Chapter 5 Cryptography Protecting principals communication in systems.
Published byModified over 4 years ago
Presentation on theme: "Chapter 5 Cryptography Protecting principals communication in systems."— Presentation transcript:
Chapter 5 Cryptography Protecting principals communication in systems
Cryptography Security engineering meets math Cryptography science and art of designing ciphers Cryptanalysis science and art of breaking them Cryptology is both Input is plaintext output is ciphertext
Historical background Early stream cipher Vigenere Early block cipher Playfair One-Way functions Protect integrity and authenticity or message Test key Asymmetric primitives Public and Private key
Random Oracle Model Elf is in a box with following items: Scroll (infinite length) to store previously provided results Die for randomness
Random Function Accepts input string of any length, outputs a random string of fixed length Useful for storing passwords Creates a message digest (hash value) Useful for sending digital signature, since digital signature is long, it can stand for the signature. Same as hashing as learned in database Same string always produces same output string
Random function One-way Given string can produce output string Given hash value very difficult to produce original image To attack must keep feeding in input strings until get lucky and match output string, even then not definate. Collisions can occur but hard to find in a true pseudorandom function
Random Generator Stream Cipher Short input, long output Also know as key stream Go to key stream generator, enter a key, get a long string of characters to xor with Good for encrypting back-up data for instance Must know key to get proper key stream Do not re-use key, or can decrypt Can prevent this by using a seed with each subsequent message
Random permutations Block Ciphers Input output fixed size Given plaintext and key output cipher text Given Cipher text and key output plaintext Given plaintext and cipher text do nothing
Public key Encryption Elf will encrypt message for anyone, but will decrypt only for key owner. So I can give away my public key and anyone can encrypt to me, but only I can decrypt.
Digital signature Can be created by only one person, but checked by anyone. So these are the basic primitives of symmetric crypto schemes
5.4 Symmetric crypto primitives Block ciphers confusion and diffusion S-box Maps numbers (look-up table) Cipher must be wide enough Must have enough “rounds” S-boxes of good design Advanced Encryption Standard (AES)
DES Used widely for banking government etc 56 bits key Always a weakness 14,000 Pentium machines on the net broke a challenge in 4 months Machine built that can do it in 3 days Currently inadequate
Modes of operation Electronic code book (ECB) Cipher Block Chaining (CBC) Output feedback (OFB) Cipher Feedback (CFB)
Asymmetric Cypto Primitives Public key encryption Digital signatures Based on number theory Prime numbers RSA current algorithm based on factoring Used in SSL
Asymmetric Cypto Primitives PGP Government systems Based on discrete logarithms DSA Digital Signature Algorithm AKA Digital Signature Standard (DSS)
Certification We can do public key encryption and digital signatures Now must bind keys to users CA Certification Authority can do that Signs users public encryption Verifies signature Third party trusted source
Discussion topics Breaks of Rijndael Current uses of PGP Current uses of certificates and digital signatures.
List of resources Cryptography http://en.wikipedia.org/wiki/Cryptography Random Oracle Model http://en.wikipedia.org/wiki/Random_oracle_model http://www-cse.ucsd.edu/users/mihir/papers/ro.pdf Public Key http://en.wikipedia.org/wiki/Public-key_cryptography Block ciphers http://www.rsasecurity.com/rsalabs/node.asp?id=21 68 http://www.rsasecurity.com/rsalabs/node.asp?id=21 68
List of resources S boxes http://en.wikipedia.org/wiki/S-box AES http://en.wikipedia.org/wiki/Advanced_Encry ption_Standard http://en.wikipedia.org/wiki/Advanced_Encry ption_Standard DES http://www.rsasecurity.com/rsalabs/node.as p?id=2226 http://www.rsasecurity.com/rsalabs/node.as p?id=2226
List of resources Modes of operation http://www.faqs.org/faqs/cryptography- faq/part01/ http://www.faqs.org/faqs/cryptography- faq/part01/ See 5.14 http://en.wikipedia.org/wiki/Padding_(crypto graphy) http://en.wikipedia.org/wiki/Padding_(crypto graphy) http://searchsecurity.techtarget.com/sDefinit ion/0,,sid14_gci344947,00.html http://searchsecurity.techtarget.com/sDefinit ion/0,,sid14_gci344947,00.html
List of resources Asymmetric http://searchsecurity.techtarget.com/sDefinit ion/0,,sid14_gci836964,00.html http://searchsecurity.techtarget.com/sDefinit ion/0,,sid14_gci836964,00.html DSA DSS http://www.rsasecurity.com/rsalabs/node.as p?id=2239 http://www.rsasecurity.com/rsalabs/node.as p?id=2239 Certificates http://www.verisign.com/products- services/security-services/index.html http://www.verisign.com/products- services/security-services/index.html