An Introduc+on to Applied Cryptography Chester Rebeiro IIT Madras - - PowerPoint PPT Presentation

an introduc on to applied cryptography
SMART_READER_LITE
LIVE PREVIEW

An Introduc+on to Applied Cryptography Chester Rebeiro IIT Madras - - PowerPoint PPT Presentation

Sep 07, 2023 506 likes •810 views

An Introduc+on to Applied Cryptography Chester Rebeiro IIT Madras CR CR Connected and Stored Everything is connected! Everything is stored! CR CR 2 Increased Security Breaches 81% more in 2015 CR CR

slide-1
SLIDE 1

CR CR

An Introduc+on to Applied Cryptography

Chester Rebeiro IIT Madras

slide-2
SLIDE 2

CR CR

Connected and Stored

Everything is connected!

2

Everything is stored!

slide-3
SLIDE 3

CR CR

Increased Security Breaches

81% more in 2015 h9p://www.pwc.co.uk/assets/pdf/2015-isbs-execuGve- summary-02.pdf

3

slide-4
SLIDE 4

CR CR

Security Threats (why difficult to prevent?)

A9ackers need to target the weakest link in the chain

Networks / CommunicaGon links Hardware Peripherals System SoPware (OperaGng Systems / Hypervisor) ApplicaGons

4

slide-5
SLIDE 5

CR CR

Security Studies (Research)

Networks / CommunicaGon links Hardware Peripherals System SoPware (OperaGng Systems / Hypervisor) ApplicaGons Network Security Hardware Security System Security OS Security Cloud Security Web Security DBMS Security Embedded Security Cryptography

5

slide-6
SLIDE 6

CR CR

Cryptography

  • A crucial component in all security systems
  • Fundamental component to achieve

– Confiden+ality

Allows only authorized users access to data

6

slide-7
SLIDE 7

CR CR

Cryptography (its use)

  • A crucial component in all security systems
  • Fundamental component to achieve

– ConfidenGality – Data Integrity

Cryptography can be used to ensure that

  • nly authorized users

can make modificaGons (for instance to a bank account number)

7

slide-8
SLIDE 8

CR CR

Cryptography (its use)

  • A crucial component in all security systems
  • Fundamental component to achieve

– ConfidenGality – Data Integrity – Authen+ca+on

Cryptography helps prove idenGGes

8

slide-9
SLIDE 9

CR CR

Cryptography (its use)

  • A crucial component in all security systems
  • Fundamental component to achieve

– ConfidenGality – Data Integrity – AuthenGcaGon – Non-repudia+on

The sender of a message cannot claim that she did not send it

I did not send that

9

slide-10
SLIDE 10

CR CR

Scheme for Confiden+ality

Alice Bob message A9ack at Dawn!! untrusted communicaGon link Mallory Problem : Alice wants to send a message to Bob (and only to Bob) through an untrusted communicaGon link

10

slide-11
SLIDE 11

CR CR

Encryp+on

Alice Bob message “A9ack at Dawn!!” untrusted communicaGon link Mallory

Secrets

  • Only Alice knows the encrypGon key KE
  • Only Bob knows the decrypGon key KD

E D KE KD “A9ack at Dawn!!” encrypGon decrypGon #%AR3Xf34^$ (ciphertext) Only sees ciphertext. cannot get the plaintext message because she does not know the keys

11

slide-12
SLIDE 12

CR CR

Encryp+on Algorithms

Alice Bob untrusted communicaGon link E D KE KD “A9ack at Dawn!!” encrypGon decrypGon #%AR3Xf34($ (ciphertext)

  • Should be easy to compute for Alice / Bob (who know the key)
  • Should be difficult to compute for Mallory (who does not know the key)
  • What is ‘difficult’?
  • Ideal case : Prove that the probability of Mallory determining the encrypGon /

decrypGon key is no be&er than a random guess

  • Computa+onally : Show that it is difficult for Mallory to determine the keys

even if she has massive computaGonal power

12

slide-13
SLIDE 13

CR CR

Ciphers

  • Symmetric Algorithms

– EncrypGon and DecrypGon use the same key – i.e. KE = KD – Examples:

  • Block Ciphers : DES, AES, PRESENT, etc.
  • Stream Ciphers : A5, Grain, etc.
  • Asymmetric Algorithms

– EncrypGon and DecrypGon keys are different – KE ≠ KD – Examples:

  • RSA
  • ECC

13

E D

slide-14
SLIDE 14

CR CR

Encryp+on Keys

  • How are keys managed

– How does Alice & Bob select the keys? – Need algorithms for key exchange

14

Alice Bob untrusted communicaGon link E D KE KD “A9ack at Dawn!!” encrypGon decrypGon #%AR3Xf34($ (ciphertext)

slide-15
SLIDE 15

CR CR

Algorithmic ARacks

  • Can Mallory use tricks to break the algorithm
  • There by reducing the ‘difficulty’ of gemng

the key.

