Chapter 5 (part 1) include objectives: Explain general cryptography concepts, explain basic hashing concepts, basic encryption concepts, explain and implement protocols, explain core concepts of public key cryptography.
Trang 1
Cryptography Basics
Trang 2Objectives
* Explain general cryptography concepts
* Explain basic hashing concepts
* Basic encryption concepts
* Explain and implement protocols
* Explain core concepts of public key cryptography
Trang 3Cryptography
aaa
* Cryptography — science of encrypting information
* “scrambles” (xao tron) data so only authorized parties can
“unscramble” and read data using two methods
* Can substitute — change one letter with a different letter (thay thé)
* Can transpose — scramble the order of letters, without actually
changing one for another (chuyén vi)
* The best cryptosystems both substitute and transpose.
Trang 5- a method of storing and transmitting data
In a form only intended for authorized parties to read or process
- science of studying,
breaking, and reverse engineering algorithms and keys
— the method of transforming data
(plaintext) into an unreadable format
— the format (usually
readable) of data before being encrypted
— the “Scramblea” format of data after being encrypted
Trang 6Cryptographic Terminology
* Decryption (giai ma) — the method of turning cipher text
back into plain text
“ Encryption algorithm — a set or rules or procedures that dictates how to encrypt and decrypt data Also called an encryption “cipher”
“ Key — (crypto variable) a values used in the encryption
process to encrypt and decrypt
Trang 8Các mục tiêu cúa mã hóa
LLL
| confidentiality/privacy (Tinh bi mat)
| Integrity (Tinh toan ven)
' Authentication (Tinh xac thuc)
| non-repudiation (Tinh khéng chéi bd)
Trang 9Cryptography History
* Romans used a shift cipher called a “CEASAR” cipher
Shift Ciphers simply shift characters in an alphabet
Trang 11Transposition (hoan vi) Cipher
* Jumbles up the ordering of characters in a message The Spartans of Greece used a form of this called the “Scytale” Cipher
Trang 12Transposition Cipher
Moon beams are nice
| In this example, text is
Trang 14Steganography (an thong tin)
yaaa
“ Hiding one message in another
* “Meet the mini me that ate later.”
< “Meet me later.”
Trang 15Vigenere Cipher
* The Vigenere cipher is named for Blaise de Vigenère,
although Giovan Battista Bellaso had invented the cipher
earlier Vigenere did invent a stronger autokey cipher
* Vigenere cipher is a method of encrypting alphabetic text
by using a series of different Caesar ciphers based on the
letters of a keyword It is a simple form of polyalphabetic Substitution
* This cipher is well known because while it is easy to understand and implement, it often appears to beginners
to be unbreakable
Trang 17For example, suppose that the plaintext to be encrypted Is:
The person sending the message chooses a keyword and repeats it until it matches the length of the plaintext, for
example, the keyword "LEMON":
The first letter of the plaintext, A, is enciphered using the alphabet in row L, which ts the first letter of the key This is done by looking at the letter in row L and column A of the
Vigenere square, namely L The rest of the plaintext is enciphered in a similar fashion
Plaintext:
Key:
Trang 18Encryption Modes - Block
* Take the message and break It up into fixed sized blocks,
encrypt each block using the given key
Trang 19Block (ECB encryption)
Key —*_ Encryption Key ——>k Encryption Key —> Encryption
Electronic Codebook (ECB) mode encryption
Trang 21Solving Block Encryption Problems
* Often with block encryption, we include a value in addition
to the key that changes for each block, so we don't get repetitive cipher text blocks This is called Cipher Block
Chaining (see next slide)
* Initialization Vectors are used with the first block in CBC
Trang 24
“ XOhing is a Boolean mathematical “function” which creates an output bit based on two input bits It outputs a 1
IF and ONLY if one bit of input is 1 and the other is a O
INPUT1T INPUT 2 XOR OUTPUT
Trang 25Stream Encryption (Mã hóa luồng)
“ [he “key” Is used as a key stream generator, which
creates a series of bits each are is mathematically
combined with the bit stream of plaintext to produce cipher
text This is done for small pieces of information, or information not In blocks
“ Keyboard input
“ Morse code
* Any input that arrives one bit or byte at a time
Trang 31One Time Pad
Trang 32One Time Pad
* A “perfect cryptosystem”
* Unbreakable if implemented properly
* The key is a series of bits (O and 1)
“ The plain text is converted to bits
* The message is XORed with the pad/key to generated the
cipher text
“ (more)
Trang 33One Time Pad considerations
* The pad must be used only one time
* The pad must be shared by both sides
* The pad must be as long as the message
* The pad must be securely distributed
* The pad must be used up of truly random values
Trang 35Symmetric Encryption
* Called Symmetric or “Private Key encryption”
%* Must securely distribute keys to both parties
* Anyone with the key can either encrypt or decrypt
Trang 37Symmetric Algorithms - DES
* Data Encryption Standard (1976)
“ Developed from at NIST request for an encryption standard
* Chosen algorithm was called “Lucifer” from IBM
“ Block Cipher
* Fixed sized blocks of 64 bits
* Key size 64 bits, effective size is 56 bits
* 16 rounds of substitution and transposition
* DES Is no longer considered strong enough, can be broken easily with distributed computing
Trang 39
>>
Subkey (48 bits) Half Block (32 bits)
Trang 41AES (Advanced Encryption Standard) -
Tiêu chuẩn mã hóa tiên tiến
* Developed as a replacement to DES, 1998
* Actual algorithm is called “Rinjdael”
Trang 42* Key Size up to 2048 bits
* Rounds up to 255, minimum of 12 recommended
Trang 43Nee
“- Ron Rivest, Matt Robshaw, Ray Sidney, Yiqun Lisa Yin, 1998
Block cipher based on RC5
Trang 44RC4
* Stream cipher — what was that again?
