cryptography intro
play

CRYPTOGRAPHY INTRO GRAD SEC OCT 17 2017 SCENARIOS AND GOALS - PowerPoint PPT Presentation

Mar 20, 2023 •359 likes •822 views

CRYPTOGRAPHY INTRO GRAD SEC OCT 17 2017 SCENARIOS AND GOALS Alice Bob Disk Public network SCENARIOS AND GOALS Alice Bob Disk Public network SCENARIOS AND GOALS Alice Bob Disk Public network Keep others from CONFIDENTIALITY

  1. CRYPTOGRAPHY 
 INTRO GRAD SEC OCT 17 2017

  2. SCENARIOS AND GOALS Alice Bob Disk Public network

  3. SCENARIOS AND GOALS Alice Bob Disk Public network

  4. SCENARIOS AND GOALS Alice Bob Disk Public network Keep others from CONFIDENTIALITY reading Alice’s messages / data Keep others from undetectably INTEGRITY tampering with Alice’s messages / data Keep others from undetectably AUTHENTICITY impersonating Alice (keep her to her word, too)

  5. RANDOMNESS

  6. RANDOMNESS Message m

  7. RANDOMNESS Something that leaks 
 no information about m Message m

  8. RANDOMNESS Something that leaks 
 no information about m Message m Original m

  9. RANDOMNESS Something that leaks 
 no information about m Message m Original m Message m

  10. RANDOMNESS Something that leaks 
 no information about m Message m Original m <m , unpredictable ‘tag’> Message m

  11. RANDOMNESS Something that leaks 
 no information about m Message m Original m <m , unpredictable ‘tag’> Determine if m 
 Message m was tampered

  12. RANDOMNESS Something that leaks 
 no information about m Message m Original m <m , unpredictable ‘tag’> Determine if m 
 Message m was tampered Ideally, to the attacker, it is indistinguishable from 
 a string of bits chosen uniformly at random

  13. RANDOMNESS Something that leaks 
 no information about m Message m Original m <m , unpredictable ‘tag’> Determine if m 
 Message m was tampered Ideally, to the attacker, it is indistinguishable from 
 a string of bits chosen uniformly at random This will be impossible with Alice and Bob having a shared secret

  14. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … f 2 1 0 2 3 4 … … 7 9 5 1 8 … f |X|! Think of X as all 
 128-bit bit string s

  15. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … … 7 9 5 1 8 … f |X|! Think of X as all 
 128-bit bit string s

  16. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! Think of X as all 
 128-bit bit string s

  17. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s

  18. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s

  19. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s Shared secret: index i chosen u.a.r.

  20. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s Shared secret: index i chosen u.a.r. i i

  21. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s Shared secret: index i chosen u.a.r. i i Message m

  22. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s Shared secret: index i chosen u.a.r. i i f i (m) Message m

  23. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s Shared secret: index i chosen u.a.r. i i f i (m) Message m Learns m

  24. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s Shared secret: index i chosen u.a.r. i i f i (m) Message m Learns m Without knowing i , 
 learns nothing about m

  25. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Consider the set of all permutations f i : X → X f 1 0 1 2 3 4 … If you know i , then f i (x) is trivial to invert f 2 1 0 2 3 4 … If you don’t know i , then f i (x) is one-way … 7 9 5 1 8 … f |X|! “One-way trapdoor function” Think of X as all 
 128-bit bit string s Shared secret: index i chosen u.a.r. i i f i (m) Message m Learns m Without knowing i , 
 i is our key learns nothing about m

  26. WHAT WE IDEALLY HAVE: RANDOM FUNCTIONS Shared secret: index i chosen u.a.r. i i f i (m) Message m Learns m Without knowing i , 
 learns nothing about m In essence, this protocol is saying “Let’s use the i th permutation function” Infeasible to store all permutation functions So instead cryptographers construct pseudorandom functions

  27. BLACKBOX #1: BLOCK CIPHERS

  28. BLOCK CIPHERS m Plaintext Same fixed block size 
 K E (AES: 128 bits) c Ciphertext AES key sizes: 
 c 128, 192, 256 Block ciphers are deterministic For a given m and K, 
 K D E(K,m) always returns the same c m Confusion: Each bit of the ciphertext should depend on each bit of the key Diffusion: Flipping a bit in m should flip each bit in c with Pr = 1/2

  29. BLOCK CIPHERS ARE DETERMINISTIC Block ciphers are deterministic m m’ m For a given m and K, 
 E(K,m) always returns the same c K K K E E E c c’ c c c’ c An eavesdropper could determine 
 when messages are re-sent

  30. BLOCK CIPHERS ARE DETERMINISTIC Block ciphers are deterministic m m’ m For a given m and K, 
 E(K,m) always returns the same c K K K E E E c c’ c c c’ c An eavesdropper could determine 
 when messages are re-sent m ⊕ r Choose random r K Send c and r E c

