Add to collection(s) Add to saved
  1. History
  2. European History
  3. Renaissance (1330-1550)

Introduction to Computer and Network Security 15-349

advertisement 
15-349
Introduction to Computer and
Network Security
Iliano Cervesato
10 September 2012 – Introduction to Cryptography
Where we are
• Course intro
• Cryptography







Intro to crypto
Modern crypto
Symmetric encryption
Asymmetric encryption
Beyond encryption
Cryptographic protocols
Attacking protocols
• Program/OS security & trust
• Networks security
• Beyond technology
2
Outline
• Basic concepts
 Protecting information
 Goals of cryptography
 Brief history
• Cryptographic toolbox (preview)
• Cryptanalysis
 Traditional attack models
 Side-channel attacks
• Early ciphers
 Substitution ciphers
 Transposition ciphers
3
Confidentiality of Communication
Implement a virtual trusted channel over an
insecure medium
E
D
4
Confidentiality of storage
Implement a virtual trusted safebox over an
insecure storage medium
E
5
Insecure Channels
External observer can
• Read traffic
 Interception
• Inject new traffic
Passive
attack
 Fabrication
• Block traffic … (sometimes)
 Interruption
• Modify traffic … (sometimes)
Active
attack
 Modification
6
Representing Data
• Divide data into blocks
 Character, records, …
• Represent each block by a number
 E.g., ASCII
• Why?
 Cryptography is based on mathematics
7
Encryption and Decryption
Encrypted message
(ciphertext)
Encryption
E
Message
(cleartext,
plaintext)
X
X
Decryption
D
Message
(cleartext, plaintext)
E, D realize a virtual trusted channel
8
Keys
What are E and D?
• Channel-specific algorithm
 Requires a lot of
algorithms
 Hard
m
E
s
• Universal algorithms
 Parameterized by key
 Easier
– 1 algorithm
– Large space of keys
m
k
E
s
9
Classical Cryptography
Encrypted message
(ciphertext)
Encryption
E
Message
(cleartext,
plaintext)
X
X
key
Decryption
D
Message
(cleartext, plaintext)
E, D realize a virtual trusted channel, given key
10
Goals of Cryptography
Not just about confidentiality!
• Integrity
 Digital signatures
 Hash functions
• Non-repudiation, fair exchange
 Contract signing
• Anonymity
 Electronic cash
 Electronic voting
• …
Non-goals
• Denial of service
11
A Brief History of Cryptography
• ~2000 years ago: Substitution ciphers
• A few centuries later: Transposition ciphers
• Renaissance: Polyalphabetic ciphers
• 1844: Mechanization
• 1976: Public-key cryptography
12
A → C
B → E
D → F
…
X → A
Y → B
Z → C
Caesar’s
cipher:
Substitution Ciphers
Replace each letter with another
• Key: substitution table
• How to break it?
 Brute force? 26! possibilities (= 4x1026)
 Count the frequencies of letters, pairs, …
 Ciphertext is enough: ciphertext-only attack
• Example:
QVAQBCWZQRLWDVEFW
IAMINDECIPHERABLE
A
B
C
D
E
F
G
→
→
→
→
→
→
→
V
E
Z
C
W
G
O
H
I
J
K
L
M
N
→
→
→
→
→
→
→
L
Q
N
H
F
A
B
O
P
Q
R
S
T
U
→
→
→
→
→
→
→
S
R
I
D
U
Y
K
V
W
X
Y
Z
→
→
→
→
→
X
M
T
J
P
13
Renaissance Ciphers
Use message and key letters for cipher
• Key: a word (CRYPTO)
• Example:
WHATANICEDAYTODAY
+ CRYPTOCRYPTOCRYPT (mod 26)
ZZZJUCLUDTUNWGCQS
• Polyalphabetic cipher:
 Encryption of letter is context-dependent
• Seed of modern cryptography
14
Book Ciphers
Same thing but with very long key
• Key: a poem, a book, …
(TOBEORNOTTOBETHATISTHEQUESTION…)
• Example:
WHATANICEDAYTODAY
+ TOBEORNOTTOBETHAT
PVBXOEVQXWOZXHKAR
(mod 26)
• … there are not all that many famous
books, poems, etc.
15
One-Time Pad
Same thing, but now key is a infinite
random string
• Example:
WHATANICEDAYTODAY
+ YKSUFTGOARFWPFWEL (mod 26)
•
•
ZZZJUCLUDTUNWGCQS
This is a perfect cipher
