INCS741: Cryptography Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of TechnologyAmman Campus Motivation • Historically Kings communicated with their generals using cryptographic methods. – Julius Caesar used a cipher named after him. • Today with the advent of the Internet electronic services are integral part of our daily life – Exchanging payment in formation is vital for internet economy • It’s empirical to protect electronic information Terminology • Cryptology is the all-inclusive term used for the study of secure communication over non-secure channels and related problems. • Cryptography is the process of designing systems to realize secure communications over nonsecure channels. • Cryptanalysis deals with breaking cryptosystems. • Coding Theory deals with symbolic representation of input information using symbols, often called codes such as – Compression, secrecy and error-correction. Code Vs Cipher • Code is replacing message words by codewords or symbols – Unanticipated words cannot be used • Cipher is Encrypting the message using some algorithm – Stream Ciphers. Data fed to the algorithm in small chunks (bits, chars) – Block Ciphers. Data fed to the algorithm in blocks Secure Communications Scenario Plain text Security Issues 1. Read the message 2. Find the key and read all the encrypted messages 3. Integrity: Corrupt or modify the content of the message in such a way that Bob will think Alice sent the altered message. 4. Authentication: Impersonate Alice and communicate with Bob • Oscar is a passive observer who is trying to perform (1) and (2). • Mallory is more active and malicious who is trying to perform (3) And (4). Possible Attacks 1. Ciphertext only: Eve has only a copy of ciphertext 2. Known Plaintext: Eve has a copy of ciphertext and the corresponding plaintext and tries the deduce the key. 3. Chosen Plaintext: Eve has temporary access to the encryption machine/algorithms. – She can encrypt large number of plaintexts and use them to deduce the key. 4. Chosen Ciphertext: Eve has temporary access to the decryption machine. – She can decrypt large number of ciphertexts and symbols and use them to deduce the key. Kerckhoff’s and Shannon Principles • A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. • The enemy knows the system edge. • The security of the system, therefore, should be based 1. key length 2. The quality of the algorithm. Symmetric Key Cryptography • Encryption and decryption keys are known to both communicating parties (Alice and Bob). – A Secret key should be shared (or agreed) b/w the communicating parties. • They are usually related and it is easy to derive the decryption key once one knows the encryption key. – In most cases, they are identical. • All of the classical (pre-1970) cryptosystems are symmetric – Such as DES and AES (Rijndael) Public Key Cryptography • Encryption Key is made public! Public Key. • Decryption Key is kept private. Private Key – Sender encrypts the message by the Public Key of the receiver – Only the receiver can decrypt the message by her/his Private Key • Computationally expensive to find the Decryption Key from the Encryption Key – Such as RSA, Discrete Logarithm and Elliptic Curve • Used to encrypt small amounts of data (key exchange or signatures) Key Length • The security of cryptographic algorithms is hard to measure. – How difficult is it for an adversary to find the key – The key should be large enough to prevent brute force or exhaustive search attack. – The adversary to determine the key simply by trying all possible keys in the key space. • For example, DES utilizes 56-bit key, therefore there are 256 (or approx 7.2 x 1016) possible keys in the key space. Key Length • For a cryptanalyst, brute force should be the last choice. – He needs to take advantage of the weakness in the algorithm or in it’s implementation, in order to reduce the possible keys to try out. • Longer keys do not necessarily improve the security • Once secure is not always secure Unbreakable Cryptosystems • Almost all of the practical cryptosystems are theoretically breakable given the time and computational resources • However, there is one system which is even theoretically unbreakable: One-time-pad. – One-time pad requires exchanging key that is as long as the plaintext. – However impractical, it is still being used in certain applications which necessitate very high-level security. • Security of one-time pad systems relies on the condition that keys are generated using truly random sources. Cryptographic Objectives • Confidentiality – Hiding the contents of the messages exchanged. • Integrity – Bob wants to make sure that Alice’s massage hasn’t been altered • Authentication – Bob wants to make sure that Alice could have sent the message he received. 1. Identification: Identity of the sender. 2. Data-origin authentication: data origin, creator and time. • Non-repudiation – Alice can’t deny sending the message.