  31. INITIALIZATION VECTORS r just needs to be different each time Random: Must send with the message 
 Good if messages can be reordered Counter: Can infer from message number 
 Good if messages are delivered in-order

  32. INITIALIZATION VECTORS m ⊕ r Choose random r K Send c and r E c r just needs to be different each time Random: Must send with the message 
 Good if messages can be reordered Counter: Can infer from message number 
 Good if messages are delivered in-order

  33. BLOCK CIPHERS HAVE FIXED SIZE m 1 m 2 m n K … K E K E E c 1 c 2 c n

  35. NEVER use ECB (but over 50% of Android apps do)

  39. BLACKBOX #2: MESSAGE AUTHENTICATION CODE (MAC)

  40. MESSAGE AUTHENTICATION CODES m Plaintext Same fixed block size 
 K E (AES: 128 bits) c Ciphertext AES key sizes: 
 c 128, 192, 256 Block ciphers are deterministic For a given m and K, 
 K D E(K,m) always returns the same c m Confusion: Each bit of the ciphertext should depend on each bit of the key Diffusion: Flipping a bit in m should flip each bit in c with Pr = 1/2

  41. MESSAGE AUTHENTICATION CODES • Sign: takes a key and a message and outputs a “tag” • Sgn(k,m) = t • Verify: takes a key, a message, and a tag, and outputs Y/N • Vfy(k,m,t) = {Y,N} • Correctness: • Vfy(k, m, Sgn(k, m)) = Y

  42. ATTACKER’S GOAL: EXISTENTIAL FORGERY • A MAC is secure if an attacker cannot demonstrate an existential forgery despite being able to perform a chosen plaintext attack: • Chose plaintext: • Attacker gets to choose m1, m2, m3, … • And in return gets a properly computed t1, t2, t3, … • Existential forgery: • Construct a new (m,t) pair such that Vfy(k, m, t) = Y

  43. ENCRYPTED CBC Just take the last block in CBC It’s a trap! Use a separate key and encrypt the last block

  44. BLACKBOX #3: HASH FUNCTIONS

  45. HASH FUNCTION PROPERTIES • Very fast to compute • Takes arbitrarily-sized inputs, returns fixed-sized output • Pre-image resistant: 
 Given H(m), hard to determine m • Collision resistant 
 Given m and H(m), hard to find m’ ≠ m s.t. H(m) = H(m’) Good hash functions: SHA family (SHA-256, SHA-512, …)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of public key crypto and RSA. Fall 2018 CS 222: Discrete Structures 1 Definition Cryptology is the study of secret writing Concerned with

681 views • 54 slides
Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to crypto (well discuss why) Fall 2018 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for

1.2k views • 51 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Cryptocurrency Technologies Cryptography and Cryptocurrencies Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public

489 views • 27 slides
Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography 2 September 2019 Diffie-Hellman key exchange Prime p , g Z p g a g b a Z b Z ( g b ) a = ( g a ) b 3 September 2019 Security of

748 views • 62 slides
Public Key Infrastructure PKI Michael Maass and Blase Ur 1 Outline Intro to cryptography

Public Key Infrastructure PKI Michael Maass and Blase Ur 1 Outline Intro to cryptography

Public Key Infrastructure PKI Michael Maass and Blase Ur 1 Outline Intro to cryptography Intro to PKI / Davis reading Current issues Gaw reading PKI in the enterprise Discussion 2 Introduction to Encryption We want

731 views • 47 slides
GPG Intro What is GPG? GPG, or GNU Privacy Guard, is a public key cryptography

GPG Intro What is GPG? GPG, or GNU Privacy Guard, is a public key cryptography

GPG Intro What is GPG? GPG, or GNU Privacy Guard, is a public key cryptography implementation. (Conforms to PGP and RFC 4880, not really just an alternative) Best used mostly for email encryption Uses Hybrid Encryption Install

531 views • 12 slides
Cryptography: Definitions and Terms C etin Kaya Ko c koc@cs.ucsb.edu (

Cryptography: Definitions and Terms C etin Kaya Ko c koc@cs.ucsb.edu (

Cryptography Definitions and Terms Cryptography: Definitions and Terms C etin Kaya Ko c koc@cs.ucsb.edu ( http://cs.ucsb.edu/~koc ) intro to crypto lect01a intro 1 / 14 Cryptography Definitions and Terms Terminology - Old &amp; New

460 views • 14 slides
Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology

Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology

T-79.514 Special Course on Cryptology Seminar 2: Intro to Cryptography Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger T-79.514 Special Course in Cryptology, 17.09.2003 Seminar 2: Intro to Cryptography, Helger

273 views • 25 slides
Intro to Public Key Cryptography Diffie &amp; Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie &amp; Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie &amp; Hellman Key Exchange Course Summary Introduction Stream &amp; Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message

243 views • 20 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp;

