Upload
nguyendat
View
237
Download
2
Embed Size (px)
Citation preview
MISM 1
• Understandbasiccryptographyandsecurityterms• Understandsecurityintermsof:– Securewebtransmission– Authentication• Whoareyou?
– Authorization• Whatareyouallowedtodo?
– Certificates,andDigitalSignatures• Isthisdocument/software/transactionreal?
• Haveabasicunderstandingoftheunderlyingtheoryandmathbehindwebsecurity.
MISM 2
• Symmetrickey– Historicandverysimple:Caesarcipher–Mostprevalent:AES
• Asymmetrickey– AlsoknownasPublicKey(orPrivate/PublicKey)–Mostprevalent:RSA
MISM 3
• Pickakey(anumber)• Shiftthelettersoftheplaintextbythekeytocreatetheciphertext.
• E.g.– Plaintext:Yellowcake– Key:3– Ciphertext:Bhoorz fdnh
MISM 4
Source:http://en.wikipedia.org/wiki/File:Caesar3.svg
• Secretkeyalgorithm– Thesenderandthereceivershareasecretkey
• Symmetricalgorithm– Trivially-relatedkeysareusedtoencodeanddecodethemessage• Trivially-related:usesthesamekey,orkeysrequireonlyasimpletransformation.– Caesarcipher:(inEnglish)the2nd keyis26minustheoriginalkey
MISM 5
• Onewaytodiscovertheplaintextistoexhaustivelytryeverypossiblekey.
• IstheCaesarciphersusceptibletobruteforceattack?
MISM 6
• Useextremelylargekeys– An8bitkeyhas28 possiblekeys• 256
– A16bitkeyhas216 possiblekeys• 65,536
– A32bitkeyhas232 possiblekeys• 4,294,967,296
– A256bitkeyhas2256 possiblekeys• 1.15792089× 1077
MISM 7
• Cryptographyisessentiallytrying– to"messup"theoriginaldataasmuchaspossible– sothatsomeoneelsecannotfindtheoriginal– butbeabletogettheoriginaldatabackwithakey
• Encryption="messup"
• Sohowcanwe"messup"thedatabetterthantheCaesarcipherdoes?– Theblocksofplaintextareonecharacter.– Thereisonlysomuchyoucandotoonecharacter.– Sohowaboutencryptingblocksofdata?
MISM 8
• Symmetrickeycipher• Worksonblocksoftext– E.g.128bitblocks
• SimpleCaesarexample– Dosimpleencodingofcake(c=3,a=1,k=11,e=5)
• Encodingistransformingtoadifferentrepresentation– Itisnotencryption.
• Howmanybitsdoyouneedfor26letters?• 5because25 =32
– Letsusea2-characterblock(so10bits)• Howmanybitscanthekeybe?
– LetsuseaKeyof1(forsimplicity)– Plaintext: 00011000010101100101– Ciphertext: 00011000100101100110
MISM 9
10
• Ifblocks'plaintextareidentical,thentheirciphertext willalsobeidentical.
• Thiscanbeseenvisuallyinthefollowing3pictures.• Whatyouwantitthe3rd picture.• Onewaytodosoistomessupthecurrentblockwithinfofromits
priorblock.
MISM 10Imagesource:http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Original BlockCipher BlockCipherChaining
• EachblockisXOR’ed withthepreviousblockbeforeencrypting– ThefirstblockisXOR'ed withaninitializationvector– Theinitializationistypicallyarandomnumber
• Thereforeeachblockisdependentonallplaintextblocksuptothatpoint01001 - initializationvector00001 - key5bitblock(e.g.onecharacter)cake00011000010101100101 - encodedplaintext01010 - xor c01011 - encryptc
01010 - xor a01011 - encrypta
00000 - xor k00001 - encryptk
00100 - xor e00101 - encrypte
01011010110000100101 - encryptedciphertext
MISM 11
XOR0 ^ 0 = 00 ^ 1 = 11 ^ 0 = 11 ^ 1 = 0
• Verycomplexchainingblockcipher• Symmetricalgorithm• AdoptedbyUSNationalInstituteofStandards– Replacedtheformerstandard:DES• DataEncryptionStandard– 56bitkeyblockcipher
• Checkwhatyourbrowseruses:– InChrome,browsetosomehttps://…site– Clickonpadlock,andchoose"Connection"tab
MISM 12
• SymmetricalgorithmsrequireAliceandBobtoshareasecret(thekey).– Bothcanencryptanddecryptmessages
• Asymmetricalgorithmsallowfornotsharingasecret.– AlicecanencodeamessageforBob– ShecannotdecodemessagesalreadyencodedforBob
MISM 13
MISM 14
Secret Key
Secret Key
MISM 15
Public Key Private Key
Private Key Public Key
MISM 16
Public Key Public Key
Private Key Private Key
• Usesasymmetrickeys• Singlepublickey– Lettheworldsee
• Singleprivatekey– Youkeepsecret
MISM 17
• RSAisacommonpublickeyencryptionalgorithm– Namedforitsauthors:Rivest,Shamir,&Adleman
• Developed in1977• Basedonthemathematicsoflargeprimenumbers– Ifyouhavethenumbers,youcanusethemtoencryptmessages
– Ifyoudon'thavethenumbers,itisinfeasibletoguessthem
MISM 18
• Codewalk-through(RSAExample.java)• Questions–Whatarethecomponentsofthepublickey?–Whatarethecomponentsoftheprivatekey?–Whatlinedoestheencryption?–Whatlinedoesthedecryption?–Whywouldn'tusingthesamekeytwicereturntheoriginalplaintext?
