Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.
-
Upload
alexis-owen -
Category
Documents
-
view
224 -
download
0
Transcript of Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.
![Page 1: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/1.jpg)
Data Security and Encryption
(CSE348)
1
![Page 2: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/2.jpg)
Revision
Lectures 1-15
2
![Page 3: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/3.jpg)
Course Outline
Part One: Symmetric Ciphers: Provides a survey of symmetric encryption, including classical and modern algorithms. The emphasis is on the two most important algorithms,the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES).This part also covers the most important stream encryptionalgorithm,RC4,and the important topic of pseudorandom number generation.
3
![Page 4: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/4.jpg)
Course Outline
Part Two: Asymmetric Ciphers: Provides a survey of public-key algorithms,including RSA (Rivest-Shamir-Adelman) and elliptic curve.
4
![Page 5: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/5.jpg)
Course Outline
Part Three: Cryptographic Data Integrity Algorithms:Begins with a survey of cryptographichash functions. This part then covers two approaches to data integrity that rely on cryptographic hash functions: message authentication codes and digital signatures.
5
![Page 6: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/6.jpg)
Course Outline
Part Four: Mutual Trust: Covers key management and key distribution topics and then covers user authentication techniques.
6
![Page 7: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/7.jpg)
Course Outline
Part Five: Network Security and Internet Security: Examines the use of cryptographicalgorithms and security protocols to provide security over networks and the Internet. Topics covered include transport-level security, wireless network security, e-mail security, and IP security.
7
![Page 8: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/8.jpg)
Course Outline
Part Six: System Security: Deals with security facilities designed to protect acomputer system from security threats, including intruders, viruses, and worms. This part also looks at firewall technology.
8
![Page 9: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/9.jpg)
Course Outline
Part Seven: Legal and Ethical Issues: Deals with the legal and ethical issues relatedto computer and network security.
9
![Page 10: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/10.jpg)
Computer Security
• Protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
10
![Page 11: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/11.jpg)
Key Security Concepts
11
![Page 12: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/12.jpg)
CIA Triad
12
• These three concepts form what is often referred to as the CIA triad Figure above.
• The three concepts embody the fundamental security objectives for both data and for information and computing services.
• FIPS PUB 199 provides a useful characterization of these three objectives in terms of requirements and the definition of a loss of security in each category.
![Page 13: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/13.jpg)
CIA Triad
13
• Confidentiality (covers both data confidentiality and privacy):
• Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
• A loss of confidentiality is the unauthorized disclosure of information.
![Page 14: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/14.jpg)
CIA Triad
14
• Integrity (covers both data and system integrity):
• Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity
• A loss of integrity is the unauthorized modification or destruction of information.
![Page 15: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/15.jpg)
CIA Triad
15
• Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system
• Although the use of the CIA triad to define security objectives is well established, some in the security field feel that additional concepts are needed to present a complete picture.
