Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.

Similar presentations


Presentation on theme: "Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer."— Presentation transcript:

1 Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer Engineering A Primer on Modern Cryptography (1) Author: Ahmad Boorghany Instructor: Dr. Rasool Jalili 1 / 38

2 Introduction to Modern Cryptography Sharif University Spring 2015  Definition of Modern Cryptography  Evolution from Classic to Modern Cryptography  Principles of Modern Cryptography  Exact Definitions  Precise Assumptions  Rigorous Proofs of Security  An Introduction to Theory of Complexity  Course Topics Outline 2 / 38

3 Introduction to Modern Cryptography Sharif University Spring 2015 Modern Cryptography and its relation to classic cryptography 3 / 38

4 Introduction to Modern Cryptography Sharif University Spring 2015 Concise Oxford Dictionary (2006):  Cryptography is the art of writing or solving codes. Classically, cryptography  Focused solely on secret communication  Seen as an art, relied on creativity and personal skill  Used only by military and intelligence Classic Cryptography 4 / 38

5 Introduction to Modern Cryptography Sharif University Spring 2015 In the late 20 th century, cryptography deals with  message authentication, digital signatures, protocols for exchanging secret keys, authentication protocols, electronic auctions and elections, digital cash, and more. Nowadays, cryptography is almost everywhere:  ATM machines  Online banking  All HTTPS websites  Remote login and file transfer (SSH, …)  Mobile communications (GSM, …)  Wireless networking (Wi-Fi, WiMAX, …) Modern Cryptography 5 / 38

6 Introduction to Modern Cryptography Sharif University Spring 2015 An encrypted web communication (HTTPS) Cryptography is Everywhere! 6 / 38

7 Introduction to Modern Cryptography Sharif University Spring ,748 Android apps use cryptography (encryption), however, 10,327 (88%) get it wrong [EBFK13] Cryptography is Everywhere! (cont.) 7 / 38

8 Introduction to Modern Cryptography Sharif University Spring 2015 Katz and Lindell [KL08]:  (Modern) Cryptography is the scientific study of techniques for securing digital information, transactions, and distributed computations. Definition of Modern Cryptography Image courtesy of AmazonAmazon 8 / 38

9 Introduction to Modern Cryptography Sharif University Spring 2015 Cryptography Concerns Image courtesy of MicrosoftMicrosoft 9 / 38

10 Introduction to Modern Cryptography Sharif University Spring 2015 Cryptography Concerns (cont.) Image courtesy of MicrosoftMicrosoft 10 / 38

11 Introduction to Modern Cryptography Sharif University Spring 2015 Classic Ciphers 11 / 38 What is its key length? However, not very secure!

12 Introduction to Modern Cryptography Sharif University Spring 2015 Enigma: German World War II machine Broken by British in an effort led by Turing Classic Ciphers (cont.) Images courtesy of Wikipedia and Louise DadeWikipediaLouise Dade 12 / 38

13 Introduction to Modern Cryptography Sharif University Spring 2015 One-time-pad (OTP) Encryption 13 / 38 Proven by Shannon

14 Introduction to Modern Cryptography Sharif University Spring 2015 Principles of Modern Cryptography 14 / 38

15 Introduction to Modern Cryptography Sharif University Spring 2015 Security of a “practical” system must rely not on the impossibility but on the computational difficulty of breaking the system.  “Practical” = more message bits than key bits Rather than: “It is impossible to break the scheme” We might be able to say: “Attacks can exist as long as cost to mount them is prohibitive” Modern Cryptography: A Computational Science Image courtesy of mynextbrain.commynextbrain.com 15 / 38

16 Introduction to Modern Cryptography Sharif University Spring 2015 A sample security proposition:  Cannot be broken with probability better than 10 −30 in 200 years, using the fastest available supercomputer. Cryptography is now not just mathematics; it needs to draw on computer science:  (Computational) Complexity Theory  Design of Algorithms Modern Cryptography: A Computational Science (cont.) Image courtesy of snookerbacker.comsnookerbacker.com 16 / 38

