Cryptography Basics (ch 2)

sunflowerplateAI and Robotics

Nov 21, 2013 (3 years and 9 months ago)

61 views

Cryptography Basics (
ch

2)

IT443


Network Security Administration

Instructor: Bo Sheng

1

Outline


Basic concepts in cryptography system


Secret key cryptography


Public key cryptography


Hash functions

2

Encryption/Decryption








Plaintext: a message in its original form


Ciphertext
: a message in the transformed, unrecognized form


Encryption: the process that transforms a plaintext into a
ciphertext


Decryption: the process that transforms a
ciphertext

to the
corresponding plaintext


Key: the value used to control encryption/decryption.

3

plaintext

encryption

ciphertext

decryption

plaintext

key

key

Cryptanalysis


“code breaking”, “attacking the cipher”



Difficulty depends on


sophistication of the cipher


amount of information available to the code
breaker



Any cipher
can
be broken by exhaustive
trials, but rarely practical

4

Caesar Cipher


Replace each letter with the one
3
letters
later in the alphabet


ex.: plaintext CAT


ciphertext

FDW


5

A

B

C

D

E

F

G

H

I

J

K



A

B

C

D

E

F

G

H

I

J

K



plaintext

alphabet

ciphertext

alphabet

Trivial to break

Mono
-
Alphabetic Ciphers


Generalized substitution cipher: an arbitrary (but
fixed) mapping of one letter to another


26! (


4.0*10
26



2
88
) possibilities

6

A

B

C

D

E

F

G

H

I

J

K



A

B

C

D

E

F

G

H

I

J

K



plaintext

alphabet

ciphertext

alphabet

Attacking Mono
-
Alphabetic Ciphers


Broken by statistical analysis of letter, word, and phrase
frequencies of the language


Frequency of single letters in English language, taken
from a large corpus of text:


7

Ciphertext

Only Attacks


Ex.: attacker can intercept encrypted
communications, nothing else



Breaking the cipher: analyze patterns in
the
ciphertext


provides clues about the encryption
method/key


8

Known Plaintext Attacks


Ex.: attacker intercepts encrypted text, but
also
has access to some of the
corresponding plaintext (definite
advantage)



Makes some codes (e.g., mono
-
alphabetic
ciphers) very easy to break


9

Chosen Plaintext Attacks


Ex.: attacker can
choose any plaintext
desired, and intercept the corresponding
ciphertext



Allows targeted code breaking (choose
exactly the messages that will reveal the
most about the cipher)


10

The “Weakest Link” in Security


Cryptography is
rarely

the weakest link


Weaker links


Implementation of cipher


Distribution or protection of keys


… …


11

Secret Keys
vs

Secret Algorithms


Security by obscurity


We can achieve better security if we keep the
algorithms secret


Hard to keep secret if used widely


Reverse engineering, social engineering



Publish the algorithms


Security of the algorithms depends on the secrecy of
the keys


Less unknown vulnerability if all the smart (good)
people in the world are examine the algorithms

12

Outline


Basic concepts in cryptography system


Secret key cryptography


Public key cryptography


Hash functions

13

Secret Key Cryptography






Same key is used for encryption and decryption


Also known as


Symmetric cryptography


Conventional cryptography

14

plaintext

encryption

ciphertext

decryption

plaintext

key

key

Same key

Secret Key Cryptography


Stream cipher


Block cipher


Converts one input plaintext
block of fixed size
k

bits

to
an output
ciphertext

block of
k

bits


DES, IDEA, AES, …


AES


Selected from an open competition, organized by NSA


Joan
Daemen

and Vincent
Rijmen

(Belgium)


Block size=128 bits, Key Size= 128/192/256 bits



15

Key Size


Keys should be selected from a large potential
set, to prevent brute force attacks


Secret key sizes


40

bits were considered adequate in 70’s


56

bits used by DES were adequate in the 80’s


128

bits are adequate for now


If computers increase in power by 40% per year,
need roughly
5 more key bits per decade

to stay
“sufficiently” hard to break

16

Public Key Cryptography







A public/private key pair is used


Public key can be publicly known


Private key is kept secret by the owner of the key


Much slower than secret key cryptography


Also known as asymmetric cryptography


Another mode: digital signature


17

plaintext

encryption

ciphertext

decryption

plaintext

Public key

Private key

Public Key Cryptography







Digital signature


Only the party with the private key can create a digital signature.


