRAPHY Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
CRYPTOGRAPHY
Dr. Andy Wu
BCIS 4630 Fundamentals of IT Security
2
Overview
• Key crypto concepts– Key terms– XOR
• Symmetric encryption• Asymmetric encryption• Hashes
3
Cryptography
• Cryptography primarily protects confidentiality, integrity, authentication, and non-repudiation.
• All the current encryption schemes are based upon an algorithm, a recursive computational procedure for solving a problem in finite steps.– Modern cryptography manipulates data in binary
form.– ASCII provides a standard way to map characters
to numbers.
4
Key Terms (No Pun Intended)• Plaintext
– The data that you want to keep secret.– It is a human-readable text file or a computer-recognizable binary
file.• Ciphertext
– Once the plaintext is encrypted, it becomes ciphertext.– No longer human-readable or computer-recognizable.
• Algorithm– Predefined procedures regarding how the plaintext will be scrambled.
• Key– Needed to scramble the plaintext.
5
Caesar’s Cipher
• A is now D; B is E; C is F; etc.• Shift the alphabet by three positions (key)• Plaintext: BCIS• Ciphertext: EFLV• To decrypt, shift back three positions (key)
6
Ensuring Security
• Putting the algorithm under public review actually improves the strength of the algorithm.
• A common attack on cryptography is the brute-force attack.– It tries every possible key until the correct one is found.– Advances in technology and computer performance
have made brute-force attacks increasingly practical.• Any predictability in key space makes the
attacker’s job easier.
7
The Key• The strength of a cryptosystem lies in the secrecy and length
(size) of the keys that are used, rather than keeping the algorithm itself a secret.– Key size is usually expressed in bits.
• A longer key increases the number of possible keys.• The keyspace comprises all possible key values.
8
Exclusive OR (XOR)• A useful bit manipulation technique in cryptography.• The symbol for XOR is .• The XOR product is
– 0, if the two bits are the same.– 1, if the two bits are different.
• Encryption takes advantage of an important property of XOR:– If A B = A’, then A’ B = A XOR 0 1
0 0 1
1 1 0
9
XOR Example
11011001
10110011
= 01101010
10110011
= 11011001
10
Symmetric Encryption• The same key is used to:
– Encrypt the plaintext into ciphertext.– Decrypt the ciphertext into plaintext.
11
Symmetric Encryption Is Like A …
… dead bolt lock. The same key is used to lock (encrypt) the door (data) and to unlock (decrypt) the door (data).
12
DES
• DES cuts up the plaintext into 64-bit blocks. It uses 56-bit keys.
• It then “scrambles” the plaintext (via “substitution” and then “permutation”) with the key repeatedly. Each repetition is called a “round”.
• DES performs 16 rounds on the plaintext.• This is carried on until the entire message has
been encrypted with DES.
13
Source: W
illiam S
tallings, Cryptography and N
etwork S
ecurity.A D
ES
Rou
nd
14
3DES• 3DES is a lot more than
three times stronger than DES.
• Some times Key A = Key C.• A brute force attack would
have to try 2112 5.19 1033 possible key values. – Suppose the processing
speed is 1012 keys/second,– 5.19 1033 @ 1012
keys/sec. = 5.19 1021 sec. = 1.65 1014 year).
15
Other Symmetric Algorithms• AES (Rijndael)
– Pronounced as “Rain-Doll”, Flemish for “XYZ.”– The candidate algorithm that NIST chose over the other four finalist as
the replacement for DES.– Supports 128-, 192-, and 256-bit keys.
• RC series– RC4 is a stream cipher algorithm for symmetric encryption that
normally uses a 128-bit key.– RC4 is ten times faster than DES.
• IDEA• CAST• Blowfish
16
Introducing the Bad Guy
CHUCKY THE VILLAIN
17
Problems with Symmetric Crypto• Requires the sender and the receiver to have the same key
(a.k.a. shared key encryption).• Prior arrangement for key distribution (called “out-of-band”
communication) is a must.• In practice, people also faced a lot of scenarios in which
they need the ability to tell who has encrypted a piece of information.
• However, if a symmetric key is shared between two or more people, any one can encrypt it. To be able to decrypt it tells nothing about who has encrypted it; only that you also have the key.
18
Symmetric Encryption
19
Asymmetric Encryption• Also known as public key cryptography.• Typically are based on difficult math problems, many of which are
simple to do in one direction but difficult to do in the opposite direction.
• Much slower than symmetric algorithms– Rely on exponentiation, which is processor-intensive;– Keys generally are larger (1024- or 2048-bit)– Software implementation of RSA can be hundreds times slower than DES.– Thus, asymmetric algorithms typically are used only for encryption of
small amounts of information, e.g., the shared key for symmetric encryption.
• Slow ≠ Weak
20
Keys in Asymmetric Cryptography• Uses two keys instead of one.
– The two keys are mathematically related through one-way functions.
– One is publicly available; this “public key” is not protected.– The other key is the “private key” and should be kept by the owner
only.– If the private key is comprised, this key pair is no longer safe to use.
• Either key can be used to encrypt data. However, once a key is used to generate a ciphertext, it cannot be used to decrypt that same ciphertext. The other key has to be used for decryption.
21
Asymmetric Encryption
If this is used to encrypt …
This has to be used to decrypt.
