Cr Cryp yptography: His History an and Sim imple le Enc - PowerPoint PPT Presentation

Cr Cryp yptography: His History an and Sim imple le Enc Encryp yption Me Methods an and Pr Preliminaries 1

Cryp Cr yptography The word cryptography comes from the Greek words κρυπτός (hidden or secret) and γράφειν (writing). So historically cryptography has been the “art of secret writing.” Most of cryptography is currently well grounded in mathematics and it can be debated whether there’s still an “art” aspect to it. 2

Cryp Cr yptography y can be use sed at di differ eren ent level els • Algorithms: encryption, signatures, hashing, Random Number Generator (RNG) • Protocols (2 or more parties): key distribution, authentication, identification, login, payment, etc. • Systems: electronic cash, secure filesystems, smartcards, VPNs, e-voting, etc. • Attacks: on all the above 3

So Some me Applications of Cr Cryptography • Network, operating system security • Protect Internet, phone, space communication • Electronic payments (e-commerce) • Database security • Software/content piracy protection • Pay TV (e.g., satellite) • Military communications • Voting 4

Op Open vs. s. Cl Close sed Desi sign gn Model • Open design : algorithm, protocol, system design (and even possible plaintext) are public information. Only key(s) are kept secret. • Closed design : as much information as possible is kept secret. 5

Co Core Issu ssue in Network rk se securi rity y : How to to Com ommunicate S Securely? Alice Bob Looks simple … But, the devil is in the details Note: even storage is a Eve(sdropper) form of communication 6

Th The Biggest “Headache” is that… Good security must be Effective Yet Unobtrusive Because security is not a service in and of itself, but a burden! 7

Cr Cryp yptography y is s Ol Old … • Most sub-fields in CS are fairly new (20-30 years): – Graphics, compilers, software, OS, architecture • And, a few are quite old (more than several decades): – Cryptography, database, networking 8

So Some me History: : Ca Caesar’s Ci Cipher Homo Krpr Hominem Krplqhp Lupus! Oxsxv! 9

So Some me History: : Rosetta St Stone 10

So Some me History: : Enigma ma Alan Turing (1912-1954) 11

His Historic ical al (Prim imitiv itive) e) Cipher iphers • Shift (e.g., Caesar): Enc k (x) = x+k mod 26 • Affine: Enc k1,k2 (x) = k1 *x + k2 mod 26 • Substitution: Enc perm (x) = perm(x) • Vigenere: Enc K (x) = ( X[0]+K[0], X[1]+K[1], … ) • Vernam: One-Time Pad (OTP) 12

Sh Shift (Ca Caesar) r) Ci Cipher r Example: K = 11 W E W I L L M E E T A T M I D N I G H T 22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 19 7 15 7 19 22 22 23 15 15 4 11 4 23 19 14 24 19 17 18 4 H P H T W W X P P E L E X T O Y T R S E • How many keys are there? • How many trials are needed to find the key? 13

Su Substitution Ci Cipher r Example: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z X N Y A H P O G Z Q W B T S F L R C V M U E K J D I KEY W E W I L L M E E T A T M I D N I G H T K H K Z B B T H H M X M T Z A S Z O G M • How many keys are there? • How many trials are needed to find the key? 14

Su Substitution Ci Cipher r Cryptanalysis Probabilities of Occurrence 0.14 0.127 0.12 0.1 0.091 0.082 0.08 0.075 0.07 0.067 0.06 0.063 0.061 0.06 0.043 0.04 0.04 0.028 0.028 0.024 0.023 0.022 0.02 0.02 0.019 0.02 0.015 0.01 0.008 0.002 0.001 0.001 0.001 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 15

Su Substitution Ci Cipher r Cryptanalysis s Frequency of some common digram 3.5 3.21 3.05 3 2.5 2.3 2.13 2 1.9 1.83 1.81 1.53 1.51 1.5 1.36 1.32 1.3 1.28 1.28 1.22 1 0.5 0 AN AT ED EN ER ES HE IN ON OR RE ST TE TH TI 16

VE VERNAM One-Ti Time Pad (OTP TP): Wo World’s Best Cipher = Plaintext { p ,..., p } - 0 n 1 = One - time pad stream { otp ,..., otp } - 0 n 1 = Ciphertext { c ,..., c } - 0 n 1 where : = Å " < < c p otp 0 i n i i i = Å C A B Å = C B A 17