17 Introduction to Modern Cryptography Sharif University Spring 2015 Concrete vs. Asymptotic Security 17 / 38

18 Introduction to Modern Cryptography Sharif University Spring 2015 Auguste Kerckhoffs in the late 19th century:  The cipher method must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience. Why?  Easier to maintain secrecy of a short key rather than an algorithm  Algorithm parts may be leaked: insider or reverse eng.  Key revocation/reissue is easier than algorithm revocation/reissue!  Different people communication: different keys or different algorithms? Kerckhoffs’ principle Image courtesy of WikipediaWikipedia 18 / 38

19 Introduction to Modern Cryptography Sharif University Spring 2015 Why exact definitions for security?  Importance for design - To know what to design - Not to provide more than what needed: efficiency - (different definitions with different security levels are usually proposed for any crypto concept)  Importance for usage - Application designers match their requirement with what a scheme provide - More precise application verification - Not to use the most secure scheme if not needed: efficiency  Importance for study - Comparing different schemes - More precise efficiency/security trade-off  Needed for security proofs (later) Modern Crypto Principles: Exact Definitions 19 / 38

20 Introduction to Modern Cryptography Sharif University Spring 2015 Most modern cryptographic constructions cannot be proven secure unconditionally. Thus, rely on some assumptions:  Hardness of mathematical problems  Hardness of cryptographic primitives Why precise assumptions?  Validation of the assumption - Reliable assumptions should be examined and tested a lot without being successfully refuted. - The hardness of an assumption may be implied by another widely- believed hard assumption. - Both above need precise assumptions. Modern Crypto Principles: Precise Assumptions 20 / 38

21 Introduction to Modern Cryptography Sharif University Spring 2015 Why precise assumptions?  Comparison of schemes - Scheme A relies on assumption X - Scheme B relies on assumption Y - (Stronger) assumption X implies (weaker) assumption Y - Scheme B is better X may become invalid while Y still holds, but not vice versa. - If X and Y incomparable: (Usually) more-studied/simpler assumption is better.  Needed for security proofs (later) Modern Crypto Principles: Precise Assumptions (cont.) 21 / 38

22 Introduction to Modern Cryptography Sharif University Spring 2015 Why a security proof?  Countless examples of unproven schemes that were broken - Sometimes immediately - Sometimes years after being presented or deployed  Security testing is different than software testing - Cannot anticipate an adversary strategy  Experience shown that intuition here is disastrous. Modern Crypto Principles: Rigorous Proofs of Security 22 / 38

23 Introduction to Modern Cryptography Sharif University Spring 2015 Modern Crypto Principles: Rigorous Proofs of Security (cont.) Image courtesy of derf.netderf.net 23 / 38

24 Introduction to Modern Cryptography Sharif University Spring 2015 Integer Factorization is hard  (after exact formulation) If an scheme is provably-secure assuming hardness of factorization:  Bug in the scheme implies - attacker has found a way to factor fast - attacker is smarter than Gauss - and smarter than all living mathematicians Example Assumptions: Mathematical Problem 24 / 38

25 Introduction to Modern Cryptography Sharif University Spring 2015 Block cipher primitives: DES, AES,... Hash functions: MD5, SHA1, SHA2,... Features:  Few such primitives  Bugs rare  Design an art, confidence by history. Drawback: Don’t directly solve any security problem. Example Assumptions: Crypto Primitives 25 / 38

26 Introduction to Modern Cryptography Sharif University Spring 2015 Goal: Solve security problem of direct interest. Examples: encryption, authentication, digital signatures, key distribution,... Features:  Lots of them  Bugs common in practice History shows that building schemes from primitives is usually the weak link:  AES or SHA-2 secure, yet  Higher level scheme insecure Example Assumptions: Crypto Primitives (cont.) 26 / 38

27 Introduction to Modern Cryptography Sharif University Spring 2015 Theory of Complexity An Introduction 27 / 38

28 Introduction to Modern Cryptography Sharif University Spring 2015 Computation in cryptography is done by algorithms. But, what is an algorithm?  Wikipedia: a step-by-step procedure for calculations.  Oxford dictionary: a process or set of rules to be followed in calculations or other problem-solving operations, especially by a computer. We need a precise definition for algorithm/computation. Formal definition: An algorithm = A Turing machine Computation Model 28 / 38

