Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy.

Similar presentations


Presentation on theme: "Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy."— Presentation transcript:

1 Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy

2 Definitions

3 Plaintext: easy to understand form (original message) Plaintext: easy to understand form (original message) Ciphertext: difficult to understand form Ciphertext: difficult to understand form Encryption: encoding (plaintext -> ciphertext) Encryption: encoding (plaintext -> ciphertext) Decryption: decoding (ciphertext -> plaintext) Decryption: decoding (ciphertext -> plaintext) Cryptology: study of encryption Cryptology: study of encryption Cryptography: use of encryption Cryptography: use of encryption Cryptanalysis: breaking encryption Cryptanalysis: breaking encryption Definitions

4 Definitions AliceShe is an end user/computer without malicious intentions, one of the main users of cryptography. AliceShe is an end user/computer without malicious intentions, one of the main users of cryptography. BobHe is Alices friend and is also a main user of cryptography, without malicious intentions. BobHe is Alices friend and is also a main user of cryptography, without malicious intentions. CathyAnother user of cryptography; she does not usually have a large roll nor malicious intentions. CathyAnother user of cryptography; she does not usually have a large roll nor malicious intentions. EveA malicious user that does not interfere with communications. She simply wants to eavesdrop on the conversation between two other characters, typically Alice and Bob, but does not actively try to attack the communication. EveA malicious user that does not interfere with communications. She simply wants to eavesdrop on the conversation between two other characters, typically Alice and Bob, but does not actively try to attack the communication. MalloryThe malicious user. Always trying to thwart attempts by other characters to communicate securely. MalloryThe malicious user. Always trying to thwart attempts by other characters to communicate securely. TrentHe is a trusted third party. He only communicates with Alice, Bob, or Cathy when they ask for his help. He can always be trusted to do what he says he will do. TrentHe is a trusted third party. He only communicates with Alice, Bob, or Cathy when they ask for his help. He can always be trusted to do what he says he will do. Group of individuals

5 Hacker – is a general term that has historically been used to describe a computer programming expert. More recently, this term is commonly used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Hacker – is a general term that has historically been used to describe a computer programming expert. More recently, this term is commonly used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Cracker – is the term that is generally regarded as the more accurate word that is used to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Cracker – is the term that is generally regarded as the more accurate word that is used to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.

6 Group of individuals Phreaker – is an individual that manipulates the phone network in order to cause it to perform a function that is normally not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. Phreaker – is an individual that manipulates the phone network in order to cause it to perform a function that is normally not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. Spammer – is an individual that sends large quantities of unsolicited messages. Spammers often use viruses to take control of home computers in order to use these computers to send out their bulk messages. Spammer – is an individual that sends large quantities of unsolicited messages. Spammers often use viruses to take control of home computers in order to use these computers to send out their bulk messages. Fisher – uses or other means in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The Phisher will masquerade as a trusted party that would have a legitimate need for the sensitive information. Fisher – uses or other means in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The Phisher will masquerade as a trusted party that would have a legitimate need for the sensitive information.

7 Group of individuals White hat – is a term used to describe individuals that use their abilities to find vulnerabilities in systems or networks, and then report these vulnerabilities to the owners of the system so that they can be fixed. White hat – is a term used to describe individuals that use their abilities to find vulnerabilities in systems or networks, and then report these vulnerabilities to the owners of the system so that they can be fixed. Black hat – is another term for individuals that use their knowledge of computer systems to break into systems or networks that they are not authorized to use. Black hat – is another term for individuals that use their knowledge of computer systems to break into systems or networks that they are not authorized to use.

