Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography 101 EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography, Network Associates’

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography 101 EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography, Network Associates’"— Presentation transcript:

1 Cryptography 101 EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography, Network Associates’ An Introduction to Cryptography, course textbooks

2 2 What is cryptography Cryptography: transforming (enciphering) plaintext into a form where the original info is present but hidden  Plaintext: data that can be read w/o any special tool  Ciphertext: result of encryption; unreadable data Given a plaintext, many transformations are possible; to expose the info one may have to try all (on average, half) of possible transformations

3 3 An elementary school approach On a sheet of paper, write the alphabets in order in one column; write the same alphabets randomly (but uniquely) in the second column AW BJ CR… To encipher a plaintext, substitute each letter with the associated letter from the second column

4 4 An elementary school example Suppose we have the following substitution ABCDEFGHIJKLMNOPQRSTUVWXYZ QAZWSXEDCRFVTGBYHNUJMIKOLP Plaintext message: MEET ME AT SIX Enciphered message: TSSJ TS QJ UCO The Caesar cipher E n (x) = (x + n) mod 26 D n (x) = (x - n) mod 26 For Caesar cipher: n = 3

5 5 A middle school approach Singe (simple) substitution: the key is one particular permutation (arrangement) of the alphabet; once the sheet revealed, it is no longer good But one can create a notebook of different permutations for the second column, each on a page; the key will be the page number If the notebook is exposed, one must try all (or at least half) transformations

6 6 Weak vs. strong transformation Simple substitution is weak: the more often a particular letter is used, the more often the ciphertext letter appears  Languages use some letters (or letter combinations) more than others, and thus possible to guess One solution: increase the size of the cipher alphabet  Instead of single letters, use pairs of letters  For example, replace A with WK  At least 26 × 26 = 676 transformations

7 7 Weak vs. strong transformation [2] How about expanding: instead of a pair of letters, select triplets, quadruples, … Soon a computer will be needed to do the operations A conventional (block) cipher: A much larger alphabet A 64-bit (eight character) block cipher: instead of using 26 letters, views each 2^64 values as a separate letter  18,000,000,000,000,000 “letters”!

8 8 Keyspace for an 8-bit key A notebook with 256 pages: 256 different keys Decimal 256 = Binary 100000000 = 2^8 = 8 bit Thus an “8 bit” keyspace gives 256 unique key values If we choose one of the keys, one would have to try 256 (or probably only 128) keys to break Thus a low design strength

9 9 Keyspace for longer than 8-bit keys A 65,536 page notebook offers a “16 bit” keyspace That is 256 times that of an “8 bit” while the key has 8 bits more A “56 bit” keyspace: 7 × 10^16 different keys  Broken via brute force in 56 hours! A “128 bit” (16 characters): 3.40282367 × 10 38  Strong enough

10 10 What cryptography can and cannot do It can hide to facilitate confidentiality and authentication It cannot hide contraband, a luxury lifestyle with no visible means of support, informants, or undercover spying Keys can be lost, forgotten, stolen, or revealed for payment or under duress

11 11 Encryption/decryption process Encryption: the process of disguising plaintext Decryption: the process of reverting ciphertext to its original plaintext

12 12 Other related terms Cryptanalysis: the science of analyzing and breaking secure communications  Analytical reasoning/math  Pattern matching  Patience, determination, good luck Cryptography: the science of information security Cryptology: cryptography + cryptanalysis

13 13 Strong vs. weak cryptography Strength is measured in the time and resources required to recover a plaintext Strong cryptography: very difficult to decipher  A billion computers doing a billion checks a second, it is not possible to decipher the result of strong cryptography in a billion year

14 14 How does it work A mathematical function Strength: (1) algorithm, (2) secrecy of the key

15 15 Conventional cryptography AKA symmetric key One key is used for encryption/decryption Example: the Data Encryption Std (DES) used by the fed government

16 16 Conventional cryptography approaches Substitution: changes (substitutes) characters in plaintext to produce ciphertext  Example: Caesar cipher where the letters are offset by 3 (or in general n) positions  SECRET  VHFUHW Transposition: rearranges the characters in the plaintext to produce ciphertext  Example: the “rail fence” cipher where plaintext is written in two rows preceding down, then across  SECRET  SCE  SCEERT ERT

17 17 A longer example of transposition encipher The number of rows is explicitly defined; pad with dummy characters to fill An example of 3-row fence MTSPNRIE EAIMDBDX ETXUERGY Read off/send : MTSPNRIEEAIMDBDXETXUERGY May send in 4-char groups to avoid errors (also for better management and to confuse intruders) MTSP NRIE EAIM DBDX ETXU ERGY

18 18 A longer example of transposition encipher [2] To decipher MTSP NRIE EAIM DBDX ETXU ERGY 1. Run the letters into a long string MTSPNRIEEAIMDBDXETXUERGY 2. Since there are 3 rails, divide into 3 groups of 8 MTSPNRIE EAIMDBDX ETXUERGY 3. Write the first letter of group 1, group 2, and group 3 followed by the second letter of group 1, etc. MEETATSIXPMUNDERBRIDGEXY