• Two of the most commonly mentioned are:
![Page 16: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/16.jpg)
CIA Triad
16
• Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator
![Page 17: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/17.jpg)
CIA Triad
17
• Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity
![Page 18: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/18.jpg)
Computer Security Challenges1. not simple2. must consider potential attacks3. procedures used counter-intuitive4. involve algorithms and secret info5. must decide where to deploy mechanisms6. battle of wits between attacker / admin7. not perceived on benefit until fails8. requires regular monitoring9. too often an after-thought10. regarded as impediment to using system
18
![Page 19: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/19.jpg)
Aspects of Security
• consider 3 aspects of information security:– security attack– security mechanism– security service
• note terms– threat – a potential for violation of security– attack – an assault on system security, a deliberate
attempt to evade security services
19
![Page 20: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/20.jpg)
Passive Attacks
20
![Page 21: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/21.jpg)
Active Attacks
21
![Page 22: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/22.jpg)
Symmetric Encryption
• Conventional / private-key / single-key• sender and recipient share a common key• all classical encryption algorithms are private-
key• was only type prior to invention of public-key
in 1970’s• and by far most widely used
22
![Page 23: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/23.jpg)
Some Basic Terminology• plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext• cryptography - study of encryption principles/methods• cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key• cryptology - field of both cryptography and cryptanalysis
23
![Page 24: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/24.jpg)
Symmetric Cipher Model
24
![Page 25: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/25.jpg)
Symmetric Cipher ModelIngredients of the symmetric cipher model• plaintext - original message• encryption algorithm – performs
substitutions/transformations on plaintext• secret key – control exact
substitutions/transformations used in encryption algorithm
• ciphertext - scrambled message• decryption algorithm – inverse of encryption
algorithm
25
![Page 26: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/26.jpg)
Cryptanalysis
• objective to recover key not just message• general approaches:
– cryptanalytic attack– brute-force attack
• if either succeed all key use compromised
26
![Page 27: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/27.jpg)
Cryptanalytic Attacks ciphertext only
only know algorithm & ciphertext, is statistical, know or can identify plaintext
known plaintext know/suspect plaintext & ciphertext
chosen plaintext select plaintext and obtain ciphertext
chosen ciphertext select ciphertext and obtain plaintext
chosen text select plaintext or ciphertext to en/decrypt
27
![Page 28: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/28.jpg)
Brute Force Search• Brute-force attack involves trying every possible
key until an intelligible translation of the ciphertext into plaintext is obtained
• On average, half of all possible keys must be tried to achieve success
• Different time is required to conduct a brute-force attack, for various common key sizes
28
![Page 29: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/29.jpg)
Brute Force Search
• Data Encryption Standard(DES) is 56• Advanced Encryption Standard (AES) is 128• Triple-DES is 168
29
![Page 30: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/30.jpg)
Brute Force Search
• always possible to simply try every key • most basic attack, proportional to key size • assume either know / recognise plaintext
Key Size (bits) Number of Alternative Keys
Time required at 1 decryption/µs
Time required at 106 decryptions/µs
32 232 = 4.3 109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2 1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years
26 characters (permutation)
26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years
30
![Page 31: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/31.jpg)
Classical Substitution Ciphers
• where letters of plaintext are replaced by other letters or by numbers or symbols
• or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
31
![Page 32: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/32.jpg)
Caesar Cipher
• Substitution ciphers form the first of the fundamental building blocks
• Core idea is to replace one basic unit (letter/byte) with another
• Whilst the early Greeks described several substitution ciphers
32
![Page 33: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/33.jpg)
Classical Cipher Techniques
• have considered:– monoalphabetic substitution ciphers
• cryptanalysis using letter frequencies
– Playfair cipher• Cryptanalysis of Playfair Cipher
– Polyalphabetic Ciphers– Vigenère Cipher
33
![Page 34: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/34.jpg)
Monoalphabetic Cipher
• rather than just shifting the alphabet • could shuffle (jumble) the letters arbitrarily • each plaintext letter maps to a different random
ciphertext letter • hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyzCipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplacelettersCiphertext: WIRFRWAJUHYFTSDVFSFUUFYA
34
![Page 35: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/35.jpg)
Playfair Cipher
not even the large number of keys in a monoalphabetic cipher provides security
one approach to improving security was to encrypt multiple letters
the Playfair Cipher is an example invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
35
![Page 36: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/36.jpg)
Polyalphabetic Ciphers
polyalphabetic substitution ciphers improve security using multiple cipher alphabets make cryptanalysis harder with more alphabets to
guess and flatter frequency distribution use a key to select which alphabet is used for each
letter of the message use each alphabet in turn repeat from start after end of key is reached
36
![Page 37: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/37.jpg)
Vigenère Cipher
• simplest polyalphabetic substitution cipher• effectively multiple caesar ciphers • key is multiple letters long K = k1 k2 ... kd • ith letter specifies ith alphabet to use • use each alphabet in turn • repeat from start after d letters in message• decryption simply works in reverse
37
![Page 38: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/38.jpg)
Other Classical Cipher Techniques
• have considered:– polyalphabetic ciphers– transposition ciphers– product ciphers and rotor machines– stenography
38
![Page 39: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/39.jpg)
Kasiski Method
• For some centuries the Vigenère cipher was le chiffre indéchiffrable (the unbreakable cipher)
• As a result of a challenge, it was broken by Charles Babbage (the inventor of the computer) in 1854
• but kept secret (possibly because of the Crimean War - not the first time governments have kept advances to themselves!)