8 KeyA random piece of data used with encryption and decryption. Encryption and decryption algorithms require a key and plain text or cipher text to produce cipher text or plain text, respectively. KeyA random piece of data used with encryption and decryption. Encryption and decryption algorithms require a key and plain text or cipher text to produce cipher text or plain text, respectively. Security Association A set of information that describes how the communicating entities will utilize security. Security Association A set of information that describes how the communicating entities will utilize security. Definitions

9 Modern Cryptography

10 Types of Cryptographic Systems Symmetric-key cryptosystems Symmetric-key cryptosystems Asymmetric-key or Public-key cryptosystems Asymmetric-key or Public-key cryptosystems Hybrid (Symmetric-key and Asymmetric-key) cryptosystems Hybrid (Symmetric-key and Asymmetric-key) cryptosystems

11 Symmetric Encryption Uses conventional / secret-key / single-key Uses conventional / secret-key / single-key Sender and recipient share a common key Sender and recipient share a common key All classical encryption algorithms are private- key All classical encryption algorithms are private- key The only type prior to invention of public-key in 1970s The only type prior to invention of public-key in 1970s

12 Symmetric Cipher Model

13 Requirements Two requirements for secure use of symmetric encryption: Two requirements for secure use of symmetric encryption: Strong encryption algorithm Strong encryption algorithm Secret key known only to sender / receiver Secret key known only to sender / receiver Y = E K (X) X = D K (Y) Assume encryption algorithm is known Assume encryption algorithm is known Implies a secure channel to distribute key Implies a secure channel to distribute key

14 Block ciphers and Stream ciphers Each secret-key cryptography algorithm or cipher typically works in two phases: Each secret-key cryptography algorithm or cipher typically works in two phases: key set-up phase key set-up phase ciphering or encrypt and decrypt phase. ciphering or encrypt and decrypt phase. There are two major classes of these algorithms: block ciphers and stream ciphers. There are two major classes of these algorithms: block ciphers and stream ciphers. Block ciphers encrypt plaintext in units of blocks and likewise decrypt cipher text in units of blocks. Block ciphers encrypt plaintext in units of blocks and likewise decrypt cipher text in units of blocks. Stream ciphers encrypt plaintext in one stream and decrypt cipher text likewise. Stream ciphers encrypt plaintext in one stream and decrypt cipher text likewise.

15 Block cipher operation

16 Stream cipher operation

17 Mode of Operation Mode of Operation There are three important block cipher modes: Electronic Code Book (ECB) Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Block Chaining (CBC) Cipher Feedback Mode (CFB) Cipher Feedback Mode (CFB)

18 Electronic Codebook Book (ECB)

19 Cipher Block Chaining (CBC)

20 Cipher FeedBack (CFB)

21 Output FeedBack (OFB)

22 Symmetric-key cryptosystems Examples of symmetric key algorithms are as follows: Data Encryption Standard (DES) (56bits) Data Encryption Standard (DES) (56bits) Data Encryption Standard (DES) (56bits) Data Encryption Standard (DES) (56bits) Triple DES (3DES) (168 bits) Triple DES (3DES) (168 bits) Triple DES (3DES) (168 bits) Triple DES (3DES) (168 bits) Advanced Encryption Standard (AES) Advanced Encryption Standard (AES) Advanced Encryption Standard (AES) Advanced Encryption Standard (AES) International Data Encryption Algorithm (IDEA) (128 bits) International Data Encryption Algorithm (IDEA) (128 bits) Rivets Cipher 4 (RC4) (variable length key) Rivets Cipher 4 (RC4) (variable length key)

23 DES Encryption

24 Initial Permutation IP first step of the data computation first step of the data computation IP reorders the input data bits IP reorders the input data bits even bits to LH half, odd bits to RH half even bits to LH half, odd bits to RH half quite regular in structure (easy in h/w) quite regular in structure (easy in h/w)

25 DES Round Structure uses two 32-bit L & R halves uses two 32-bit L & R halves as for any Feistel cipher can describe as: as for any Feistel cipher can describe as: L i = R i–1 R i = L i–1 xor F(R i–1, K i ) takes 32-bit R half and 48-bit subkey and: takes 32-bit R half and 48-bit subkey and: expands R to 48-bits using perm E expands R to 48-bits using perm E adds to subkey adds to subkey passes through 8 S-boxes to get 32-bit result passes through 8 S-boxes to get 32-bit result finally permutes this using 32-bit perm P finally permutes this using 32-bit perm P

