Introduction

9/11/2011
IntroductiontoCryptography SCR3443 Semester1,2011/12

By:
AssociateProf.DrMazleenaSalleh
DepartmentofComputerSystem&Communication FacultyofComputerScienceandInformationSystems
mazleena@utm.my 075532006/32369
AssociateProfDrMazleenaSalleh
Module1:Introduction
CourseLearningOutcome
Attheendofthecourse,studentsshouldhavethefollowing knowledge,skillsandattitudeto:
Illustratethefundamentalconceptsincryptography. Applythenecessarytheorytoperformencryptionanddecryption processes. Differentiatetechniquesusedincryptographywhichrelatetotheir differentuses. Recommendtools,techniquesandtrendscryptographyfordata security. Formulatedatasecuritystrategiesusinglatestcryptography technique.
9/11/2011
References
HonorCode Collaborationonhomeworkwithotherstudentsencouraged. However,writealoneandgivecredit.

InformationSecurity
Confidentiality/Privacy keepinginformationsecretfromallbutthosewhoare authorizedtoseeit. DataIntegrity ensuringinformationhasnotbeenalteredby unauthorizedorunknownmeans. maintainingdataconsistency EntityAuthentication/Identification corroborationoftheidentityofanentity(e.g.,aperson,a computerterminal,acreditcard,etc.)
9/11/2011
...InformationSecurity
Messageauthentication corroboratingthesourceofinformation;alsoknownas dataoriginauthentication. Signature ameanstobindinformationtoanentity. Authorization conveyance,toanotherentity,ofofficialsanctiontodoor besomething. Validation ameanstoprovidetimelinessofauthorizationtouseor manipulateinformationorresources.
AssociateProfDrMazleenaSalleh Module1:Introduction 5
Accesscontrol restrictingaccesstoresourcestoprivilegedentities. unauthorizedusersarekeptout Certification endorsementofinformationbyatrustedentity. Timestamping recordingthetimeofcreationorexistenceofinformation. Originatorofcommunicationscantdenyitlater
9/11/2011
Witnessing verifyingthecreationorexistenceofinformationbyan entityotherthanthecreator. Nonrepudiation preventingthedenialofpreviouscommitmentsoractions. Availability Legitimateusershaveaccesswhentheyneedit Someobjectivesarecombined: Userauthenticationusedforaccesscontrolpurposes Nonrepudiationcombinedwithauthentication
SecurityThreats
Informationdisclosure/informationleakage Integrityviolation Masquerading Denialofservice Illegitimateuse Genericthreat:Backdoors,trojanhorses,insiderattacks MostInternetsecurityproblemsareaccesscontrolor authenticationones Denialofserviceisalsopopular,butmostlyanannoyance
9/11/2011
MainClassesOfThreats
Interruptionanassetsis lost/unavailable/cannot beutilizedeg:databaseis delete Interceptionanauthorized party(person/program)has gainedaccesstoanasseteg: wiretapping
MainClassesOfThreats
Modification:an unauthorizedparty (person/program)hasgained accessandtamperedaround it,eg:modifyinganitemof database. Fabrication:Productionof counterfeitobjectsfor computingsystem,eg repeatingafinancial transaction
10
9/11/2011
TypesofAttack
Passive attack can only observe communications or data Active attack can actively modify communications or data Often difficult to perform, but very powerful Mail forgery/modification TCP/IP spoofing/session hijacking
11
SecurityMechanism
SecurityMechanism Physicalprotection Cryptography AccessControl Authorization Auditing Cryptographyisonlyasmallpartofprotectionneeded forabsolutesecrecy.
Module1:Introduction 12
9/11/2011
Cryptography