• The method was independently reinvented by a Prussian, Friedrich Kasiski, who published the attack now named after him in 1863.
39
![Page 40: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/40.jpg)
Kasiski Method
• However lack of major advances meant that various polyalphabetic substitution ciphers were used into the 20C
• One very famous incident was the breaking of the Zimmermann telegram in WW1 which resulted in the USA entering the war
• If two identical sequences of plaintext letters occur at a distance that is an integer multiple of the keyword length
• They will generate identical ciphertext sequences 40
![Page 41: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/41.jpg)
Transposition Ciphers
consider classical transposition or permutation ciphers
these hide the message by rearranging the letter order
without altering the actual letters used
can recognise these since have the same frequency distribution as the original text
41
![Page 42: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/42.jpg)
Rotor Machines
• Before modern ciphers, rotor machines were most common complex ciphers in use
• widely used in WW2– German Enigma, Allied Hagelin, Japanese Purple
• implemented a very complex, varying substitution cipher
• used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted
• with 3 cylinders have 263=17576 alphabets
42
![Page 43: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/43.jpg)
Steganography
• Steganography is an alternative to encryption which hides the very existence of a message by some means
• There are a large range of techniques for doing this
• Steganography has a number of drawbacks when compared to encryption
• It requires a lot of overhead to hide a relatively few bits of information
43
![Page 44: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/44.jpg)
Steganography
• Also, once the system is discovered, it becomes virtually worthless
• although a message can be first encrypted and then hidden using steganography
• The advantage of steganography is that it can be employed by parties who have something to lose
• should the fact of their secret communication (not necessarily the content) be discovered
44
![Page 45: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/45.jpg)
Modern Block Ciphers
now look at modern block ciphers one of the most widely used types of cryptographic
algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) We will see block cipher design principles
45
![Page 46: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/46.jpg)
Block vs Stream Ciphers• block ciphers process messages in blocks, each of
which is then en/decrypted • like a substitution on very big characters
– 64-bits or more
• stream ciphers process messages a bit or byte at a time when en/decrypting
• many current ciphers are block ciphers– better analysed– broader range of applications
46
![Page 47: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/47.jpg)
Block vs Stream Ciphers
A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length
Typically, a block size of 64 or 128 bits is used
As with a stream cipher, the two users share a symmetric encryption key
47
![Page 48: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/48.jpg)
Block Cipher Principles Most symmetric block ciphers are based on a Feistel
Cipher Structure needed since must be able to decrypt ciphertext to
recover messages efficiently block ciphers look like an extremely large substitution would need table of 264 entries for a 64-bit block instead create from smaller building blocks using idea of a product cipher
48
![Page 49: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/49.jpg)
Confusion and Diffusion• The terms diffusion and confusion were introduced
by Claude Shannon
• To capture the two basic building blocks for any cryptographic system
• Shannon's concern was to thwart cryptanalysis based on statistical analysis
• Every block cipher involves a transformation of a block of plaintext into a block of ciphertext
49
![Page 50: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/50.jpg)
Confusion and Diffusion
• diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
• confusion – makes relationship between ciphertext and key as complex as possible
50
![Page 51: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/51.jpg)
Feistel Cipher Structure
51
![Page 52: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/52.jpg)
Feistel Cipher Structure
• Horst Feistel devised the feistel cipher– based on concept of invertible product cipher
• partitions input block into two halves– process through multiple rounds which– perform a substitution on left data half– based on round function of right half & subkey– then have permutation swapping halves
• implements Shannon’s S-P net concept
52
![Page 53: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/53.jpg)
Feistel Cipher Design Elements block size key size number of rounds subkey generation algorithm round function fast software en/decryption ease of analysis
