MISM 1

• Understandbasiccryptographyandsecurityterms• Understandsecurityintermsof:– Securewebtransmission– Authentication• Whoareyou?

– Authorization• Whatareyouallowedtodo?

– Certificates,andDigitalSignatures• Isthisdocument/software/transactionreal?

• Haveabasicunderstandingoftheunderlyingtheoryandmathbehindwebsecurity.

MISM 2

• Symmetrickey– Historicandverysimple:Caesarcipher–Mostprevalent:AES

• Asymmetrickey– AlsoknownasPublicKey(orPrivate/PublicKey)–Mostprevalent:RSA

MISM 3

• Pickakey(anumber)• Shiftthelettersoftheplaintextbythekeytocreatetheciphertext.

• E.g.– Plaintext:Yellowcake– Key:3– Ciphertext:Bhoorz fdnh

MISM 4

Source:http://en.wikipedia.org/wiki/File:Caesar3.svg

• Secretkeyalgorithm– Thesenderandthereceivershareasecretkey

• Symmetricalgorithm– Trivially-relatedkeysareusedtoencodeanddecodethemessage• Trivially-related:usesthesamekey,orkeysrequireonlyasimpletransformation.– Caesarcipher:(inEnglish)the2nd keyis26minustheoriginalkey

MISM 5

• Onewaytodiscovertheplaintextistoexhaustivelytryeverypossiblekey.

• IstheCaesarciphersusceptibletobruteforceattack?

MISM 6

• Useextremelylargekeys– An8bitkeyhas28 possiblekeys• 256

– A16bitkeyhas216 possiblekeys• 65,536

– A32bitkeyhas232 possiblekeys• 4,294,967,296

– A256bitkeyhas2256 possiblekeys• 1.15792089× 1077

MISM 7

• Cryptographyisessentiallytrying– to"messup"theoriginaldataasmuchaspossible– sothatsomeoneelsecannotfindtheoriginal– butbeabletogettheoriginaldatabackwithakey

• Encryption="messup"

• Sohowcanwe"messup"thedatabetterthantheCaesarcipherdoes?– Theblocksofplaintextareonecharacter.– Thereisonlysomuchyoucandotoonecharacter.– Sohowaboutencryptingblocksofdata?

MISM 8

• Symmetrickeycipher• Worksonblocksoftext– E.g.128bitblocks

• SimpleCaesarexample– Dosimpleencodingofcake(c=3,a=1,k=11,e=5)

• Encodingistransformingtoadifferentrepresentation– Itisnotencryption.

• Howmanybitsdoyouneedfor26letters?• 5because25 =32

– Letsusea2-characterblock(so10bits)• Howmanybitscanthekeybe?

– LetsuseaKeyof1(forsimplicity)– Plaintext: 00011000010101100101– Ciphertext: 00011000100101100110

MISM 9

10

• Ifblocks'plaintextareidentical,thentheirciphertext willalsobeidentical.

• Thiscanbeseenvisuallyinthefollowing3pictures.• Whatyouwantitthe3rd picture.• Onewaytodosoistomessupthecurrentblockwithinfofromits

priorblock.

MISM 10Imagesource:http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

Original BlockCipher BlockCipherChaining

• EachblockisXOR’ed withthepreviousblockbeforeencrypting– ThefirstblockisXOR'ed withaninitializationvector– Theinitializationistypicallyarandomnumber

• Thereforeeachblockisdependentonallplaintextblocksuptothatpoint01001 - initializationvector00001 - key5bitblock(e.g.onecharacter)cake00011000010101100101 - encodedplaintext01010 - xor c01011 - encryptc

01010 - xor a01011 - encrypta

00000 - xor k00001 - encryptk

00100 - xor e00101 - encrypte

01011010110000100101 - encryptedciphertext

MISM 11

XOR0 ^ 0 = 00 ^ 1 = 11 ^ 0 = 11 ^ 1 = 0

• Verycomplexchainingblockcipher• Symmetricalgorithm• AdoptedbyUSNationalInstituteofStandards– Replacedtheformerstandard:DES• DataEncryptionStandard– 56bitkeyblockcipher

• Checkwhatyourbrowseruses:– InChrome,browsetosomehttps://…site– Clickonpadlock,andchoose"Connection"tab

MISM 12

• SymmetricalgorithmsrequireAliceandBobtoshareasecret(thekey).– Bothcanencryptanddecryptmessages

• Asymmetricalgorithmsallowfornotsharingasecret.– AlicecanencodeamessageforBob– ShecannotdecodemessagesalreadyencodedforBob

MISM 13

MISM 14

Secret Key

Secret Key

MISM 15

Public Key Private Key

Private Key Public Key

MISM 16

Public Key Public Key

Private Key Private Key

• Usesasymmetrickeys• Singlepublickey– Lettheworldsee

• Singleprivatekey– Youkeepsecret

MISM 17

• RSAisacommonpublickeyencryptionalgorithm– Namedforitsauthors:Rivest,Shamir,&Adleman

• Developed in1977• Basedonthemathematicsoflargeprimenumbers– Ifyouhavethenumbers,youcanusethemtoencryptmessages

– Ifyoudon'thavethenumbers,itisinfeasibletoguessthem

MISM 18

• Codewalk-through(RSAExample.java)• Questions–Whatarethecomponentsofthepublickey?–Whatarethecomponentsoftheprivatekey?–Whatlinedoestheencryption?–Whatlinedoesthedecryption?–Whywouldn'tusingthesamekeytwicereturntheoriginalplaintext?

