Introduction to Computer Security

tofupootleΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

61 εμφανίσεις

Introduction to Computer Security
Foundations of Cryptography
Pavel Laskov
Wilhelm Schickard Institute for Computer Science
Secret communication
Encryption
Alice
Bob
Decryption
key
unitue
plaintext
I love you
plaintext
I love you
ciphertext
C ywoy cih
key
unitue
Cryptography and security objectives
Which security objectives are addressed by cryptography?
Confidentiality
symmetric cryptography
asymmetric cryptography
Integrity
hashing
Authentication and non-repudiation
digital signatures
Cryptography and security objectives
Which security objectives are addressed by cryptography?
Confidentiality
symmetric cryptography
asymmetric cryptography
Integrity
hashing
Authentication and non-repudiation
digital signatures
Symmetric cryptography
Encryption
Alice
Bob
Decryption
shared key
unitue
plaintext
I love you
plaintext
I love you
ciphertext
C ywoy cih
shared key
unitue
any valid key
Early permutation cipher:scytale
Encryption:
Wrap a parchment strip over a wooden
rod of a fixed diameter and write letters
along the rod.
Decryption:
Wrap a received strip over a wooden rod
of the same diameter and read off the
text.
Example:
troops
headin
gnorth
sendmo
refood
!
thgsr renee oaonf odrdo pitmo snhod
Monoalphabetic substitution cipher:Caesar
Encryption
Replace each letter with the one three
positions to the right in the alphabet.
Decryption
Replace each letter with the one three
positions to the left in the alphabet.
Example:
HABES OPINIONIS MEAE TESTIMONIUM
MDEHV RSNQNRQNV PHDH XHVXNPRQNZP
Polyalphabetic substitution cipher:Vigen`ere
Encryption
Write the key over a message,
repeating as necessary.
Substitute each letter with the one
from an appropriate column in the
Vigen
`
ere tableau.
Decryption
Same as encryption,use a row
instead of a column.
Example:
unitueun
iloveyou
!
cywoycih
Polyalphabetic substitution:Enigma
Operating principle:electromechanical
varying map substitution
Main components:
3–5 rotors with pre-defined connectivity
inter-rotor rings:mapping between letters and
connections
letter swap by jumper cables
Key definition:rotor types,ring positions,
jumper settings
Tag UKW Walzenlage Ringstellung ---- Steckerverbindungen ----
31 B I IV III 16 26 08 AD CN ET FL GI JV KZ PU QY WX
30 B II V I 18 24 11 BN DZ EP FX GT HW IY OU QV RS
29 B III I IV 01 17 22 AH BL CX DI ER FK GU NP OQ TY
One-time pad ciphers
Encryption:
Generate a random key sequence.
Add a key to a message using
modular arithmetic.
Decryption:
Subtract a key from a message using
modular arithmetic.
Example:
7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message
+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key
= 30 16 13 21 25 message + key
= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) mod 26
Feistel cipher:S and P boxes
S-box
Complex substitution controlled by a key
Secure if enough internal states
Unrealizable for a large number of states
P-box
Block-wise permutation of digits
Simple transformation with maximal
entropy
Insecure against a “tickling attack”
Feistel network
Revival of the idea of a product cipher
Strong polyalphabetic substitution via multiple rounds
Follows theoretical principles of Shannon
A practical Feistel cipher
A multiple-round scheme with
separate keys
Encryption:
L
i+1
= R
i
R
i+1
= L
i
f (K
i
,R
i
)
Decryption:reverse the key order
L
i+1
= R
i
R
i+1
= L
i
f (K
ni
,R
i
)
3 rounds suffice to achieve a
pseudorandom permutation
DES:Digital Encryption Standard
Adopted in 1977 after two rounds of proposals
Won by IBM’s Lucifer cipher based on Feistel’s design
Key length reduced by NIST from 128 bits to 56 bits
Subject to extensive cryptanalysis research in 1990s’
Broken by specialized hardware crackers in 1997–1999
(fastest result:22 hours 15 minutes by Deep Crack)
Still widely used in practice (as 3DES)
Replaced by Advanced Encryption Standard (AES) in 2000
DES overview
Permuted
Choice 1
64 bit plaintext
56 bit key
Initial
