Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chap 2: Elementary Cryptography.  Concepts of encryption  Cryptanalysis: how encryption systems are “broken”  Symmetric (secret key) encryption and.

Published byGordon Martin Modified over 9 years ago

Similar presentations

Presentation on theme: "Chap 2: Elementary Cryptography.  Concepts of encryption  Cryptanalysis: how encryption systems are “broken”  Symmetric (secret key) encryption and."— Presentation transcript:

1 Chap 2: Elementary Cryptography

2  Concepts of encryption  Cryptanalysis: how encryption systems are “broken”  Symmetric (secret key) encryption and the DES and AES algorithms  Asymmetric (public key) encryption and the RSA algorithm  Key exchange protocols and certificates  Digital signatures  Cryptographic hash functions SE571 Security in Computing Dr. Ogara 2

3  Cryptography - practice and study of hiding information/using encryption to conceal text  Cryptoanalysis - to find some weakness or insecurity in a cryptographic scheme  Cryptology - research into and study of encryption and decryption; it includes both cryptography and cryptanalysis SE571 Security in Computing Dr. Ogara 3

4  Decryption – the method of turning cipher text back into plaintext  Encryption algorithm – set of rules or procedures that dictates how to encrypt and decrypt data, also called an encryption cipher  Encryption – method of transforming data (plaintext) into an unreadable format  Plaintext – the format(usually readable) of data before encrypted SE571 Security in Computing Dr. Ogara 4

5  Ciphertext – the scrambled format of data after being encrypted  Key – a value used in the encryption process to encrypt and decrypt/ also called cryptovariable SE571 Security in Computing Dr. Ogara 5

6 6

7 7  Uses one key for both encryption and decryption  Receiver and sender share same key (private key) to lock and unlock  Also called private key encryption  Must securely distribute keys to other parties

8 SE571 Security in Computing Dr. Ogara 8  Anyone with key can either encrypt or decrypt (similar to password)  Very fast to encrypt or decrypt  Provides authentication as long as key remains secret  Problem How do A and B obtain their shared secret key? Key distribution is e.g. n users communicating in pairs need n*(n-1)/2 keys

9 SE571 Security in Computing Dr. Ogara 9  Receiver and sender have two keys – public and private  Public key can be sent in an e-mail message or posted in a public directory  Public key used to encrypt and private key to decrypt or vise-versa  Requires a lot of resources

10 SE571 Security in Computing Dr. Ogara 10 Secret Key (Symmetric) Public Key (Asymmetric) No. of keys12 Protection of keys Must be kept secretOne key must be kept secret; the other can be freely exposed Best usesCryptographic workhorse; secrecy and integrity of data—single characters to blocks of data, messages, files Key exchange, authentication Key distribution Must be out-of-bandPublic key can be used to distribute other keys SpeedFastSlow

11 SE571 Security in Computing Dr. Ogara 11

12  break a single message  recognize patterns in encrypted messages, to be able to break subsequent ones by applying a straightforward decryption algorithm  infer some meaning without even breaking the encryption, such as noticing an unusual frequency of communication or determining something by whether the communication was short or long SE571 Security in Computing Dr. Ogara 12

13  deduce the key, to break subsequent messages easily  find weaknesses in the implementation or environment of use of encryption  find general weaknesses in an encryption algorithm, without necessarily having intercepted any messages SE571 Security in Computing Dr. Ogara 13

14  Confusion (substitution) One letter is exchanged for another Basis of many cryptographic algorithms used for diplomatic communication through the first half of the twentieth century Basis for some widely used commercial-grade encryption algorithms Examples:  Ceasar cipher  One-Time Pad  The Vernam cipher SE571 Security in Computing Dr. Ogara 14

15  Diffusion (Transposition) Order of the letters is rearranged Basis for some widely used commercial-grade encryption algorithms Goal - widely spread the information from the message or the key across the ciphertext (diffusion) Also known as permutation (rearrangement of symbols of a message) SE571 Security in Computing Dr. Ogara 15

16  Romans used a shift cipher called Ceasar cipher  Shift ciphers simply shift characters in an alphabet  Advantages Easy to memorize and implement  Disadvantage Pattern is obvious SE571 Security in Computing Dr. Ogara 16