VE VERNAM One-Ti Time Pad (OTP TP): Wo World’s Best Cipher Vernam offers perfect information-theoretic • security, but: How long does the OTP keystream need to be? • How do Alice and Bob exchange the keystream? • 18

Encryp Enc yption n Princ ncipl ples • A cryptosystem has (at least) five ingredients: – Plaintext – Secret Key – Ciphertext – Encryption Algorithm – Decryption Algorithm • Security usually depends on the secrecy of the key, not the secrecy of the algorithms 19

Cr Cryp ypto Ba Basi sics 20

Average Ti Time Required fo for Exha Exhaus ustive Ke Key Sear earch (f (for Bru Brute Fo Force Atta ttacks) ) Key Size Number of Time required at 10 6 (bits) Alternative Keys Decr/µs 2 32 = 4.3 x 10 9 32 2.15 milliseconds 2 56 = 7.2 x 10 16 56 10 hours 128 2 128 = 3.4 x 10 38 5.4 x 10 18 years 168 2 168 = 3.7 x 10 50 5.9 x 10 30 years 21

Ty Types of Attainable Security • Perfect, unconditional or “information theoretic”: the security is evident free of any (computational/hardness) assumptions • Reducible or “provable”: security can be shown to be based on some common (often unproven) assumptions, e.g., the conjectured difficulty of factoring large integers • Ad hoc: the security seems good often -> “snake oil”… Take a look at: http://www.ciphersbyritter.com/GLOSSARY.HTM 22

Comp Co mputational Se Securi rity • Encryption scheme is computationally secure if – cost of breaking it (via brute force) exceeds the value of the encrypted information; or – time required to break it exceeds useful lifetime of the encrypted information • Most modern schemes we will see are considered computationally secure – Usually rely on very large key-space, impregnable to brute force • Most advanced schemes rely on lack of knowledge of effective algorithms for certain hard problems, not on a proven inexistence of such algorithms (reducible security)! – Such as: factorization, discrete logarithms, etc. 23

Complexity Reminder/Re-cap P: problems that can be solved in polynomial time, i.e., problems that can be • solved/decided “efficiently” NP: broad set of problems that includes P; • • answers can be verified “efficiently” (in polynomial time); • solutions cannot always be efficiently found (as far as we know). NP-complete: the believed-to-be-hard decision problems in NP, they appear • to have no efficient solution; answers are efficiently verifiable, solution to one is never much harder than a solution to another NP-hard: hardest; some of them may not be solved by a non-deterministic • TM. Many computational version of NP-complete problems are NP-hard. • Examples: • Factoring, discrete log are in NP, not know if NP-complete or in P • Primality testing was recently (2002) shown to be in P • Knapsack is NP-complete 24 For more info, see: https://www.nist.gov/dads//

P vs NP 25

Cryptosystems Classified along three dimensions: • Type of operations used for transforming plaintext into ciphertext – Binary arithmetic: shifts, XORs, ANDs, etc. • Typical for conventional encryption – Integer arithmetic • Typical for public key encryption • Number of keys used – Symmetric or conventional (single key used) – Asymmetric or public-key (2 keys: 1 to encrypt, 1 to decrypt) • How plaintext is processed: – One bit at a time – A string of any length – A block of bits 26

Conventional Encryption Principles 27

Co Conventional (S (Symme ymmetri ric) ) Cr Cryp yptography K AB K AB decryption encryption ciphertext plaintext plaintext algorithm algorithm m m = K ( ) K (m) K (m) AB AB AB • Alice and Bob share a key K AB which they somehow agree upon (how?) • key distribution / key management problem • ciphertext is roughly as long as plaintext • examples: Substitution, Vernam OTP, DES, AES 28

Us Uses es of Conven entio tional al Cryptograp aphy • Message transmission (confidentiality): • Communication over insecure channels • Secure storage: crypt on Unix • Strong authentication: proving knowledge of a secret without revealing it: • See next slide • Eve can obtain chosen <plaintext, ciphertext> pair • Challenge should be chosen from a large pool • Integrity checking: fixed-length checksum for message via secret key cryptography • Send MAC along with the message MAC=H(m,K) 29

Challenge-Re Ch Response Authentication Ex Exampl ple K AB K AB r a challenge K AB (r a ) challenge reply r b challenge K AB (r b ) challenge reply 30

Co Conventional Cr Cryp yptography Ø Advantages l high data throughput l relatively short key size l primitives to construct various cryptographic mechanisms Ø Disadvantages l key must remain secret at both ends l key must be distributed securely and efficiently l relatively short key lifetime 31