Permutation
Iteration 1
Permuted
Choice 2
Left Circular
Shift / 2
K
1
Iteration 2
Permuted
Choice 2
Left Circular
Shift / 2
K
2
Iteration 16
Permuted
Choice 2
Left Circular
Shift / 2
K
16
32 bit Swap
Inverse Initial
Permutation
64 bit ciphertext
...
DES round structure
L
i-1
R
i-1
Expansion
Permutation
C
i-1
D
i-1
Left Shift
Left Shift
Permutation Contraction
(Perm. Choice 2)
+
48
48
K
i
S-Box: Choice
Substitution
Permutation
+
L
i
R
i
C
i
D
i
48
32
32 bit
32 bit
28 bit
28 bit
32
Data to be encrypted
Key used for encryption
Other symmetric ciphers
Block ciphers
Algorithm
Key size
Block size
Rounds
Applications
3DES
112/168
64
48
Finance,PGP,S/MIME
AES
128/192/256
128
10/12/14
Repl.for DES/3DES
IDEA
128
64
8
PGP
Blowfish
up to 448
64
16
Various software
RC5
up to 2048
64
up to 255
Various software
Streamciphers
Algorithm
Key size
IV
State
Applications
A5/2
54
114
64
GSM
RC4
40-256
8
2064
WEP,WPA,SSL,SSH,Kerberos,etc.
Resum´e of symmetric cryptography
Provides (with some exceptions) a reliable means for
enforcing confidentiality
Highly efficient
Key distribution is a major problem!
Asymmetric cryptography
Encryption
Alice
Bob
Decryption
Bob's public key
unitue
plaintext
I love you
plaintext
I love you
ciphertext
C ywoy cih
Bob's private key
zxtr9y
specially generated
keypair
Prime numbers
An integer p is a prime number if its only divisors are 1 and
p.
A positive integer c is said to be the greatest common divisor
of a and b if
c is a divisor of a and of b;
any divisor of a and of b is a divisor of c.
Integers a and b are said to be relatively prime if
gcd(a,b) = 1.
Euler’s totient function
A totient f(n) of an integer n is the number of integers less
than n that are relatively prime to n.
Example:
f(9) = 6:f1,2,4,5,7,8g
Two integers a and b are congruent modulo n,written as
a  b mod n,if
(a mod n) = (b mod n)
Euler’s Theorem:If a and n are relatively prime,then
a
f(n)
 1 mod n.
RSA overview
Alice sends her love message to Bob via RSA:
Alice
Bob
Generate a keypair K
u
/K
r
Send K
u
to Alice
Encrypt plaintext Mwith K
u
Send ciphertext C to Bob
Decrypt C with K
r
RSA key generation
Step
Condition
Select p,q
p,q prime,p 6= q
Compute n = p q
Compute f(n) = (p 1)(q 1)
Select 1 < e < f(n)
gcd(f(n),e) = 1
Compute d
(de) mod f(n) = 1 ()
Public key
K
u
= fe,ng
Private key
K
r
= fd,ng
RSA encryption and decryption
Encryption:
Plaintext:
M< n
Ciphertext:
C = M
e
mod n
Decryption:
Ciphertext:
C
Plaintext:
M= C
d
mod n
Correctness of RSA encryption
By the property (),
(de) mod f(n) = 1 ) 9k:(de) = 1 +kf(n).
Then,
M
?
 C
d
mod n
 (M
e
)
d
mod n
 M
(ed)
mod n
 M
1+kf(n)
mod n
?
 M mod n
Correctness of RSA encryption (ctd.)
For prime numbers p,
f(p) = (p 1).
By the key generation algorithm and the multiplicative property of
the totient function,
f(n) = f(p)  f(q) = (p 1)  (q 1).
By Euler’s Theorem,if p does not divide M,
M
(p1)
= 1 mod p
and since (p 1) divides f(n)
M
1+kf(n)
 M mod p.
Similar argument holds for q and hence for n = pq.
What’s secret in RSA?
An attacker needs to know d to decrypt C.
To find d,an attacker needs to solve ():
(de) mod f(n) = 1.
For this,he needs to know f(n).
If p and q are known,then finding f(n) is trivial:
f(n) = (p 1)  (q 1)
However p and q are discarded during key generation.
Factoring n into a product of two prime numbers is an
intractable problem!
Finding f(n) directly is likewise intractable.
Other asymmetric ciphers
Algorithm
E/D
D.S.
KEX
Hardness
RSA
Yes
Yes
Yes
Factorization
ElGamal
Yes
No
No
DLP
DSS
No
Yes
No
DLP
Diffie-Hellmann
No
No
Yes
DLP
Elliptic curve
Yes
Yes
Yes
EC DLP
Summary
Cryptographic methods provide solutions for various
confidentiality,integrity and authentication tasks.
Symmetric cryptography is based on a single key that must
be shared between the communication parties and kept
secret.
Asymmetric cryptography is based two related keys;only
one of them (private key) must be kept secret,the other one
(public key) can be distributed over insecure media.
Next lecture
Cryptographic hash functions
Digital signatures