advertisement

1

• Cryptography is a mathematical method of protecting information – Cryptography is part of, but not equal to, security – Predated modern computing • In modern computing, crypto is used to

*remediate deficiencies in the cyber space*

.

2

• In this course, we do not study the math part of crypto; rather, we use cryptography primitives as “ black boxes.

the crypto primitives ” – Need to understand the fundamental properties of • Four primitives: – Cryptographic hash – Symmetric encryption – Asymmetric encryption – Digital signatures 3

• Build security protocols –

*e.g.*

SSL/TLS • Build more complex security systems using the primitives –

*e.g.*

PKI 4

Hash function: H(m) = c Variable-length messages, fixed-length checksum Properties: 1. Given m, easy to compute H(m) 2. Given c, hard to find m (preimage resistance) 3. Given m, hard to find another m ’ resistance) s.t. H(m ’ ) = H(m) (second-preimage 4. Hard to find m and m ’ s.t. H(m) = H(m ’ ) (collision resistance) Examples: MD5, SHA-1 5

• Provides integrity guarantee – If the message content is changed, the hash

*will*

be different.

• Hide information – Knowing the hash

*does not*

message.

reveal the input • N.B. Hash is NOT encryption!

6

• A

*Commitment Scheme*

– We are having an online “sealed first-price auction” – Everyone submits a bid in a chat-room – There is no trusted third party – Bids may be submitted at different times • Requirements: – The bids need to be secret before opening – The bids need to be binding after opening – Use cryptographic hash function to implement such a scheme 7

• A salt is a message that is typically concatenated to the Hash function’s input.

– Used to increase the input space of the hash – Increase the difficulty of brute-force attacks 8

ciphertext plaintext

(Secret-key Encryption) c =enc(m, K ) m=dec(c, K ) secret key Encryption and decryption use the same key Properties: 1. Given ciphertext, hard to infer plaintext (ciphertext only attack) 2. Ciphertext and plaintext known, hard to infer key (known-plaintext attack) 3. Access to encryption oracle, hard to infer key (chosen-plaintext attack) 4. Access to decryption oracle, hard to infer key (chosen-ciphertext attack) Examples: DES, AES 9

• Every pair of communicating parties need to establish a shared key • Leads to keys for

*N*

parties • Typically requires a key-management/key agreement scheme to be used in practice 10

Bob Alice

(Public-key Encryption) Every party has a pair of keys:

Properties: (Public-key Encryption) By definition of public-key encryption 1. Given ciphertext, hard to infer plaintext (ciphertext only attack) 2. Ciphertext and plaintext known, hard to infer private key (known-plaintext attack) 3. Encryption oracle given, hard to infer private key (chosen-plaintext attack) 4. Decryption oracle given, hard to infer private key (chosen-ciphertext attack) 13

• Key generation – Creates the

– Much slower than symmetric-key encryption 14

PK B C=E(PK B , s) Alice Pick a random secret s s Bob s=D(SK B , C)

Based on public-key crypto.

Signing: Verification: sig= Sign(m, K priv ) Verify(sig, K pub, m) = True Properties: 1. Verification of the validity of a digital signature needs only the public key.

2. Only the owner of the corresponding private key can produce a valid signature Examples: RSA, DSA, El-Gamal 16

• Ensuring data authenticity – Sender signs the message, receiver verifies the signature • Providing non-repudiation – Digital signature serves as proof that the message is generated by the private-key holder 17

Hash with a shared key.

tag= MAC(m, K) Properties: 1. Only the holder of the key K can generate a valid MAC tag.

Examples: HMAC 18

• Set up public-key based authentication using SSH • Play with the various crypto primitives using OpenSSL ( http://www.openssl.org/ ) – The command-line tool documentation can be found at http://www.openssl.org/docs/apps/openssl.ht

ml – Openssl should be installed at most Unix systems. 19