Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security and Trust Week 2: Encryption Basics

Published byCassandra Jennings Modified over 7 years ago

Similar presentations

Presentation on theme: "Information Security and Trust Week 2: Encryption Basics"— Presentation transcript:

1 Information Security and Trust Week 2: Encryption Basics

2 Confidentiality How to protect message from eavesdropping and wiretapping? Mallory Our company’s profit and loss statement is… Bob Alice plaintext

3 Cryptography Use a language that only Alice and Bob can understand
Mallory Nz dsfejr dbse ovncds jt… ciphertext Bob Alice

4 Concepts Cryptography – hidden writing Encryption – encode or encipher
Decryption – decode or decipher Cryptosystem – a system for encryption and decryption Cryptographer – anyone who invents encryption algorithms Cryptanalyst – anyone who attempts to break encryption algorithms Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis

5 Cryptosystem Algorithms with a parameter – key K Why use key?
What is Kerckhoff’s principle? Plaintext Encryption Algorithm E Ciphertext Decryption Algorithm D Plaintext P C P Kerckhoffs Principle

6 Encryption Encryption is the process of feeding plaintext and key into a function and getting ciphertext output Ciphertext is “garbage” unless decrypted Plaintext Encryption Function

7 Decryption Decryption is the process of feeding ciphertext and a key into another function and getting original plaintext output Decryption Function Plaintext

8 Symmetric Cryptosystem
C=E(K,P) P=D(K,C) Plaintext Encryption Algorithm E Ciphertext Decryption Algorithm D Plaintext P C P Secret channel K K

9 Cryptanalysis (Attacks)
Cryptanalyst (Mallory) Knows E and D Given ciphertext, find plaintext What else Mallory knows? Ciphertext only Mallory knows ciphertext only Known plaintext Mallory happens to know some plaintext-ciphertext pairs Chosen plaintext Mallory knows some plaintext-ciphertext pairs for selected plaintext Chosen ciphertext Mallory knows some plaintext-ciphertext pairs for selected ciphertext

10 Classical Ciphers Caesar cipher Vigenére cipher Zimmerman cipher
Vernam cipher

11 Caesar Cipher Shifting alphabet How many possible keys?

12 Demo and Discussion Demo with CrypTool Observation:
The break between two words is preserved Repeated letters are mapped to repeated letters Decrypt the following Caesar cipher Wklv phvvdjh lv qrw wrr kdug wr euhdn Hints: Observe the following patterns Wrr, wr Wklv, lv

13 “Unbreakable” cipher: Vigenére Tableau
Same letters are not mapped to the same letters Encrypt Keyword: hothot (repeat: row) Plaintext: attack (column) ciphertext: hhmhqd Decrypt Keyword: hothot (repeat: column) Ciphertext: hhmhqd (from that column find c letter) Plaintext: attack (the index of row)

14

15 Demo and Discussion Demo with CrypTool
How “unbreakable” is Vigenére cipher?

16 Codebook/Zimmermann Cipher
A codebook cipher is literally a dictionary-like book containing words and their corresponding codewords. Zimmerman Telegram Februar fest finanzielle folgender Frieden Friedenschluss What is the key? Compare it with Vigenére cipher

17 Zimmerman Telegram Decrypted

18 Perfect Cipher

19 Vernam Cipher The only unbreakable stream cipher
K: a long, non-repeating sequence of random numbers Perfectly secure: unbreakable even with infinite amount of computational power 1 0 =1; =1 0 0 =0; =0 Exclusive OR Plaintext Ciphertext P C K Secret channel

20 Vernam Cipher An example of Vernam Cipher Alice: Bob: 1 0 =1; 0 1=1
1 0 =1; =1 0 0 =0; =0 P: … K: … C: … C: … K: … P: …

21 Demo and Discussion Demo with CrypTool
Why is Vernam cipher perfectly secure? Being perfect means…

22 Modern Ciphers Substitution and transposition Combinations Evaluation

23 Permutation Substitution: Confusion
Obscure the relationship between plaintext and ciphertext First remove spaces A legitimate receiver can breakmostmessagesintowordsfairlyeasily Then break messages arbitrarily into blocks of a uniform size (e.g., every five letters) Map each plaintext letter to a unique ciphertext letter How many keys?