17  Large, non-repeating set of keys is written on sheets of paper, glued together into a pad  Requires a prearranged chart called Vigenere table (contains 26 letters in each column in some scrambled order)  Receiver needs a pad similar to the sender SE571 Security in Computing Dr. Ogara 17

18  Example: Message has 300 characters in length Keys are 20 characters long Sender needs 15 pages of keys Sender writes keys one at a time above the letters of plain text Sender encipher plain text with Vigenere chart Receiver uses appropriate number of keys to decipher message SE571 Security in Computing Dr. Ogara 18

19  Problems Requires absolute synchronization between sender and receiver Difficult to store and account for the keys SE571 Security in Computing Dr. Ogara 19

20  Developed by Gilbert Vernam for AT&T  Is immune to most cryptanalytic attacks  Uses long non-repeating sequence of numbers that are combined with the plaintext  Used long punched paper tape that fed into a teletype machine  Tape contained random numbers that were combined with characters typed into the teletype  sequence of random numbers had no repeats, and each tape was used only once SE571 Security in Computing Dr. Ogara 20

21 SE571 Security in Computing Dr. Ogara 21

22 SE571 Security in Computing Dr. Ogara 22  Plain text - VERNAM CIPHER  Ciphertext - tahrsp itxmab

23  Plaintext characters are rearranged into columns  Example: Plain text - THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS Ciphertext - tssoh oaniw haaso lrsto imghw utpir seeoa mrook istwc nasns SE571 Security in Computing Dr. Ogara 23

24 SE571 Security in Computing Dr. Ogara 24

25  The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption  The set of keys and the enciphering algorithm should be free from complexity SE571 Security in Computing Dr. Ogara 25

26  The implementation of the process should be as simple as possible  Errors in ciphering should not propagate and cause corruption of further information in the message  The size of the enciphered text should be no larger than the text of the original message SE571 Security in Computing Dr. Ogara 26

27  It is based on sound mathematics  It has been analyzed by competent experts and found to be sound  It has stood the test of time SE571 Security in Computing Dr. Ogara 27

28  Stream ciphers - encrypt one bit or character or symbol of plaintext into bit or symbol of Ciphertext at a time e.g. diffusion  Block ciphers encrypt a group of plaintext symbols as one block e.g. columnar transposition  Block ciphers can effectively act as a stream cipher SE571 Security in Computing Dr. Ogara 28

29 SE571 Security in Computing Dr. Ogara 29 Stream ciphers Block ciphers

30 SE571 Security in Computing Dr. Ogara 30  Speed of transformation - the time to encrypt a symbol depends only on the encryption algorithm itself, not on the time it takes to receive more plaintext  Low error propagation - error in the encryption process affects only a character

31 SE571 Security in Computing Dr. Ogara 31  Low diffusion - Each symbol is separately enciphered. Therefore, all the information of that symbol is contained in one symbol of the ciphertext.  Susceptibility to malicious insertions and modifications - Because each symbol is separately enciphered, an active interceptor who has broken the code can splice together pieces of previous messages and transmit a spurious new message that may look authentic.

32 SE571 Security in Computing Dr. Ogara 32  High diffusion - Information from the plaintext is diffused into several ciphertext symbols. One ciphertext block may depend on several plaintext letters  Immunity to insertion of symbols - Because blocks of symbols are enciphered, it is impossible to insert a single symbol into one block. The length of the block would then be incorrect, and the decipherment would quickly reveal the insertion

33 SE571 Security in Computing Dr. Ogara 33  Slowness of encryption - The person or machine using a block cipher must wait until an entire block of plaintext symbols has been received before starting the encryption process  Error propagation - An error will affect the transformation of all other characters in the same block

34  DES – Data Encryption Standards  AES – Advanced Encryption Standards  RSA – Rives-Shamir-Adelman Encryption SE571 Security in Computing Dr. Ogara 34

35  Developed by U.S government for general public (adopted in 1976)  Based on data encryption algorithm developed by IBM  Combines two fundamental building blocks of encryption – substitution and transposition  Uses only standard arithmetic and logical operations on numbers up to 64 bits long SE571 Security in Computing Dr. Ogara 35