29 Introduction to Modern Cryptography Sharif University Spring 2015 What is a Turing machine?  Semantics:  An automata with access to an infinite tape.  Initially, the input on the tape.  Upon halting (if any), tape content is the output. Turing Machines Image courtesy of its designer 29 / 38

30 Introduction to Modern Cryptography Sharif University Spring 2015 Turing Machines (cont.) 30 / 38

31 Introduction to Modern Cryptography Sharif University Spring 2015 Turing Machines (cont.) Some text from WikipediaWikipedia 31 / 38

32 Introduction to Modern Cryptography Sharif University Spring 2015 Course Topics (tentative) 32 / 38

33 Introduction to Modern Cryptography Sharif University Spring 2015  Preliminaries (1 sess.)  Some fundamental concepts from complexity theory  Deeper look on security definition and model  Games as a useful tool for security definition and proof  Primitives (1 sess.)  Mathematical notions for crypto primitives, e.g., one-way functions (OWF) and trapdoor permutations (TDP)  Pseudo-randomness (1 sess.)  The notions of randomness and pseudo-randomness  Mathematical notions to capture pseudo-random primitives, e.g., pseudo-random generators (PRNG) and pseudo-random functions (PRF) Course Topics 33 / 38

34 Introduction to Modern Cryptography Sharif University Spring 2015  Simple cryptographic proofs (1 sess.)  Constructing and proving secure primitives, e.g., PRFs from PRGs  Samples of security definitions, attack models, and security proofs.  Symmetric encryption (2 sess.)  Minimal full-fledged security definition for encryption (CPA)  Simple encryption scheme built upon PRFs  Provably-secure operation modes  Stronger notions of security for symmetric encryption (CCA). Course Topics (cont.) 34 / 38

35 Introduction to Modern Cryptography Sharif University Spring 2015  Hash functions and message authentication codes (2 sess.)  Universal and collision-resistant hash function (CRHF)  Provably-secure message authentication codes  Provably-secure hash functions from other primitives, such as block ciphers.  Secure MACs using PRFs, CRHFs, and block ciphers.  Asymmetric (public-key) encryption (3 sess.)  Different definitions for different levels of security for a public-key encryption scheme (CPA, CCA, CCA2, etc.)  Constructions: RSA, El-Gamal, GM, etc. Course Topics (cont.) 35 / 38

36 Introduction to Modern Cryptography Sharif University Spring 2015  Mathematics of public-key cryptography (2 sess.)  Quick review on mathematical backgrounds, i.e., group theory, factoring, discrete logarithm problems, elliptic curves, etc.  Applied provably-secure schemes (1 sess.)  Applications of provably-secure schemes  Authenticated encryption schemes and hybrid encryption Course Topics (cont.) 36 / 38

37 Introduction to Modern Cryptography Sharif University Spring 2015  Other topics  Digital signature schemes (2 sess.)  Simulation-based security definitions (3 sess.)  Random oracle model (2 sess.)  Identification and key distribution (3 sess.)  Two-party and multi-party computation (3 sess.)  Quantum and post-quantum cryptography (1 sess.)  Review of other not-covered topics (1 sess.) Course Topics (cont.) 37 / 38

38 Introduction to Modern Cryptography Sharif University Spring 2015 Questions? 38 / 38

39 Introduction to Modern Cryptography Sharif University Spring 2015 [KL08]Katz, Jonathan, and Yehuda Lindell. Introduction to modern cryptography: principles and protocols. CRC Press, [EBFK13]Egele, Manuel, David Brumley, Yanick Fratantonio, and Christopher Kruegel. "An empirical study of cryptographic misuse in Android applications." In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp ACM, References 39 / 38

40 Introduction to Modern Cryptography Sharif University Spring 2015 Backup Slides 40 / 38

41 Introduction to Modern Cryptography Sharif University Spring 2015 A Multi-tape Turing Machine Image courtesy of jflap.orgjflap.org 41 / 38

42 Introduction to Modern Cryptography Sharif University Spring 2015  JFLAP Simulator Image courtesy of jflap.orgjflap.org 42 / 38

43 Introduction to Modern Cryptography Sharif University Spring 2015 A Randomized Turing Machine Image courtesy of its designer 43 / 38


Download ppt "Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer."

Similar presentations


Ads by Google