cryptography
play

Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner - PowerPoint PPT Presentation

Nov 17, 2022 •159 likes •633 views

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Alice and Bob • Archetypical characters Alice Bob Eve Mallory (eavesdrops) (is malicious) 10/19/16 CSE 484 / CSE M 584 - Fall 2016 2

  3. Common Communication Security Goals Confidentiality of data: Prevent exposure of information Bob Integrity of data: Prevent modification of information Authenticity : Is this really Bob I’m talking to? Adversary Alice 10/19/16 CSE 484 / CSE M 584 - Fall 2016 3

  4. History • Substitution Ciphers – Caesar Cipher • Transposition Ciphers • Codebooks • Machines • Recommended Reading: The Codebreakers by David Kahn and The Code Book by Simon Singh. 10/19/16 CSE 484 / CSE M 584 - Fall 2016 4

  5. History: Caesar Cipher (Shift Cipher) • Plaintext letters are replaced with letters a fixed shift away in the alphabet. • Example: – Plaintext: The quick brown fox jumps over the lazy dog – Key: Shift 3 ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC – Ciphertext: WKHTX LFNEU RZQIR AMXPS VRYHU WKHOD CBGRJ 10/19/16 CSE 484 / CSE M 584 - Fall 2016 5

  6. History: Caesar Cipher (Shift Cipher) • ROT13: shift 13 (encryption and decryption: same operation) • What is the key space? – 26 possible shifts. • How to attack shift ciphers? – Brute force. 10/19/16 CSE 484 / CSE M 584 - Fall 2016 6

  7. History: Substitution Cipher • Superset of shift ciphers: each letter is substituted for another one. • Add a secret key • Example: – Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ – Cipher: ZEBRASCDFGHIJKLMNOPQTUVWXY • “State of the art” for thousands of years 10/19/16 CSE 484 / CSE M 584 - Fall 2016 7

  8. History: Substitution Cipher • What is the key space? 26! ~= 2^88 Bigrams: • How to attack? th 1.52% en 0.55% ng 0.18% he 1.28% ed 0.53% of 0.16% – Frequency analysis. in 0.94% to 0.52% al 0.09% er 0.94% it 0.50% de 0.09% an 0.82% ou 0.50% se 0.08% re 0.68% ea 0.47% le 0.08% nd 0.63% hi 0.46% sa 0.06% at 0.59% is 0.46% si 0.05% on 0.57% or 0.43% ar 0.04% nt 0.56% ti 0.34% ve 0.04% ha 0.56% as 0.33% ra 0.04% es 0.56% te 0.27% ld 0.02% st 0.55% et 0.19% ur 0.02% Trigrams: 1. the 6. ion 11. nce 2. and 7. tio 12. edt 3. tha 8. for 13. tis 4. ent 9. nde 14. oft 5. ing 10. has 15. sth 10/19/16 CSE 484 / CSE M 584 - Fall 2016 8

  9. History: Enigma Machine Uses rotors (substitution cipher) that change position after each key. Key = initial setting of rotors Key space? 26^n for n rotors 10/19/16 CSE 484 / CSE M 584 - Fall 2016 9

  10. Kerckhoff’s Principle • Security of a cryptographic object should depend only on the secrecy of the secret (private) key. • Security should not depend on the secrecy of the algorithm itself (“security by obscurity”). 10/19/16 CSE 484 / CSE M 584 - Fall 2016 10

  11. How Cryptosystems Work Today • Public algorithms (Kerckhoff’s Principle) • Security proofs based on assumptions (not this course) • Don’t roll your own! 10/19/16 CSE 484 / CSE M 584 - Fall 2016 11

  12. How Cryptosystems Work Today • Layered approach: – Cryptographic primitives, like block ciphers, stream ciphers, hash functions, and one-way trapdoor permutations – Cryptographic protocols, like CBC mode encryption, CTR mode encryption, HMAC message authentication 10/19/16 CSE 484 / CSE M 584 - Fall 2016 12

  13. Flavors of Cryptography • Symmetric cryptography – Both communicating parties have access to a shared random string K, called the key. • Asymmetric cryptography – Each party creates a public key pk and a secret key sk. 10/19/16 CSE 484 / CSE M 584 - Fall 2016 13

