Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key.

Published byAbraham Patterson Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key."— Presentation transcript:

1 1 Overview of Cryptography

2 Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key cryptography Digital signature Public key distribution Public-key algorithms Cryptographic hash function Attack complexity Application Digital signature Message authentication code Key establishment server-based Public-key based Key agreement (Diffie-Hellman)

3 Information security objectives Confidentiality Data integrity Authentication Entity authentication (identification) Message authentication (data origin authentication) Verification of message timeliness and sequences Non-repudiation Availability Access control

4 Security primitives (tools) Unkeyed primitives Arbitrary length hash functions One-way permutations Random sequences Symmetric-key primitives Symmetric-key ciphers Block ciphers Stream ciphers Arbitrary length hash functions (MACs) Signatures Pseudorandom sequences Identification primitives Public-key primitives Public-key ciphers Signatures Identification primitives

5 Criteria The crypto attributes are evaluated w.r.t. various criteria. Level of security Functionality Methods of operation Performance Ease of implementation

6 Crypto Cryptology: the art and science of making and breaking “secrete codes” Cryptography: making “secrete codes” Cryptanalysis: breaking “secrete codes”

7 Symmetric-key encryption Other terms: single-key, one-key, private-key, conventional encryption Why do symmetric cryto need a key, not just a certain transformation? One of the major issues is to find an efficient method to agree upon and exchange keys securely. Key distribution problem

8 Plaintext source encryption Ee(m)=c key source e destination decryption De(c)=m m m unsecure channel c Secure channel e adversary

9 block ciphers Substitution ciphers Transposition ciphers Composition ciphers Product ciphers

10 Symmetric-key encryption algorithms Data Encryption Standard (DES) Adapted in 1973 by NIST 64-bits blocks, 56 bits key Triple DES ANSI X9.17 in 1986 168 bits key Advanced Encryption Standard (AES) Adapted in 2001 by NIST 128 bits block length, key length 128 bits(192, 256) International Data Encryption Algorithm (IDEA) Published in 1991 Block size 64bits, key size 128 bits Blowfish In 1993 Key size: variable to 448, block size: 64bits RC5 In 1994 Key size: variable to 2048, block size: 64bits

11 Cipher Block modes Block cipher modes of operation ECB: Electronic code book CBC: Cipher block chaining CFB: Cipher feedback OFB: Output feedback CTR: Counter mode

12 Stream cipher plaintext is XORed with keystream generated from secret key and initialization vector (IV) Vernam cipher (one-time pad) RC4, Seal LFSR

13 Public-key cryptography First publicly proposed by Diffie and Hellman in 1976. Each entity maintains two keys: public key(K + ) which is known to everyone and private key(K - ) which is known to the owner. D K- (E K+ (M))=M, D K+ (E K- (M))=M

14 Public-key encryption Plaintext source encryption E KB+ (m)=c key source KB + (Bob’s public key) destination decryption D KB- (c)=m m m unsecure channel c K - (Bob’s private key) adversary Alice Bob

15 Advantage of Public-key crypto Suppose N entities, how can any pair of them establish a secret key? To use symmetric-key crypto, requires secret and authentic channel to set up shared secret (symmetric) key Need O(N 2 ) keys Key management is challenging Public-key crypto advantage Each entity only needs to know N-1 authentic public keys Easier to establish authentic public keys than symmetric keys

16 Public-key application Message encryption : hardly used Digital signature Symmetric-Key distribution

17 Digital Signature Digital signature key source Message source M’ E K - (m)=S m Signer A K-K- accept If m ∈ M’ D K + (s)=m m K+K+ s Verifier B

18 m E K - (M) S (signature) m D K + (S)=m’ S m=m’? Signer verifier

19 Public-key Distribution K1 - C=E K6+ (m) K6 - m=D K6 - (c) A1 A2 A3 A4 A5 A6 A1: K1 + A2: K2 + A3: K3 + A4: K4 + A5: K5 + A6: K6 + public file K5 - K4 - K3 - K2 -

20 A1: K1 + A2: K2 + A3: K3 + A4: K4 + A5: K5 + A6: Ka + Impersonation by adversary An adversary alters the public file by replacing the public key K6 + by Ka + c=E ka+ (m) A1 private key Ka - adversary Dka - (c)=m E K6+ (m)=c’ A6 c c’ Ka+ K1 - K6 - m=D K6 - (c)

21 Authentication by Trusted Third Party(TTP) The entities must use a TTP to certify the public key of each entity. (verify the authenticity of the public key) TTP distributes a pair of a public key and its owner, with the TTP’s signature which is formed by TTP’s private key. TTP’s public key is known to every entity, and they trust the TTP’s public key is genuine. When entities receive a public key, they decrypt the attached signature by TTP’s public key, proving the pair is genuine. In this way all entities can obtain the public keys of the other entities. TTP is often called the Certificate Authority (CA).

