View
221
Download
3
Tags:
Embed Size (px)
Citation preview
Stephen S. Yau 1CSE465-591 Fall 2006
CryptographyCryptography
Stephen S. Yau 2CSE465-591 Fall 2006
CryptographyCryptography In Greek means “secret writing” In Greek means “secret writing” An outsider An outsider
(interceptor/intruder/adversary) can (interceptor/intruder/adversary) can make following threats: make following threats: Block message (affecting availability)Block message (affecting availability) Intercept message (affecting secrecy)Intercept message (affecting secrecy) Modify message (affecting integrity)Modify message (affecting integrity) Fabricate message (affecting integrity)Fabricate message (affecting integrity)
Cryptography is the fundamental Cryptography is the fundamental technique to counter these threats technique to counter these threats because the outsider does not because the outsider does not understand the meaning of messagesunderstand the meaning of messagesT1:
ch8.1 T2: ch9.1
Stephen S. Yau 3CSE465-591 Fall 2006
Cryptography Cryptography (cont.)(cont.)
CryptographyCryptography:: Study of mathematical Study of mathematical techniques related to certain aspects of techniques related to certain aspects of information security, such as confidentiality, information security, such as confidentiality, data integrity, entity authentication, and data data integrity, entity authentication, and data origin authentication.origin authentication. The basic component of cryptography is a The basic component of cryptography is a
cryptosystemcryptosystem CryptanalystCryptanalyst:: Person working for Person working for
unauthorized interceptorunauthorized interceptor CryptographerCryptographer:: Person working for Person working for
legitimate sender or receiverlegitimate sender or receiver CryptologyCryptology:: Study of encryption and Study of encryption and
decryption, including cryptography and decryption, including cryptography and cryptanalysis.cryptanalysis.
Stephen S. Yau 4CSE465-591 Fall 2006
CryptosystemCryptosystem AA cryptosystem cryptosystem is a 5-tuple (is a 5-tuple (, D, M, K, C, D, M, K, C), ),
where where MM is the set of plaintexts, K is the set is the set of plaintexts, K is the set of keys, of keys, CC is the set of ciphertexts, is the set of ciphertexts, : : K→CK→C is the set of encipher ( is the set of encipher (encryptionencryption) ) functions, and functions, and D: C D: C K→M K→M is the set of is the set of deciphering (deciphering (decryptiondecryption) functions.) functions. Plaintext Plaintext MM: set of messages in original form: set of messages in original form Ciphertext Ciphertext CC: set of messages in encrypted : set of messages in encrypted
formform
Stephen S. Yau 5CSE465-591 Fall 2006
Cryptosystem Cryptosystem (cont.)(cont.) EncryptionEncryption:: Process of encoding Process of encoding
(enciphering) a message so that its meaning (enciphering) a message so that its meaning is not obvious.is not obvious. Provide confidentialityProvide confidentiality Principle of EncryptionPrinciple of Encryption
Very hard (impossible) to find out the Very hard (impossible) to find out the message without knowing the keymessage without knowing the key
Very easy (and fast) to find out the Very easy (and fast) to find out the message knowing the keymessage knowing the key
DecryptionDecryption:: Process of decoding Process of decoding (deciphering or transforming) an encrypted (deciphering or transforming) an encrypted message to its original form. message to its original form.
Stephen S. Yau 6CSE465-591 Fall 2006
Types of CryptosystemsTypes of Cryptosystems Symmetric cryptosystems (also called Symmetric cryptosystems (also called single-single-
keykey cryptosystems) are cryptosystems) are classical classical cryptosystemscryptosystems: :
MM = = DD((KK, , EE((KK, , MM)))) The encryption key and decryption key are the same.The encryption key and decryption key are the same.
Asymmetric cryptosystem: Asymmetric cryptosystem:
MM = = DD((KKdd, , EE((KKee, , MM)))) KKdd is the decryption key and is the decryption key and KKee is the encryption key is the encryption key
KKd d ≠ ≠ KKeeT1: ch8.2 T2: ch9.2
Stephen S. Yau 7CSE465-591 Fall 2006
One-Time PadOne-Time Pad One-Time Pad (OTP) is the only One-Time Pad (OTP) is the only
mathematically secure cryptosystem.mathematically secure cryptosystem. Mathematical SecurityMathematical Security: using theory of : using theory of
statistics and probability, the ciphertext statistics and probability, the ciphertext CC generated by the encryption algorithm generated by the encryption algorithm EE has has been proven to be undecipherablebeen proven to be undecipherable, except , except using the right decryption algorithm D. using the right decryption algorithm D.