  14. Confidentiality: Basic Problem ----- ----- ----- ? Goal: send a message confidentially. Given: both parties already know the same secret. 10/19/16 CSE 484 / CSE M 584 - Fall 2016 14

  15. One-Time Pad ----- ----- ----- = 10111101… = 00110010… 00110010… = 10/19/16 CSE 484 / CSE M 584 - Fall 2016 15

  16. One-Time Pad 10111101… ----- ----- ----- = 10111101… ⊕ ⊕ 10001111… = 00110010… 00110010… = Key is a random bit sequence Decrypt by bitwise XOR of as long as the plaintext ciphertext and key: ciphertext ⊕ key = (plaintext ⊕ key) ⊕ key = Encrypt by bitwise XOR of plaintext ⊕ (key ⊕ key) = plaintext and key: plaintext ciphertext = plaintext ⊕ key Cipher achieves perfect secrecy if and only if there are as many possible keys as possible plaintexts, and every key is equally likely (Claude Shannon, 1949) 10/19/16 CSE 484 / CSE M 584 - Fall 2016 16

  17. Advantages of One-Time Pad • Easy to compute – Encryption and decryption are the same operation – Bitwise XOR is very cheap to compute • As secure as theoretically possible – Given a ciphertext, all plaintexts are equally likely, regardless of attacker’s computational resources – …as long as the key sequence is truly random • True randomness is expensive to obtain in large quantities – …as long as each key is same length as plaintext • But how does sender communicate the key to receiver? 10/19/16 CSE 484 / CSE M 584 - Fall 2016 17

  18. Problems with One-Time Pad • Key must be as long as the plaintext – Impractical in most realistic scenarios – Still used for diplomatic and intelligence traffic • Insecure if keys are reused – Attacker can obtain XOR of plaintexts • Does not guarantee integrity – One-time pad only guarantees confidentiality – Attacker cannot recover plaintext, but can easily change it to something else 10/19/16 CSE 484 / CSE M 584 - Fall 2016 18

  19. Dangers of Reuse P1 ----- ----- 00000000… ----- C1 = 00000000… ⊕ ⊕ 00110010… = 00110010… 00110010… = P2 ----- ----- ----- C2 = 11111111… ⊕ 11001101… = 00110010… Learn relationship between plaintexts C1 ⊕ C2 = (P1 ⊕ K) ⊕ (P2 ⊕ K) = (P1 ⊕ P2) ⊕ (K ⊕ K) = P1 ⊕ P2 10/19/16 CSE 484 / CSE M 584 - Fall 2016 19

  20. No Integrity 0 10111101… ----- ----- ----- = 10111101… 0 ⊕ ⊕ 10001111… = 00110010… 00110010… = Key is a random bit sequence Decrypt by bitwise XOR of as long as the plaintext ciphertext and key: ciphertext ⊕ key = (plaintext ⊕ key) ⊕ key = Encrypt by bitwise XOR of plaintext ⊕ (key ⊕ key) = plaintext and key: plaintext ciphertext = plaintext ⊕ key 10/19/16 CSE 484 / CSE M 584 - Fall 2016 20

  21. Reducing Key Size • What to do when it is infeasible to pre-share huge random keys? – When one-time pad is unrealistic… • Use special cryptographic primitives: block ciphers, stream ciphers – Single key can be re-used (with some restrictions) – Use them in ways that provide integrity 10/19/16 CSE 484 / CSE M 584 - Fall 2016 21

  22. Stream Ciphers • One-time pad: Ciphertext(Key,Message)=Message ⊕ Key – Key must be a random bit sequence as long as message • Idea: replace “ random ” with “ pseudo- random ” 10/19/16 CSE 484 / CSE M 584 - Fall 2016 22

  23. Stream Ciphers • One-time pad: Ciphertext(Key,Message)=Message ⊕ Key • Stream cipher: Ciphertext(Key,Message)= Message ⊕ PRNG(Key) 10/19/16 CSE 484 / CSE M 584 - Fall 2016 23