Therefore …
Public key,
which is available to anyone
Private key,
which supposedly is accessible only to the owner
If Alice wants to encrypt a message to Bob, she will go find Bob’s public key. Bob is the only one having the matching private key to decrypt it. (used for confidentiality)
Private key,
which supposedly is accessible only to the owner
Public key,
which is available to anyone
If Alice can use Bob’s public key to decrypt an encrypted file, Bob must be the one who encrypted the file. (used for authentication)
22
Asymmetric Encryption - Confidentiality
23
Asymmetric Encryption - Authentication
24
Two Uses of Asymmetric Encryption
• For Confidentiality– Alice wants to send a secret message to Bob– Alice uses Bob’s public key to encrypt message– Bob uses Bob’s private key to decrypt message
• For Authentication– Alice needs to let Bob know she is the sender of a message– Alice encrypts the message with Alice’s private key– Bob decrypts the message with Alice’s public key
25
Asymmetric Cryptography
• No key distribution headache– If Alice wants to send an encrypted message to Bob,
she doesn’t have to share a key with him beforehand. She just encrypts the data with his public key.
– The ciphertext can only be decrypted by Bob with his private key.
• Better authentication than symmetric encryption.– If a messaged can be decrypted by Alice’s public key,
then it must be from Alice as Alice supposedly is the only one who has the matching private key.
26
RSA• Name after its creators, Rivest, Shamir, and Adleman.• One of the most popular and secure asymmetric algorithms.• It capitalizes on the fact that there is no efficient way to factor
very large (100-200 digits) prime numbers.– A prime number is a real number that is only divisible by 1 and
itself, e.g., 1, 3, 5, 7, 11, …– Factoring is the process of determining whether an integer x is a
prime number, and if not, which two numbers when multiplied will render the product x.
– Multiplying two large integers to arrive at an even larger number is easy to do. To do the reverse (factoring) is extremely, if possible at all, difficult.
27
Other Asymmetric Algorithms• Diffie-Hellman
– Enables two people to share a secret key without prior contacts.– It relies on the difficulty in modular logarithms.
• El Gamal– An extension of the Diffie-Hellman key exchange algorithm.– It is based on the difficulty of calculating discrete logarithms in a
finite field.• Elliptic Curve Cryptography (ECC)
– Its mathematic basis is the study of elliptic curves.
28
Symmetric vs. AsymmetricSymmetric Asymmetric
Algorithm Manipulation of bits Mathematics
Number of Keys One Two
Key distributionThe key has to be shared “out-of-band” before encryption.
No prior arrangement is necessary. Just use the recipient's public key
AuthenticationCannot pinpoint the sender if key is shared by more than two people.
Can trace the message to the owner of the related private key.
Use Bulk encryptionKey distributionDigital signature
Speed Fast Slow
29
Hash Function• A hash function is a special mathematical algorithm that
performs one-way manipulate on a file.– Widely used functions include MD5 and SHA-1.
• The algorithm takes a message of any length and produces a fixed-length output.
• The hash is often called message digest.
30
Properties of Hash
31
Property 1: Non-Reversibility
• Both symmetric and asymmetric algorithms are reversible. – They can be converted from plaintext to ciphertext and
back again, if the right key is used.• Hash algorithms, however, are not reversible.
– Once the hash is created, there is no way to take the hash and retrieve the file that was used to generate it.
– That is, you cannot reconstruct the message from the digest.
32
Property 2: Uniqueness
• You can’t find two files that produce the same hash.
• A hash value is always mathematically unique because it is extremely dependent on the contents of the file. – If anyone changes the file by so much as one binary
digit, the resulting hash value will be different.• The hash value can be used as a smaller,
easier-to-handle identifier of the file.
33
Collisions• A collision occurs when two different inputs are
hashed to the same value.• Collisions are possible.
– Both SHA-1 and MD5 have been cracked.– Fortunately, it is also unlikely that two documents with the
same hash value both make sense.– The other file is likely to be a series of random characters
that just happens to result in the same hash value.• Therefore, the hash of a file can be used as the file’s
unique identifier.
34
Hash Length• Usually, the longer the hash value produced by the hashing
algorithm, the less susceptible it is to collisions.– SHA-1 and RIPEMD-160 hashes are 160-bit long.– MD5 hashes are 128-bit long.
Algorithm # of Messages Required to Find Collision
MD5 264 ≈ 1.8 x 1019
SHA-1 280 ≈ 1.2 x 1024
RIPEMD-160 280 ≈ 1.2 x 1024
Source: Carlton Davis, IPSec, Securing VPNs.
35
Secure Hash Algorithm (SHA)
• SHA was developed in 1993 by the NIST for secure hashing in the U.S. Digital Signature Standard (DSS).
• The revised version is SHA-1.– It uses block mode, accepting an input of up to
264 bits and compressing it to 160 bits.
36
MD5
• Message Digest 5 is similar to the MD4 algorithm, but it is slightly slower and more secure.
• MD5 creates a 128-bit hash of a message of any length.
37
Common Uses of Hashes
• Hash can be used to guard integrity of files.– The sender sends with a message the hash value
of the message. The recipient runs the message through the same hash function and obtains her own hash value.
– If HSender = HRecipient, then the file has not been tampered with.
• This use is based on the “uniqueness” property.
38
Verifying File Integrity with Hashes
39
Verifying File Integrity with Hashes