53
![Page 54: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/54.jpg)
54
Data Encryption Standard (DES)– Data Encryption Standard (DES)– DES Encryption– Initial Permutation IP– DES Round Structure– Substitution Boxes S– DES Key Schedule– DES Example– Avalanche in DES
![Page 55: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/55.jpg)
55
DES Encryption Overview
![Page 56: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/56.jpg)
56
DES Encryption Overview• The overall scheme for DES encryption is
illustrated in Stallings Figure• which takes as input 64-bits of data and of key• The left side shows the basic process for
enciphering a 64-bit data block which consists of: • an initial permutation (IP) which shuffles the
64-bit input block• 16 rounds of a complex key dependent round
function involving substitutions & permutations
• a final permutation, being the inverse of IP
![Page 57: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/57.jpg)
57
DES Encryption Overview• The right side shows the handling of the 56-bit
key and consists of:
• an initial permutation of the key (PC1) which selects 56-bits out of the 64-bits input, in two 28-bit halves
• 16 stages to generate the 48-bit subkeys using a left circular shift and a permutation of the two 28-bit halves
![Page 58: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/58.jpg)
Advanced Encryption Standard (AES)
– the AES selection process– the details of Rijndael – the AES cipher– looked at the steps in each round– Four AES stages are discussed
• Substitute bytes• Shift Rows• MixColumns• AddRoundKey
– the key expansion– implementation aspects
58
![Page 59: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/59.jpg)
The AES Cipher - Rijndael
• designed by Rijmen-Daemen in Belgium • has 128/192/256 bit keys, 128 bit data • an iterative rather than feistel cipher
– processes data as block of 4 columns of 4 bytes– operates on entire data block in every round
• designed to be:– resistant against known attacks– speed and code compactness on many CPUs– design simplicity
59
![Page 60: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/60.jpg)
AES Encryption
Process
60
![Page 61: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/61.jpg)
AES Structure The input to the AES encryption and decryption
algorithms is a single 128-bit block
depicted in FIPS PUB 197, as a square matrix of bytes
This block is copied into the State array
which is modified at each stage of encryption or decryption
61
![Page 62: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/62.jpg)
AES Structure After the final stage, State is copied to an output
The key is expanded into 44/52/60 lots of 32-bit words
with 4 used in each round
The ordering of bytes within a matrix is by column
62
![Page 63: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/63.jpg)
AES Structure So, for example, the first four bytes of a 128-bit
plaintext input to the encryption cipher occupy the first column of the in matrix
the second four bytes occupy the second column, and so on
Similarly, the first four bytes of the expanded key, which form a word, occupy the first column of the w matrix
63
![Page 64: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/64.jpg)
AES Structure The data computation then consists of an “add round
key” step, then 9/11/13 rounds with all 4 steps
and a final 10th /12th /14th step of byte subs + mix cols + add round key
This can be viewed as alternating XOR key & scramble data bytes operations
All of the steps are easily reversed, and can be efficiently implemented using XOR’s & table lookups
64
![Page 65: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/65.jpg)
AES Structure data block of 4 columns of 4 bytes is state key is expanded to array of words has 9/11/13 rounds in which state undergoes:
byte substitution (1 S-box used on every byte) shift rows (permute bytes between groups/columns) mix columns (subs using matrix multiply of groups) add round key (XOR state with key material)view as alternating XOR key & scramble data bytes
initial XOR key material & incomplete last round with fast XOR & table lookup implementation
65
![Page 66: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/66.jpg)
AES
Stru
ctur
e
66Figure 5.3 AES Encryption and Decryption
![Page 67: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/67.jpg)
AES Structure Stallings Figure 5.3 shows the structure of AES in
more detail The cipher consists of N rounds, where the
number of rounds depends on the key length: 10 rounds for a 16-byte key; 12 rounds for a 24-byte key; and 14 rounds for a 32-byte key
67
![Page 68: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/68.jpg)
AES Structure The first N – 1 rounds consist of four distinct
transformation functions: SubBytes, ShiftRows, MixColumns, AddRoundKey,
which are described subsequently
68
![Page 69: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/69.jpg)
AES Structure The final round contains only 3 transformation