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &amp; http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Software$Security$ (finish) $ &amp; $ Cryptography $(brief$intro) $ Spring'2016' '

Software$Security$ (finish) $ &amp; $ Cryptography $(brief$intro) $ Spring'2016' '

CSE$484$/$CSE$M$584:$$Computer$Security$and$Privacy$ $ Software$Security$ (finish) $ &amp; $ Cryptography $(brief$intro) $ Spring'2016' ' Franziska'(Franzi)'Roesner'' franzi@cs.washington.edu'

419 views • 29 slides
Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno

Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno

CSE 484 / CSE M 584: Computer Security and Privacy Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,

445 views • 22 slides
Cryptography Intro CS642: Computer Security Professor Ristenpart

Cryptography Intro CS642: Computer Security Professor Ristenpart

Cryptography Intro CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

820 views • 35 slides
Is the matrix invertible? Matrix A nxn is invertible if there exists B nxn such that AB = BA =

Is the matrix invertible? Matrix A nxn is invertible if there exists B nxn such that AB = BA =

Matrix Inverse size 3x3 M. A. Hameed ECSE Department Rensselaer Polytechnic Institute Intro to ECSE Is the matrix invertible? Matrix A nxn is invertible if there exists B nxn such that AB = BA = I n Invertible = nonsingular =

303 views • 6 slides
Inversion of Mutually Orthogonal CA Luca Mariot, Alberto Leporati Bicocca Security Lab (BiSLab)

Inversion of Mutually Orthogonal CA Luca Mariot, Alberto Leporati Bicocca Security Lab (BiSLab)

Inversion of Mutually Orthogonal CA Luca Mariot, Alberto Leporati Bicocca Security Lab (BiSLab) Dipartimento di Informatica, Sistemistica e Comunicazione (DISCo) Universit degli Studi Milano - Bicocca ACRI 2018 Como, September 17-21, 2018

508 views • 19 slides
Today: Verilog and Sequential Logic Today: Verilog and Sequential Logic T Flip-f lops S

Today: Verilog and Sequential Logic Today: Verilog and Sequential Logic T Flip-f lops S

Today: Verilog and Sequential Logic Today: Verilog and Sequential Logic T Flip-f lops S represent at ion of clocks - t iming of st at e changes S asynchronous vs. synchronous T Count ers (St at e Machines) S st ruct ural view (FFs

394 views • 5 slides
DTTF/NB479: Dszquphsbqiz Day 7 Announcements: Matlab tutorial linked to in syllabus

DTTF/NB479: Dszquphsbqiz Day 7 Announcements: Matlab tutorial linked to in syllabus

DTTF/NB479: Dszquphsbqiz Day 7 Announcements: Matlab tutorial linked to in syllabus Questions? Today: Block ciphers, especially Hill Ciphers Modular matrix inverses 1 Block Ciphers So far, changing 1 character in the plaintext changes

108 views • 6 slides
Strengthening the inversion Tactic in Coq Dependent Types Inversion Lemmas Implications Anne

Strengthening the inversion Tactic in Coq Dependent Types Inversion Lemmas Implications Anne

Strengthening the inversion Tactic in Coq Anne Mulhern Examples Universes Strengthening the inversion Tactic in Coq Dependent Types Inversion Lemmas Implications Anne Mulhern Implementation Conclusion Department of Computer Sciences

242 views • 23 slides
FROM DATA TO THEORY -- INVERSE PROBLEMS FOR LHC, DARK MATTER, INFLATION AND Gordy Kane GGI

FROM DATA TO THEORY -- INVERSE PROBLEMS FOR LHC, DARK MATTER, INFLATION AND Gordy Kane GGI

FROM DATA TO THEORY -- INVERSE PROBLEMS FOR LHC, DARK MATTER, INFLATION AND Gordy Kane GGI May 2006 The goal of particle physics? Find encompassing, underlying theory that describes and explains phenomena, origin and properties of matter

1.13k views • 55 slides
Inductive Logic Programming. Part 2 Based partially on Luc De Raedts slides http://

Inductive Logic Programming. Part 2 Based partially on Luc De Raedts slides http://

Inductive Logic Programming. Part 2 Based partially on Luc De Raedts slides http:// www.cs.kuleuven.be/~lucdr/lrl.html 1 Specialisation and generalisation A formula G is a specialisation of a formula F iff F entails from G G |= F = each

628 views • 33 slides
Inverse Problems in Image Processing Effrosyni Kokiopoulou , Martin Ple singer {

Inverse Problems in Image Processing Effrosyni Kokiopoulou , Martin Ple singer {

Inverse Problems in Image Processing Effrosyni Kokiopoulou , Martin Ple singer { effrosyni.kokiopoulou; martin.plesinger } @sam.math.ethz.ch Welcome to the world of inverse problems! Outline Seminar organization Manipulating images in

553 views • 39 slides

More recommend