View
241
Download
0
Category
Preview:
Citation preview
8/2/2019 Chap 1 New
1/20
Chapter 1.
Overview of Cryptography
Jeong H. Yi
jhyi@ics.uci.edu
8/2/2019 Chap 1 New
2/20
Information security and cryptography
Cryptography is the study of mathematical techniques relatedto aspects of information security
Cryptographic goals
Confidentiality Data integrity
Authentication
Non-repudiation
8/2/2019 Chap 1 New
3/20
Taxonomy of cryptographic primitives.Arbitrary length hash functions
One-way permutations
Random sequences
Symmetric-key ciphers
Arbitrary length hash functions(MACs)
Signatures
Pseudorandom sequences
Identification primitives
Public-key ciphers
Signatures
Identification primitives
UnkeyedPrimitives
Symmetric-keyPrimitives
Public-keyPrimitives
SecurityPrimitives
Blockciphers
Stream
ciphers
8/2/2019 Chap 1 New
4/20
Background on Functions
Function f : X Y is called a function f from set X to set Y.
X: domain
Y: codomain.
for y = f(x) where x X and y Y y: image of x
x: preimage of y Im(f), image of f
the set that all y Y have at least one preimage
1 1 function if each element in Y is the image of at most one element in X.
onto function if Im(f) =Y
bijection function if f is 11 and onto.
8/2/2019 Chap 1 New
5/20
Background on Functions (ctd)
one-way function if f(x) is easy to compute for all x X, but
it is computationally infeasible to find any x X such that f(x) =y.
trapdoor one-way function if given trapdoor information, it becomes feasible to find an x X
such that f(x) =y.
8/2/2019 Chap 1 New
6/20
Symmetric-key ciphers
Block cipher breaks up the plaintext into blocks of a fixed length, and then
encrypts one block at a time.
Stream cipher
takes the plaintext string and produces a ciphertext string usingkeystream
specific case of block cipher with the size of 1
8/2/2019 Chap 1 New
7/20
Digital signatures
Nomenclature M: messages
S: signatures
SA: signing transformation for A
VA: verification transformation for A
Definition
SAand VAprovide a digital signature scheme (or mechanism) for A.
8/2/2019 Chap 1 New
8/20
Authentication
Entity authentication (Identification) corroboration of the identity of an entity (e.g., a person, a
computer terminal, a credit card, etc.).
Message authentication (Data origin authentication)
corroborating the source of information
8/2/2019 Chap 1 New
9/20
Symmetric-key cryptography
Advantages high data throughput
relatively short size
primitives to construct various cryptographic mechanisms
Disadvantages
the key must remain secret at both ends.
O(n2) keys to be managed.
relatively short lifetime of the key
8/2/2019 Chap 1 New
10/20
Public-key cryptography
Advantages Only the private key must be kept secret
relatively long life time of the key
relatively efficient digital signature mechanisms
smaller verification key
O(n) keys to be managed
Disadvantages
low data throughput
much larger key sizes
8/2/2019 Chap 1 New
11/20
Summary of comparison
public-key cryptography signatures (particularly, non-repudiation) and key management
symmetric-key cryptography
encryption and some data integrity applications
Key sizes
Private keys must be larger (e.g., 1024 bits for RSA) than secretkeys (e.g., 64 or 128 bits)
most attack on symmetric-key systems is an exhaustive key search public-key systems are subject to short-cut attacks (e.g., factoring)
8/2/2019 Chap 1 New
12/20
8/2/2019 Chap 1 New
13/20
Key establishment and management
Key establishment process to establish a shared secret key available to two or more
parties
subdivided into key agreement and key transport.
Key management the set of processes and mechanisms which support key
establishment and
the maintenance of ongoing keying relationships between parties
8/2/2019 Chap 1 New
14/20
Key management through symmetric-key tech.
Advantages easy to add and remove entities
needs to store only one long-term secret key.
Disadvantages
initial interaction with the TTP.
n long-term secret keys maintained by TTP
TTP can read all messages.
If TTP is compromised, all communications are insecure
8/2/2019 Chap 1 New
15/20
Key management through public-key tech.
Advantages No TTP is required.
Only n public keys need to be stored
Disadvantages
Active adversary can compromise the key management scheme(e.g. man-in-the-middle attack)
Need TTP (e.g., CA) to certify the public key of each entity.
8/2/2019 Chap 1 New
16/20
Public-key certification
Advantages
prevents an active adversary from impersonation
TTP cannot monitor communications.
Disadvantages
If the signing key of the TTP is compromised, all communicationsbecome insecure.
8/2/2019 Chap 1 New
17/20
Attacks on encryption schemes
Ciphertext-only attack
deduce the decryption key or plaintext by only observing ciphertext.
Known-plaintext attack
using a quantity of plaintext and corresponding ciphertext.
Chosen-plaintext attack
chooses plaintext and is then given corresponding ciphertext.
Adaptive chosen-plaintext attack
chosen-plaintext attack where the choice of plaintext may depend on theciphertext received from previous requests.
Chosen-ciphertext attack
selects the ciphertext and is then given the corresponding plaintext.Adaptive chosen-ciphertext attack
chosen-ciphertext attack where the choice of ciphertext may depend onthe plaintext received from previous requests.
8/2/2019 Chap 1 New
18/20
Attacks on protocols
known-key attack uses previously used keys to determine new keys
replay attack records a communication session and replays that session
impersonation attack deceives the identity of one of the legitimate parties
dictionary attack using code book
forward search attack
if message space is small or predictableinterleaving attack impersonation or other deception involving selective combination of
information from parallel sessions
8/2/2019 Chap 1 New
19/20
Models for evaluating security
Unconditional security (perfect secrecy) Adversaries have unlimited computational resources
Observation of the ciphertext provides no information to anadversary
Complexity-theoretic security Adversaries have polynomial computational power.
Asymptotic analysis and usually also worst-case analysis is used
Provable security provably secure if the difficulty of defeating crypto system can be
shown to be as difficult as solving a well-known number-theoreticproblem
8/2/2019 Chap 1 New
20/20
Models for evaluating security (ctd)
Computational security (Practical security)
computationally secure if the level of computation to defeat cryptosystem exceeds the computational resources of the adversary
Most of the known public-key and symmetric-key schemes
Ad hoc security (heuristic security)
any variety of convincing computational security
unforeseen attacks may remain
Recommended