There is a initial single transformation (AddRoundKey) before the first round
Which can be considered Round 0
Each transformation takes one or more 4 x 4 matrices as input and produces a 4 x 4 matrix as output
69
![Page 70: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/70.jpg)
AES Structure Figure 5.1 shows that the output of each round is
a 4 x 4 matrix
with the output of the final round being the ciphertext
Also, the key expansion function generates N + 1 round keys
each of which is a distinct 4 x 4 matrix
Each round key serve as one of the inputs to the AddRoundKey transformation in each round
70
![Page 71: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/71.jpg)
Some Comments on AES1. an iterative rather than feistel cipher2. key expanded into array of 32-bit words
1. four words form round key in each round3. 4 different stages are used as shown4. has a simple structure5. only AddRoundKey uses key6. AddRoundKey a form of Vernam cipher7. each stage is easily reversible8. decryption uses keys in reverse order9. decryption does recover plaintext10. final round has only 3 stages
71
![Page 72: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/72.jpg)
Four Stages of AES• Four different stages are used, one of permutation
and three of substitution:
– Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block
– ShiftRows: A simple permutation– MixColumns: A substitution that makes use of
arithmetic over– AddRoundKey: A simple bitwise XOR of the
current block with a portion of the expanded key
72
![Page 73: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/73.jpg)
Number Theory
• have considered:– Number Theory– divisibility & GCD– modular arithmetic with integers– Euclid’s algorithm for GCD & Inverse– Group– Ring– Field– finite fields GF(p)– polynomial arithmetic in general and in GF(2n)
73
![Page 74: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/74.jpg)
Multiple Encryption & DES
Given the potential vulnerability of DES to a brute-force attack
There has been considerable interest in finding an alternative
One approach is to design a completely new algorithm, of which AES is a prime example
74
![Page 75: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/75.jpg)
Multiple Encryption & DES
Another alternative, which would preserve the existing investment in software and equipment
To use multiple encryption with DES and multiple keys
Widely accepted triple DES (3DES) approach is examined
75
![Page 76: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/76.jpg)
Multiple Encryption & DES
clear a replacement for DES was needed theoretical attacks that can break itdemonstrated exhaustive key search attacks
AES is a new cipher alternative
Prior to this alternative was to use multiple encryption with DES implementations
Triple-DES is the chosen form
76
![Page 77: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/77.jpg)
Why not Double-DES? The simplest form of multiple encryption has two
encryption stages and two keys - Double-DES
Have concern that there might be a single key that is equivalent to using 2 keys as above
Not likely but only finally proved as impossible in 1992
More seriously have the “meet-in-the-middle” attack, first described by Diffie in 1977
77
![Page 78: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/78.jpg)
Why not Double-DES? It is a known plaintext attack i.e. have known pair
(P,C)
Attempts to find by trial-and-error a value X in the “middle” of the double-DES encryption of this pair
Chances of this are much better at O(2^56) than exhaustive search at O(2^112)
78
![Page 79: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/79.jpg)
Why not Double-DES?AES is a new cipher alternativecould use 2 DES encrypts on each block
C = EK2(EK1(P))concern at time of reduction to single stage“meet-in-the-middle” attack
works whenever use a cipher twice since X = EK1(P) = DK2(C) attack by encrypting P with all keys and store then decrypt C with keys and match X value can show takes O(2^56) steps
79
![Page 80: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/80.jpg)
Triple-DES with Two-Keys
Triple-DES with two keys is a popular alternative to single-DES
But suffers from being 3 times slower to run
The use of encryption & decryption stages are equivalent
But the chosen structure allows for compatibility with single-DES implementations
80
![Page 81: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/81.jpg)
Triple-DES with Two-Keys
3DES with two keys is a relatively popular alternative to DES
Has been adopted for use in the key management standards ANS X9.17 and ISO 8732
Currently, there are no practical cryptanalytic attacks on 3DES
Coppersmith notes that the cost of a brute-force key search on 3DES is on the order of 2^112 (=5*10^33)
81
![Page 82: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/82.jpg)
Triple-DES with Two-Keys
Estimates that the cost of differential cryptanalysis suffers an exponential growth
compared to single DES, exceeding 10^52
