Transcript ETRI CIS OHP Form

Modern Cryptography






Code: ICE0605
Credit/Hour : 3/3
Prof : Kwangjo Kim (Tel. x6118),
[email protected],
http://vega.icu.ac.kr/~kkj
TA :Hyunrok Lee ([email protected])
Hour : Mon./Wed.19:00-20:15
Web page :
http://caislab.icu.ac.kr/Lecture/data/2008/s
pring/ice605
1
Syllabus
1. Course Description
As an introductory course to cryptography and information security, this
lecture introduces the security notions and basic building blocks of modern
cryptography. We discuss two typical cryptosystems- symmetric
cryptosystems that include block ciphers (DES and AES) and stream
ciphers, and public key (asymmetric) cryptosystems like RSA, ElGamal,
Elliptic Curve Cryptosystem, etc. The hash function, digital signature, key
management and identification scheme including zero knowledge proof are
also discussed. No prerequisites are required.
2. Textbook
- Main Textbook : Douglas R. Stinson, Cryptography-Theory and Practice, 3rd Ed.
CRC Press, 2006, ISBN 1-58488-508-4
- Recommended Reading Material : Menezes et al, Handbook of Applied
Cryptography,
CRC Press, 1997, ISBN 0-8493-8523-7
- Handouts
3. Test and Evaluation
- Midterm Exam: 20%, Final Exam:25%
- Homework: 15% , Quiz:10%, Term Project : 25% , Attendance 5%
2
Weekly Lecture
Wk
Contents
Cmt
Wk
Contents
Cmt
9
Public Key Cryptosystem (II)
Hw#3
1
Introduction/Conventional
Cipher
2
Block Cipher (I)
Hw#1
10
Digital Signature (I)
Qz#3
3
Block Cipher (II)
Qz#1
11
Digital Signature (II)
Hw#4
4
Cryptanalysis
Hw#2
12
Identification
Qz#4
5
Stream Cipher
Qz#2
13
ZKIP/Key Management
Hw#5
6
Hash Functions/ MAC
TR#1
14
TP Presentation
TR#2
7
Midterm Exam
15
Final Exam
8
Public Key Cryptosystem (I)
3
Related Subject
• Mathematics
- Number Theory
- Algebra : Group, Ring & Field Theory
- Elliptic curves
• Probability/ Statistics
• Information Theory / Coding Theory
• Computational Complexity
- algorithm, Turing machine
- NP-completeness
• Quantum Computing, etc
4
Who is interested in cryptology ?
Emerging Applications
Traditional
• Government
• Diplomatic
• Military
• Finance
• Police
• Industrial
• Academic
• Standard
• Electronic Commerce
• Service Provider
• DRM/ Digital Watermark
• Ubiquitous Security
• Rule and Regulations
• etc.
Security anywhere
5
Worldwide Academic Research
• USA
- IACR (International Association for Cryptologic Research) http://www.iacr.org/
: Crypto(‘81-), Eurocrypt(’82-), Asiacrypt(’91-), FSE, PKC, CHES
- IEEE(Symposium on Privacy and Security)
- ACM-CCS (Comp. & Comm. Security)
- PKI Workshop(’01-), etc.
• Europe
- ESORICS(European Symposium on Research in Computer Security)
- EuroPKI(’04-), etc.
• Asia
- Australia : Auscrypt(‘90-’92), ACISP (‘95-)
- Japan : SCIS(‘84-), CSS(’02-), IWSEC(’06-) , Pairing(’07-)
- Korea : KIISC (Korea Institute of Information Security and Cryptology)
(’89-) http://www.kiisc.or.kr/, ICISC(‘97-), IWDW(’02-), WISA(’0-), IWAP(’00-)
- China : ICICS(‘00-),ACNS(’02-)
- Malaysia : Mycrypt(’05-)
- India : Indocrypt (’99-),
-Vietnam: Vietcrypt(’06-)
6
History of Asiacrypt
1900BC : Non-standard hieroglyphics
1500BC : Mesopotamian pottery glazes
50BC : Caesar cipher
1518 : Trithemius’ cipher book
1558 : Keys invented
1583 : Vigenere’s book
1790 : Jefferson wheel
1854 : Playfair cipher
1857 : Beaufort’s cipher
1917 : Friedman’s Riverbank Labs
1917 : Vernam one-time pads
7
Term Projects(Ex.)
Cryptographic application of your majoring field
 Design and/or Cryptanalysis of
Block Cipher or
Stream cipher
 Design and/or Cryptanalysis of
Public Key
Cryptography
 Design
of cryptographic protocols for key
management or authentication, etc.
 New applications of cryptographic protocols for
secure e-voting, secure WSN, etc
 Efficient Implementation of cryptographic library in
RFID etc.