24 Caveat All permutation substitution ciphers are subject to
known plaintext attack ciphertext only attack Not to mention chosen plaintext and chosen ciphertext attacks

25 Frequency Attack source:

26 Transposition: Diffusion
Spread out the message by re-arranging letters

27 Product Cipher Combinations of confusion and diffusion operations in many rounds DES (56 bits) 16 rounds Strong ciphers: AES (128, 192, 256), RSA (2048, 4096)

28 Evaluation Shannon’s characteristics of good ciphers
Amount of secrecy determines amount of labor Set of keys and enciphering algorithm are simple Implementation is simple Errors do not propagate Size of ciphertext is no larger than original message

29 It takes your computer at least 1000 years to break my cipher!!
How Secure is Secure It takes your computer at least 1000 years to break my cipher!! Computational security No matter how powerful your computer is, you don’t have enough information to defeat the system !! Unconditional security

30 Hands-On Exercise

31 Preparation Windows: download LabPrep.doc to install
OpenSSL (Win32openSSL-0_9_8d.exe) HHD HexEditor ( JCE (jdk-1_5_0_08-windows-i586-p.exe) Mac has already these tools pre-installed

32 Introduction to OpenSSL
OpenSSL is an open source cryptography toolkit that provides various cryptographic algorithms to ensure secure communication. Symmetric key (secret key) encryption Asymmetric key (public key) encryption Message Digests and digital signatures Certificates

33 Example 1: Keys Generation
RSA key Command to generate a RSA key for encryption and signing openssl genrsa -des3 -out privkey.pem 2048 genrsa – Generates RSA Key des3 – Password protect the key using triple DESencryption out <filename>– Save the key in a file. In this example, its privkey.pem <key size> -Size of the key generated. In this example, its 2048 bits

34 Example 2: Certificate Request
A certificate request is sent to a certificate authority to get it signed into a certificate. Command to create a certificate request openssl req -new -key privkey.pem -out cert.csr req - Generate certifcate request. new –New certificate request. key <file name> - Specifies the file to read the private key from. In this example, its privkey.pem out <file name> - Save the request in a file. In this example, its cert.csr

35 Example 3: Encryption Encrypt a file using a prompted password
Command to encrypt a file using TripleDES algorithm openssl des3 -salt -in file.txt -out file.des3 des3 – Encrypt using the TripleDES algorithm salt - Use a salt in the key derivation routines in <file name> - Input file with the clear message out <file name> - Output fule with the encrypted message Users will be prompted to enter a password to complete the encryption

36 Example 4: Decryption Decrypt a file with a prompted password
Command to decrypt a file using TripleDES algorithm openssl des3 -d -salt -in file.des3 -out file.txt des3 – Use the TripleDES algorithm d – decrypt the file salt - Use a salt in the key derivation routines in <file name> - Input file with the encrypted message out <file name> - Output file with the decrypted message Users will be prompted to enter a password to complete the decryption

37 Test OpenSSL Download LabTest.doc Follow instructions in section 2.1

38 Introduction to JCA and JCE
Java Cryptography Architecture (JCA) is part of Java 2 run-time environment.  java.security.* JCE (Java Cryptography Extension) is an extension to JCA and is integrated into Java 2 SDK since the 1.4 release. JCE adds encryption and decryption APIs to JCA.  javax.crypto.*

39 JCE Core Classes Cipher Class KeyGenerator Class
Provide the functionality of encryption and decryption KeyGenerator Class Generate secret keys for encryption and decryption The SealedObject Class Create an object and protect its confidentiality The Mac Class Provide integrity protection with Message Authentication Code (MAC). Reference:

40 Class: java.crypto.KeyGenerator
Methods: getInstance(String algorithm) Creates an instance of KeyGenerator for a specific algorithm such as “AES”,“DES”,”HMACSHA1” generateKey() Generate a key for the algorithm specified in the KeyGenerator instance

41 Example: Key Generation
The following example generate a SecretKey object using AES. //Create an instance of KeyGenerator with algorithm AES KeyGenerator kg = KeyGenerator.getInstance(“AES"); //Generate the secret key SecretKey mykey = kg.generateKey();

42 Secure Key Storage Keys need to be stored on secondary storage so that programs can access them conveniently and securely for subsequent use. JCA provides an extensible architecture to manage keys through KeyStore. A KeyStore object maintains an in-memory table of key and certificate entries, indexed by alias strings, allowing retrieval, insertion and deletion of entries. Keystore files are usually password protected.