Several proposed attacks on 3DES that, although not currently practical
Give a flavor for the types of attacks that have been considered and that could form the basis for more successful future attacks
82
![Page 83: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/83.jpg)
Triple-DES with Two-Keys Hence must use 3 encryptions
would seem to need 3 distinct keys But can use 2 keys with E-D-E sequence
C = EK1(DK2(EK1(P))) n.b. encrypt & decrypt equivalent in security if K1=K2 then can work with single DES
Standardized in ANSI X9.17 & ISO8732 No current known practical attacks
several proposed impractical attacks might become basis of future attacks
83
![Page 84: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/84.jpg)
Triple-DES with Three-Keys
Attacks currently known appear impractical
Anyone using two-key 3DES may feel some concern
Thus, many researchers now feel that three-key 3DES is the preferred alternative
Three-key 3DES has effective key length of 168 bits
A number of Internet-based applications have adopted three-key 3DES, including PGP and S/MIME
84
![Page 85: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/85.jpg)
Modes of Operation DES (or any block cipher) forms a basic building block
which en/decrypts a fixed sized block of data
However to use these in practice, we usually need to handle arbitrary amounts of data
which may be available in advance (in which case a block mode is appropriate)
85
![Page 86: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/86.jpg)
Modes of Operation May only be available a bit/byte at a time (in which case
a stream mode is used)
To apply a block cipher in a variety of applications, five "modes of operation" have been defined by NIST (SP 800-38A)
In essence, a mode of operation is a technique for enhancing the effect of a cryptographic algorithm
or adapting the algorithm for an application86
![Page 87: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/87.jpg)
Modes of Operation Such as applying a block cipher to a sequence of data
blocks or a data stream
Five modes are intended to cover a wide variety of applications of encryption for which a block cipher could be used
These modes are intended for use with any symmetric block cipher, including triple DES and AES
87
![Page 88: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/88.jpg)
Modes of Operation block ciphers encrypt fixed size blocks
e.g., DES encrypts 64-bit blocks need some way to en/decrypt arbitrary amounts of data
in practice NIST SP 800-38A defines 5 modes have block and stream modes to cover a wide variety of applications can be used with any block cipher
88
![Page 89: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/89.jpg)
Block Cipher Operation
Multiple Encryption & Triple-DES Modes of Operation
ECB, CBC, CFB, OFB, CTR, XTS-AES
89
![Page 90: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/90.jpg)
Random Numbers Random numbers play an important role in the use
of encryption for various network security applications
Brief overview of the use of random numbers in cryptography and network security is provided
Focus on the principles of pseudorandom number generation
Getting good random numbers is important, but difficult
90
![Page 91: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/91.jpg)
Random Numbers You don't want someone guessing the key you're
using to protect your communications
Because your "random numbers" weren't (as happened in an early release of Netscape SSL)
Traditionally, the concern in the generation of a sequence of allegedly random numbers has been
91
![Page 92: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/92.jpg)
Random Numbers That the sequence of numbers be random in some
well-defined statistical sense with uniform distribution & independent
Applications such as reciprocal authentication, session key generation, and stream ciphers
The requirement is not just that the sequence of numbers be statistically random
But that the successive members of the sequence are unpredictable 92
![Page 93: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/93.jpg)
Random Numbers With "true" random sequences
Each number is statistically independent of other numbers in the sequence and unpredictable
True random numbers are seldom used
Rather, sequences of numbers that appear to be random are generated by some algorithm
93
![Page 94: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/94.jpg)
Random Numbers Many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay session keys public key generation keystream for a one-time pad
In all cases its critical that these values be statistically random, uniform distribution,
independent unpredictability of future values from previous values
True random numbers provide this Care needed with generated random numbers
94
![Page 95: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/95.jpg)
Pseudorandom Number Generators (PRNGs)
Often use deterministic algorithmic techniques to create “random numbers” although are not truly random can pass many tests of “randomness”