19 19 Benefits of conventional encryption Very fast Useful for encrypting local data that is not going anywhere Expensive for data transmission  How to distribute the key

20 20 Public key encryption Addresses key distribution Asymmetric scheme Uses a pair of keys  Public key: used to encrypt data  Private key: used to decrypt data  Public key is public and publically advertised  Private key is kept secret  Computationally infeasible to deduce the private key from the public key An example: PGP

21 21 Public key encryption illustrated

22 22 Benefits of the public key approach No need for sender and receiver to share a key All communications involve public keys; private keys are never transmitted Examples of public key cryptosystems  Elgamal (named for its inventor, Taher Elgamal)  RSA (named for its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman)  Diffie-Hellman (named for its inventors), and  DSA, the Digital Signature Algorithm (invented by David Kravitz)

23 23 How PGP works Combines the best features of conventional and public cryptography 1. PGP compresses the plaintext: saves modem transmission and disk space and strengthens security (complicates patterns) 2. PGP creates a session key: a one-time-only secret key (generated from the random movement of the mouse/keyboard strokes) 3. The plaintext is encrypted via a fast algorithm and the session key

24 24 How PGP works [2] 4. The session key is encrypted using the recipient's public key and transmitted

25 25 How PGP works [3] 4. Decryption works in reverse: the session key is recovered (by the recipient's private key) and is used to decrypt the ciphertext

26 26 The benefits of the PGP A combination of two methods  Convenience of the public key: no key-distribution concerns  Speed of conventional encryption: about 1,000 faster than the public key encryption

27 27 The key issues A value that works with encryption algorithms to produce a ciphertext Big, big numbers: measures in bits: 1,024 bits The bigger the key, the more secure ciphertext Public key size and conventional cryptography secret key sizes are unrelated  A conventional 80-bit key has the same strengths of a 1,024-bit public key  The bigger the key, the more secure but the algorithms used for each is different (a comparison is like comparing apple and oranges)

28 28 The key issues [2] Public and private keys are mathematically related but difficult to derive a private key from its public key Pick large keys to be secure; small enough to be applied quickly Large keys are good for a longer periods of time Keys are stored in encrypted form; PGP stores on the hard-drive as keyrings  one for public and one for private uses  If the private key is lost, one will be unable to recover decrypted data

29 29 Digital signatures A benefit of public key Enable the recipient to verify the authenticity of the information’s origin, and also verify that the information is intact  Provides for authentication and data integrity Also provides non-repudiation: prevents the sender from claiming that he/she did not send the information

30 30 Digital signatures [2] Authentication  Similar to a handwritten signature but superior in that it is nearly impossible to counterfeit  You may not care if anyone learns that you just deposited $500 in an account, but you do want to be sure it was the bank teller you were communicating with Integrity  To verify and ensure that the information was not altered

31 31 How digital signature works

32 32 How digital signature works [2] Problem with the above approach? SLOW Data size to communicate too large (at least double the original) Alternative to expedite?  Use hash functions  “A hash function is any well-defined procedure or mathematical function that converts a large, possibly variable-sized amount of data into a small datum, usually a single integer” Create a message digest to sign the message

33 33 Message digests Objective: to verify that the message received is the same as the message sent How: hash function (checksum function) -- h: A  B -- A: a message of any length (millions of bits) -- B: A fixed length output, e.g., 160 bit -- h: ensures that if A is changed in anyway (even one bit), an entirely different output is produced PGP calls B a message digest (used for creating signatures); one cannot alter the signature or attach to another document

34 34 Hash function (h: A  B) properties Easy to compute For any y in B, infeasible to find x in A such that h(x) = y For any x, x’ in A, x ≠ x’, infeasible to have h(x) = h(x’) Given any x in A, infeasible to find x’ in A and x ≠ x’ and h(x’) = h(x)

35 35 Side note: pigeonhole principle If there are n containers and n+1 objects, at least one container will have to hold two objects So what? If a hash function produces 3-bit hashes and we have a set of 5-bit messages, it implies:  a^3 = 8 hashes  2^5 = 32 messages  Thus large hash sizes are better

36 36 How a hash function is used

37 37 Digital envelopes Creating a digital envelop (an encrypted message; no digital signature attached)

38 38 Digital envelopes [2] Opening a digital envelop

39 39 Diffie-Hellam public key agreement A relatively fast public key agreement Relies on two functions, p (prime) and g (generator), and two random numbers x and y Everything exchanged in clear text Six step process Works like magic!