8
Questions
Why are you taking this
course?
What do you expect
after this course?
10
Basic Concepts(I)

Cryptology

Encryption(Decryption),Key,Plaintext,Ciphertext,
Deciphertext
= Crypto(Hidden) + Logos (word)
= Cryptography
+ Cryptanalysis
= Code Writing
+ Code Breaking
Adversary
C=E(P,Ke)
P
E()
P=D(C,Kd)
C
Insecure channel
D
Kd
Ke
Key
D()
Secure channel
11
Basic Concepts(II)

Channel
◦ Secure : trust, registered mail, tamper-proof device
◦ Insecure : open, public channel

Entity
◦ Sender (Alice)
◦ Receiver (Bob)
◦ Adversary (Charlie)
Passive attack : wiretapping ->Privacy
Active attack : modification,impersonation
-> Authentication
12
Basic Concepts(III)

Classification of crypto algorithms
◦ by date
Traditional( ~19C): Caesar
Mechanical(WW I, II ): Rotor Machine, Purple
Modern(‘50~): DES, IDEA, AES and RSA, ECC
◦ by number of keys
Conventional: {1,single,common} key,
symmetric
Public key cryptosystem: {2,dual} keys,
asymmetric
◦ by size of plaintext
Block Cipher
Stream Cipher
13
Security Requirements - Privacy
“Keeping information secret from
all but those who are authorized to it.”
Eavesdropping
C
A
B
Attacker (Eavesdropper)
※ Pictures are taken from the CryptMail User's Guide, Copyright (C) 1994 Utimaco Belgium,
14
Security Requirements - Authentication
Entity authentication (or identification) :
Corroboration of the identity of an entity
(e.g., a person, a computer terminal, etc)
Message authentication :
Corroboration the source of information
also known as data origin authentication
= data integrity
Impersonation
A
B
C
15
Security Requirements - Integrity
“ Ensuring information has not been
altered by unauthorized or unknown means.”
Modification
C
A
B
16
Security Requirements - Non-repudiation
“Preventing the denial of previous
commitment or actions.”
Repudiation
A
I sent this
No, I didn’t
message to you
receive it.
B
17
Basic Security Requirements
Privacy (or confidentiality) : keeping information secret from all
but those who are authorized to it.
 Data integrity : ensuring information has not been altered by
unauthorized or unknown means
 Authentication

 Entity authentication (or identification) : corroboration of the identity of
an entity (e.g., a person, a computer terminal, etc)
 Message authentication: corroboration the source of information ; also
known as data origin authentication



Signature: a means to bind information to an entity
Access control: restricting access to resources to privileged
entities.
Non-repudiation: preventing the denial of previous commitment or
actions.
18
Advanced Security Requirements









Authorization: conveyance, to another entity, of official sanction to
do or be something.
Validation: a means to provide timeliness of authorization to use or
manipulate information or services
Certification: endorsement of information by a trusted entity
Revocation: retraction of certification or authorization
Time stamping: recording the time of creation or existence of
information
Witnessing : verifying the creation or existence of information by an
entity other than the creator
Receipt: acknowledgement that information has been received
Ownership: a means to provide an entity with the legal right to use
or transfer a resource to others
Anonymity: concealing the identity of an entity involved in some
process
19
A taxonomy of cryptographic primitives
arbitrary length hash
functions
Unkeyed
1-way permutations
Primitives
RNG, PUF
block ciphers
symmetric-key ciphers
Security
Symmetric-key
Primitives
Primitives
arbitrary length (keyed)
hash functions(MAC)
stream ciphers
signatures
Identification primitives
Public-key
public-key ciphers
Primitives
signatures
Identification primitives
RNG(Random Number Generator), PUF(Physically Unclonable Function)
20
Attacking Model(I)

By available information to attacker
◦ COA (Ciphertext Only Attack)
◦ KPA (Known Plaintext Attack)
◦ CPA (Chosen Plaintext Attack)
◦ CCA (Chosen Ciphertext Attack)
• Kerckhoff’s principle: knows the
cryptosystem being used
22
Attacking Model (II)
• Exhaustive Key Search
: Time = O(n), Space=O(1)
• (Pre-computed) Table Lookup
: Time=O(1), Space= O(n),
• Time-Memory Tradeoff
: Time =O(n2/3) , Space =O(n2/3)
23
Classification of Security
Unconditionally secure : unlimited
power of adversary, perfect (ex. :
one-time pad)
 Provably secure : under the
assumption of well-known hard
mathematical problem
 Computationally secure : amount of
computational effort by the best
known methods (Practical Secure)

24
Brief History of Modern
Cryptology
Shannon, The Communication Theory of Secrecy Systems
Differential Cryptanalysis
Diffie and Hellman
DSA
DES
RSA
OAEP
ECC
19751977 1978
1949
Differential
Fault
Analysis
Linear Cryptanalysis
1985/
1987
SHA-1
19881990199119921993 19941995
Polynomial based PKC
1996 1998
Random Oracle Model
Zero Knowledge Proof
Impossible
Differential
Cryptanalysis
AES – FIPS 197
SHA-2
IBE from Pairing
ID based PKC w/o Random Oracle
E-Voting (Votopia)
Collisions on Hash Functions
Certificateless PKC
Power of the Randomized Iterate
Cryptography with
Constant Input Locality
25
2000
2001
2002
2003
2004
2005
2006
2007