Known as “pseudorandom numbers” Created by “Pseudorandom Number Generators
(PRNGs)”
95
![Page 96: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/96.jpg)
Random & Pseudorandom Number Generators
A true random number generator (TRNG) contrasts with two forms of pseudorandom number generators
A TRNG takes as input a source that is effectively random; the source is often referred to as an entropy source
In contrast, a PRNG takes as input a fixed value, called the seed, and produces a sequence of output bits using a deterministic algorithm
96
![Page 97: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/97.jpg)
Random & Pseudorandom Number Generators
There is some feedback path by which some of the results of the algorithm are fed back as input as additional output bits are produced
The output bit stream is determined solely by the input value or values
So that an adversary who knows the algorithm and the seed can reproduce the entire bit stream
97
![Page 98: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/98.jpg)
Random & Pseudorandom Number Generators
Two different forms of PRNGs, based on application;
Pseudorandom number generator
An algorithm that is used to produce an open-ended sequence of bits is referred to as a PRNG
A common application for an open-ended sequence of bits is as input to a symmetric stream cipher
98
![Page 99: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/99.jpg)
Random & Pseudorandom Number Generators
Pseudorandom function (PRF)
A PRF is used to produced a pseudorandom string of bits of some fixed length
Examples are the symmetric encryption keys and nonces
The PRF takes as input a seed plus some context specific values, such as a user ID or an application ID
99
![Page 100: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/100.jpg)
Stream ciphersRandom Number Generation
Pseudorandom number generation True random numbers Stream ciphers RC4
100
![Page 101: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/101.jpg)
Private-Key Cryptography The development of public-key cryptography is the
greatest
Perhaps the only true revolution in the entire history of cryptography
From its earliest beginnings to modern times, virtually all cryptographic systems have been based on
the elementary tools of substitution and permutation
101
![Page 102: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/102.jpg)
Private-Key Cryptography Can be classed as private/secret/single key
(symmetric) systems
All classical, and modern block and stream ciphers are of this form
102
![Page 103: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/103.jpg)
Private-Key Cryptography Traditional private/secret/single key cryptography
uses one key
Shared by both sender and receiver
If this key is disclosed communications are compromised
Also is symmetric, parties are equal
Hence does not protect sender from receiver forging a message & claiming is sent by sender
103
![Page 104: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/104.jpg)
Public-Key Cryptography
• Probably most significant advance in the 3000 year history of cryptography
• Uses two keys – a public & a private key
• Asymmetric since parties are not equal
• Uses clever application of number theoretic concepts to function
• Complements rather than replaces private key crypto
104
![Page 105: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/105.jpg)
Public-Key Cryptography
• Radically different public key systems, in which two keys are used
• Public-key cryptography provides a radical departure from all that has gone before
• The development of public-key cryptography is the greatest and perhaps the only true revolution in the entire history of cryptography
• It is asymmetric, involving the use of two separate keys, in contrast to symmetric encryption
105
![Page 106: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/106.jpg)
Public-Key Cryptography• symmetric encryption uses only one key
• Anyone knowing the public key can encrypt messages or verify signatures
• But cannot decrypt messages or create signatures, counter-intuitive though this may seem
• The use of two keys has profound consequences in the areas of confidentiality– key distribution– Authentication
106
![Page 107: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/107.jpg)
Public-Key Cryptography• It works by the clever use of number theory
problems
• That are easy one way but hard the other
• Public key schemes are neither more nor less secure than private key
• Security depends on the key size for both
107
![Page 108: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/108.jpg)
Public-Key Cryptography• Nor do they replace private key schemes (they are
too slow to do so), rather they complement them
• Both also have issues with key distribution, requiring the use of some suitable protocol
108
![Page 109: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/109.jpg)
Why Public-Key Cryptography?
