# CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

## Presentation on theme: "CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos"— Presentation transcript:

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos elathan@ics.forth.gr

Cryptography Elements SSymmetric Encryption -B-Block Ciphers -S-Stream Ciphers AAsymmetric Encryption CCryptographic Hash Functions AApplications CS-457Elias Athanasopoulos2

CS-457Elias Athanasopoulos3

The need for randomness  Key distribution  Replay attacks (nonces)  Session key generation  Generation of keys for the RSA public-key encryption algorithm  Stream ciphers CS-457Elias Athanasopoulos4

Randomness  Uniform distribution - The distribution of bits in the sequence should be uniform; that is, the frequency of occurrence of ones and zeros should be approximately equal.  Independence - No one subsequence in the sequence can be inferred from the others.  Security requirement - Unpredictability CS-457Elias Athanasopoulos5

Random Generator Types  True Random Number Generators (TRNGs)  Pseudo-random Number Generators (PRNGs)  Pseudo-random Functions (PRFs) CS-457Elias Athanasopoulos6

CS-457Elias Athanasopoulos7

TRNGs CS-457Elias Athanasopoulos8

PRNGs r = f(seed); CS-457Elias Athanasopoulos9

Requirements  Uniformity - Occurrence of a zero or one is equally likely. The expected number of zeros (or ones) is n/2, where n = the sequence length  Scalability - Any test applicable to a sequence can also be applied to subsequences extracted at random. If a sequence is random, then any such extracted subsequence should also be random  Consistency - The behavior of a generator must be consistent across starting values (seeds) CS-457Elias Athanasopoulos10

Tests  Frequency test - Determine whether the number of ones and zeros in a sequence is approximately the same as would be expected for a truly random sequence  Runs test - Determine whether the number of runs of ones and zeros of various lengths is as expected for a random sequence  Maurer’s universal statistical test - Detect whether or not the sequence can be significantly compressed without loss of information. A significantly compressible sequence is considered to be non-random CS-457Elias Athanasopoulos11

Unpredictability  Forward unpredictability - If the seed is unknown, the next output bit in the sequence should be unpredictable in spite of any knowledge of previous bits in the sequence  Backward unpredictability - It should also not be feasible to determine the seed from knowledge of any generated values. No correlation between a seed and any value generated from that seed should be evident; each element of the sequence should appear to be the outcome of an independent random event whose probability is 1/2 CS-457Elias Athanasopoulos12

Seed CS-457Elias Athanasopoulos13

Cryptographic PRNGs  Purpose-built algorithms - Designed specifically and solely for the purpose of generating pseudorandom bit streams.  Algorithms based on existing cryptographic algorithms - Cryptographic algorithms have the effect of randomizing input. Indeed, this is a requirement of such algorithms. Three broad categories of cryptographic algorithms are commonly used to create PRNGs:  Symmetric block ciphers - Stream ciphers  Asymmetric ciphers - RSA, compute primes  Hash functions and message authentication codes CS-457Elias Athanasopoulos14

Example X n+1 = (aX n + c) mod m Selection of a, c, and m, is very critical:  a=7, c=0, m=32  {7, 17, 23, 1, 7, etc.}  a=5 - {5, 25, 29, 17, 21, 9, 13, 1, 5, etc.}  In theory m should be very large (2^31) CS-457Elias Athanasopoulos15

Stream ciphers CS-457Elias Athanasopoulos16

CS-457Elias Athanasopoulos17

RC4 CS-457Elias Athanasopoulos18 /* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen]; /* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen]; /* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]); /* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]); /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t]; /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t];

CS-457Elias Athanasopoulos19

CS-457Elias Athanasopoulos20

CS-457Elias Athanasopoulos21

More maths  Any integer a > 1 can be factored in a unique way as: CS-457Elias Athanasopoulos22

CS-457Elias Athanasopoulos23

Public-Key Cryptography CS-457Elias Athanasopoulos24

Properties  2 keys - Public Key (no secrecy) - Private Key (if stolen everything is lost)  Easy algorithm, but hard to reverse - Y = f(X), easy - X = f -1 (X), computationally hard - Computationally hard means solvable in non- polynomial time CS-457Elias Athanasopoulos25

RSA Plaintext = M, cipher = C C = M e mod n M = C d mod n = (M e mod n) d = M ed mod n Public Key = {e, n} Private Key = {d, n} CS-457Elias Athanasopoulos26

Euler’s totient function  Written φ(n), and defined as the number of positive integers less than n and relatively prime to n. By convention, φ(1) = 1. CS-457Elias Athanasopoulos27

CS-457Elias Athanasopoulos28 Just believe me that this holds! (i.e., φ(pq) =φ(p) φ(q))

Euler’s theorem  α, n, relative prime - the only positive integer that evenly divides both of them is 1 CS-457Elias Athanasopoulos29

RSA Steps  p, q, two prime numbers - Private  n = pq - n can be public, but recall that it is hard to infer p and q by just knowing n  e is relative prime to φ(n) - Public - Recall φ(n) = (p-1)(q-1)  d from e, and φ(n) - Private CS-457Elias Athanasopoulos30

RSA example 1. Select p = 17 and q = 11 2. Then, n = pq = 17×11 = 187. 3. φ(n) = (p-1)(q-1) = 16×10 = 160. 4. Select e relatively prime to φ(n) = 160 and less than φ(n); e = 7. 5. Determine d - de = 1 (mod 160) and d < 160, - The correct value is d = 23, because 23 × 7 = 161 = (1 × 160) + 1; CS-457Elias Athanasopoulos31

Computational Aspects  RSA builds on exponents  Intensive operation  Side channels CS-457Elias Athanasopoulos32

CS-457Elias Athanasopoulos33

How it works? CS-457Elias Athanasopoulos34

Integrity and Message Authentication  Integrity - (e.g., download a file) - Message digest  Message Authentication Code (MAC) - Used between two parties that share a secret key to authenticate information exchanged between those parties - Input is a secret key and a data block and the product is their hash value, referred to as the MAC - An attacker who alters the message will be unable to alter the MAC value without knowledge of the secret key CS-457Elias Athanasopoulos35

Digital Signatures  The hash value of a message is encrypted with a user’s private key. Anyone who knows the user’s public key can verify the integrity of the message that is associated with the digital signature. CS-457Elias Athanasopoulos36

Simple Hash Functions CS-457Elias Athanasopoulos37

Essentially based on compression CS-457Elias Athanasopoulos38

Requirements CS-457Elias Athanasopoulos39

Applications for Hash Functions CS-457Elias Athanasopoulos40  Passwords - Never stored in plain - Server stores only the hash value - Salt (same plain goes to different hash)  Cracking - GPUs - Dictionary attacks

Download ppt "CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos"

Similar presentations