MISM 19
• y =x5%851• Seeapattern?• Canyoupredictthevalueat101?
• Unpredictabilityisitsstrength
• Reddotisat(53,477)
• Correspondingkeyis{d:317,n:851}
• 477317%851=53MISM 20
0
100
200
300
400
500
600
700
800
900
0 10 20 30 40 50 60 70 80 90 100
1. Encryption/Decryption– Publickey
• Usedbyothers• Toencryptamessageintendedonlyforyou
– Privatekey• Usedbyyou• Todecryptamessageoriginallyencryptedbyyourpublickey
2. Signing/Verification– Privatekey
• Usedtosignadocumentsothatotherscanverifythesource– Publickey
• Usedtoverifythatasigneddocumentwassignedbyyou.MISM 21
1. Encryption/Decryption– Publickey
• Usedbyothers• Toencryptamessageintendedonlyforyou
– Privatekey• Usedbyyou• Todecryptamessageoriginallyencryptedbyyourpublickey
2. Signing/Verification– Privatekey
• Usedtosignadocumentsothatotherscanverifythesource– Publickey
• Usedtoverifythatasigneddocumentwassignedbyyou.MISM 22
• How canyouguaranteetosomeonethatadocumentyousentthemisfromyou,andhasnotbeenchanged?
• HowcanyouguaranteethatthesoftwareyouareusingcamefromMicrosoft,andthatithasnotbeenaltered?
• Youwanttokeepthedocument/software/image/etc.viewableandusable,butjustwantaschemebywhichotherscanverifyitsauthenticity.
MISM 23
• Publickeyencryptioncanbeusedtoprovidedigitalsignaturestovalidateauthenticity
• Digitalsignaturesarebetterthatrealsignatures,forpeoplecanalterapaperdocumentonceyouhavesignedit.
• Withdigitalsignatures,ifthedocumentischanged,thenthesignaturebecomesinvalid.
• Thisisbecausethesignatureisanumberbasedonthecontentofthedocument.– Ormorespecifically,onthehashvalue ofadocument.
MISM 24
• RememberyoucalculatedhashvaluesinProject1!• Takesafile(application,document,picture,etc.)• Returnsalarge,butfixed-sizenumber.• Anyintentionaloraccidentalchangeinthefilewillchangeitsresultinghashvalue.
• Thefilebeingencodediscalledthe“message”• Theresultinghashvalueisalsocalledthe– "MessageDigest"– Orsimply"Digest"
MISM 25
1. Foranymessage,thehashvalueiseasytocompute.2. Itisinfeasibletocreateanewmessagethathasagiven
hashvalue– I.e.thoughyouknowthehashvalue,youcan'tcreateadocumenttomatchthathashvalue
3. Itisinfeasibletomodifyamessageinanywaywithoutchangingitshashvalue– Allmodificationschangethehashvalue.
4. Itiscompletelyunlikelythattwodocumentswillhavethesamehashvalue– Soyoudon’thavetoworrythatMallorywilljustbeluckyandfindanotherdocumentwiththesamehashvalue
MISM 26
• SHA– DesignedbytheNationalSecurityAdministration(NSA)– SHA-1
• 160bitdigest– InFeb2017,adeliberatecollisionwasdemonstrated*
• Breakingproperty#2onthepreviousslide– SHA-2
• Afamilyofrelatedhashfunctions• SHA-256(weusedforProject1)hasa256bitdigest
• MD5– 128bitdigest
• BothSHA-256andMD5areoftenrepresentedasstringsofhexdigits– (AsyoudidinProject1)
MISM 27
*GoogleannouncedthattheyhaddemonstratedaSHA-1collisionon2/23/17:https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
• Canahashfunctionbeusedtoencryptamessage?
MISM 28
• Takeyourdocument(emailmessage,etc)• Calculateahashfunctiononit.– e.g.SHA-256
• Encrypttheresultinghashvaluewithyourprivatekey.
• Theencryptedhashvalueisthedigitalsignature.• Sendit…
MISM 29
• …Therecipient• Receivesthedocument(emailmessage,etc)andthedigitalsignature.
• Decryptsthesignaturewith_____________resultingin_________________
• Calculateahashofthedocument&compareitwiththesender’shashvalue
• Shouldtheybeequal?Why?
MISM 30
• Whatdoesitmeanifthehashvaluesarenotequal?
• CouldMallorychangethedocument?• CanMallorychangethedocumentwithoutchangingthehashvalue?
• CanEvereadthedocument(email,etc.)?–Whatcanyoudoaboutthat?
MISM 31
• Howcanwesecurelytransferpublickeys?• ADigitalCertificateisadocumentthatprovidesinformationaboutanorganization–Mostimportantly,itspublickey
• AndtheDigitalCertificateisdigitallysignedbysometrustedparty.
MISM 32
• Issuedbytrustedentities– CompanyITDepartment(internally)– VeriSign– Thawte– Lotsofothers
• Typicallycontains– Owner’sname– Owner’spublickey– Expirationdate– Nameofcertificateissuer– Serialnumber– Issuer’sdigitalsignature
• E.g.BlackboardDigitalCertificate
MISM 33
MISM 34
MISM 35
ByYanpas - Ownwork,CCBY-SA4.0,https://commons.wikimedia.org/w/index.php?curid=46369922