• Developed to address two key issues:– key distribution – how to have secure
communications in general without having to trust a KDC with your key
– digital signatures – how to verify a message comes intact from the claimed sender
• Public invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in 1976– known earlier in classified community
109
![Page 110: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/110.jpg)
Public-Key Cryptography
• Asymmetric algorithms rely on one key for encryption
• And a different but related key for decryption
• These algorithms have the following important characteristic
• It is computationally infeasible to determine the decryption key
110
![Page 111: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/111.jpg)
Public-Key Cryptography
• Given only knowledge of the cryptographic algorithm and the encryption key
• In addition, some algorithms, such as RSA, also exhibit the following characteristic
• Either of the two related keys can be used for encryption, with the other used for decryption
111
![Page 112: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/112.jpg)
Public-Key Cryptography
• Anyone knowing the public key can encrypt messages or verify signatures
• But cannot decrypt messages or create signatures, thanks to some clever use of number theory
112
![Page 113: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/113.jpg)
Public-Key Cryptography• Public-key/two-key/asymmetric cryptography involves
the use of two keys: – a public-key, which may be known by anybody, and can be
used to encrypt messages, and verify signatures – a related private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures• Infeasible to determine private key from public• is asymmetric because
– those who encrypt messages or verify signatures cannot decrypt messages or create signatures
113
![Page 114: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/114.jpg)
Public-Key Cryptography
114
![Page 115: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/115.jpg)
Public-Key Cryptography• Stallings Figure 9.1a “Public-Key Cryptography”,
• Shows that a public-key encryption scheme has six ingredients:
• Plaintext: the readable message /data fed into the algorithm as input
• Encryption algorithm: performs various transformations on the plaintext
115
![Page 116: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/116.jpg)
Public-Key Cryptography• Public and private keys: a pair of keys selected so
that if one is used for encryption, the other is used for decryption
• The exact transformations performed by the algorithm depend on the public or private key that is provided as input
116
![Page 117: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/117.jpg)
Public-Key Cryptography• Ciphertext: the scrambled message produced as
output
• It depends on the plaintext and the key
• For a given message, two different keys will produce two different ciphertexts
117
![Page 118: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/118.jpg)
Public-Key Cryptography• Decryption algorithm: accepts the ciphertext and
matching key
• And produces the original plaintext
118
![Page 119: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/119.jpg)
Public-Key Cryptography• Consider the following analogy using padlocked
boxes
• Traditional schemes involve the sender putting a message in a box and locking it
• Sending that to the receiver
• And somehow securely also sending them the key to unlock the box
119
![Page 120: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/120.jpg)
Public-Key Cryptography• The radical advance in public key schemes was to
turn this around
• The receiver sends an unlocked box (their public key) to the sender
• Who puts the message in the box and locks it
120
![Page 121: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/121.jpg)
Public-Key Cryptography• Easy - and having locked it cannot get at the
message
• And sends the locked box to the receiver who can unlock it (also easy), having the (private) key
• An attacker would have to pick the lock on the box (hard)
121
![Page 122: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/122.jpg)
Symmetric vs Public-Key
122
![Page 123: Data Security and Encryption (CSE348) 1. Revision Lectures 1-15 2.](https://reader033.fdocuments.in/reader033/viewer/2022051215/56649e545503460f94b4a8b6/html5/thumbnails/123.jpg)
Revision
Lectures 1-15
123