Transcript Introduction to Cryptography
Introduction to Cryptography
1
Cryptography
• Cryptography – Original meaning: the art of secret writing – Send information in a way that prevents others from reading it – Other services: • Integrity checking • Authentication – Process data into unintelligible form, reversible, without data loss 2
Encryption/Decryption
encryption ciphertext decryption plaintext plaintext • Plaintext: a message in its original form • Ciphertext: a message in the transformed, unrecognized form • Encryption: the process for producing ciphertext from plaintext • Decryption: the reverse of encryption • Key: a secret value used to control encryption/decryption 3
Computationally Difficult
• Cryptographic algorithms need to be reasonably efficient • Cryptographic algorithms are not impossible to break with the key – e.g. try all the keys – brute-force cryptanalysis – Time can be saved by spending money on more computers.
• A scheme can be made more secure by making the key longer – Increase the length of the key by one bit • The good guy’s job just a little bit harder • The bad guy’s job up to twice as hard.
4
To Publish or Not to Publish
• Not to publish the algorithms – We can achieve better security if we keep the algorithm secret – Hard to keep secret if widely used – Reverse Engineering • Publish the algorithms – Security of the algorithms depend on the secrecy of the keys – Less unknown vulnerabilities if all the smart (good) people examine the algorithm • Common practice – Commercial: published – Military: kept secret 5
Some Trivial
Cipher
• Caesar cipher: – Substitution cipher – Replace each letter with the one 3 letters later – A -> D, O -> R • Caption Midnight Secret Decoder rings – Pick a secret
n
between 1 and 25 – Shift variable by n: HAL -> IBM if
n
is 1 • Monoalphabetic cipher – Arbitrary mapping of one letter to another – 26!, approximately 4 x 10 26 – Statistical analysis of letter frequencies 6
Cryptanalysis: Break an Encryption Scheme
• Ciphertext only – Analyze only with the ciphertext – Exhaustive search until “recognizable plaintext” – Need enough ciphertext • Known Plaintext –
Types of Cryptographic functions
• Secret Key Cryptography – One key • Public Key Cryptography – Two keys: public, private • Hash function – No key 8
Secret Key Cryptography
plaintext encryption ciphertext decryption plaintext key same key key • Same key is used for both encryption and decryption – Symmetric cryptography – Conventional cryptography • Ciphertext is about the same length as the plaintext • Examples: DES, IDEA, AES… 9
Secret Key Cryptography cont’d
• Transmitting over an insecure channel – Challenge: how to share the key?
• Secure storage on insecure media • Strong Authentication: prove knowledge of a secret without revealing it – Send challenge r, and verify the returned encrypted{r} • Challenge should be chosen from a large pool • Integrity Check: a fixed-length cryptographic checksum for a message – Send MIC (Message Integrity Code) along with the message 10
plaintext
Public Key Cryptography
encryption ciphertext decryption plaintext public key private key • Invented/published in 1975 • Each individual has two keys: – Private key is kept secret – Public key is publicly known • Much slower than secret key cryptography • Also known as – Asymmetric cryptography 11
Public Key Cryptography cont’d
plaintext signing Signed verification plaintext message private key public key • Digital Signature – Only the party with the private key can generate a digital signature – Verification of the signature only requires the knowledge of the public key – The signer cannot deny he/she has done so.
12
Applications of Public Key Cryptography
• Security uses of public key cryptography – Known public key cryptography is orders of magnitude slower than the best known secret key cryptographic algo.
• Transmitting over an Insecure Channel Alice Encrypt m A using e B Bob Decrypt to m A using d B Decrypt to m B using d A Encrypt m B using e A • Secure Storage on Insecure Media – Because of performance issues, you can randomly generate a secret key, encrypt the data with that secret key, and encrypt the secret key with the public key – Using public key of a trusted person 13
Applications of Public Key Cryptography
• Authentication – No need to store secrets, only
public
keys .
– Alice wants to verify Bob’s identity Alice Encrypt r using e b Bob Decrypt to r using d b r – Secret key cryptography: need to share
secret
key for every person to communicate with 14
Case Study: Applications of Public Key Cryptography in SSH2
• Assume that [email protected]
tries to log into
mensa.cs.lamar.edu
as
bsun
: – Run “ssh-keygen” at galaxy1.cs.lamar.edu
– Copy the generated public key in
id_rsa.pub
to .
/ssh/authorized_keys
in mensa.cs.lamar.edu
– id_rsa (at galaxy1.cs.lamar.edu) holds the generated private key 15
Applications of Public Key Cryptography
• Digital Signatures • Authorship: Prove who generate the information • Integrity: the information has not been modified • Non-repudiation: cannot do with secret key cryptography 16
Hash Algorithms
• Message digests, one-way transformations Message of arbitrary length Hash h A fixed-length short message • Easy to compute h(m) • Given h(m), no easy way to find m • Computationally infeasible to find m 1 h(m 1 ) = h(m 2 ) and m 2 , so that 17
Applications of Hash Algorithms
• Password hashing – Store the hash of the password • Message integrity – Keyed Hash • Alice and Bob agree on a secret key k • Alice computes h(m|k) and sends it with
m
• Does not require encryption • Message Fingerprint – For a large data structure: save the message digest of the data on the tamper-proof backing store.
• Digital Signature Efficiency – Compute a message digest and sign it • Public key algorithms are processor-intensive 18