18
1 Today’s topics • Security Demo from RSA Security (www.rsa.com) Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University For further reference “Applied Cryptography” by Bruce Schneier • Upcoming – Complexity • Reading Sections 4.6 and 11 in Brookshear. Chapters 11,13 in Great Ideas.

1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

Embed Size (px)

Citation preview

Page 1: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

1

Today’s topics

• Security– Demo from RSA Security (www.rsa.com)– Slides taken from Kevin Wayne & Robert

Sedgewick at Princeton University– For further reference “Applied Cryptography” by

Bruce Schneier• Upcoming

– Complexity• Reading

– Sections 4.6 and 11 in Brookshear.– Chapters 11,13 in Great Ideas.

Page 2: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

2

Security• Computer Security is the prevention of, or protection

against:– Access to information by unauthorized recipients– Intentional but unauthorized destruction or

alteration of that information.• Authentication: verifying the identity of a person or

system– Username and Password– What is an example of a good password?– Change your password often. A particular

implementation of this idea is ONE-TIME PASSWORDS.

– Physical security of the system is also important.

Page 3: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

3

Cryptography

Cryptography: science of creating secret codes.

Cryptanalysis : science of code breaking

Cryptology: science of secret communication.

Goal: Information Security in presence of malicious adversaries.– Confidentiality…– Integrity…– Authentication…– Authorization…– Non-repudiation…

RSA PRESENTATION

Page 4: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

4

Algorithms & KeysRestricted Algorithm• If the security depends on keeping the working of the

algorithm secret.• Can’t support a large or changing group of users…Why?• No quality control.Modern cryptology solves this with a KEY (K).• Key might be any of a large number of values.• Range of possible values called a keyspace.• Now security depends on the security of the Key.• The algorithms for encrypting and decrypting can be mass

produced and optimized.

Page 5: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

5

Algorithms & Keys

Two general types of Key based algorithms

• Symmetric Algorithms– Symmetric => same key for encryption and

decryption– Also called Private key algorithms.

• Public-Key Algorithms– Different encryption and decryption keys.

Page 6: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

6

Attacks!

• Ciphertext-only Attack..

• Known-plaintext Attack..

• Chosen-plaintext Attack..

• Chosen-ciphertext Attack..

• Rubber-hose cryptanalysis..

Page 7: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

7

Security levels ?

• Total Break!– Cryptanalyst find the key.

• Global Deduction.– Cryptanalyst finds alternate algorithm equivalent to the decrypting (or

encrypting) algorithm without the key.• Local Deduction.

– Cryptanalyst finds plaintext of a particular intercepted ciphertext.• Information Deduction

– Cryptanalyst gains some incomplete knowledge about the key or plaintext.

• Unconditionally Secure.– Not breakable by even brute-force attack..EVER..

• Computationally secure.– Can’t be broken given the current available resourses.

Page 8: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

8

Private Key EncryptionAssume message is encoded as binary string.ASCI

Page 9: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

9

Public Key Encryption

Page 10: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

10

Public Key EncryptionBob has N-Bit message to send to Alice.• Alice has public and secret key.

– PUBLIC key = published on Web in digital phonebook (VERISIGN).

– PRIVATE key = known only by Alice.

• Bob encrypts message using Alice’s public key.• Alice decrypts message using her private key.

To achieve security, need following properties:• Can encrypt message efficiently with public key.• Can decrypt message efficiently with private key.• CANNOT decrypt message efficiently with public key alone.

Page 11: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

11

Factoring!Factoring of large numbers is HARD.• This is the underlying assumption in RSA and

many other public key algorithms.

Is it hard?...• Review the process for factoring a number.• The one we follow is Brute-force approach!• Will be extremely hard even for a computer if

the number is (say) 200 digits or more.

Page 12: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

12

RSA Public-Key CryptosystemRSA cryptosystem (Rivest-Shamir-Adleman,1978).• Most widely used public-key cryptosystem (500 million users).• Sun, Microsoft, Apple, browsers, cell phones, ATM machines,…

Key generations.• Select two large prime numbers p and q at random.• Compute n= pq, and = (p-1)(q-1).• Choose integer e such that it is relatively prime to .• Compute d such that d e = e d = 1 (mod ).• Publish (e , n) as Public key.• Keep (d, n ) as Secret key.

Note: Don’t even need to store p, q, or . only needed to compute d.• Saving p, q speeds up decryption (Chinese Remainder Theorem).

Page 13: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

13

RSA DetailsHow large should n = p q be?• 1,024 bits for long term security. • IE, Netscape: 40, 56 , 128 bit.• Too small => easy to break.• Too large => time consuming to encrypt/decrypt.

Number Theory => n / logen prime numbers between 2 and n.

How to compute d efficiently ?• Existence guaranteed since gcd(e,) = 1.• Fancy version of Euclid’s algorithm.

Page 14: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

14

RSA AttacksFactoring.• Factor n = pq.• Then compute .• Then compute e.

Timing attacks.• Reconstruct d by sending C and monitoring

how long it takes to compute Cd(mod n).

Other means?• Long-standing open research question.

Page 15: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

15

Digital SignatureAlice sends Bob a response.• Bob wants to be really sure Alice really sent it, and not

some imposter.

Page 16: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

16

RSA Digital SignatureAlice wants to send Bob a response S.• Alice uses private key d and computes: S’= Sd (mod n).• Alice sends ( S, S’).

Bob receives digital signed response ( S, S’) .• Bob uses Alice’s public key e and checks if S = (S’)e (mod n ).• If yes, then Bob concludes S sent by Alice.• If no, then Bob concludes S or S’ corrupted in transmission, or

message is forgery.

Third party.• Bob verifies Alice’s signature on digitally signed message (e.g.

electronic check).• Bob forwards digitally signed message to bank.• Bank re-verifies Alice’s signature.

Page 17: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

17

RSA ApplicationsSecure Internet Communication.• Browsers.• S/MIME, SSL, S/WAN.• PGP.• Microsoft Outlook.

Operating Systems.• Sun, Microsoft, Apple, Novel.

Hardware.• Cell phones.• ATM machines.• Wireless Ethernet cards.• Smart cards.• Palm Pilots.

Page 18: 1 Today’s topics Security –Demo from RSA Security () –Slides taken from Kevin Wayne & Robert Sedgewick at Princeton University –For further

18

Bad Cryptology.Good introductory explanation & details on Gregory Kesden’s site

(CMU)http://www-2.cs.cmu.edu/~dst/DeCSS/Kesden/

Content Scrambling System (CSS).• Use to encrypt DVD’s.• Each disc has 3 40-bit keys.• Each DVD decoder (software/hardware) has unique 40-bit key.• “Not possible” to play back on computer without disc.

DeCSS. (Canman and SoupaFrog, 1999).• Decryption algorithm written by two Norwegians.• Used “in-circuit emulator” to monitor hardware activity.

Why CSS is fatally flawed. (Policy and Legal issues..)