Essentialtoolformakingsecurecomputingsystems. Badlydesignedprotocolsareeasilyexploitedtobreakinto computersystems,toeavesdroponphonecalls,tosteal services,andsoforth. Designishard. Itiseasytounderestimatethetaskandquicklycomeup withadhocprotocolsthatlaterturnouttobewrong. thenecessarytimeandexpertiseforproperprotocol designistypicallyunderestimated,oftenatfuturecost. takesknowledge,effortandingenuitytodothejobright.
Overview Field of Cryptology
14
9/11/2011
Cryptography
Crytographyisthescienceofsecretwriting.MattBlaze Cryptographyisthestudyofsecret(crypto)writing(graphy) concernedwithdevelopingalgorithmswhichmaybeusedto provide(goals): secrecy authenticatethatamessagehasnotchangedintransit (integrity) implicitlyauthenticatethesender Cryptographyisdefensiveandcanprotectordinarycommerce andordinarypeople.
15
SupportforSecurityMechanisms
Threebasicbuildingblocksareused: Encryptionisusedtoprovideconfidentiality,canprovide authenticationandintegrityprotection. Digitalsignaturesareusedtoprovideauthentication,integrity protection,andnonrepudiation. Checksums/hashalgorithmsareusedtoprovideintegrity protection,canprovideauthentication Oneormoresecuritymechanismsarecombinedtoprovidea securityservice.
16
9/11/2011
FundamentalIdeaofCryptography
Possibletotransformplaintextintociphertextin whichinformationispresentbuthidden.Wecan releasethetransformedmessagewithoutexposing theinformationitrepresent. Differenttransformationscreatedifferentciphertext fortheexactsamemessage. Forperfectciphers,anyciphertextcanbeinterpreted asanymessage.
17
WhatCryptographyCanDo
Itcanprotectprivacy. Itseparatesthesecurityofamessagefromthesecurityof themedia. Itcanauthorizesomeone. Itcanfacilitatetrust. Itcanallowfordigitalcredentials(authentication). Itcanvalidatetheintegrityofinformation. Itcanensurethefairnessoffinancialtransactions. Itcanprovideanaudittrailforlaterdisputeresolution. Cryptographystopslyingandcheating.
9/11/2011
OtherUsesofCryptography
Morespecializeduses: Digitalsignatures Undeniabledigitalsignatures Allornothingdisclosureofsecrets Zeroknowledgeproofs Oblivioustransfer Simultaneousexchangeofsecrets Secureelections Digitalcash
ThingsthatCryptographyCannotDo
Cryptographycanonlyhideinformationafteritisencrypted andwhileitremainsencrypted. Secretinformationgenerallydoesnotstartoutencrypted, sothereisnormallyanoriginalperiodwhichthesecretare notprotected. Secretinformationgenerallyisnotusedinencrypted form,soitisagainoutsidethecryptographicenvelope everytimethesecretisused. Cryptographycannotprotectagainstinformants,undercover spying,bugs,photographicevidenceortestimony.
10
9/11/2011
Adversaries
Hackers:informalandinstitutional Insiders Lonecriminals Commercialespionage Press Organizedcrime Terrorists Nationalintelligence
Module1:Introduction 21
CriminalAttacks
HowcanIacquirethemaximumfinancialreturnby attackingthesystem? Forgery,misrepresentation,replay,repudiation Generallyopportunistic Minimumnecessaryresources Focusesonlowtechflaws Focusesontheweakestsystems Mediumrisktolerance:willingtoriskjoborjailtime.
11
9/11/2011
ComponentsofaCryptosystem
Plaintextmessagespace,P Cipertextmessagespace,C Keyspace,K Asetofencryptionalgorithms,Ek Asetofdecryptionalgorithms,Dk
C
C=E(P,K)
AssociateProfDrMazleenaSalleh Module1:Introduction
P=D(C,K)
23
EncryptionandDecryption
Encryption Processofencodinganinformationsothatitsmeaningis notunderstood. Decryption Processofdecodingtheencryptedmessagetogetback theoriginalinformation.
Original Plaintext or Cleartext
Encrypt or Encipher
Ciphertext
Decrypt or Decipher
Recovered Plaintext or Cleartext

