Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
CS 568: Applied CryptographyProf. Mayank Varia
Syllabus
• Instructors: Mayank Varia, Nicolas Alhaddad, and Omar Sagga
• Course websites: piazza.com for discussion, gradescope.com for labs
• Weekly assignments: programming-based labs + textbook reading
• Midterm on Thurs 2/21, final exam on Sat 5/11
• Grading: 40% labs, 30% final, 20% midterm, 10% participation
• Always follow the BU academic conduct code & collaboration policy!
What is cryptography?
Crypto = Scientific field at intersection of many disciplines
Complexity theory Known for reductions. Primarily found inAmerican academia.
Engineering Known for software devand side channel attacks. Primarily found in industry.
Mathematics Known for cryptanalysis. Primarily found ingovernment.
!
"
Algorithms Known for cipher design. Primarily found inEuropean academia. A⇒B
This class
–Ben Adida
“Cryptography is how people get things done when they need one another, don’t fully trust one another, and have adversaries actively trying to screw things up.”
Source: benlog.com/2018/01/07/crypto-as-in-crypto/
The Internet, 1968
Source: twitter.com/pwnallthethings/status/935395453482520576
–Jon Stewart“The Internet is just the world passing notes in a classroom.”
Source: news.bbcimg.co.uk/media/images/75643000/jpg/_75643557_passing-notes.jpg
Facebook friendship graph, 2010
Source: www.facebook.com/note.php?note_id=469716398919
Talking over the Internet
Client-server crypto
End-to-end crypto
Why does crypto matter?
Why does crypto matter?1. We use it all the time
2. It has social consequences, as Rogaway said
3. It has geopolitical consequences
4. It influences how law and regulations are applied and modernized to the digital world
Encrypted web traffic in Firefox
Source: letsencrypt.org/stats
https://www.google.com
BU’s login page
The Signal double ratchet protocol
Used in a messaging system near you!
Signal (formerly TextSecure)
Facebook Messenger
Google Allo (opt-in)
Skype (opt-in)
Source: whispersystems.org/docs/specifications/doubleratchet
–Phillip Rogaway
“Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension.”
Source: web.cs.ucdavis.edu/~rogaway/papers/moral.html
Crypto Wars: early 20th century editionWorld War I: Zimmerman telegram World War II: Enigma machine
Source: www.bbc.com/news/uk-38581861 Source: en.wikipedia.org/wiki/Enigma_machine
Zimmerman telegram
Source: www.bbc.com/news/uk-38581861
Zimmerman telegram
"I've got something here which - well, it's a rather astonishing message which might do the trick if we could use it.”Source: www.bbc.com/news/uk-38581861
Crypto, meet the Bill of Rights1. Bernstein v. United States established code == speech
2. Crypto used to be regulated as a munition
3. 1990s Clipper chip: government in all computers
4. Crypto !-> reasonable expectation of privacy?
5. Can government request your help to unlock phone?
What is the objective of crypto?
Cryptography Cryptanalysisthe art of making codes the art of breaking codes
Cryptologykryptos = secret, hidden
Schneier’s law: Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.
Course outline1. Protecting data at rest
3. Protecting data in transit
5. Protecting data during use
2. Attacking data at rest
4. Crypto law and policy
6. Design + cryptanalysis of crypto building blocks
Protecting data in transit
messageM
encodeC=E(M)
decodeM=D(C)
???
keyK keyK
encryptC=E(K,M)
decryptM=D(K,C)
keyagreement
What protections do we want?
Source:Handbook of Applied Cryptography,Table 1.1
Confidentiality
Integrity
Availability
Confidentiality
Integrity
Availability
Private Deniable Withstand device compromise
Authenticated Binding / non-malleable Fresh
Eve’s powers we can handle
• Control over the network: add, drop, alter, re-order packets
• Intermittent control of an endpoint: we can still provide confidentiality at other times
Eve can still learn metadata
• No anonymity:Eve knows Alice and Bob are communicating
• No hiding message length:Eve sees how much data is flowing across the wire
Sources: • www.wyden.senate.gov/imo/media/doc/
Letter%20to%20Tinder%20on%20Cybersecurity.pdf • www.wyden.senate.gov/imo/media/doc/
Match%20response%20to%20wyden%206-27-18%20-%20signed.pdf
Formal security guarantee
gibberishEnc
Dec “I refuse”
Protecting data at rest
messageM
???
keyK keyK
decryptM=D(K,C)
encryptC=E(K,M)
How can Alice encode messages so Eve cannot read them?
Source: www.simonandschuster.com/books/The-Klingon-Dictionary/Marc-Okrand/Star-Trek/9780671745592
Goal 1: Unintelligible to Eve
Plain word Coded wordaba nrqabs mbkace ybdact wxvadd jenado hhgaft uxvage zmxago dgsaha aseaid ktf
⋮ ⋮
zip cyuzoo dux
Goal 1: Unintelligible to Eve Goal 2: Simple for Alice
• Fast + easy to compute
• Secret key is smalland easy to change
• Infinitely reusable
Plain word Coded wordaba nrqabs mbkace ybdact wxvadd jenado hhgaft uxvage zmxago dgsaha aseaid ktf
⋮ ⋮
zip cyuzoo dux
✘ Slow
✘ Big
✘ Frequency✘ analysis
Foreshadowing: block ciphers
Block cipher = family of codebooks
• Each key yields a different codebook
• Fast to compute: throughput of ~3-4 GB/sec
BKK
B
X
Y
K BK
X
Y
or
Foreshadowing: block ciphers
Block cipher = family of codebooks
• Each key yields a different codebook
• Fast to compute: throughput of ~3-4 GB/sec
BKK
B
X
Y
K BK
X
Y
or
Mode of operation = variability
• Allows long message with short key
• Thwarts frequency analysis
BK
M1
C1
R
BK
M2
C2
BK
M3
C3