43 Class: java.security.KeyStore
Methods: getInstance (String type) Create an instance of KeyStore of the specified type. load(InputStream stream, char[] password)) Open keystore with password and load keys from keystore file to memory getKey(String alias, char[] password) Access the keystore with password and get the key based on a given key alias setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) Set a new key entry in the keystore store(OutputStream stream, char[] password) Store this keystore to the given output stream, and protect its integrity with the given password.

44 Example:Create a null KeyStore object
The following sample creates null KeyStore object with password protection. //Create an instance of KeyStore of type “JCEKS”. //JCEKS refers the KeyStore implementation from SunJCE provider ks = KeyStore.getInstance("JCEKS"); //Load the null Keystore and set the password to “changeme” ks.load(null, "changeme".toCharArray());

45 Example:Set Key Entry The following sample sets the generated key “mykey” in the KeyStore. //Create an instance of KeyStore.SecretKeyEntry using “mykey” KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mykey); //Get key alias name from user input. String alias=args[0]; //Create KeyStore Password KeyStore.PasswordProtection password; password = new KeyStore.PasswordProtection("changeme".toCharArray()); //Set the key entry in the key store with an alias. ks.setEntry(alias, skEntry, password);

46 Example:Store KeyStore object in file
The following sample writes the KeyStore object into a file for storage. //Create a new file to store the KeyStore object java.io.FileOutputStream fos = new java.io.FileOutputStream("keystorefile.jce"); //Write the KeyStore into the file ks.store(fos, "changeme".toCharArray()); //Close the file stream fos.close();

47 Example:Retrieving Keys from KeyStore
The following sample retrieves keys from a KeyStore file. //Open the KeyStore file FileInputStream fis = new FileInputStream("keystorefile.jce"); //Create an instance of KeyStore of type “JCEKS” ks = KeyStore.getInstance("JCEKS"); //Load the key entries from the file into the KeyStore object. ks.load(fis, "changeme".toCharArray()); fis.close(); //Get the key with the given alias. String alias=args[0]; Key k = ks.getKey(alias, "changeme".toCharArray());

48 Test for JCE Follow the instructions in section 2.2 in LabTest.doc

49 Review Questions Which of the following is subject to frequency attack? Caesar cipher 2. Vigenére Vernam A perfect cipher is? Combination of confusion and diffusion Combination of substitution and transposition Unconditionally secure Given Vigenére cipher “chedey” of plaintext “attack”, what is the key? Cola Cold Cool

Download ppt "Information Security and Trust Week 2: Encryption Basics"

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Making “Good” Encryption Algorithms

Making “Good” Encryption Algorithms
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Network Management and Security

Network Management and Security
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 1 Overview.

Lecture 1 Overview.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
IS 302: Information Security and Trust Week 2: Encryption Basics 2012.

IS 302: Information Security and Trust Week 2: Encryption Basics 2012.
IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.

IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.
Chapter 2 – Classical Encryption Techniques

Chapter 2 – Classical Encryption Techniques
Cryptography Week-6.

Cryptography Week-6.
Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.
Lecture 2 Overview.

Lecture 2 Overview.
Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.

Security in Computing Cryptography (Introduction) Derived from Greek words: ‘Kruptos’ (hidden) and ‘graphein’ (writing.
Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.

Chapter 2 – Elementary Cryptography  Concepts of encryption  Cryptanalysis  Symmetric (secret key) Encryption (DES & AES)(DES & AES)  Asymmetric (public.

Similar presentations

Ads by Google