Computer Security Cryptography –an introduction

  • View
    22

  • Download
    4

Embed Size (px)

DESCRIPTION

Computer Security Cryptography –an introduction. Encryption. key K E key K D - PowerPoint PPT Presentation

Text of Computer Security Cryptography –an introduction

  • Computer SecurityCryptography an introduction

  • Encryption

    key KE key KD x plaintext y ciphertext original plaintext x . encryption decryption

    Eavesdropper

  • EncryptionA cryptosystem involves an encryption algorithm E, and a a decryption algorithm DBoth algorithms make use of a key.Let KE be the encryption key and KD the decryption key. For symmetric cryptosystems the same key is used both encryption and decryption: KE = KD.

  • EncryptionIf P is the plaintext message, C the ciphertext, then for symmetric cryptosystems:

    C = E (K,P) and P = D (K,E (K,P)) = D (K,C)

    For an asymmetric cryptosystem

    C = E (KE,P) and P = D (KD,E (KE,P)) = D (KD,C)

  • Kerchoffs assumptionThe adversary knows all details of the encrypting function except the secret key

  • Symmetric key encryptionThere are two types of cipher systems:Stream ciphers, Block ciphers.

  • Stream ciphers Encryption x = ISSOPMI y = wdhuvad

    Key KE

  • Block ciphers Encryptionx = XNE OIG TPH YRK

    y = . Key KE wdm . hut vap dgd

  • Block ciphersAn overview of the DES AlgorithmDES is an iterated block cipher with 16 rounds, block length 64 bits and key length 56 bits

  • Iterating Block ciphers1. Iterated block cipher Random (binary) key K round keys: K1,..., KNr, 2. Round function g w r = g(w r-1, K r), where w r-1 is the previous state

  • Iterated cipher Encryption operation:

    w0 x (x = plaintext)

    w1 = g(w0, K1),w2 = g(w1, K2),

    wNr = g(wNr-1, KNr),

    y wNr (y = ciphertext)

  • Iterated cipher For decryption we must have: g(.,K) must be invertible for all K

    Then decryption is the reverse of encryption (bottom-up)

  • Data Encryption StandardDES is a special type of iterated cipher called a Feistel cipher.Block length 64 bitsKey length 56 bitsCiphertext length 64 bits

  • DES

    The round function is:

    g([Li-1,Ri-1 ]),Ki ) = (Li ,Ri),

    where

    Li = Ri-1 and Ri = Li-1 XOR f (Ri-1, Ki).

  • DES round encryption

  • DES inner function

  • DES computation path

  • A Round of DES32 bit Rn+164 bit output32 bit Ln+164 bit input32 bit Ln32 bit RnKn

  • Inner function fCombine 32 bit input and 48 bit key into 32 bit outputExpand 32 bit input to 48 bits XOR the 48 bit key with the expanded 48 bit inputApply the S-boxes to the 48 bit input to produce 32 bit outputPermute the resulting 32 bits

  • S BoxesThere are 8 different S-Boxes,1 for each chunkS-box process maps 6 bit input to 4 bit outputS box performs substitution on 4 bitsThere are 8 possible substitutions in each S boxInner 4 bits are fed into an S boxOuter 2 bits determine which substitution is used

  • DES: Initial and Final PermutationsThere is also an initial and a final permutation: the final permutation is the inverse of the initial permutation

  • Decrypting DESDES (and all Feistel structures) is reversible through a reverse encryption because:No input data is mangled and passed to the outputThe properties of XORS-boxes are not reversible (and don't need to be)Everything needed (except the key) to produce the input to the n-1th step is available from the output of the nthstep.4. The input to the nth step is the output of the n-1th step.5. Work backwards to step 1.

  • Encrypt round n Decrypt round n+132 bit Rn+164 bit input32 bit Ln+164 bit output32 bit Ln32 bit Rn Inner Function+Kn32 bit Rn+164 bit output32 bit Ln+164 bit input32 bit Ln32 bit RnInner Function+Kn

  • Attacks on DESBrute forceLinear Cryptanalysis -- Known plaintext attackDifferential cryptanalysisChosen plaintext attackModify plaintext bits, observe change in ciphertext

    No dramatic improvement on brute force

  • Countering AttacksLarge keyspace combats brute force attackTriple DES (say EDE mode, with usually 2 keys)Use AES

  • Modes of operationFour basic modes of operation are available for block ciphers:Electronic codebook mode: ECBCipher block chaining mode: CBCCipher feedback mode: CFBOutput feedback mode: OFB

  • Electronic Codebook mode, ECBEach plaintext xi is encrypted with the same key K:

    yi = eK(xi).