36  Lack of trust with DES 56-bit key length  Development of double encryption for greater secrecy  Two keys perform two encryptions thus making it hard to unlock [C=E(k 2, E(k 1,m))]  Unfortunately the assumption is false  Three keys adds significant strength [C = E(k 3, E(k 2, E(k 1,m)))] SE571 Security in Computing Dr. Ogara 36

37  1997 researchers using over 3,500 machines in parallel were able to infer a DES key in four months’ work  1998 for approximately $100,000, researchers built a special “DES cracker” machine that could find a DES key in approximately four days  Hence need for better and stronger algorithm SE571 Security in Computing Dr. Ogara 37

38  Algorithm is called Rijndael – named after the two creators (Vincent Rijmen and Joan Daemen)  Adopted in 2001  Uses substitution; transposition; and the shift, exclusive OR, and addition operations  Keys based on 128, 192 and 256 bits SE571 Security in Computing Dr. Ogara 38

39  Does it have flaws?  How long will it remain sound?  Cryptanalysts have not found any flaws yet SE571 Security in Computing Dr. Ogara 39

40  Public key system introduced in 1978  Named after three inventors  Uses two keys for encryption and dceryption SE571 Security in Computing Dr. Ogara 40

41  Hash functions  Key exchange  Digital signatures  Certificates SE571 Security in Computing Dr. Ogara 41

42  Important for integrity  Put a shield or seal around a file by computing a cryptographic function called hash or checksum or message digest of a file  Examples: MD4, MD5 (Message Digest) – produce 128 bit SHA/SHS (Secure Algorithm or Standards) – produce 160-bit digest SE571 Security in Computing Dr. Ogara 42

43  Example: Web browser connecting to shopping website  Encrypted session must be established  S = sender of protected information  R = receiver of protected information  Establish assurance that information came from S  Public key cryptography can help here SE571 Security in Computing Dr. Ogara 43

44  Use lockboxes and keys  S puts protected information into lockbox that can be opened by S public key  S puts lockbox into another one that can be opened by ONLY by R’s private key  R uses private key to open outer box and S public key to open inner box (proof it came from S) SE571 Security in Computing Dr. Ogara 44

45  Does not require preshared public keys  S and R uses simple arithmetic to exchange a secret  They agree on field number n and starting number g  Each thinks of a secret number, say, s and r.  S sends to R g s and R sends to S g r.  Then S computes (g r ) s and R computes (g s ) r, which are the same, so g rs = g sr becomes their shared secret. SE571 Security in Computing Dr. Ogara 45

46  Provide reliable means to ensure the origin of data  Cryptographic hash codes are used to support digital signatures  Cryptographic hash codes offer a fast, fairly reliable way of determining whether a piece of data has been modified between sender and receiver SE571 Security in Computing Dr. Ogara 46

47  It must be unforgeable  It must be authentic  It is not alterable  It is not reusable SE571 Security in Computing Dr. Ogara 47

48  Ideally suited to digital signatures  If S wishes to send M to R, S uses the authenticity transformation to produce D(M, K S ). S then sends D(M, K S ) to R. R decodes the message with the public key transformation of S SE571 Security in Computing Dr. Ogara 48

49  Binds a public key and users’ identity  Signed by Certificate of Authority (CA)  Example – Two people  Edward posts his public key in public but retains private key  Diana creates public key and includes it into message with her identity  Edward signs (affirms Diana’s public key and identity) by creating has value and then encrypting message and hash value with private key SE571 Security in Computing Dr. Ogara 49

Download ppt "Chap 2: Elementary Cryptography.  Concepts of encryption  Cryptanalysis: how encryption systems are “broken”  Symmetric (secret key) encryption and."

Similar presentations

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.

Classical Encryption Techniques Week 6-wend. One-Time Pad if a truly random key as long as the message is used, the cipher will be secure called a One-Time.
Making “Good” Encryption Algorithms

Making “Good” Encryption Algorithms
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.

1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Chapter 2 Basic Encryption and Decryption (part B)

Chapter 2 Basic Encryption and Decryption (part B)
Lecture 1 Overview.

Lecture 1 Overview.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.

IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Similar presentations

Ads by Google