40 40 Diffie-Hellam public key agreement [2] Party X and Party Y agree on Diffie-Hellman p and g; exchange these in clear Party X generates random number x Party Y generates random number y Party X computes x’ = g^x mod p Party Y computes y’ = g^y mod p The two parties exchange x’ and y’ in clear Party X computes k x = y’^x mod p Party Y computes k y = x’^y mod p k x = y’^x mod p = g^(xy) mod p = x’^y mod p = k y Subsequent encryption with k x or k y

41 41 Diffie-Hellam public key agreement [3]

42 42 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you can only encrypt/decrypt to those key handed to you A solution: digital certificates (or certs) A form of credentials (like a physical passport) Included with a person’s public key to verify that a key is valid

43 43 Components of a digital certificate A digital certificate  A public key  Certificate info (identifying information such as name, ID)  One (or more) digital signatures  A stamp of approval from a trusted entity Certificates are used when it is necessary to exchange public keys with someone (when you cannot manually exchange via a diskette or USB drive)

44 44 Components of a digital certificate [2]

45 45 Digital certificate distribution Digital servers: a networked database that allows users to submit and receive digital certs  Example: PGP Keyserver Public Key Infrastructures (PKIs)  Storage facilities like the certificate servers  More structured  Provide additional key management services  Issue revoke, store, and trust certificates  Certificate authority: a group of human beings authorized to issue certs (like a passport office)

46 46 Common certificate format The certificate holder’s public key: the public portion of key pair and key algorithm, e.g., RSA The certificate holder’s information: identity information about the user (e.g., name, user ID, email address, photograph, and so on) The digital signature of the certificate owner: the signature using the corresponding private key of the public key of the certificate The certificate’s validity period: the certificate’s start date/time and expiration date/time; The preferred symmetric encryption algorithm for the key: e.g., AES, Triple-DES, Twofish

47 47 Common certificate format [2]

48 48 Other substitution techniques Choose a keyword, e.g., Jayhawk, drop repeated letters, thus jayhwk The keyword defines the permutation of English letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ jayhwkbcdefgilmnopqrstuvxz Another keyword: Professional ABCDEFGHIJKLMNOPQRSTUVWXYZ profesinalbcdghjkmqtuvwxyz

49 49 Other substitution techniques [2] Use every third letter (apply mod 26) adgjmpsvybehknqtwzcfilorux Consider any possible permutation of the English letters  How many? 26!  Even applying decryption at 1 microsecond, still takes over 1,000 years  The primary issue: the knowledge of letter patterns in a text  Solution: Avoid using the same substitution for a letter

50 50 One-time pads (using Vigenere tableau) Assume a set of large, non-repeating keys written on sheets of paper, glued into a pad Assume keys are 20 characters Assume a text that is 300 characters Sender tears off 15 pages from the pad Sender writes the keys one at a time above the text letters and enciphers in a prearranged chart Receiver must have the same pad Concerns: (1) key distribution, (2) sender/receiver must synchronize (3) need unlimited keys

51 51 One-time pads [2] A toy example Assume keys are 5 letters each; assume these two keys XYSWD and CHJTU Assume you have a text that is eight characters, e.g., “fly today” Need two keys XYSWDCHJTU flytoday Ciphertext: XYSWDDHJ

52 52 One-time pads [3] Using computers, random numbers can be generated for the keys To send a 300-letter message  Generate the next 300 random numbers  Scale to be between 1-26  Use a number to decipher each letter

53 53 One-time pads [4] Pictorially

54 54 The Vernam cipher (a one-time pad) Devised by Gilbert Vernam for AT&T Non-repeating random numbers How? Consider plaintext Vernam Cipher V E R N A M C I P H E R ord# 21 4 17 13 0 12 2 8 15 7 4 17 +rnd 76 48 16 82 44 3 58 11 60 5 48 88 = 97 52 33 95 44 15 60 19 75 12 52 105 %26 19 0 7 17 18 15 8 19 23 12 0 1 cipher T A H R S P I T X M A B

55 55 An example of combining substitution and transposition The Soviet encryption during the WWII Handout

56 56 How is a key used? Suppose we have a key, computer How is it used to encrypt a plaintext? A toy approach The key, computer, in ASCII is  Dec: 097 111 109 112 117 116 101 114  Binary: 01100011 01101111 01101101 … A plaintext, “secretly” in binary:  01110011 01100101 01100011 … XOR the two!

57 57 How is a key used? [2] Much more complex in real algorithms F is a round function K i, for i in 2..16, are new keys generated from the original key by a complex algorithm  is the xor operation

58 58 The key application in DES

59 59 The key application in AES

60 60 Key distribution revisited Five persons need to communicate securely How many keys should the system maintain? How many lines of communication? n * (n -1)/2  Two people: 1 line of communication  Three people: 3 lines of communication  Four people: 6 lines of communication  Five people: 10 lines of communication Concerns: Maintaining the distributed the keys

Download ppt "Cryptography 101 EECS710: Info Security and Assurance Professor Hossein Saiedian Resources: Terry Ritter’s Learning About Cryptography, Network Associates’"

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.

Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.

1 Digital certificates One concern with the public key approach: must ensure that you are encrypting to the correct person’s public key  Otherwise, you.
CC3.12 Erdal KOSE Privacy & Digital Security Encryption.

CC3.12 Erdal KOSE Privacy & Digital Security Encryption.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Lecture 1 Overview.

Lecture 1 Overview.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Similar presentations

Ads by Google