22 Public-key crypto algorithms RSA Since it was first published in 1978, it has become the most widely accepted algorithm. Digital Signature Standard(DSS) NIST standard Used only for digital signature, not for encryption or key exchange Elliptic-Curve cryptography (ECC) IEEE P1367 Appeared to be secure for smaller key size than RSA

23 Encrypting Large File with RSA? Duration of 1024-bit RSA encryption ~1 ms on 1 GHz Pentium Duration of 1024-bit RSA decryption ~10 ms on 1 GHz Pentium Duration to encrypt 1 Mbyte file? Encrypt 1024 bits / RSA operation = 128 bytes 1 Mbyte = 2 20 bytes Time: 2 20 / 2 7 * 1ms = 2 13 ms = 8 seconds! Compare with the time by the symmetric key?

24 Symmetric-key vs. public-key Symmetric crypto Need shared secret key 80 bit key for high security (year 2010) ~1,000,000 ops/s on 1GHz processor 10x speedup in HW Public-key crypto Need authentic public key 2048 bit key (RSA) for high security (year 2010) ~100 signatures/s ~1000 verify/s (RSA) on 1GHz processor Limited speedup in HW

25 Cryptographic Hash function A computationally efficient function mapping binary strings of arbitrary length to binary strings of some fixed length, called hash-values. Properties of a secure hash function One-way Given y = H(x), cannot find x ’ s.t. H(x ’ ) = y Weak collision resistance Given x, cannot find x ’ ≠ x s.t. H(x) = H(x ’ ) Strong collision resistance Cannot find x, x ’ s.t. x ’ ≠ x and H(x) = H(x ’ )

26 Attack complexity: One-way Assume secure hash function with n-bit output One-wayness: given output y, how many operations does it take to find any x, such that H(x) = y? Assumption: best attack is random search For each trial x, probability that output is y is 2 -n P[find x after m trials]=1-(1-2 -n ) m Rule of thumb: find x after 2 n-1 trials on average

27 Attack complexity: Weak collision Weak collision resistance: given input x, how many operations does it take to find another x ’ ≠ x, s.t. H(x) = H(x ’ )? Assumption: best attack is random search For each trial x ’, probability that output is equal is 2 -n P[find x after m trials]=1-(1-2 -n ) m Rule of thumb: find x ’ after 2 n-1 trials on average

28 Attack complexity: strong collision Strong collision resistance: how many operations does it take to find x and x ’, s.t. x ’ ≠ x and H(x) = H(x ’ )? Assumption: best attack is random search Algorithm picks random x ’, checks whether H(x ’ ) matches any other output value previously seen P[find col after m trials]= 1-(1-1/2 n )(1-2/2 n )(1-3/2 n ) … (1-(m+1)/2 n ) Rule of thumb: find collision after 2 n/2 trials on average (1.17*2 n/2 to be a bit more precise)

29 Pre-Birthday Problem Suppose N people in a room How large must N be before the probability someone has same birthday as me is  1/2 ? Solve: 1/2 = 1  (364/365) N for N We find N = 253

30 Birthday Paradox How many people need to be in a room to have a probability > 50% that at least two people have the same birthday? Answer: approximately 1.17*365 1/2 ~ 22.4

31 One-way hash function algorithms SHA-1 Developed by NIST and published in 1993 Input: max. length of less than 2 64 bits Input is processed in 512 bits blocks. Output: 160 bits hash code MD5 RFC 1321 Input: arbitrary length, output: 128 bits RIPEMD-160 Developed by European RACE Integrity Primitives Evaluation (RIPE) project Input: arbitrary length, output: 160 bits

32 How secure is SHA-1? SHA-1 does not provide collision resistance any more: requires only 2 69 operations to find a hash collision(2005) How long would it take to find collision? 2 69 / (2 20 * 2 20 ) = 2 29 seconds 1 year has approximately 2 25 seconds 2 29 / 2 25 ~ 16 years