26 DES Round Structure

27 Substitution Boxes S have eight S-boxes which map 6 to 4 bits have eight S-boxes which map 6 to 4 bits each S-box is actually 4 little 4 bit boxes each S-box is actually 4 little 4 bit boxes outer bits 1 & 6 (row bits) select one rows outer bits 1 & 6 (row bits) select one rows inner bits 2-5 (col bits) are substituted inner bits 2-5 (col bits) are substituted result is 8 lots of 4 bits, or 32 bits result is 8 lots of 4 bits, or 32 bits row selection depends on both data & key row selection depends on both data & key feature known as autokeying feature known as autokeying

28 Triple DES clear a replacement for DES was needed clear a replacement for DES was needed theoretical attacks that can break it theoretical attacks that can break it demonstrated exhaustive key search attacks demonstrated exhaustive key search attacks AES is a new cipher alternative AES is a new cipher alternative prior to this alternative was to use multiple encryption with DES implementations prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form Triple-DES is the chosen form

29 Triple-DES with Two-Keys hence must use 3 encryptions hence must use 3 encryptions would seem to need 3 distinct keys would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence but can use 2 keys with E-D-E sequence C = E K1 [D K2 [E K1 [P]]] C = E K1 [D K2 [E K1 [P]]] if K1=K2 then can work with single DES if K1=K2 then can work with single DES standardized in ANSI X9.17 & ISO8732 standardized in ANSI X9.17 & ISO8732 no current known practical attacks no current known practical attacks

30 Triple-DES with Three-Keys although are no practical attacks on two- key Triple-DES have some indications although are no practical attacks on two- key Triple-DES have some indications can use Triple-DES with Three-Keys to avoid even these can use Triple-DES with Three-Keys to avoid even these C = E K3 [D K2 [E K1 [P]]] C = E K3 [D K2 [E K1 [P]]] has been adopted by some Internet applications, eg PGP, S/MIME has been adopted by some Internet applications, eg PGP, S/MIME

31 Triple DES (3DES) The technique used by 3DES is known as EDE (Encrypt-Decrypt-Encrypt). The plaintext message is encrypted using the first 8 bytes of the 3DES. The plaintext message is encrypted using the first 8 bytes of the 3DES. Then the message is decrypted using the middle 8 bytes of the key. Then the message is decrypted using the middle 8 bytes of the key. Finally, the message is encrypted using the last 8 bytes of the key to produce an 8-byte block. Finally, the message is encrypted using the last 8 bytes of the key to produce an 8-byte block.

32 Triple DES (3DES) )

33 AES Requirements private key symmetric block cipher private key symmetric block cipher 128-bit data, 128/192/256-bit keys 128-bit data, 128/192/256-bit keys stronger & faster than Triple-DES stronger & faster than Triple-DES active life of years (+ archival use) active life of years (+ archival use) provide full specification & design details provide full specification & design details both C & Java implementations both C & Java implementations

34 Rijndael data block of 4 columns of 4 bytes is state data block of 4 columns of 4 bytes is state key is expanded to array of words key is expanded to array of words has 9/11/13 rounds in which state undergoes: has 9/11/13 rounds in which state undergoes: byte substitution (1 S-box used on every byte) byte substitution (1 S-box used on every byte) shift rows (permute bytes between groups/columns) shift rows (permute bytes between groups/columns) mix columns (subs using matrix multipy of groups) mix columns (subs using matrix multipy of groups) add round key (XOR state with key material) add round key (XOR state with key material) view as alternating XOR key & scramble data bytes view as alternating XOR key & scramble data bytes initial XOR key material & incomplete last round initial XOR key material & incomplete last round with fast XOR & table lookup implementation with fast XOR & table lookup implementation

