Cryptography
Pawel Wocjan
Department of Electrical Engineering & Computer Science
University of Central Florida
wocjan@eecs.ucf.edu
August 19th,2013
Course Objectives
I
understand how crypto primitives work
I
learn to use them correctly
I
learn to evaluate their security
Cryptography is Ubiquitous
I
secure communication
I
web trac:HTTPS
I
wireless trac:802.11i WPA2 (WiFi Protected Access) and
WEP (Wired Equivalent Privacy),GSM (Global System for
Mobile),Bluetooth
I
encryption of les:EFS (Encrypting File System),TrueCrypt
I
content protection (e.g.on DVD and Blueray):CSS
(Content Scrambling System),AACS (Advanced Access
Content System)
I
user authentication:ssh
I
and many more applications
Secure Web Communication with HTTPS
Hypertext Transfer Protocol Secure (HTTPS)
HTTPS
SSL/TLS
web browser () server
no eavesdropping
no tempering
SSL and TLS
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
there are the following two main steps:
I
handshake protocol
establish shared secret using public key cryptography
(asymmetric cryptography)
rst part of the course
I
record layer
transmit data using symmetric encryption together with the
previously established secret key (symmetric cryptography)
second part of the course
goals:ensure condentiality and integrity
Protection of les
I
analogous to secure communication
File A
Alice today =) File B =) Alice tomorrow
File C
Building block:symmetric encryption
Alice Eve Bob
m
!E
E(k;m)=c
!
c
!D
D(k;c)=m
!
""
k k
I
E encryption algorithm,D decryption algorithm
I
m plaintext,c ciphertext
I
k secret key
Important assumption:encryption algorithm E is publicly known
) never use a proprietary cipher
Single and multi use of keys in symmetric encryption
I
single use key (one time key)
key is used to encrypt only one message
encrypt email:a new secret key is generated for each new
email
I
multi use key (one time key)
key is used to encrypt multiple messages
encrypt les:the same secret key is used to encrypt multiple
les
)more sophisticated machinery is required
Key points to remember
Cryptography
I
is a tremendously important tool
I
provides the basis for many security mechanisms
I
does not solve all security problems (social engineering
attacks)
I
is not reliable unless correctly implemented and used (software
bugs)
I
is not something you should ever attempt to invent yourself
there are many examples of broken adhoc designs
Core cryptographic applications
talking to Bob talking to Alice
Alice Eve Bob
Secret key
establishment
!
+ + +
k no info about k k
Secure
communication
E(k;m
1
)=c
1
!
E(k;m
2
)=c
2
+ + +
m
2
no info about m
1
,m
2
m
1
More crypto applications
I
digital signatures
Alice
I
anonymous communication:mix network,TOR (The Onion
Router)
who did I just talk to???
!
Alice Bob
More crypto applications
I
anonymous digital cash:bitcoin (open source p2p money)
I
can a user spend a digital coin while nobody is able to learn his
identity?
I
how can the user be prevented from double spending?
Alice
internet
!
More crypto applications
I
anonymous digital cash:bitcoin (open source p2p money)
I
can a user spend a digital coin while nobody is able to learn his
identity?
I
how can the user be prevented from double spending?
Alice
internet
!
Who just paid?
Secure multiparty computation
I
there are n participants,the i th participant has input x
i
x
1
x
2
.
.
.
x
n
) f (x
1
;x
2
;:::;x
n
)
I
they want to evaluate the function f (x
1
;:::;x
n
) without
revealing their inputs to each other
I
secure multiparty computation includes elections and auctions
as special cases
Trusted authority
I
secure multiparty computation can be solved with the help of
a trusted authority
x
1
x
1
!
x
2
x
2
!
.
.
.
x
n
x
n
!
trusted
authority
!f (x
1
;x
2
;:::;x
n
)
disadvantage:trusted authority knows x
1
;:::;x
n
I
Theorem:any secure multiparty computation with a trusted
authority can also be realized without a trusted authority
\Magic"crypto application:homomorphic encryption
I
Private outsourcing of computation
E(query)
!
E(result)
this is possible without Google learning query
\Magic"crypto application:zero knowledge
I
Zero knowledge (proof of knowledge)
Alice knows N = p q
proof
!
Bob N
Alice can convince Bob that she knows the prime factorization
of N without revealing the factors p and q
Rigorous science
The three steps in cryptography are:
1.specify the threat model
2.propose a construction
3.prove that breaking the construction under the threat model
will solve an underlying hard problem
Symmetric cipher
Alice Bob
m
!E
E(k;m)=c
!
c
!D
D(k;c)=m
!
""
k same key k
Some historic examples
I
substitution cipher
I
Vigener cipher in 16th century
I
rotor machines (Hebern machine,Enigma)
I
data encryption standard (DES) in 1974
I
advanced encryption standard (AES) in 2001
I
Salsa20 in 2008
I
and many more examples
Enter the password to open this PDF file:
File name:

File size:

Title:

Author:

Subject:

Keywords:

Creation Date:

Modification Date:

Creator:

PDF Producer:

PDF Version:

Page Count:

Preparing document for printing…
0%
Comments 0
Log in to post a comment