OTP uses a symmetric key, which should OTP uses a symmetric key, which should be statistically proven to be be statistically proven to be randomrandom
Message
Key 00101011 …
Cipher 10111101 … 10010110 …
Sender
Message
Key 00101011 …
Cipher 10111101 … 10010110 …
Receiver
T1: ch8.2.2 T2: ch9.2.2
Stephen S. Yau 8CSE465-591 Fall 2006
One Time Pad One Time Pad (cont.)(cont.) A and B wish to communicate privately A and B wish to communicate privately
using the one-time pad (it uses a using the one-time pad (it uses a symmetric key K)symmetric key K)
They have previously agreed upon secret They have previously agreed upon secret key K which is a string of n randomly key K which is a string of n randomly chosen bitschosen bits
If A wishes to send an n-bit message M to If A wishes to send an n-bit message M to B, A sends to B the ciphertext C = M XOR B, A sends to B the ciphertext C = M XOR K, K,
The received ciphertext can be decrypted The received ciphertext can be decrypted by B to obtain M, since M = C XOR K. by B to obtain M, since M = C XOR K.
When another message is to be sent, When another message is to be sent, another key K must be used, hence the another key K must be used, hence the name “one-time pad”name “one-time pad”
Stephen S. Yau 9CSE465-591 Fall 2006
Difficulties of OTPDifficulties of OTP To ensure the security of the To ensure the security of the
system, key size should not be less system, key size should not be less than message size (not necessary than message size (not necessary for other cryptosystems)for other cryptosystems)
Generating a fully random key is Generating a fully random key is practically very difficultpractically very difficult
Sending an unrepeated key with the Sending an unrepeated key with the same size of the message through a same size of the message through a secure channel to the receiver is secure channel to the receiver is not practicalnot practical
Stephen S. Yau 10CSE465-591 Fall 2006
Computational SecurityComputational Security An encryption scheme is An encryption scheme is
computationally securecomputationally secure if it takes if it takes exponentially long time to break the exponentially long time to break the ciphertext. ciphertext.
Lifetime of a cryptosystemLifetime of a cryptosystem: : The The minimum time for unauthorized minimum time for unauthorized decoding of encrypted messagedecoding of encrypted message Defined for each application, Defined for each application,
Examples:Examples: Military orders = 1 hour to 3 yearsMilitary orders = 1 hour to 3 years Check transactions = 1 yearCheck transactions = 1 year Business agreements = 10-15 yearsBusiness agreements = 10-15 years
Stephen S. Yau 11CSE465-591 Fall 2006
Classical CryptographyClassical Cryptography Basic techniques for classical ciphersBasic techniques for classical ciphers
SubstitutionSubstitution:: One letter is exchanged for One letter is exchanged for anotheranother
TranspositionTransposition:: The order of the letters is The order of the letters is rearrangedrearranged
Classical ciphersClassical ciphers Mono-alphabeticMono-alphabetic:: Letters of the plaintext Letters of the plaintext
alphabet are mapped into other unique lettersalphabet are mapped into other unique letters Poly-alphabeticPoly-alphabetic:: Letters of the plaintext Letters of the plaintext
alphabet are mapped into letters of the ciphertext alphabet are mapped into letters of the ciphertext space depending on their positions in the textspace depending on their positions in the text
StreamStream:: Key stream is generated and used to Key stream is generated and used to encrypt the plaintext (Symmetric Key Algorithms)encrypt the plaintext (Symmetric Key Algorithms)
Stephen S. Yau 12CSE465-591 Fall 2006
SubstitutionSubstitution Substitute each letter in the plaintext for another Substitute each letter in the plaintext for another
oneone Goal: Goal: Confusion – difficult to determine how a Confusion – difficult to determine how a
message and key were transformed into ciphertext. message and key were transformed into ciphertext. Example Example (Caesar Cipher)(Caesar Cipher)
a b c d e f g h i j k l m n o p q r s t u v w x y za b c d e f g h i j k l m n o p q r s t u v w x y z q e r y u i o p a s d f g w h j k l z x c v b n m tq e r y u i o p a s d f g w h j k l z x c v b n m t
under attack we need help under attack we need help
cwyul qxxqrd bu wuuy pufjcwyul qxxqrd bu wuuy pufj
T1: ch8.2.2 T2: ch9.2.2
Stephen S. Yau 13CSE465-591 Fall 2006
TranspositionTransposition Change the positions of the characters in Change the positions of the characters in
the plaintextthe plaintext Goal:Goal: Diffusion – spread the information Diffusion – spread the information
from the message or the key across the from the message or the key across the ciphertext.ciphertext.
