15
Module 3 – Cryptography • Cryptography basics • Ciphers • Symmetric Key Algorithms • Public Key Algorithms • Message Digests • Digital Signatures

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Embed Size (px)

Citation preview

Page 1: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Module 3 – Cryptography

• Cryptography basics

• Ciphers

• Symmetric Key Algorithms

• Public Key Algorithms

• Message Digests

• Digital Signatures

Page 2: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

• Definitions (Encryption, Decryption, Plaintext, Ciphertext)

• Symmetric Key Algorithms

• Public Key Cryptography

Cryptography Basics

Encryption DecryptionPlaintext Ciphertext

OriginalPlaintext

Encryption DecryptionPlaintext Ciphertext

OriginalPlaintext

Key

Encryption DecryptionPlaintext Ciphertext

OriginalPlaintext

EncryptionKey

DecryptionKey

Key

Page 3: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Types of cipher

• Stream cipher– Each bit (or byte) is encrypted or decrypted individually– Simple substitution ciphers (ROT13, XOR)

• Example - ROT13– abcdefghijklmnopqrstuvwxyz– nopqrstuvwxyzabcdefghijklm

• Block cipher– A sequence of bits (or bytes) is used at each step in the

encryption and decryption process (DES)

rot is insecureebg vf vafrpher

Page 4: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Symmetric Algorithms

• Substitution (ROT13, Cryptoquotes)• Transposition• XOR• One Time Pad• DES• IDEA• RC2, RC4, RC5

Not the mo

st secure

algorithm

in the wor

ld.

Nsail

otlnd

t g

sot.

terh

hcie

eut

rhw

memo

o rNot the most secure algorithm in the world.

Nsailotlndt g sot.terh hcie eut rhw memo o r

Page 5: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Digital Encryption Standard (DES)

• A block cipher with a 56-bit key length– Acutally a 64-bit number, but every 8th bit is ignored

• Operates on a 64-bit block of plain text at a time– 64 bits of plaintext come in --> 64 bits of ciphertext come out

• Performs 16 rounds, where in each round– the input bits are permuted– a key is applied to the resulting permutation

• The key is shifted before each round• The same algorithm and key are used for encryption

and decryption, with a different key schedule

Page 6: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Advanced Encryption Standard (AES)

• A block cipher with a 128-bit block size• Key lengths of 128, 192, and 256 bits supported• Operates on a 4x4 array of bytes• Each round has four steps:

– AddRoundKey (uses XOR operation with subkey)– SubBytes (Each byte is replaced based on a lookup table)– ShiftRows (bytes in each row are shifted to the left)– MixColumns (each column is multiplied by a fixed

polynomial)

Page 7: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Public Key Cryptography

• A public key - private key pair are used, one for encryption and the other for decryption

Public Key:n - product of two primes, p and q (p and q are secret)e - relatively prime to (p-1)(q-1)Private Key:d - e-1mod ((p-1)(q-1))Encrypting:c = me mod nDecrypting:m = cd mod n

Page 8: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

• Let p=3, q=11• n=pq=33• e must be relatively prime to (p-1)(q-1)=20• choose e = 7, then d = 7-1 mod 20 = 3• Plaintext is 3,4,2 (m1=3, m2=4, m3=2)• c1=m1

e mod n = 37 mod 33 = 9• c2 = m2

e mod n = 47 mod 33 = 15• c3 = m3

e mod n = 27 mod 33 = 29• Ciphertext is 9,15,29• m1=c1

d mod n = 93 mod 33 = 3• m2=c2

d mod n = 153 mod 33 = 4• m3=c3

d mod n = 293 mod 33 = 2• Plaintext is 3,4,2

Page 9: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Message Digests

• A message digest is a one-way function which maps the information contained in a (small or large) file to a single large number, typically between 128 bits and 256 bits in length.

• A good message digest function should have the following properties:– Every bit of the output is influenced by every bit of the input– Changing a single bit in the input results in every output bit

having a 50% chance of changing– Given an input file, its corresponding digest, and the digest

function, it is computationally infeasible to produce another input file which maps to the same digest

Page 10: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Message

DigestAlgorithm

Hash

BlockCipher

Message Authentication

Code

MAC Message

Secret Key

Operation of a message digest function to produce a message authentication code

Page 11: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Message Digests (continued)

• HMAC• The Hashed Message Authentication Code uses a secret

key in combination with a message digest function to produce a secret message authentication code

• Since an attacker doesn’t know the secret, the attacker cannot produce a correct authentication code if they alter the message in an way

• SHA-1• Developed by the NSA for use with the Digital

Signature Standard

Page 12: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Private Key

MessageHash

Function

Digest

Encrypt

Signature

Message

Signature

Hash Function

Decrypt

Public Key

Message

ActualDigest

ExpectedDigest

If actual and expected match, the signature is verified

Originator RecipientTransmitted Message

RSA Digital Signature

Page 13: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Roles for Cryptography

• Authentication– Digital signatures

• Authorization– Distribution of lists of authorized users

• Confidentiality– Information is scrambled in transit or on disk

• Integrity– Digitally signed message digest codes

• Non-repudiation– Cryptographic receipts

Page 14: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

Cryptography can’t:

• protect unencrypted documents• protect against stolen encryption keys• protect against DOS (denial of service)• protect against traffic analysis• protect against a passerby

Page 15: Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures

SSL

• Resides above TCP/IP on the protocol stack• Adds numerous features to TCP, including

– Authentication to server (digital signature)– Authentication to client (digital signature)– Data confidentiality (encryption)– Data integrity (Message authentication codes)