24
12
9/11/2011
KeylessandKeyedCryptosystem
KeylesscryptosystemperformsE/Dwithoutusing anykey. Symmetrickey:Key1=Key2 Asymmetrickey:Key1Key2
Ciphertext Plaintext Encrypt Decrypt Plaintext
Key1
Key2
25
AlgorithmE/D
Plaintext,P=[p1,p2,..,pn] Ciphertext,C=[c1,c2,..,cn] IfEandDaretheencryptionandthedecryption algorithmsrespectively,then C=E(P) P=D(C) Cryptosystemshouldbehaveasfollows: P=D(E(P))orP=D(Key2,E(Key1,P))
13
9/11/2011
FeaturesofaGoodCryptosystem
EandDalgorithmsmustbeefficient. Thesystemmustbeeasytoused. Thesecurityofthesystemmustdependonthe secrecyofthekeysandNOTonthesecrecyoftheE andDalgorithms. Thesizeoftheciphertextisnotunnecessarylarger thantheplaintext.
27
Confidentiality
Keepingthecontentsofamessageconfidential:during transmissionorstorage. IfAsendsamessagetoB,buttheenemyinterceptsit,Amust makesurethatthisenemywillneverunderstandsthecontent ofthemessage.
K
Transmitted (or Stored) Ciphertext,
Original Plaintext,
Encrypt,
E (K, P)
Decrypt,
D (K,C)
Recovered Plaintext,
28
14
9/11/2011
Integrity
Provingthatthecontentsofamessagehave remainedunchanged.
Secret channel for keys
P E(K, P)
Seal
D(K, C)
Seal
C
Seal
Verify?
29
Authenticity/NonRepudiation
Provingthatamessagecomesfromthedeclared,authenticsource Preventinganauthenticsourcefromlaterdenying(orrepudiate) theauthenticityofthemessage.
Private Key Public Key TTP Certification Authority
Sign
Digital Signature
Unsign
P P
Verify?
30
15
9/11/2011
SymmetricKeyCryptosystem
Asinglekeysharedbybothsenderandreceiver. Advantages: Fastencryption/decryptionprocess,efficientforlong messages Weakness: Requiresestablishmentofasecurechannelforkeyexchange. Ifthiskeyisdisclosed,communicationsarecompromised. Suppose3personsA,B,Cwanttocommunicatetoeachotherin A B private, K
KAC
AB
KBC
31
Asymmetric/PublicKeyCryptosystem
Keythatisusedtoencryptthemessageisdifferenttothekey usedtodecryptthemessage. Publickeywidelyavailableanyonewantingtosendthema messageusesthealgorithmandtherecipientspublickeyto doso. Onlytherecipient,withtheirprivatekeycandecryptthe message. Weakness computationallyintensive,encryptionanddecryptiontake longer. Notsuitableforencryptinglongmessages
16
9/11/2011
Hashing
Cryptographichashfunctionisadeterministicprocedurethat takesanarbitraryblockofdataandreturnsafixedsizebit string,the(cryptographic)hashvalue. Idealcryptographichashfunctionhasfourmainorsignificant properties: itiseasytocomputethehashvalueforanygivenmessage, itisinfeasibletogenerateamessagethathasagivenhash, itisinfeasibletomodifyamessagewithouthashbeing changed, itisinfeasibletofindtwodifferentmessageswiththe samehash.
Hashing
Acryptographichash function(specifically, SHA1)atwork.Note thatevensmallchanges inthesourceinput(here intheword"over") drasticallychangethe resultingoutput,bythe socalledavalanche effect.
34
17
9/11/2011
BlockCipher
Encryptsagroupofplaintext symbolsasoneblock. Decryptionissimplythereverseof theencryptionprocessusingthe samesecretkey. Differentplaintextblocks,usually64 bits,aremappedtodifferent ciphertextblocks;ablockcipher effectivelyprovidesapermutation ofthesetofallpossiblemessages. Theactualpermutationproduced duringanyparticularoperationis secret,anddeterminedbyakey.
Plaintext Block
Encrypt
Ciphertext Block
35
BlockCipher
Advantages: informationfromtheplaintextisdiffusedintoseveralciphertext symbol. immunitytoinsertionssinceasingleinsertionintoablockwould resultanincorrectlengthandthuscouldbedetectedduring decryption. Disadvantages: blockciphermustwaituntilanentireblockofplaintexthasbeen receivedbeforestartingtheencryptionprocess;thisresultinslowness ofencryption. errorpropagationwherebyasingleerrorwillaffectthetransformation ofallothercharactersinthesameblock.
36
18
9/11/2011
StreamCipher