15

E

slide-16
SLIDE 16

CR CR

Cipher Implementa+ons

Cryptography is always an overhead !!

  • For security, the algorithms need to be computaGon

intensive.

  • OPen require large numbers, complex mathemaGcal operaGons.
  • Design Challenges: Performance, Size, Power.
  • Algorithms to achieve this

16

E

slide-17
SLIDE 17

CR CR

Implementa+on ARacks

(Side Channel Analysis)

Alice Bob message “A9ack at Dawn!!” untrusted communicaGon link Mallory

Side Channels

  • Eg. Power consump+on / radia+on
  • f device, execu+on +me, etc.

E D KE KD “A9ack at Dawn!!” encrypGon decrypGon #%AR3Xf34($ (ciphertext) Gets informaGon about the keys by monitoring Side channels of the device side channels

17

slide-18
SLIDE 18

CR CR

Side Channel Analysis

18

Radia+on from Device 1 1 1 Secret informa+on 1

Alice message “A9ack at Dawn!!” E 00111 encrypGon

slide-19
SLIDE 19

CR CR

Ciphers Design Challenges

We want crypto algorithms to be fast and small

For security, the algorithms are

computaGonally intensive. Typically use large numbers, complex operaGons

Need to protect against side channel a9acks.

Tradeoffs between Security , Speed, Side-Channel ARacks

slide-20
SLIDE 20

CR CR

Cryptography Study

  • MathemaGcs + Engineering

MathemaGcs Electrical Engg. Computer Sc. cryptography

20

Physics

slide-21
SLIDE 21

CR CR

Some Hot Research Trends

21

light weight cryptography post-quantum cryptography Leakage resilient cryptography side channel analysis efficient implementaGons cryptanalysis cloud security homomorphic encrypGon privacy enhancing security

slide-22
SLIDE 22

CR CR

The Plan Ahead

  • How are ciphers designed?

– Ideal security vs ComputaGonal security – Block ciphers / Stream ciphers – Asymmetric Key ciphers – Trade offs between security and implementaGon

  • ARacks

– Algorithmic / ImplementaGon based A9acks

  • Applica+ons

– How are they used to achieve confidenGality, integrity, authenGcaGon, non-repudiaGon

  • Case Studies

– Key Establishments, Digital Signatures, Bitcoins

22

slide-23
SLIDE 23

CR CR

Course Structure

  • Classical Cryptography
  • Shannon’s Theory
  • Block Ciphers

– DES, AES, their implementaGons and their a9acks

  • Stream Ciphers
  • Digital Signatures and AuthenGcaGon

– Hash funcGons

  • Public key ciphers

– RSA, implementaGons, and a9acks – ECC

  • Side channel analysis
  • Case Studies : Bitcoins

23

slide-24
SLIDE 24

CR CR

Expected Learning Outcomes

24

  • What you would learn by the end of the course?

§ DisGnguish between cipher algorithms

  • Where to use what algorithm?

§ Evaluate ciphers and their implementaGons for security

  • MathemaGcal cryptanalysis of some algorithms
  • Side channel based a9acks on cipher implementaGons

§ Apply algorithms to solve security problems in real-world systems

slide-25
SLIDE 25

CR CR

Books / References

25

Textbooks (STINSON) ''Cryptography: Theory and Practice", Third Edition, by Douglas R. Stinson, CRC Press, Taylor and Francis Group References (STALLINGS) ''Cryptography and Network Security: Principles and Practices'', Sixth Edition, by William Stallings (HANDBOOK) ''Handbook of Applied Cryptography'', Fifth Printing, by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, CRC Press

slide-26
SLIDE 26

CR CR

Grading

  • Quiz 1 : 20% on (18/2/2016)
  • Quiz 2 : 20% on (25/3/2016)
  • End semester : 30% on (28/4/2016)
  • Assignments : 15%
  • Tutorials : 15%

26

slide-27
SLIDE 27

CR CR

Course Webpages

  • For slides / syllabus / schedule etc.
  • For discussions / announcements / submissions

CSE Moodle Google Groups (aciitm_2017)

27

h9p://www.cse.iitm.ac.in/~chester/courses/17e_ac/index.html

slide-28
SLIDE 28

CR CR

Logis+cs

  • CS36
  • Time:

– Tuesdays : 11:00 - 11:50 AM – Wednesdays : 10:00 - 10:50 AM – Thursdays : 8:00 - 8:50 AM – Fridays : 4:50 – 5:40 PM

28