Lec2

advertisement
ECE454/CS594
Computer and Network Security
Dr. Jinyuan (Stella) Sun
Dept. of Electrical Engineering and Computer Science
University of Tennessee
Fall 2011
1
Introduction to Cryptography
•
•
•
•
•
•
What is cryptography?
Types of cryptography
Attacks on cryptosystem
SKC, PKC, Hash
Security notions
Early ciphers
2
What Is Cryptography?
Cryptography is the art of secret writing
• Traditional use: encryption
• Cryptographic systems: algorithm+secret
• Cryptology: cryptography+cryptanalysis
•
3
Types of Cryptography
•
Operations used to transform plaintext to ciphertext:
- Substitution: each element in plaintext is mapped
into another element
- Transposition: elements in plaintext are rearranged
•
Number of keys used:
- Single-key: secret-key cryptography
- Two-key: public-key cryptography
- Zero-key: hash functions
• The
way plaintext is processed:
- Block cipher: input & output in blocks
- Stream cipher: input & output in bits
4
Conventional Cryptography:
Symmetric Encryption
Plaintext: original message
• Encryption algorithm: substitutions/transpositions
• Secret key: independent of plaintext and algorithm
• Ciphertext: depends on plaintext and key, appears random
• Decryption algorithm: reverse of encryption
•
5
Attacking Cryptosystems
Cryptanalysis: attempts to deduce the plaintext
and/or the key being used, with knowledge of the
nature of the algorithm + general characteristics of
plaintext + some sample plaintext-ciphertext pairs
•
Brute-force attack: attacker tries every possible key
on a piece of ciphertext until an intelligible
translation into plaintext is obtained. On average, half
of all possible keys must be tried to achieve success.
•
6
Types of Cryptanalytic Attacks
7
Brute-force Attacks
Average Time Required for Exhaustive Key Search
8
Secret Key Cryptography (SKC)




Aka: conventional cryptography, symmetric cryptography
Use a single key
Ciphertext about the same length as plaintext
Examples: Captain Midnight code, monoalphabetic cipher,
DES, AES, RC4
plaintext
Alice
encryption
ciphertext
Bob
shared secret key
ciphertext
decryption
plaintext
9
SKC Applications




Transmitting over an insecure channel
Secure storage on insecure media
Authentication:
Integrity check: message authentication code (MAC),
aka, message integrity check (MIC)
10
Public Key Cryptography (PKC)
Aka: asymmetric cryptography, invented in 1970s
 Use two keys: a public key known to everyone, a private
key kept secret to the owner
 Encryption/decryption: encryption can be done by
everyone using the recipient’s public key, decryption can
be done only by the recipient with his/her private key
encryption
plaintext
ciphertext

pubB
Alice
( pubA , priA )
ciphertext
priB
decryption
( pubB , priB )
plaintext
11
PKC Applications
Everything that SKC does can be done by PKC

Transmitting over an insecure channel
Secure storage over insecure media
Authentication

Key exchange: establish a shared session key with PKC


12
PKC Applications (Cont’d)

Digital signature: non-repudiation
plaintext
Alice
sign
Signed
message
priA
( pubA , priA )
Signed
message
pubA
verify
( pubB , priB )
True or
false
13
Hash Functions



Aka: message digests, one-way transformations
Take a message m of arbitrary length (transformed into
a string of bits) and computes from it a fixed-length
(short) number h(m)
Properties:
- easy-to-compute: for any message m, it is relatively easy to
compute h(m)
- non-reversible: given h(m), there is no way to find an m that
hashes to h(m) except trying all possibilities of m
- computationally infeasible to find m and m’ such that h(m)=h(m’)
and m!=m’
14
Applications of Hash Functions





Password hashing
Message integrity: keyed hash
File fingerprint
Downline load security
Digital signature efficiency
15
Security Notions