Astreamcipherbreakstheplaintextintounits,normallya singlecharacter.Itencryptsthenthunitoftheplaintextwith thenthunitofthekeystream. Streamcipherscanbedesignedtobeexceptionallyfast. Eachcharacterisencryptedwithoutregardforanyother plaintextcharacter,eachcharactercanbeencryptedassoon asitisread. Streamcipherhaslowerrorpropagationsinceeachcharacter isseparatelyencoded.Errorencounteronlyaffectsthat particularcharacter.
37
StreamCipher
Runabout10timesfasterthancomparableblockciphers Disadvantages: lowdiffusionwherebyallinformationofthatparticular characteroftheplaintextisretainedinthecharacterof theciphertext. susceptibilitytomaliciousinsertionandmodification
key (optional) ISSOPMI plaintext
wdhuw... ciphertext
38
19
9/11/2011
Cryptanalysis
Processofattemptingtodiscovertheplaintextorthe keyused. Strategydependonthenatureoftheencryption schemeandtheinformationavailable. However,anencryptionschemeisunconditionally secureiftheciphertextgenerateddoesnotcontain enoughinformationtodeterminethecorresponding plaintext.
Reading:Forouzan,pg5660
39
40
20
9/11/2011
CiphertextOnly
Cryptanalysthasonlytheciphertextfromwhichtodeterminethe plaintext. Noknowledgewhatsoeveroftheactualmessage Thecryptoanalysthastheciphertextofoneorseveralmessages. wanttorecovertheplaintextor(better)thekey. Given:C1=E(P1),C2=E(P2),...,Ci=E(Pi) Deduce: EitherP1,P2,...,Pi,K; oranalgorithmtoinferPi+1fromCi+1=E(Pi+1).
KnownPlaintextAttack
Inknownplaintextattacktheattackerhaspairs (x,e(x)),butthechoiceofxisnotunderthe attacker'scontrol.
42
21
9/11/2011
ChosenPlaintext
Attackerhaspairs(x,e(x))andxischosenbytheattacker. capabilitytofindtheciphertextcorrespondingtoan arbitraryplaintextmessageofhisorherownchoosing. Thelikelihoodofthistypeofattackbeingpossibleisnotmuch. Codeswhichcansurvivethisattackareconsideredtobevery secure. Adaptivechosenplaintextattack,thecryptanalystcan determinetheciphertextofchosenplaintextsinaniterative processbasedonpreviousresults.Thisisthegeneralnamefora methodofattackingproductcipherscalled"differential cryptanalysis.
ChosenPlaintextAttack
Wanttorecoverthekey. Given:P1,P2,...,Pi,C1=E(P1),C2=E(P2),...,Ci=E(Pi) wherewecanselectP1,P2,...,Pi. Deduce:EitherKoranalgorithmtoinferPi+1from Ci+1=E(Pi+1).
44
22
9/11/2011
ChosenCiphertext
Cryptanalystcanchooseanarbitraryciphertextand findthecorrespondingdecryptedplaintext. Thisattackcanbeusedinpublickeysystems,where itmayrevealtheprivatekey. Chosetheciphertexttobedecrypted. Given:C1,C2,...,Ci,P1=D(C1),P2=D(C2),...,Pi=D(Ci) Deduce:K
45
BreakableCipher
Thereisanalgorithmknowntobeabletheoretically breakthecipher. Abreakableciphermaynotbefeasiblebroken exceptbyusingcurrenttechnology. Exampleusingbruteforcewhichrequire1030 operations. Cipherisbreakablebutinfeasible! Cryptanalysisishard,tedious,repetitiveandvery expensive.Successisneverassured.
23
9/11/2011
Kerckhoffs'Principle
AlsocalledKerckhoffs'assumption,axiomorlaw State:Acryptosystemshouldbesecureevenifeverythingaboutthe system,exceptthekey,ispublicknowledge. Majorityofciviliancryptographymakesuseofpubliclyknownalgorithms Butciphersusedtoprotectclassifiedgovernmentormilitary informationareoftenkeptsecret. Theresistanceoftheciphertoattackmustbebasedonlyonthesecrecy ofthekey. Keydomainforeachalgorithmissolargethatitmakesitdifficultforthe adversarytofindthekey.
Conclusions
Theproblemwithbadcryptographyisthatitlooksjustlike goodcryptography. Successfulattacksareoftenkeptsecret.Unlessattackers publicize. Weneedtobeproactive. Understandtherealthreatstoasystem Designsystemswithstrongcryptography Buildcryptographyintosystemsatthebeginning Perfectsolutionsarenotrequired,butsystemsthatcanbe brokencompletelyareunacceptable.
24

Introduction

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Introduction

Transféré par

Droits d'auteur :

Formats disponibles

9/11/2011

IntroductiontoCryptography SCR3443 Semester1,2011/12

HonorCode Collaborationonhomeworkwithotherstudentsencouraged. However,writealoneandgivecredit.

Overview Field of Cryptology

Recovered Plaintext or Cleartext

Vous aimerez peut-être aussi