Example:Example: message: meet me after the toga partymessage: meet me after the toga party
m e m a t r h t g p r ym e m a t r h t g p r y e t e f e t e o a a te t e f e t e o a a t
Ciphertext: Ciphertext: MEMATRHTGPRYETEFETEOAATMEMATRHTGPRYETEFETEOAAT T1:
ch8.2.1 T2: ch9.2.1
Stephen S. Yau 14CSE465-591 Fall 2006
Four Secure Key Distribution Four Secure Key Distribution StrategiesStrategies
for for Symmetric CryptosystemsSymmetric Cryptosystems
11. A key K can be selected by A to be shared . A key K can be selected by A to be shared with B, and K needs to be physically with B, and K needs to be physically delivered to B delivered to B
2. A third party can select the same key K 2. A third party can select the same key K and physically deliver K to A and Band physically deliver K to A and B
3. If A and B have previously used a key K’, 3. If A and B have previously used a key K’, one party can transmit the new key K to one party can transmit the new key K to the other, encrypted using the old key K’the other, encrypted using the old key K’
4. If A and B each has an encrypted 4. If A and B each has an encrypted connection to a third party C, C can connection to a third party C, C can transmit the new key K on the encrypted transmit the new key K on the encrypted links to both A and Blinks to both A and B
Stephen S. Yau 15CSE465-591 Fall 2006
Asymmetric Key Asymmetric Key CryptosystemCryptosystem
(Public Key Cryptosystem)(Public Key Cryptosystem) Uses public and private keysUses public and private keys
Public key for encryptionPublic key for encryption Private key for decryptionPrivate key for decryption
Examples:Examples: RSA RSA Trapdoor one-way functionTrapdoor one-way function Elliptical curve cryptographyElliptical curve cryptography
T1: ch8.3 T2: ch9.3
Stephen S. Yau 16CSE465-591 Fall 2006
RSA PrincipleRSA Principle Developed by Ron Developed by Ron RRivest, Adi ivest, Adi SShamir, and hamir, and
Leonard Leonard AAdleman. (MIT, 1977) dleman. (MIT, 1977)
C = mC = mee mod (pq) mod (pq) p, q: any two large prime numbers p, q: any two large prime numbers
(more than 512 bits)(more than 512 bits) e: public keye: public key d: private keyd: private key
Knowing CKnowing C and e, it is “infeasible” to and e, it is “infeasible” to calculate m without knowing d, p and qcalculate m without knowing d, p and q
Knowing d, p and q, it is easy to find the Knowing d, p and q, it is easy to find the original plaintext message m = Coriginal plaintext message m = Cdd mod (pq) mod (pq)
T1: ch8.3.1 T2: ch9.3.2
Stephen S. Yau 17CSE465-591 Fall 2006
RSA Principle RSA Principle (cont.)(cont.)
Sender
Intruder
ReceiverC
{m, e, p, q; C= me mod(pq)}
{C, e, p, q; m=Cd mod(pq)}
{C, e}
Stephen S. Yau 18CSE465-591 Fall 2006
Public Key Distribution and Public Key Distribution and AuthenticationAuthentication
Using the “Right” Public Key:Using the “Right” Public Key: Must be Must be authenticauthentic, not necessarily secret, not necessarily secret
Obtaining the “Right” Public Key:Obtaining the “Right” Public Key: DirectlyDirectly from its owner from its owner IndirectlyIndirectly, in a signed message from a , in a signed message from a
Certification AuthorityCertification Authority (CA):(CA): A A CertificateCertificate is a digitally signed message is a digitally signed message
from a CA binding a public key to a namefrom a CA binding a public key to a name Certificates can be passed around, or Certificates can be passed around, or
managed in directoriesmanaged in directories Protocols:Protocols: X.509 (RFC 2459), SPKI/SDSI, X.509 (RFC 2459), SPKI/SDSI,
etc. etc.
Stephen S. Yau 19CSE465-591 Fall 2006
ReferencesReferences Matt BishopMatt Bishop, , Introduction to
Computer Security, , Addison- Addison- WesleyWesley, , 2004, ISBN: 0321247442 2004, ISBN: 0321247442
Matt Bishop, Matt Bishop, Computer Security: Art Computer Security: Art and Science,and Science, Addison- WesleyAddison- Wesley, , 2002, 2002, ISBN: 0201440997ISBN: 0201440997
Stephen S. Yau 20CSE465-591 Fall 2006
SteganographySteganography
Stephen S. Yau 21CSE465-591 Fall 2006
Secure Secure CommunicationCommunication
Two parties, Alice and Bob, can Two parties, Alice and Bob, can exchange information over an exchange information over an insecure mediuminsecure medium in such a way that in such a way that even if an intruder (Willie) is able to even if an intruder (Willie) is able to intercept, read and perform intercept, read and perform computation on the intercepted computation on the intercepted information, Willie will not be able to information, Willie will not be able to decipher the content of the decipher the content of the exchanged information. exchanged information.