Unconditionally secure: ciphertext generated by the
scheme does not contain enough information to
determine uniquely the corresponding plaintext, no
matter how much ciphertext is available. Perfectly
secure, unlimited power of adversary
Provably secure: under the assumption of well-known
hard mathematical problem, e.g., factoring large
numbers, discrete logarithm problem
Computationally secure: if cost of breaking the cipher
exceeds the value of the encrypted information, or time
required to break the cipher exceeds the useful lifetime
of the information, practical security
16
Early Ciphers: Substitution
• Substitution: letters of plaintext are replaced by
other letters or by numbers or symbols, involves
replacing plaintext bit patterns with ciphertext bit
patterns
• Caesar cipher
• Captain Midnight Secret Decoder Rings
• Monoalphabetic cipher
• Hill cipher
• Polyalphabetic cipher (Vigenere)
• One-time pad
17
Caesar Cipher
• Replacing each letter of the alphabet with the letter
three places further down the alphabet, e.g.,
• Captain Midnight Secret Decoder Ring (slightly
enhanced): If a numerical value is assigned to each letter,
for each plaintext letter p, the ciphertext letter C=E(k,
p)=(p+k) mod 26 where k takes on the value in [1,25]:
• Subject to brute-force attack: simply try all 25 possible k
18
Monoalphabetic Cipher
• The "cipher" line can be any permutation of the 26
alphabetic characters, 26! or around 4x1026 possible keys:
• Is it secure enough to resist cryptanalysis? Consider:
• By exploiting the regularities of the language and
counting letter frequencies:
• The following can be recovered:
19
Hill Cipher
• Takes m successive plaintext letters and substitutes for
them m ciphertext letters
• The substitution is determined by m linear equations in
which each character is assigned a numerical value (a = 0, b
= 1 ... z = 25)
• For example: m = 3
for plaintext “paymoremoney” and encryption key
we have ciphertext: LNSHDLEWMTRW
20
Polyalphabetic Cipher
• Use different monoalphabetic substitutions as one
proceeds through the plaintext message
• Vigenere cipher: best known polyalphabetic cipher. The
set of related monoalphabetic substitution rules consists of
the 26 Caesar ciphers, with shifts of 0 through 25.
• For keyword “deceptive” and plaintext “we are
discovered save yourself”, the encryption works as:
• Vulnerable to cryptanalysis: the key and plaintext share
the same language regularities and frequency distribution
of letters. Solutions?
21
One-time Pad
• Use a random key that is as long as the message so that
the key need not be repeated
• The key is used to encrypt and decrypt a single message,
and then is discarded
• Perfectly secure: unbreakable because it produces
random output (from the random key) that bears no
statistical relationship to the plaintext
• Drawbacks: large quantities of random keys needed, key
distribution and protection (both sender and receiver)
22
Early Ciphers: Transposition
• Different from substituting a ciphertext symbol for
a plaintext symbol
• Transposition cipher: performs some sort of
permutation/rearrangement on plaintext letters
• Cryptanalysis is straightforward: a transposition
cipher has the same letter frequency as plaintext
• Can be made more secure by performing more
than one stage of transposition (result is not easily
reconstructed)
23
Rail Fence Cipher
• Simplest transposition cipher
• Plaintext is written down as a sequence of
diagonals and then read off as a sequence of rows
Plaintext:
Ciphertext:
• Trivial to attack
24
Double Transposition
• A more complex scheme: permute the order of the
columns with a key
• Double transposition: more than one permutation, number
the above plaintext letters 1-28 and after the first
permutation
we have
• After the 2nd permutation?
25
Cryptography vs. Steganography
• Cryptography conceals the context of message
• Steganography conceals the existence of message, useful
when the fact of secret communication should be concealed
- an arrangement of words/letters of the overall message spells out the hidden
message
- character marking: selected letters overwritten in pencil, not visible unless the
paper is held at an angle to bright light
- invisible ink: substances used for writing but leave no visible trace until heat or
some chemical is applied to the paper
- pin punctures: small pin punctures on selected letters are not visible unless the
paper is held up in front of a light
• Drawbacks of steganography: high overhead to hide a
relatively few bits of information, becomes worthless once
the system is discovered (can make insertion depend on key)
26
Steganography
27
Reading Assignments

[Kaufman] Chapter 2
28
Download