    So, the nave use of a block cipher.

  • ECBx1x2x3x4y4y3y2y1DESDESDESDES

  • Cipher Block Chaining mode, CBCEach cipher block yi-1 is xor-ed with the next plaintext xi :

    yi = eK(yi-1 XOR xi)before being encrypted to get the next plaintext yi.The chain is initialized with an initialization vector: y0 = IVwith length, the block size.

  • CBCx1++++IVx2x3x4y4y3y2y1DESDESDESDES

  • Cipher and Output feedback modes (CFB & OFB)CFBz0 = IV and recursively: zi = eK(yi-1) and yi = xi XOR zi

    OFBz0 = IV and recursively: zi = eK(zi-1) and yi = xi XOR zi

  • CFB mode

    IVeK

    eK

    y1 +x1eKx2y2 +

  • OFB mode

    IVeK

    eK

    y1 +x1x2y2 +

  • Double & Triple DES Double: C = E(k2,E(k1,m) Triple: C = E(k1,D(k2,E(k1,m)

  • AESBlock length 128 bits.Key lengths 128 (or 192 or 256).The AES is an iterated cipher with Nr=10 (or 12 or 14)In each round we have: Subkey mixing: State Roundkey XOR StateA substitution: SubBytes(State)A permutation: ShiftRows(State) & MixColumns(State)

  • Asymmetric key encryptionPublic Key Cryptography

  • Public Key CryptographyAlice BobAlice and Bob want to exchange a private key in public.

  • Public Key CryptographyThe Diffie-Hellman protocolAlice ga mod p Bob gb mod p

    The private key is: gab mod p where p is a prime and g is a generator of Zp

  • Finite FieldsTheoremIf p is a prime then Zp is a cyclic group.

    The generator of Zp is called a primitive element modulo p

  • Public Key CryptographyEncryption schemesLet P be the set of all plaintext messages C be the set of ciphertextsK be the set of all keys

  • The RSA cryptosystemLet n = pq, where p and q are primes.Let P = C = Zn, and define K = {(n,p,q,e,d) : ed = 1 mod f(n) }.

    For each key K = (n,p,q,e,d), define

    c = eK(m) = me mod nand dK(c) = cd mod n,

    where (m,c) e Zn.

    Public key = (n,e), Private key (n,d).

  • CheckWe have: ed = 1 mod f(n), so ed = 1 + tf(n).Therefore, dK(eK(m)) = (me)d = med = m tf(n)+1 = (mf(n)) t m = 1.m = m mod n

  • Examplep = 101, q = 113, n = 11413.f (n) = 100x112 = 11200 = 26527For encryption use e = 3533.Then d = e-1 mod11200 = 6597.Bob publishes: n = 11413, e = 3533.Suppose Alice wants to encrypt: 9726.She computes 97263533 mod 11413 = 5761To decrypt it Bob computes: 57616597 mod 11413 = 9726

  • ImplementationGenerate two large primes: p,qn pq and f (n)= (p-1)(q-1)Choose random e: with 1
  • Security of RSARelation to factoring. Recovering the plaintext m from an RSA ciphertext c iseasy if factoring is possible.

    The RSA problem Given (n,e) and c, compute: m such that me = c mod n

  • The ElGamal encryption schemeLet p be a prime and g e Zp a primitive element.Let P = Zp-1, C = Zp-1 x Zp-1 and K = {(p,g,x,y): y = gx modp }.The values p,g,y are the public key.x is the private key.

  • The ElGamal encryption schemeEncryption Let m e Zp-1 be a message. For K = {(p,g,x,y): y = gx mod p }, and secret random number k e Zp-1, define: eK(m,k) = (s,t), where s = gk mod p t = m yk mod pDecryption For s,t e Zp-1, define: dK(s,t) = t (sx)-1mod p

  • The security of ElGamalThe Diffie-Hellman problem. Given a prime p,g e Zp-1, and x,y e Zp-1, find xlog gy mod p.

    The security of the ElGamal encryption is reduced to the difficulty of breaking the Diffie-Hellman problem.

  • Digital Signatures

  • Public Key CryptographySignature schemesLet P be the set of all messages A be the set of signaturesK be the set of all ke

Recommended

View more >