Stephen S. Yau 22CSE465-591 Fall 2006
Encryption may not be Encryption may not be enoughenough
Prisoners Problem: – Alice and Bob are in jail and wish to
hatch an escape plan . All their communications pass through the warden,Willie, and if Willie detects any encrypted messages, he can simply stop the communication.
So they must find some way of hiding their secret message in an innocuous looking text.
Stephen S. Yau 23CSE465-591 Fall 2006
SteganographySteganographyThe art of hiding information in ways
that prevent detection of hidden messages.
In Greek means “covered writing” Steganography and cryptography are
cousins in the spy craft familyWhile the goal of the cryptography
system is to conceal the content of the messages, the goal of information hiding or steganography is to conceal their existence
Stephen S. Yau 24CSE465-591 Fall 2006
SteganographySteganographyWhat to hide
– Texts– Images– Sound
How to hide– embed text in
text/images/audio/video files– embed image in
text/images/audio/video files– embed sound in
text/images/audio/video files
Stephen S. Yau 25CSE465-591 Fall 2006
Steganographic Steganographic SystemSystem
Stephen S. Yau 26CSE465-591 Fall 2006
ComparisonComparisonCryptography
C = Ek (P) Plain text
P = Dk (C)
Key
Steganography
secret message
cover image
f Stego message
f Ciphertext
Stephen S. Yau 27CSE465-591 Fall 2006
A Real ExampleA Real Example During WW2 the following cipher
message was actually sent by a German spy “Apparently neutral’s protest is thoroughly
discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils”
Hidden Message “Pershing sails from NY June 1” Can be obtained by extracting the second
letter in each word of the message sent
Stephen S. Yau 28CSE465-591 Fall 2006
Steganographic Steganographic TechniquesTechniques
Genome Steganography: Encoding a hidden message in a strand of human DNA
Hiding in Text: Information hidden in documents by manipulating the positions of lines and words
Hiding in Images/Videos: least significant bit insertion masking and filtering applying more sophisticated image processing
algorithms
Stephen S. Yau 29CSE465-591 Fall 2006
Steganographic Steganographic TechniquesTechniques (Cont.)(Cont.)
Hiding data in audio files: Data can be hidden in the audio files. Slight alterations on sound, such as tiny shifts in phase angle, speech cadence, and frequency, can transport hidden information, but are indiscernible to human senses
Hiding in video file: least significant bit insertion masking and filtering applying more sophisticated image processing
algorithms
Stephen S. Yau 30CSE465-591 Fall 2006
Steganographic Steganographic TechniquesTechniques (Cont.)(Cont.)
Hiding in the disk space: Hiding the data in unused or reserved space.
Hiding data in software and circuitry: Data can be hidden in the layout of the code distributed in a program or the layout of electronic circuits on a board.
Hiding in network packets: Hidden in packets transmitted through the Internet.
Stephen S. Yau 31CSE465-591 Fall 2006
Digital WatermarkingDigital Watermarking Watermarking is used primarily for identification Watermarking is used primarily for identification
and entails embedding a unique piece of and entails embedding a unique piece of information within a medium without noticeably information within a medium without noticeably altering the mediumaltering the medium
The difference between Steganography and The difference between Steganography and Watermarking is primarily Watermarking is primarily intentintent. . Steganography conceals information; Steganography conceals information; Watermarks extend information and become an Watermarks extend information and become an
attribute of the cover imageattribute of the cover image Publishing and broadcasting industries are Publishing and broadcasting industries are
interested in techniques for hiding encrypted interested in techniques for hiding encrypted copyright marks and serial numbers in digital copyright marks and serial numbers in digital films, audio recordings, books and multimedia films, audio recordings, books and multimedia products.products.
Stephen S. Yau 32CSE465-591 Fall 2006
ReferencesReferences Stefan Katzenbeisser, Fabien A. P. Stefan Katzenbeisser, Fabien A. P.
Petitcolas, Petitcolas, Information Hiding Information Hiding Techniques for Steganography and Techniques for Steganography and Digital WatermarkingDigital Watermarking, , Artech House Artech House Books, January 2000 Books, January 2000