Download presentation

Presentation is loading. Please wait.

Published byJayla Burroughs Modified over 2 years ago

1
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz

2
Some examples (Shift cipher) (Substitution cipher) (Vigenere cipher)

3
Moral of the story? Key space should be large –Necessary, but not sufficient Don’t use “simple” schemes Thoroughly analyze schemes before using –Better yet, use schemes that other, smarter people have already analyzed…

4
Re-thinking the problem What do we mean by security? –I.e., not being able to determine the key?? –Types of attacks Perfect security –One-time pad Computational security –Block ciphers and modes of encryption –DES and AES

5
Notions of Security What constitutes a “break”? What kind of attacks? Note: always assume adversary knows full details of the scheme (except the key…) –Never aim for “security through obscurity”

6
Security goals? Adversary unable to recover the key –Necessary, but meaningless on its own… Adversary unable to recover entire plaintext –Good, but is it enough? Adversary unable to determine any information at all about the plaintext –Sounds great! –Can we achieve it?

7
One-time pad (One-time pad)

8
Properties of one-time pad? Achieves perfect secrecy (proof) –No eavesdropper (no matter how powerful) can determine any information whatsoever about the plaintext (Essentially) useless in practice… –Long key length –Can only be used once (hence the name!)

9
Weaken security guarantee? Instead of requiring that no adversary can learn anything about the plaintext… …require that no adversary running in any “reasonable amount of time” can learn anything about the plaintext except with “very small probability” –“Reasonable time” = 10 6 years –“Very small probability” = 2 -64 –Computational security

10
Simpler characterization? Equivalent to the following, simpler definition: –Given a ciphertext C which is known to be an encryption of either M 0 or M 1, an adversary cannot guess which one was actually encrypted –More precisely, no adversary running in reasonable amount of time can guess correctly with probability significantly better than ½.

11
The take-home message Weakening the definition slightly allows us to construct much more efficient schemes! Strictly speaking, no longer 100% absolutely guaranteed to be secure –Security of encryption now depends on security of building blocks (which are analyzed extensively, and are assumed to be secure) –Given enough time, the scheme can be broken

12
Security? We now have a working definition of what it means for encryption to be secure What sort of attacks should we consider?

13
Attacks Ciphertext only Known plaintext Chosen plaintext Chosen ciphertext (includes chosen plaintext attacks)

14
Attacks… A typical standard is security against chosen-plaintext attacks Security against chosen-ciphertext attacks is increasingly required Note that the one-time pad is insecure against known-plaintext attack

15
Randomized encryption To be secure against chosen-plaintext attack, encryption must be randomized –We will see later how this comes into play

16
Block ciphers Keyed permutation; input/output length Large key space Modeled as a (family of) random permutations… Example – “trivial” encryption: –C = F K (m) –This is not randomized…

Similar presentations

OK

CS555Spring 2012/Topic 151 Cryptography CS 555 Topic 15: HMAC, Combining Encryption & Authentication.

CS555Spring 2012/Topic 151 Cryptography CS 555 Topic 15: HMAC, Combining Encryption & Authentication.

© 2018 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on hay job evaluation Ppt on lunar and solar eclipse Ppt on operating system concepts Ppt on hydro power plant for class 10 Ppt on point contact diode construction Ppt on summary writing rubric Ppt on chapter 3 atoms and molecules bill Ppt on master slave jk flip flop Ppt on political parties and electoral process in the philippines Ppt on reflection of light for class 7