Course Information Course materials: - PowerPoint PPT Presentation

Course Information Course materials: http://squall.cs.ntou.edu.tw/CryptoIntro/ Overview Basic course contents: 密碼學與應用 Fundamental cryptography and its applications in constructing secure information infrastructure: 海洋大學資訊工程系 networking environments, distributed computing 丁培毅 resources, cloud services, and computing facilities. 1 2 Overview of Cryptography Overview of Cryptography • People want and need privacy and security • Nowadays, with the fast technologic (confidentiality, integrity, authenticity, and progress, our dependency on computer availability) while communicating systems and networks has increased a lot • In the past, cryptography is heavily used for such that we need more sophisticated military applications to keep sensitive techniques to ensure the smooth operations. information secret from enemies (adversaries). • Cryptography provides most of the methods – Julius Caesar used a simple shift cipher to and techniques for secure communication communicate with his generals in the battlefield. and secure computing – World War I, World War II (Enigma) 3 4

Terminology Terminology • Cryptology: A term used for the study of • Coding Theory: Deals with representing secure mechanisms for communication over the information using codes. It covers: insecure channels and related problems. compression, secrecy, and error-correction. • Cryptography: The process of designing – Recently, it is predominantly associated with systems to realize secure communications error-correcting over insecure channels. – codes which ensures the correct transmissions • Cryptoanalysis: The discipline of breaking over noisy-channels. cryptographic systems. 5 6 The Aspects of Cryptography The Aspects of Cryptography • Without having a complete understanding • Modern cryptography heavily depends on of cryptoanalysis / cryptoanalytic mathematics and the usage of digital techniques / provable security, it is systems. impossible to design good (secure, • It is an inter-disciplinary study of basically unbreakable) cryptographic systems. three fields: Mathematics • It makes use of other disciplines such as Computer Science number theory, quantum physics, error- Electrical Engineering correcting codes, and computation theory. 7 8

Basic Communication Scenario Eve’s Goals (1) Peep the transmitted message. Encryption Key Decryption Key (2) Figure out the key Alice is using and read plaintext plaintext ciphertext Alice Encrypt Decrypt Bob all the messages encrypted with that key. (3) Modify the content of the message in such a way that Bob will think Alice sent the Enemy or Adversary Eve corrupted message. (Mallory / (4) Impersonate Alice and communicate with Oscar / Trusted Third BlackHat) Bob who thinks he is communicating with Party (TTP) Alice. 9 10 Eve’s Goals (cont’d) Network Security Attacks Security attack : any action that compromises the security of information • Eve or Oscar is a passive observer who tries to perform (1) and (2). Four general categories of attacks: [W. Stalling]  Interruption • Mallory is more active and evil who tries to  Interception perform (3) and (4).  Modification  Fabrication 11 12

Interruption Interception • An unauthorized party gains access to an asset  An asset of the system is destroyed or • This is an attack on confidentiality becomes unavailable or unusable  This is an attack on availability Information Information source destination Information Information source destination 13 14 Modification Fabrication • An unauthorized party not only gains access to • An unauthorized party inserts counterfeit but tampers with an asset objects into the system • This is an attack on authenticity • This is an attack on integrity&authenticity Information Information Information Information source destination source destination 15 16

Categories of Network Attacks Classes of S/W Security Vulnerabilities • Buffer Overflow / Underflow, Integer Overflow • Passive vs. Active • Format Strings • Tainted Input / Input Validation network security examples: • Race Conditions Passive threats Active threats • Trust Management • Password Management • Database Access (user ID/password) • Insecure temp file usage, broken CGI practices Reveal of Traffic Masquerade Replay Modification Denial of message contents analysis (spoofing, (capture) of message service • Poor Cryptography Practices hijacking) contents (interrupti (Eavesdropping) (tampering) on) • Poor Randomness 17 18 Methods of Cryptoanalysis Methods of Cryptoanalysis(cont’d) focus on the Encrypt/Decrypt algorithm only • Chosen Plaintext: Eve has a copy of ciphertext corres- ponding to a copy of plaintext selected by Eve • Ciphertext only: Alice has only a copy of ciphertext who believes it is useful in breaking a ciphertext. Eve can temporarily access the encryption engine. Ex: fighter plane transponder • Known Plaintext: Eve has a bunch of ciphertexts and challenge - response the corresponding plaintexts and • Chosen Ciphertext: Eve has a copy of plaintext tries to break a particular ciphertext. corresponding to a copy of ciphertext selected by Eve Ex: fixed letter head: who believes it is useful in breaking a ciphertext. Dear Sir, Eve can temporarily access the decryption engine. fixed file format: Ex: auto email response system <html>….. 19 20