How to remember/transmit the key??
 Short key stretched by means of a random
number generator
• Vernam cipher
 Use ⊕ (xor) to combine key and message
16
Transposition Ciphers
k=
1 2 3 4 5
3 5 4 1 2
Switch letters around by a permutation
• Example: HELLOWORLD → LOLHERDLWO
• Key: permutation
• Breakable with ciphertext-only attack
17
More transposition
• Write code in rows and read it in
columns
THE GOAL OF SUBSITUTION IS CONFUSION
THEGOAL
OFSUBSI
TUTIONI
SCONFUS
IONXXXX
TOTSIHFUCOESTONGUINXOBOFXASNUXLIISX
• A very regular type of permutation
18
Confusion and Diffusion
Confusion
• Replace symbol with
another
Diffusion
• Mix up symbols
WHATANI
WHATANI
ZZZJUCL
ANWIHAT
Modern ciphers are a combination
19
The Enigma
Mechanization
• 1844: invention of telegraph
 Beginning of civilian crypto
• Rotor machines
 Key: initial position of rotors
 Culminate in WW II
• 1975: DES
 1996-2000 AES
• 1976: Public key cryptography
We will
examine
in some
detail
20
Cryptographic Toolbox
• Encryption
 Symmetric
 Asymmetric
• Digests
 Hashing
• Digital signatures
 Certificates
21
Symmetric Encryption
Encryption
box
M
Decryption
box
Encrypted message
(ciphertext)
E
Message
(cleartext)
X
X
k
Secret key
D
M
Message
(cleartext)
Dk(Ek(m)) = m
22
Asymmetric Encryption
Encryption
Decryption
box
Ciphertext
E
M
box
X
X
Cleartext
k-1
k
Public data
D
Public key
M
Cleartext
Private key
k
Dk (Ek(m)) = m
-1
23
Digital Signatures
Signature
Verification
box
Signature
S
M
box
M, s
M, s
Message
k-1
k
Public data
k-1
V
M
Message
signature key
Verification key
true if s =Sk(m)
Vk-1 (m,s) =
false otherwise
24
Certificates
How do you know this public key is mine?
• Certificate
 Binding between key and owner
 Certified by authority
• Who is the authority?
 Public-key infrastructure
25
Message Digests
• Short message to certify integrity
• Un-keyed
 Checksums, hashes
 No crypto
 Anybody can calculate/modify it
• Keyed
 MACs
 Based on a secret key
 Only owners can calculate/modify it
26
Cryptanalysis
The art → science of breaking a cipher
• Try all possible plaintext corresponding to a
ciphertext
 Plain silly!
• Try all possible keys for an encryption algorithm
 Algorithm must be known
 Enormous space of keys
• Exploit weaknesses, regularities, shortcuts
 Side-channel attacks
 E.g., basic substitution cipher
27
What is “breaking a cipher”?
• Recover the key k
 Hard
 Often not needed!
• Decipher a single message
• Decipher all messages
• Modify messages
 “Attack at dawn” → “attack at dusk”
• Exploit properties of the cipher
28
Attack Models
Random
x
Ek(m)
m, x
Ciphertext Only
Chosen
Random
Ek(m)
m, x
Chosen Plaintext
Known Plaintext
Chosen
Dk(x)
x, m
Chosen Ciphertext
Good ciphers resist all attack models
29
Differential Power Analysis on DES
Sneaky Attacks
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Detail:
Round 2
• Obtain the key somehow
Round 3
From http://www.cryptography.com/dpa/technical
 Network sniffers, worms, backup tapes, …
 Blackmail, bribery, torture, …
Be careful!
• Side-channel cryptanalysis
 Power consumption
 Encryption time
 Radiation
Better implementation
⇒ off-peak computation
⇒ random noise
⇒ physical shielding
and design
30
Related documents
Hwk #11
Hwk #11
Introduction to Computer and Network Security 15-349 Iliano Cervesato
Introduction to Computer and Network Security 15-349 Iliano Cervesato
CS361 Questions: Week 8
CS361 Questions: Week 8
INFA 723 Applied Cryptography
INFA 723 Applied Cryptography
CIS 5371 Cryptography Home Assignment 1
CIS 5371 Cryptography Home Assignment 1
VideoCase08:_Security
VideoCase08:_Security
Download
advertisement