The digital signature is verifiable by anyone who knows the public key.


The signer cannot deny that he/she has done so.


18

plaintext

Sign

ciphertext

Verify

plaintext

Private key

Public key

Public Key Cryptography


It must be computationally


easy

to generate a public / private key pair


hard

to determine the private key, given the public key



It must be computationally


easy

to encrypt using the public key


easy

to decrypt using the private key


hard

to recover the plaintext message from just the
ciphertext

and the public key

19

Symmetric
vs

Asymmetric


Symmetric algorithms are much faster


In the order of a 1000 times faster



Symmetric algorithms require a shared secret


Impractical if the communicating entities don’t have another
secure channel



Both algorithms are combined to provide practical and
efficient secure communication


E.g., establish a secret session key using asymmetric crypto and
use symmetric crypto for encrypting the traffic

20

Outline


Basic concepts in cryptography system


Secret key cryptography


Public key cryptography


Hash functions

21

Hash Function




Also known as


Message digest


One
-
way transformation


One
-
way function


Hash


Length of
H
(
m
) much shorter then length of
m


Usually fixed lengths: 128 or 160
bits

22

Message of

arbitrary length

Hash

A fixed
-
length

short message

Properties of Hash


Consider a hash function H



Performance
: Easy to compute H(
m
)



One
-
way
property
: Given H(
m
) but not
m
, it’s computationally
infeasible to find
m



Weak
collision resistance (free)
: Given H(
m
), it’s computationally
infeasible to find
m’

such that H(
m’
) = H(
m
).



Strong
collision resistance (free)
: Computationally infeasible to find
m
1
,
m
2

such that H(
m
1
) = H(
m
2
)

23

Hash Applications


File /

Message

integrity


Check if a downloaded file is corrupted


Detect if a file has been changed by someone
after it was stored


Compute a hash H(F) of file F



openssl

dgst

-
md5
filename

24

Hash Applications


Password verification


Password cannot be stored in plaintext


In a hashed format


Linux:
/etc/
passwd
, /etc/shadow



cat /etc/shadow

25

Hash Applications


User authentication


Alice wants to authenticate herself to Bob


Assuming they already
share a secret key K

26

Alice

Bob

time



computes

Y=H(R|K)

verifies that

Y=H(R|K)

Modern Hash Functions


MD5 (128 bits)


Previous versions (i.e., MD2, MD4) have weaknesses.


Broken; collisions published in August 2004


Too weak to be used for serious applications


SHA (Secure Hash Algorithm)


Weaknesses were found


SHA
-
1 (160 bits)


Broken, but not yet cracked


Collisions in 2
69

hash operations, much less than the brute
-
force attack
of 2
80

operations


Results were circulated in February 2005, and published in CRYPTO
’05 in August 2005


SHA
-
256
, SHA
-
384,


27

Birthday Attack


What is the smallest group size
k

such that


The probability that at least two people in the group
have the same birthday is greater than 0.5?


23


Implication for hash function H of length m


With probability at least 0.5


If we hash about 2
m/2

random inputs,


Two messages will have the same hash image


m=64, 1ns per hash


Brute force (2
64
): 10
13

seconds over 300 thousand years


Birthday attack (
2
32
): 4 seconds

28

Lab 1


Sample codes


eecs.mit.edu’s

IP is 18.62.1.6


Assume their
subnetwork

use 28
-
bit prefix



18. 62. 1. 0000
0110



Scan 18.62.1.0 ~ 18.62.1.15


dig
-
x 18.62.1.0 +short


/home/shengbo/it443/scanip.sh


/
home/shengbo/it443/scanip.pl

29