Introduction - Computer Science - University of Central Florida

panelgameΑσφάλεια

3 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

72 εμφανίσεις

Cryptography
Pawel Wocjan
Department of Electrical Engineering & Computer Science
University of Central Florida
wocjan@eecs.ucf.edu
August 19th,2013
Course Objectives
I
understand how crypto primitives work
I
learn to use them correctly
I
learn to evaluate their security
Cryptography is Ubiquitous
I
secure communication
I
web trac:HTTPS
I
wireless trac:802.11i WPA2 (Wi-Fi Protected Access) and
WEP (Wired Equivalent Privacy),GSM (Global System for
Mobile),Bluetooth
I
encryption of les:EFS (Encrypting File System),TrueCrypt
I
content protection (e.g.on DVD and Blue-ray):CSS
(Content Scrambling System),AACS (Advanced Access
Content System)
I
user authentication:ssh
I
and many more applications
Secure Web Communication with HTTPS
Hypertext Transfer Protocol Secure (HTTPS)
HTTPS
SSL/TLS
web browser () server
no eavesdropping
no tempering
SSL and TLS
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
there are the following two main steps:
I
handshake protocol
establish shared secret using public key cryptography
(asymmetric cryptography)
rst part of the course
I
record layer
transmit data using symmetric encryption together with the
previously established secret key (symmetric cryptography)
second part of the course
goals:ensure condentiality and integrity
Protection of les
I
analogous to secure communication
File A
Alice today =) File B =) Alice tomorrow
File C
Building block:symmetric encryption
Alice Eve Bob
m
!E
E(k;m)=c
!
c
!D
D(k;c)=m
!
""
k k
I
E encryption algorithm,D decryption algorithm
I
m plaintext,c ciphertext
I
k secret key
Important assumption:encryption algorithm E is publicly known
) never use a proprietary cipher
Single and multi use of keys in symmetric encryption
I
single use key (one time key)
key is used to encrypt only one message
encrypt email:a new secret key is generated for each new
email
I
multi use key (one time key)
key is used to encrypt multiple messages
encrypt les:the same secret key is used to encrypt multiple
les
)more sophisticated machinery is required
Key points to remember
Cryptography
I
is a tremendously important tool
I
provides the basis for many security mechanisms
I
does not solve all security problems (social engineering
attacks)
I
is not reliable unless correctly implemented and used (software
bugs)
I
is not something you should ever attempt to invent yourself
there are many examples of broken ad-hoc designs
Core cryptographic applications
talking to Bob talking to Alice
Alice Eve Bob
Secret key
establishment
!

+ + +
k no info about k k
Secure
communication
E(k;m
1
)=c
1
!
E(k;m
2
)=c
2

+ + +
m
2
no info about m
1
,m
2
m
1
More crypto applications
I
digital signatures
Alice
I
anonymous communication:mix network,TOR (The Onion
Router)
who did I just talk to???
!

Alice Bob
More crypto applications
I
anonymous digital cash:bitcoin (open source p2p money)
I
can a user spend a digital coin while nobody is able to learn his
identity?
I
how can the user be prevented from double spending?
Alice
internet
!
More crypto applications
I
anonymous digital cash:bitcoin (open source p2p money)
I
can a user spend a digital coin while nobody is able to learn his
identity?
I
how can the user be prevented from double spending?
Alice
internet
!
Who just paid?
Secure multiparty computation
I
there are n participants,the i th participant has input x
i
x
1
x
2
.
.
.
x
n
) f (x
1
;x
2
;:::;x
n
)
I
they want to evaluate the function f (x
1
;:::;x
n
) without
revealing their inputs to each other
I
secure multiparty computation includes elections and auctions
as special cases
Trusted authority
I
secure multiparty computation can be solved with the help of
a trusted authority
x
1
x
1
!
x
2
x
2
!
.
.
.
x
n
x
n
!
trusted
authority
!f (x
1
;x
2
;:::;x
n
)
disadvantage:trusted authority knows x
1
;:::;x
n
I
Theorem:any secure multiparty computation with a trusted
authority can also be realized without a trusted authority
\Magic"crypto application:homomorphic encryption
I
Private outsourcing of computation
E(query)
!
E(result)

this is possible without Google learning query
\Magic"crypto application:zero knowledge
I
Zero knowledge (proof of knowledge)
Alice knows N = p  q
proof 
!
Bob N
Alice can convince Bob that she knows the prime factorization
of N without revealing the factors p and q
Rigorous science
The three steps in cryptography are:
1.specify the threat model
2.propose a construction
3.prove that breaking the construction under the threat model
will solve an underlying hard problem
Symmetric cipher
Alice Bob
m
!E
E(k;m)=c
!  
c
!D
D(k;c)=m
!
""
k same key k
Some historic examples
I
substitution cipher
I
Vigener cipher in 16th century
I
rotor machines (Hebern machine,Enigma)
I
data encryption standard (DES) in 1974
I
advanced encryption standard (AES) in 2001
I
Salsa20 in 2008
I
and many more examples