33 Earlier this week, three Chinese cryptographers showed that SHA-1 is not collision-free. That is, they developed an algorithm for finding collisions faster than brute force. SHA-1 produces a 160-bit hash. That is, every message hashes down to a 160-bit number. Given that there are an infinite number of messages that hash to each possible value, there are an infinite number of possible collisions. But because the number of possible hashes is so large, the odds of finding one by chance is negligibly small (one in 2 80, to be exact). If you hashed 2 80 random messages, you'd find one pair that hashed to the same value. That's the "brute force" way of finding collisions, and it depends solely on the length of the hash value. "Breaking" the hash function means being able to find collisions faster than that. And that's what the Chinese did. They can find collisions in SHA-1 in 2 69 calculations, about 2,000 times faster than brute force. Right now, that is just on the far edge of feasibility with current technology. Two comparable massive computations illustrate that point. (Feb. 15, 2005. Bruce Schneier)

34 Message Authentication Code (MAC) One of the main applications of the hash function is to generate a small block of message tag which is called MAC. MAC provides the authenticity and integrity of messages (no confidentiality) A sender computes MAC( K, M ), or MAC K ( M ) where K is the shared secret key between two entities. and send.

35 MAC by symmetric-key encryption without hash function Using a symmetric-key, a sender generates a small block of data, known as a message authentication code (MAC) and appends it to the message. E K AB (M) Take the last L bits. L: the length of MAC M MAC M C=E K AB (M) Take the last L bits. M = Alice Bob

36 MAC by symm-key encryption A sender applies a symm-key encryption to a small block of data which is generated by a hash function. M MAC M M = Alice Bob E K AB (H(M)) H(M) H H D K AB (MAC)

37 MAC by public-key (Digital Signature) Hash function provides the fast way of generating digital signature using the public-key cryptography. M MAC M M = Alice Bob E K A - (H(M)) H(M) H H D K A + (MAC)

38 MAC with shared secret key Hash functions such as SHA-1 does not rely on a secret key. HMAC is the most widely accepted algorithm for MAC which incorporates a secret key into existing hash function algorithm. In HMAC, a hash function is treated as a “black box,” which means any available hash function can be used. RFC 2104

39 Example: HMAC-MD5 H: MD5 hash function MAC(K, M ) = H(K  opad || H(K  ipad || M)) ipad = 3636..36, opad = 5C5C..5C (512bits)

40 Key establishment Process by which a shared secret key becomes available to two or more parties Key management A set of processes and mechanisms which support key establishment and the maintenance of ongoing keying relationships between parties, including replacing older keys with new keys

41 Key establishment Server-less key establishment Server-based key establishment Public-key based key establishment Key agreement algorithm Diffie-Hellman

42 Key establishment with TTP A Trusted Third Party (TTP) generates a key k (session key) and sends it encrypted by each of the fixed keys. K1 A1 K6 A6 K5 A5 K2 A2 K3 A3 K4 A4 Key source TTP E k1 (k 15 ) E k5 (k) E k 15 (m)

43 Key establishment by public key A sender encrypts the shared secret key by the other entity’s public key. E K AB (m) m E K B + (K AB ) E K AB (m) E K B + (K AB ) Alice Bob

44 Key agreement: Diffie-Hellman key exchange The Diffie-Hellman key exchange algorithm enables two entities to exchange a secret key securely. The algorithm depends on the difficulty of computing discrete logarithms.

45 Discrete Logarithm Problem Public values: large prime p, generator g g a mod p = x Discrete logarithm problem: given x, g, and p, find a Table g=2, p=11 a12345678910 gaga 2485 97361 Cyclic Group G α1α1 α2α2 α3α3 … Generator α α x = β 1 st element n th element

46 Diffie-Hellman Key exchange Public values: large prime p, generator g (primitive root of p) Alice has secret value a, Bob has secret b A  B: g a (mod p) B  A: g b (mod p) Bob computes (g a ) b = g ab (mod p) Alice computes (g b ) a = g ab (mod p) Symmetric key= g ab (mod p)

47 Classes of attacks Passive attacks Active attacks Attacks of protocols Known-key attack Replay Impersonation Dictionary Forward search Interleaving attack

Download ppt "1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Similar presentations

Ads by Google