MISM 19

• y =x5%851• Seeapattern?• Canyoupredictthevalueat101?

• Unpredictabilityisitsstrength

• Reddotisat(53,477)

• Correspondingkeyis{d:317,n:851}

• 477317%851=53MISM 20

0

100

200

300

400

500

600

700

800

900

0 10 20 30 40 50 60 70 80 90 100

1. Encryption/Decryption– Publickey

• Usedbyothers• Toencryptamessageintendedonlyforyou

– Privatekey• Usedbyyou• Todecryptamessageoriginallyencryptedbyyourpublickey

2. Signing/Verification– Privatekey

• Usedtosignadocumentsothatotherscanverifythesource– Publickey

• Usedtoverifythatasigneddocumentwassignedbyyou.MISM 21

1. Encryption/Decryption– Publickey

• Usedbyothers• Toencryptamessageintendedonlyforyou

– Privatekey• Usedbyyou• Todecryptamessageoriginallyencryptedbyyourpublickey

2. Signing/Verification– Privatekey

• Usedtosignadocumentsothatotherscanverifythesource– Publickey

• Usedtoverifythatasigneddocumentwassignedbyyou.MISM 22

• How canyouguaranteetosomeonethatadocumentyousentthemisfromyou,andhasnotbeenchanged?

• HowcanyouguaranteethatthesoftwareyouareusingcamefromMicrosoft,andthatithasnotbeenaltered?

• Youwanttokeepthedocument/software/image/etc.viewableandusable,butjustwantaschemebywhichotherscanverifyitsauthenticity.

MISM 23

• Publickeyencryptioncanbeusedtoprovidedigitalsignaturestovalidateauthenticity

• Digitalsignaturesarebetterthatrealsignatures,forpeoplecanalterapaperdocumentonceyouhavesignedit.

• Withdigitalsignatures,ifthedocumentischanged,thenthesignaturebecomesinvalid.

• Thisisbecausethesignatureisanumberbasedonthecontentofthedocument.– Ormorespecifically,onthehashvalue ofadocument.

MISM 24

• RememberyoucalculatedhashvaluesinProject1!• Takesafile(application,document,picture,etc.)• Returnsalarge,butfixed-sizenumber.• Anyintentionaloraccidentalchangeinthefilewillchangeitsresultinghashvalue.

• Thefilebeingencodediscalledthe“message”• Theresultinghashvalueisalsocalledthe– "MessageDigest"– Orsimply"Digest"

MISM 25

1. Foranymessage,thehashvalueiseasytocompute.2. Itisinfeasibletocreateanewmessagethathasagiven

hashvalue– I.e.thoughyouknowthehashvalue,youcan'tcreateadocumenttomatchthathashvalue

3. Itisinfeasibletomodifyamessageinanywaywithoutchangingitshashvalue– Allmodificationschangethehashvalue.

4. Itiscompletelyunlikelythattwodocumentswillhavethesamehashvalue– Soyoudon’thavetoworrythatMallorywilljustbeluckyandfindanotherdocumentwiththesamehashvalue

MISM 26

• SHA– DesignedbytheNationalSecurityAdministration(NSA)– SHA-1

• 160bitdigest– InFeb2017,adeliberatecollisionwasdemonstrated*

• Breakingproperty#2onthepreviousslide– SHA-2

• Afamilyofrelatedhashfunctions• SHA-256(weusedforProject1)hasa256bitdigest

• MD5– 128bitdigest

• BothSHA-256andMD5areoftenrepresentedasstringsofhexdigits– (AsyoudidinProject1)

MISM 27

*GoogleannouncedthattheyhaddemonstratedaSHA-1collisionon2/23/17:https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

• Canahashfunctionbeusedtoencryptamessage?

MISM 28

• Takeyourdocument(emailmessage,etc)• Calculateahashfunctiononit.– e.g.SHA-256

• Encrypttheresultinghashvaluewithyourprivatekey.

• Theencryptedhashvalueisthedigitalsignature.• Sendit…

MISM 29

• …Therecipient• Receivesthedocument(emailmessage,etc)andthedigitalsignature.

• Decryptsthesignaturewith_____________resultingin_________________

• Calculateahashofthedocument&compareitwiththesender’shashvalue

• Shouldtheybeequal?Why?

MISM 30

• Whatdoesitmeanifthehashvaluesarenotequal?

• CouldMallorychangethedocument?• CanMallorychangethedocumentwithoutchangingthehashvalue?

• CanEvereadthedocument(email,etc.)?–Whatcanyoudoaboutthat?

MISM 31

• Howcanwesecurelytransferpublickeys?• ADigitalCertificateisadocumentthatprovidesinformationaboutanorganization–Mostimportantly,itspublickey

• AndtheDigitalCertificateisdigitallysignedbysometrustedparty.

MISM 32

• Issuedbytrustedentities– CompanyITDepartment(internally)– VeriSign– Thawte– Lotsofothers

• Typicallycontains– Owner’sname– Owner’spublickey– Expirationdate– Nameofcertificateissuer– Serialnumber– Issuer’sdigitalsignature

• E.g.BlackboardDigitalCertificate

MISM 33

MISM 34

MISM 35

ByYanpas - Ownwork,CCBY-SA4.0,https://commons.wikimedia.org/w/index.php?curid=46369922