35 Rijndael

36 Byte Substitution

37 Shift Rows

38 Mix Columns

39 Add Round Key

40 AES Decryption

41 Asymmetric-key or Public Key Encryption Based on mathematical algorithms Based on mathematical algorithms Asymmetric Asymmetric Use two separate keys Use two separate keys Public Key issues Public Key issues Plain text Plain text Encryption algorithm Encryption algorithm Public and private key Public and private key Cipher text Cipher text Decryption algorithm Decryption algorithm

42 Public Key Encryption – Encryption

43 Public Key Encryption – Authentication

44 Public Key Encryption - Operation One key made public One key made public Used for encryption Used for encryption Other kept private Other kept private Used for decryption Used for decryption Infeasible to determine decryption key given encryption key and algorithm Infeasible to determine decryption key given encryption key and algorithm Either key can be used for encryption, the other for decryption Either key can be used for encryption, the other for decryption

45 Steps User generates pair of keys User generates pair of keys User places one key in public domain User places one key in public domain To send a message to this user, encrypt using public key To send a message to this user, encrypt using public key User decrypts using private key User decrypts using private key

46 Digital Signature Sender encrypts message with their private key Sender encrypts message with their private key Receiver can decrypt using senders public key Receiver can decrypt using senders public key This authenticates sender, who is only person who has the matching key This authenticates sender, who is only person who has the matching key Does not give privacy of data Does not give privacy of data Decrypt key is public Decrypt key is public

47 Asymmetric-key or Public-key Cryptosystems There are many examples of commonly used public-key systems including: Diffie-Hellman Diffie-Hellman Diffie-Hellman Rivest, Shamir, Adleman (RSA) Rivest, Shamir, Adleman (RSA) Rivest, Shamir, Adleman (RSA) Rivest, Shamir, Adleman (RSA) Digital Signature Algorithm (DSA) / Digital Signature Algorithm (DSA) / Al Gamal Al Gamal Elliptic Curve Cryptosystem (ECC) Elliptic Curve Cryptosystem (ECC)

48 Diffie-Hellman Key Exchange first public-key type scheme proposed first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts by Diffie & Hellman in 1976 along with the exposition of public key concepts note: now know that James Ellis (UK CESG) secretly proposed the concept in 1970 note: now know that James Ellis (UK CESG) secretly proposed the concept in 1970 is a practical method for public exchange of a secret key is a practical method for public exchange of a secret key

49 Diffie-Hellman Key Exchange

50 RSA Algorithm Were using Big Integers here: Choose large secret prime numbers p and q Choose large secret prime numbers p and q Calculate N = p * q Calculate N = p * q Choose exponent e such that Choose exponent e such that gcd(e, (p-1)(q-1)) = 1 gcd(e, (p-1)(q-1)) = 1 Normally choose 3, 17 or Normally choose 3, 17 or Public key is pair N and e Public key is pair N and e Choose d so that Choose d so that e * d = 1 (mod (p-1)(q-1)) e * d = 1 (mod (p-1)(q-1)) Private key is d (for efficiency d, p, q) Private key is d (for efficiency d, p, q) Encryption: c = m e (mod N) Encryption: c = m e (mod N) Decryption: m = c d (mod N) Decryption: m = c d (mod N) Baby example Baby example p=7, q=11 N=7737 gcd (37,(7-1)(11-1)) = 1 77, *13=481=1(mod 60) mod 77 = mod 77 = 2

51 Public Key Certificate Use

52 Digital certificates

53 Digital certificates include: Digital certificates include: A public key A public key An individual or organisations details An individual or organisations details A digital signature from a certifying authority (CA) A digital signature from a certifying authority (CA) This states that the CA has seen proof of identityThis states that the CA has seen proof of identity Common certifying authorities: Common certifying authorities: VeriSign, Thawte, Equifax Secure, British Telecom VeriSign, Thawte, Equifax Secure, British Telecom CAs are themselves certified by other CAs CAs are themselves certified by other CAs A few root CAs are usually trusted A few root CAs are usually trusted

