Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by chat_reio

cryptography-intro-1208982511694551-8

advertisement 
Introduction to Cryptography
Christopher Martin
What is Cryptography?
 “There are two kinds of cryptography in the world:
the kind that will keep your kid sister from reading your
files, and the kind that will keep major governments
from reading your files”
- Bruce Schneier, preface to Applied Cryptography
 Cryptography is the science of keeping things secret,
this is known formally as confidentiality.
 Cryptography can be asked to do other things as well.
But what can crypto do for me?
 Authentication
 Proof of identity
 Integrity
 Proof of content
 Nonrepudiation
 Proof of transmission
Terminology
1. Plaintext or Cleartext
•
•
Ciphertext
•
•
The encrypted message
Encryption or Enciphering
•
•
•
The message
The process of turning plaintext into ciphertext
E(M) = C
Decryption or Deciphering
•
•
The opposite of the above
D(C) = M or D(E(M)) = M
Son of Terminology
1. Cryptography
•
•
•
Cryptanalysis
•
•
•
Art and science of keeping secrets secret
Practitioners are called Cryptographers
The art and science of making secrets not.
Breaking Cryptography
Practitioners are called Cryptanalysts
Cryptology
•
•
The branch of mathematics that encompasses
both of the above.
Practitioners are called Cryptologists
Return of Son of Terminology
1. Key
•
•
•
Cryptographic Algorithm
•
•
•
The “shared secret” used to keep the message
secret.
Can be one value from any sized range, called the
keyspace
The series of steps applied to the message and
the key
Also called a cipher
Cryptosystem
•
A single algorithm, plus all possible plaintexts,
ciphertexts, and keys
A brief digression on secrecy
 All secrecy resides in the key
 Kerchoffs’ Law
 Restricted Algorithms
Types of encryption algorithms
 Asymmetric
 Also known as public key
 Uses two keys, public and private
 Symmetric
 Uses one key that is shared between parties
 Historical/Classical
 Substitution ciphers, polyalphabetic cipers, codes
 Hash
 Not technically encryption algorithms but are part
of cryptography
Symmetric Encryption
 Ek(M) = C, Dk(C) = M, Dk(Ek(M)) = M
 The encryption key can be calculated from the
decryption key, and vice versa
 Usually, however, there is only one key
 The primary Achilles heel is that the key must be
shared between n parties
 DES, 3DES, Blowfish, Twofish, Serpent, IDEA, AES
(Rijndael)
 Can operate in two modes: stream and block, and
most modern algorithms have variable key size
One Time Pads
 Subset of Symmetric ciphers
 Offers theoretically perfect security
 Key is comprised of a large sheet of truly
random letters.
 Each key is used only once
 Encryption is the addition modulo 26 of the
key letter, and the plaintext letter
Asymmetric Encryption
 Ek-pub(M) = C, Dk-priv(C) = M,
Dk-priv(Ek-pub(M)) = M
 Given the public key, it is computationally
infeasible to calculate the private key
 Can also be used for digital signatures
 Examples: RSA, DSA, ElGamal,Diffe-Hellman
Hashing Algorithms
 Hashing is about integrity
 There is no key involved in hashing
 Takes an arbitrary sized input, and produces a
unique fixed size output
 The smallest change in the input should produce a
totally different output
 The process is non reversible
 Examples: MD4, MD5, SHA-1, SHA-128, SHA256
Attacking Cryptography
 Cryptanalysis
 Ciphertext Only Attack
 Known Plaintext Attack
 Chosen Plaintext Attack
 Adaptive chosen plaintext
 Chosen Ciphertext Attack
 Chosen Key Attack
 Rubber Hose Cryptanalysis
Where to use cryptography?
 Anywhere you want to have something remain
secret
 SSL, TLS, IPv6, SSH, IPSec all keep information
secure in transit
 Any Symmetric Algorithm can keep your files safe
in storage
 There are file systems available that will encrypt your
data on the fly. EncFS and Loop-AES for unix, EFS for
windows, FileVault for Mac OS X
 You can add encryption at the application level, or at the
server level for storing database information securely
Where can I get cryptography?
 Your best bet it to have it bundled with the
Operating System, or to buy supported add-on
hardware that does what you want.
 OpenBSD is the de facto standard for operating
system supported cryptography.
 Add on libraries like OpenSSL and libTomCrypt
are also available for most unix like platforms.
 Roll Your Own
 Not really recommended unless you are an expert
Conclusions
 Cryptography is only one part of a multi
layered security system
 It’s not a magic bullet
 It’s fun
Sources
• Applied Cryptography, Bruce Schneier
1996, Wiley and Sons
• Practical Cryptography, Bruce Schneier
and Niels Ferguson
2003, Wiley Publishing
• Silence on the Wire, Michael Zalewski
2005, No Starch Press
Related documents
My research interest include design and analysis algorithms
My research interest include design and analysis algorithms
- projectgenie
- projectgenie
plaintext version
plaintext version
INFA 723 Applied Cryptography
INFA 723 Applied Cryptography
CIS 5371 Cryptography QUIZ 1 (5 minutes only) cryptography.
CIS 5371 Cryptography QUIZ 1 (5 minutes only) cryptography.
Download
advertisement