Download presentation

Presentation is loading. Please wait.

Published byKory Robbins Modified over 2 years ago

1
CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos elathan@ics.forth.gr

2
Cryptography Elements SSymmetric Encryption -B-Block Ciphers -S-Stream Ciphers AAsymmetric Encryption CCryptographic Hash Functions AApplications CS-457Elias Athanasopoulos2

3
CS-457Elias Athanasopoulos3

4
The need for randomness Key distribution Replay attacks (nonces) Session key generation Generation of keys for the RSA public-key encryption algorithm Stream ciphers CS-457Elias Athanasopoulos4

5
Randomness Uniform distribution - The distribution of bits in the sequence should be uniform; that is, the frequency of occurrence of ones and zeros should be approximately equal. Independence - No one subsequence in the sequence can be inferred from the others. Security requirement - Unpredictability CS-457Elias Athanasopoulos5

6
Random Generator Types True Random Number Generators (TRNGs) Pseudo-random Number Generators (PRNGs) Pseudo-random Functions (PRFs) CS-457Elias Athanasopoulos6

7
CS-457Elias Athanasopoulos7

8
TRNGs CS-457Elias Athanasopoulos8

9
PRNGs r = f(seed); CS-457Elias Athanasopoulos9

10
Requirements Uniformity - Occurrence of a zero or one is equally likely. The expected number of zeros (or ones) is n/2, where n = the sequence length Scalability - Any test applicable to a sequence can also be applied to subsequences extracted at random. If a sequence is random, then any such extracted subsequence should also be random Consistency - The behavior of a generator must be consistent across starting values (seeds) CS-457Elias Athanasopoulos10

11
Tests Frequency test - Determine whether the number of ones and zeros in a sequence is approximately the same as would be expected for a truly random sequence Runs test - Determine whether the number of runs of ones and zeros of various lengths is as expected for a random sequence Maurer’s universal statistical test - Detect whether or not the sequence can be significantly compressed without loss of information. A significantly compressible sequence is considered to be non-random CS-457Elias Athanasopoulos11

12
Unpredictability Forward unpredictability - If the seed is unknown, the next output bit in the sequence should be unpredictable in spite of any knowledge of previous bits in the sequence Backward unpredictability - It should also not be feasible to determine the seed from knowledge of any generated values. No correlation between a seed and any value generated from that seed should be evident; each element of the sequence should appear to be the outcome of an independent random event whose probability is 1/2 CS-457Elias Athanasopoulos12

13
Seed CS-457Elias Athanasopoulos13

14
Cryptographic PRNGs Purpose-built algorithms - Designed specifically and solely for the purpose of generating pseudorandom bit streams. Algorithms based on existing cryptographic algorithms - Cryptographic algorithms have the effect of randomizing input. Indeed, this is a requirement of such algorithms. Three broad categories of cryptographic algorithms are commonly used to create PRNGs: Symmetric block ciphers - Stream ciphers Asymmetric ciphers - RSA, compute primes Hash functions and message authentication codes CS-457Elias Athanasopoulos14

15
Example X n+1 = (aX n + c) mod m Selection of a, c, and m, is very critical: a=7, c=0, m=32 {7, 17, 23, 1, 7, etc.} a=5 - {5, 25, 29, 17, 21, 9, 13, 1, 5, etc.} In theory m should be very large (2^31) CS-457Elias Athanasopoulos15

16
Stream ciphers CS-457Elias Athanasopoulos16

17
CS-457Elias Athanasopoulos17

18
RC4 CS-457Elias Athanasopoulos18 /* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen]; /* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen]; /* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]); /* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]); /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t]; /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t];

19
CS-457Elias Athanasopoulos19

20
CS-457Elias Athanasopoulos20

21
CS-457Elias Athanasopoulos21

22
More maths Any integer a > 1 can be factored in a unique way as: CS-457Elias Athanasopoulos22

23
CS-457Elias Athanasopoulos23

24
Public-Key Cryptography CS-457Elias Athanasopoulos24

25
Properties 2 keys - Public Key (no secrecy) - Private Key (if stolen everything is lost) Easy algorithm, but hard to reverse - Y = f(X), easy - X = f -1 (X), computationally hard - Computationally hard means solvable in non- polynomial time CS-457Elias Athanasopoulos25

26
RSA Plaintext = M, cipher = C C = M e mod n M = C d mod n = (M e mod n) d = M ed mod n Public Key = {e, n} Private Key = {d, n} CS-457Elias Athanasopoulos26

27
Euler’s totient function Written φ(n), and defined as the number of positive integers less than n and relatively prime to n. By convention, φ(1) = 1. CS-457Elias Athanasopoulos27

28
CS-457Elias Athanasopoulos28 Just believe me that this holds! (i.e., φ(pq) =φ(p) φ(q))

29
Euler’s theorem α, n, relative prime - the only positive integer that evenly divides both of them is 1 CS-457Elias Athanasopoulos29

30
RSA Steps p, q, two prime numbers - Private n = pq - n can be public, but recall that it is hard to infer p and q by just knowing n e is relative prime to φ(n) - Public - Recall φ(n) = (p-1)(q-1) d from e, and φ(n) - Private CS-457Elias Athanasopoulos30

31
RSA example 1. Select p = 17 and q = 11 2. Then, n = pq = 17×11 = 187. 3. φ(n) = (p-1)(q-1) = 16×10 = 160. 4. Select e relatively prime to φ(n) = 160 and less than φ(n); e = 7. 5. Determine d - de = 1 (mod 160) and d < 160, - The correct value is d = 23, because 23 × 7 = 161 = (1 × 160) + 1; CS-457Elias Athanasopoulos31

32
Computational Aspects RSA builds on exponents Intensive operation Side channels CS-457Elias Athanasopoulos32

33
CS-457Elias Athanasopoulos33

34
How it works? CS-457Elias Athanasopoulos34

35
Integrity and Message Authentication Integrity - (e.g., download a file) - Message digest Message Authentication Code (MAC) - Used between two parties that share a secret key to authenticate information exchanged between those parties - Input is a secret key and a data block and the product is their hash value, referred to as the MAC - An attacker who alters the message will be unable to alter the MAC value without knowledge of the secret key CS-457Elias Athanasopoulos35

36
Digital Signatures The hash value of a message is encrypted with a user’s private key. Anyone who knows the user’s public key can verify the integrity of the message that is associated with the digital signature. CS-457Elias Athanasopoulos36

37
Simple Hash Functions CS-457Elias Athanasopoulos37

38
Essentially based on compression CS-457Elias Athanasopoulos38

39
Requirements CS-457Elias Athanasopoulos39

40
Applications for Hash Functions CS-457Elias Athanasopoulos40 Passwords - Never stored in plain - Server stores only the hash value - Salt (same plain goes to different hash) Cracking - GPUs - Dictionary attacks

Similar presentations

OK

NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.

NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on ip address classes range Ppt on suspension type insulators Ppt on collection in java Ppt on understanding secularism in india Ppt on sports day at school Ppt on condition monitoring of transformer Download ppt on fdi in retail in india Ppt on introduction to object-oriented programming language Ppt on different types of food in india Ppt on human nutrition and digestion chapter