54 Message Authentication

55 Message Authentication Code Generate authentication code based on shared key and message Generate authentication code based on shared key and message Common key shared between A and B Common key shared between A and B If only sender and receiver know key and code matches: If only sender and receiver know key and code matches: Receiver assured message has not altered Receiver assured message has not altered Receiver assured message is from alleged sender Receiver assured message is from alleged sender If message has sequence number, receiver assured of proper sequence If message has sequence number, receiver assured of proper sequence

56 Hash Functions vs. MAC

57 Hash Function Generate a fixed length Fingerprint for an arbitrary length message No Key involved Must be at least One-way to be useful Constructions Iterated hash functions (MD4-family hash functions): MD5, SHA1, … Hash functions based on block ciphers: MDC(Manipulation Detection Code) Hash Functions H Message M Message Digest D D = H(M)

58 MAC Generate a fixed length MAC for an arbitrary length message A keyed hash function Message origin authentication Message integrity Entity authentication Transaction authentication Message Authentication Codes (MACs) MAC SEND MAC Shared Secret Key

59 Comparison of Hash Function & MAC Hash function Arbitrary length message Hash fixed length MAC function Arbitrary length message MAC fixed length Secret key Easy to compute Compression: arbitrary length input to fixed length output Unkeyed function vs. Keyed function

60 Symmetric Authentication (MAC) Secret key algorithm K AB Shared Secret key between Alice and Bob Secret key algorithm K AB yes no Message MAC transmit Message MAC Alice Bob Shared Secret key between Alice and Bob

61 Digital Signature Hash function Alices Public key yes no Message Signature transmit Message Signature Alice Bob Public key algorithm Alices Private key Hash value Hash function Hash value 1 Public key algorithm Hash value 2

62 Hashing A hashing algorithm refers to a mathematical function that takes a variable- size string as input and transforms (hashes) it into a fixed-size string, which is called the hash value. A hashing algorithm refers to a mathematical function that takes a variable- size string as input and transforms (hashes) it into a fixed-size string, which is called the hash value. One of the most common uses of hashing in network security is to produce condensed representations of messages or fingerprints, often known as message digests, by applying a hashing algorithm to an arbitrary amount of data the message. One of the most common uses of hashing in network security is to produce condensed representations of messages or fingerprints, often known as message digests, by applying a hashing algorithm to an arbitrary amount of data the message. The two most commonly used hashing algorithms are MD5 and SHA­1 (part of the secure hash standard [SHS]). The two most commonly used hashing algorithms are MD5 and SHA­1 (part of the secure hash standard [SHS]).

63 Using One Way Hash

64 Secure Hash Functions Hash function must have following properties: Hash function must have following properties: Can be applied to any size data block Can be applied to any size data block Produce fixed length output Produce fixed length output Easy to compute Easy to compute Not feasible to reverse Not feasible to reverse Not feasible to find two message that give the same hash Not feasible to find two message that give the same hash

65 SHA-1 Secure Hash Algorithm 1 Secure Hash Algorithm 1 Input message less than 2 64 bits Input message less than 2 64 bits Processed in 512 bit blocks Processed in 512 bit blocks Output 160 bit digest Output 160 bit digest

66 Message Digest Generation Using SHA-1

67 Key Management Key Management

68 ISAKMP The Internet Security Association and Key Manage­ment Protocol (ISAKMP) is defined primarily as a very comprehensive framework for key management offering maximum flexibility The Internet Security Association and Key Manage­ment Protocol (ISAKMP) is defined primarily as a very comprehensive framework for key management offering maximum flexibility OAKLEY is defined based on the Diffie–Hellman key-exchange algorithm. OAKLEY is defined based on the Diffie–Hellman key-exchange algorithm. IKE, on the other hand, is defined primarily to be the key management for the IPSec Architecture and makes use of parts of the ISAKMP and OAKLEY definitions. IKE, on the other hand, is defined primarily to be the key management for the IPSec Architecture and makes use of parts of the ISAKMP and OAKLEY definitions.

