1

• Cryptography is a mathematical method of protecting information
– Cryptography is part of, but not equal to, security
– Predated modern computing
• In modern computing, crypto is used to remediate deficiencies in the cyber space .
2

• In this course, we do not study the math part of crypto; rather, we use cryptography primitives as “ black boxes.
”
– Need to understand the fundamental properties of the crypto primitives
• Four primitives:
– Cryptographic hash
– Symmetric encryption
– Asymmetric encryption
– Digital signatures
3

• Build security protocols
– e.g.
SSL/TLS
• Build more complex security systems using the primitives
– e.g.
PKI
4

Hash function: H(m) = c
Variable-length messages, fixed-length checksum
Properties:
1. Given m, easy to compute H(m)
2. Given c, hard to find m (preimage resistance)
3. Given m, hard to find another m
’ resistance) s.t. H(m
’
) = H(m) (second-preimage
4. Hard to find m and m
’ s.t. H(m) = H(m
’
) (collision resistance)
Examples: MD5, SHA-1
5

• Provides integrity guarantee
– If the message content is changed, the hash will be different.
• Hide information
– Knowing the hash does not reveal the input message.
• N.B. Hash is NOT encryption!
6

• A Commitment Scheme
– We are having an online “sealed first-price auction”
– Everyone submits a bid in a chat-room
– There is no trusted third party
– Bids may be submitted at different times
• Requirements:
– The bids need to be secret before opening
– The bids need to be binding after opening
– Use cryptographic hash function to implement such a scheme
7

• A salt is a message that is typically concatenated to the Hash function’s input.
– Used to increase the input space of the hash
– Increase the difficulty of brute-force attacks
8

ciphertext plaintext
(Secret-key Encryption) c =enc(m, K ) m=dec(c, K ) secret key
Encryption and decryption use the same key
Properties:
1. Given ciphertext, hard to infer plaintext (ciphertext only attack)
2. Ciphertext and plaintext known, hard to infer key (known-plaintext attack)
3. Access to encryption oracle, hard to infer key (chosen-plaintext attack)
4. Access to decryption oracle, hard to infer key (chosen-ciphertext attack)
Examples: DES, AES
9

• Every pair of communicating parties need to establish a shared key
• Leads to keys for N parties
• Typically requires a key-management/key agreement scheme to be used in practice
10

Bob Alice

(Public-key Encryption)
Every party has a pair of keys: <K pub
, K priv
>
Public key: announce to everyone
Private key: known to the owner only
Encryption and decryption use two different keys: c = enc(m, K pub
) m = dec(c, K priv
)
It is hard to infer private key from the public key
Examples: RSA, El-Gamal
12

Properties:
(Public-key Encryption)
By definition of public-key encryption
1. Given ciphertext, hard to infer plaintext
(ciphertext only attack)
2. Ciphertext and plaintext known, hard to infer private key (known-plaintext attack)
3. Encryption oracle given, hard to infer private key
(chosen-plaintext attack)
4. Decryption oracle given, hard to infer private key
(chosen-ciphertext attack)
13

• Key generation
– Creates the <public, private> key pair
– Typically involves pseudo-random number generation
• Encryption using public-key crypto
– Does not need to share keys
– Does not need a secure channel to transmit the public key
Challenge: how to ensure the correct public key is used?
– Much slower than symmetric-key encryption
14

PK
B
C=E(PK
B
, s)
Alice
Pick a random secret s s
Bob s=D(SK
B
, C)

Based on public-key crypto.
Signing: sig= Sign(m, K priv
)
Verification: Verify(sig, K pub, m) = True
Properties:
1. Verification of the validity of a digital signature needs only the public key.
2. Only the owner of the corresponding private key can produce a valid signature
Examples: RSA, DSA, El-Gamal
16

• Ensuring data authenticity
– Sender signs the message, receiver verifies the signature
• Providing non-repudiation
– Digital signature serves as proof that the message is generated by the private-key holder
17

Hash with a shared key.
tag= MAC(m, K)
Properties:
1. Only the holder of the key K can generate a valid MAC tag.
Examples: HMAC
18

• Set up public-key based authentication using SSH
• Play with the various crypto primitives using OpenSSL ( http://www.openssl.org/ )
– The command-line tool documentation can be found at http://www.openssl.org/docs/apps/openssl.ht
ml
– Openssl should be installed at most Unix systems.
19