Cryptography

Pawel Wocjan

Department of Electrical Engineering & Computer Science

University of Central Florida

wocjan@eecs.ucf.edu

August 19th,2013

Course Objectives

I

understand how crypto primitives work

I

learn to use them correctly

I

learn to evaluate their security

Cryptography is Ubiquitous

I

secure communication

I

web trac:HTTPS

I

wireless trac:802.11i WPA2 (Wi-Fi Protected Access) and

WEP (Wired Equivalent Privacy),GSM (Global System for

Mobile),Bluetooth

I

encryption of les:EFS (Encrypting File System),TrueCrypt

I

content protection (e.g.on DVD and Blue-ray):CSS

(Content Scrambling System),AACS (Advanced Access

Content System)

I

user authentication:ssh

I

and many more applications

Secure Web Communication with HTTPS

Hypertext Transfer Protocol Secure (HTTPS)

HTTPS

SSL/TLS

web browser () server

no eavesdropping

no tempering

SSL and TLS

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

there are the following two main steps:

I

handshake protocol

establish shared secret using public key cryptography

(asymmetric cryptography)

rst part of the course

I

record layer

transmit data using symmetric encryption together with the

previously established secret key (symmetric cryptography)

second part of the course

goals:ensure condentiality and integrity

Protection of les

I

analogous to secure communication

File A

Alice today =) File B =) Alice tomorrow

File C

Building block:symmetric encryption

Alice Eve Bob

m

!E

E(k;m)=c

!

c

!D

D(k;c)=m

!

""

k k

I

E encryption algorithm,D decryption algorithm

I

m plaintext,c ciphertext

I

k secret key

Important assumption:encryption algorithm E is publicly known

) never use a proprietary cipher

Single and multi use of keys in symmetric encryption

I

single use key (one time key)

key is used to encrypt only one message

encrypt email:a new secret key is generated for each new

email

I

multi use key (one time key)

key is used to encrypt multiple messages

encrypt les:the same secret key is used to encrypt multiple

les

)more sophisticated machinery is required

Key points to remember

Cryptography

I

is a tremendously important tool

I

provides the basis for many security mechanisms

I

does not solve all security problems (social engineering

attacks)

I

is not reliable unless correctly implemented and used (software

bugs)

I

is not something you should ever attempt to invent yourself

there are many examples of broken ad-hoc designs

Core cryptographic applications

talking to Bob talking to Alice

Alice Eve Bob

Secret key

establishment

!

+ + +

k no info about k k

Secure

communication

E(k;m

1

)=c

1

!

E(k;m

2

)=c

2

+ + +

m

2

no info about m

1

,m

2

m

1

More crypto applications

I

digital signatures

Alice

I

anonymous communication:mix network,TOR (The Onion

Router)

who did I just talk to???

!

Alice Bob

More crypto applications

I

anonymous digital cash:bitcoin (open source p2p money)

I

can a user spend a digital coin while nobody is able to learn his

identity?

I

how can the user be prevented from double spending?

Alice

internet

!

More crypto applications

I

anonymous digital cash:bitcoin (open source p2p money)

I

can a user spend a digital coin while nobody is able to learn his

identity?

I

how can the user be prevented from double spending?

Alice

internet

!

Who just paid?

Secure multiparty computation

I

there are n participants,the i th participant has input x

i

x

1

x

2

.

.

.

x

n

) f (x

1

;x

2

;:::;x

n

)

I

they want to evaluate the function f (x

1

;:::;x

n

) without

revealing their inputs to each other

I

secure multiparty computation includes elections and auctions

as special cases

Trusted authority

I

secure multiparty computation can be solved with the help of

a trusted authority

x

1

x

1

!

x

2

x

2

!

.

.

.

x

n

x

n

!

trusted

authority

!f (x

1

;x

2

;:::;x

n

)

disadvantage:trusted authority knows x

1

;:::;x

n

I

Theorem:any secure multiparty computation with a trusted

authority can also be realized without a trusted authority

\Magic"crypto application:homomorphic encryption

I

Private outsourcing of computation

E(query)

!

E(result)

this is possible without Google learning query

\Magic"crypto application:zero knowledge

I

Zero knowledge (proof of knowledge)

Alice knows N = p q

proof

!

Bob N

Alice can convince Bob that she knows the prime factorization

of N without revealing the factors p and q

Rigorous science

The three steps in cryptography are:

1.specify the threat model

2.propose a construction

3.prove that breaking the construction under the threat model

will solve an underlying hard problem

Symmetric cipher

Alice Bob

m

!E

E(k;m)=c

!

c

!D

D(k;c)=m

!

""

k same key k

Some historic examples

I

substitution cipher

I

Vigener cipher in 16th century

I

rotor machines (Hebern machine,Enigma)

I

data encryption standard (DES) in 1974

I

advanced encryption standard (AES) in 2001

I

Salsa20 in 2008

I

and many more examples

## Comments 0

Log in to post a comment