* Was proprietary, but released on Internet in 1994, “ARC4” is the
“open version of RC4”
* Key length 8 — 2048 bits
* Used in SSL (Secure Sockets Layer) and WEP communication
Trang 46IDEA
* International Data Encryption Algorithm (Thuat toan Ma hoa
DU liéu QuOc té)
* James Massey, Xuejia Lai, 1991
* Proposed AES candidate
* Block cipher
* 64 bit blocks
* 128 bit keys
* Not free, Patent expires soon though
* Used in Pretty Good Privacy (PGP 2.0)
Trang 47Symmetric
<<
* That’s Symmetric Encryption
* Understand the concept (shared keys)
* Understand it’s strengths (fast for bulk encryption and decryption)
“ Understand its weaknesses (key management, non- repudiation)
* Understand the different algorithm “properties” on the slides
Trang 48Enter Non-Repudiation (Khong thoai
* Proves they actually sent a message
* Proves the message was not altered
“ How do we provide non-repudiation? We'll see soon after
we talk about hashes, and asymmetric encryption
Trang 50Asymmetric Encryption
* Called Public key encryption
* Requires 2 related keys
* Public key — given to anyone
* Private key — kept secret
* Public key is used to encrypt message
* Private key is used to decrypt message
* Private key is used to sign messages
* Public key is used to validate signed messages
Trang 51Asymmetric Encryption
* Key exchange Is simple!
* Asymmetric Encryption is SLOW, not suitable for encrypting large amounts of data
* What is a problem with Asymmetric Encryption and key
Trang 52Diffie-Hellman
ae
© Whitfield Diffie , Martin Hellman, 1976
* The original Asymmetric algorithm
* Used with SSL, VPNs, ssh
* Used ONLY for key exchange
* Generates session keys for secure SYMETRIC encryption communications
Trang 53Asymmetric Algorithms - RSA
* Ron Rivest, Adi Shamir , Len Adleman, 1977, MIT
“ Can be 100 times slower than DES
* Can be used for encryption, key exchange and digital
signatures
* Security based on difficulty of factoring large numbers
* Was patented 1983, 4.405.829, has expired 2000
Trang 56ECC - Elliptic Curve Cryptography
* Neal Koblitz, Victor S Miller, 1985
* Encryption, key exchange or digital signatures
* Security based on analyzing elliptic curves in finite fields
“ Does not require much computing overhead as such used
in devices with low resources (PDAs, Cell phones etc)*
Trang 57Asymmetric Overview
* Uses 2 keys, one for encryption, one for decryption
* This mitigates the key management, key distribution
problem (kind of )
* Is VERY slow (orders of magnitude slower)
* Can provide integrity and proof of sender (non-repudiation)
* Often used in a hybrid system (along with private key
encryption)
“ Encrypt symmetric keys using asymmetric algorithms
* Actually do large scale encryption with these asymmetric keys!
Trang 58Hashing - Bam
E911
* Hashing is similar to encryption but different
* Hashing Is a one way operation
* Take input message
* Put through hashing function
* Retrieve fixed length value (hash digest)
Trang 59Try for yourself at http://www.fileformat.info/tool/nash.htm
Trang 60
Hashes
* Once hashed, no way to get
back the original message
“ Hash digests are fixed, so multiple messages theoretically could produce the same hash digest (collision)
Trang 61Hashes
Hashing can provide integrity (assuming no MIM (next
slide))
Hashes can be combined with a_ private key to provide
protection against MIM attacks (visualization in a few slides
next slide)
© %s
© %s
change for collision generally)
is called a “CRC”
Trang 62Normal use of Hash
Trang 63Hash MiM attack (phase
hash digest of the message
Hacker Intercepts message and digest, and then create a different message and computes the digest value for the new message
Trang 64Hash MiM attack (phase 2)
and hash digest to Sam
Sam recieves the message, computes the
hash, verifies it's matches the hash he
recieved and thinks that the message from
Alice has not been altered he is wrong!
Trang 65Hash-based Message Authentication Code
Trang 66
HMAC
function hmac (key, message)
if (length(key) > blocksize) then
key = hash(key) // keys longer than
blocksize are shortened
end if
if (length(key) < blocksize) then
key = key || zeroes(blocksize -
length(key)) // keys shorter than blocksize are zero-padded
end if
0 kev nad = [@x5c * hbhliocksizvel Oo
Trang 67Hash algorithms - SHA
“ Secure Hash Algorithm
* Designed/Published by NIST and NSA
“ Designed for use in the DSS
Trang 68MD2
* Developed by Ronald Rivest (of RC and RSA fame)
* Optimized to run on 8 bit computers
* 128 bit digest
* 128 bit blocks
Trang 70MD5
Trang 71
* Fixed length digest
“* What is a hash used for
“* Know what a collision is
** Know it’s susceptible to MiM
“* Know what HMAC is, and what it tries to accomplish
* Be familiar with MDx, and SHA-x
* Understand that SHA is considered the best algorithm
Trang 72
Digital Signatures
Trang 74
* Sign the “message digest”
** Send both the original message and the encrypted message digest