69 ISAKMP ISAKMP defines procedures and packet formats to establish, negotiate, modify, and delete SAs. ISAKMP defines procedures and packet formats to establish, negotiate, modify, and delete SAs. ISAKMP only describes the procedures, i.e., how something is done. ISAKMP only describes the procedures, i.e., how something is done. ISAKMP is independent of the security protocols, cryptographic algorithms, and key-generation and key-exchange techniques that are actually used. ISAKMP is independent of the security protocols, cryptographic algorithms, and key-generation and key-exchange techniques that are actually used.

70 ISAKMP phases ISAKMP offers two phases of negotiation. ISAKMP offers two phases of negotiation. In the first phase, the two entities agree on how to protect further negotiation traffic between themselves, establishing an ISAKMP SA. In the first phase, the two entities agree on how to protect further negotiation traffic between themselves, establishing an ISAKMP SA. The second phase of negotiation is used to establish security associations for other security protocols. The security associations established by ISAKMP during this phase can be used by a security protocol to protect many message or data exchanges. The second phase of negotiation is used to establish security associations for other security protocols. The security associations established by ISAKMP during this phase can be used by a security protocol to protect many message or data exchanges.

71 ISAKMP and TCP/IP

72 OAKLEY The OAKLEY protocol allows two authenticated entities to exchange and establish secret keying material. The OAKLEY protocol allows two authenticated entities to exchange and establish secret keying material. It is designed to be a compatible component of ISAKMP. It is designed to be a compatible component of ISAKMP. The two communicating entities negotiate methods for encryption, key derivation, and authentication. The two communicating entities negotiate methods for encryption, key derivation, and authentication. The basic mechanism of OAKLEY is the Diffie– Hellman key-exchange algorithm, which estab­ lishes a shared key without transmitting this key. The basic mechanism of OAKLEY is the Diffie– Hellman key-exchange algorithm, which estab­ lishes a shared key without transmitting this key.

73 OAKLEY Key Exchange An OAKLEY key exchange is made up of a sequence of message exchanges. An OAKLEY key exchange is made up of a sequence of message exchanges. The goal of key-exchange processing is the secure establishment of a common keying information state in the two communicating entities. The goal of key-exchange processing is the secure establishment of a common keying information state in the two communicating entities. This state information consists of a key name, secret keying material, the identities of the two parties, and three algorithms for use during authentication: This state information consists of a key name, secret keying material, the identities of the two parties, and three algorithms for use during authentication: encryption encryption hashing, and hashing, and authentication authentication

74 IKE IKE is the protocol that performs mutual authentication and establishes SAs between two parties for IPSec. IKE is the protocol that performs mutual authentication and establishes SAs between two parties for IPSec. IKE uses parts of ISAKMP, OAKLEY, and SKEME to provide management of keys and security associations. IKE uses parts of ISAKMP, OAKLEY, and SKEME to provide management of keys and security associations.

75 Key ISAKMP, OAKLEY, AND SKEME concept in IKE

76 Digital Certificates Digital Signatures: (Data Origin Authentication, Data Integrity, and Non- repudiation) Digital Signature

77 Digital Signature with Hash Function

78 Pretty good privacy (PGP) PGP Encryption (Pretty Good Privacy) is a computer program that provides cryptographic privacy and authentication. PGP Encryption (Pretty Good Privacy) is a computer program that provides cryptographic privacy and authentication. Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys - a public key and a private key Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys - a public key and a private key It was originally created by Philip Zimmermann in It was originally created by Philip Zimmermann in 1991.

79 Pretty Good Privacy PGP encryption

80 Pretty Good Privacy PGP decryption

81 Applications of Cryptosystems Automatic Teller Machines Automatic Teller Machines Phone Cards Phone Cards Cellular Phone Networks Cellular Phone Networks Remote System Access Remote System Access Credit Cards Credit Cards Electronic Cash Electronic Cash Medical Records Medical Records


Download ppt "Cryptography (One Day Cryptography Tutorial) By Dr. Mohsen M. Tantawy."

Similar presentations


Ads by Google