Methods of Cryptoanalysis(cont’d) Kerckhoffs’s Principle (1883) “Il faut qu’il n’exige pas le secret, et qu’il puisse sans • fighter plane transponder inconvenient tomber entre les mains de l’ennemi.” ( [A cipher] must not depend on secrecy, and it must not generate matter if it falls into enemy hands. ) obscurity of the algorithm random r r August Kerckhoffs, La Crytographie Militaire, Jan. 1883 • While assessing the strength of a cryptosystem, one E k (r) ? should always assume that the enemy knows the D k (E k (r)) = r cryptographic algorithm used. r 1 r 2 r 3 • CPA: • The security of an encryption system should based on – the quality (strength) of the algorithm but not its obscurity c 3 – the key space (or key length) c 2 c 1 21 22 Security Services Kerckhoffs’s Desiderata • Confidentiality • Authentication • Integrity Conceptually: • Non-repudiation  choices of moves  difficult to resolve the • Access control (Identification) choices reversely  difficult to solve in a brute-force way 23 24

Symmetric & Public Key Algorithms Symmetric Key Cryptosystems • Symmetric Key Cryptosystems – Examples : – Encryption and decryption keys are known to both • DES (Data Encryption Standard, 1976) and communicating parties (Alice and Bob). • AES (Advanced Encryption Standard, 2001): Rijndael – They are usually related and it is easy to derive from – A secret should be shared (or agreed) between each other (i.e. easy to derive the decryption key communicating parties. once one knows the encryption key and vice versa). – In most cases, they are identical. – All of the traditional (pre-1970) cryptosystems are symmetric. Also known as secret-key cryptosystem 25 26 Public Key Cryptosystems Public Key Cryptography (PKC) • Why public key cryptography ? • Each user has a pair of keys which are generated together under a scheme: – Key distribution and management are difficult in symmetric cryptosystems (DES, 3DES, IDEA, – Private Key - known only to the owner AES(Rijndael)) over large networks – Public Key - known to anyone in the systems – Can not provide public verifiable and non-repudiable with validity assurance “digital signature” with symmetric ciphers • Encryption with PKC: • Public key cryptography provides functions for all security services. – Sender encrypts the message by the Public Key of the receiver • Also makes it simple to implement key exchange, – Only the receiver can decrypt the message by secret sharing functions, etc. her/his Private Key asymmetry 27 28

Non-mathematical PKC Non-mathematical PKC the padlock metaphor • Bob has a box and a padlock which only he can • Attack : unlock once it is locked. – Eve can replace Bob’s padlock with hers when • Alice want to send a message to Bob. Bob is sending the box and padlock to Alice. • Bob sends his box and the unlocked padlock to Alice. • Alice puts her message in the box and locks the box with Bob’s padlock and sends the box to Bob thinking that the message is safe since only Bob can unlock the padlock and accesses the contents of the box. • Bob receives the box, unlocks the padlock and reads the message. 29 30 Simple Puzzle Problems of PKC • 腐敗的俄羅斯郵政系統 • Powerful tools with their own intrinsic problems. – 任何有價值 , 未上鎖的東西在經過郵政系統傳 – Computationally intensive operations are involved. 遞時安全抵達目的地的機會很接近 0 Much slower than the symmetric key algorithms. PKC should not be used for encrypting large – 聰明的俄羅斯人當然有辦法對付 quantities of data. – Question: 有一個有為的青年要送給他的女友 – Implementation is always a challenge. 一枚貴重的戒指 , 他有一個很堅固的的鐵盒 , 可以用鎖頭鎖住 , 請問他和他的女友該如何 配合而可將戒指安全地寄達 ?? Shamir’s three pass protocol 31 32