  24. Stream Ciphers • One time pad, replace “ random ” with “ pseudo- random ” – Use a pseudo-random number generator (PRNG) – PRNG takes a short, truly random secret seed and expands it into a long “ random-looking ” sequence • E.g., 128-bit seed into a 10 6 -bit pseudo-random sequence No efficient algorithm can tell this sequence from truly random 10/19/16 CSE 484 / CSE M 584 - Fall 2016 24

  25. Block Ciphers • Operates on a single chunk (“block”) of plaintext – For example, 64 bits for DES, 128 bits for AES – Each key defines a different permutation – Same key is reused for each block (can use short keys) Plaintext block Key cipher Ciphertext 10/19/16 CSE 484 / CSE M 584 - Fall 2016 25

  26. Permutations 0 0 1 1 2 2 3 3 • For N-bit input, 2 N ! possible permutations • Idea for how to use a keyed permutation: split plaintext into blocks; for each block use secret key to pick a permutation – Without the key, permutation should “look random” 10/19/16 CSE 484 / CSE M 584 - Fall 2016 26

  27. Block Cipher Security • Result should look like a random permutation on the inputs – Recall: not just shuffling bits. N-bit block cipher permutes over 2 N inputs. • Only computational guarantee of secrecy – Not impossible to break, just very expensive • If there is no efficient algorithm (unproven assumption!), then can only break by brute-force, try-every-possible-key search – Time and cost of breaking the cipher exceed the value and/or useful lifetime of protected information 10/19/16 CSE 484 / CSE M 584 - Fall 2016 27

  28. Block Cipher Operation (Simplified) Block of plaintext Key Add some secret key bits S S S S to provide confusion S S S S Each S-box transforms its input bits in a “ random-looking ” way repeat for several rounds to provide diffusion (spread plaintext bits throughout ciphertext) S S S S Procedure must be reversible Block of ciphertext (for decryption) 10/19/16 CSE 484 / CSE M 584 - Fall 2016 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -> C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography & Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016

Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016

Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris too

491 views • 34 slides
Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Online Cryptography Course

1.02k views • 62 slides
ARTIFICIAL INTELLIGENCE Uncertainty: probabilistic reasoning Lecturer: Silja Renooij These slides

ARTIFICIAL INTELLIGENCE Uncertainty: probabilistic reasoning Lecturer: Silja Renooij These slides

Utrecht University INFOB2KI 2019-2020 The Netherlands ARTIFICIAL INTELLIGENCE Uncertainty: probabilistic reasoning Lecturer: Silja Renooij These slides are part of the INFOB2KI Course Notes available from

3.39k views • 49 slides
Towards a Science of Parallel Programming Keshav Pingali The University of Texas at Austin

Towards a Science of Parallel Programming Keshav Pingali The University of Texas at Austin

Towards a Science of Parallel Programming Keshav Pingali The University of Texas at Austin Problem Statement Community has worked on parallel programming for more than 30 years programming models machine models

670 views • 31 slides
Clarification about attacker power Block ciphers used to encode messages longer than block size

Clarification about attacker power Block ciphers used to encode messages longer than block size

ECB ECB CBC CBC CTR CTR Cryptomeria cipher Cryptomeria cipher Security for Block ciper modes Security for Block ciper modes Clarification about attacker power Block ciphers used to encode messages longer than block size In security

405 views • 4 slides
MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and

MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and

MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified in transit Mihir Bellare

989 views • 46 slides
So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity

So Far ... AUTHENTICATED ENCRYPTION We have looked at methods to provide privacy and authenticity separately: Goal Primitive Security notion Data privacy symmetric encryption IND-CPA Data authenticity MAC UF-CMA Mihir Bellare UCSD 1

105 views • 9 slides
Positively Disruptive - Next Frontier in Point of Care Stuart C. Ray, MD Professor of Medicine,

Positively Disruptive - Next Frontier in Point of Care Stuart C. Ray, MD Professor of Medicine,

Positively Disruptive - Next Frontier in Point of Care Stuart C. Ray, MD Professor of Medicine, Oncology, and Health Sciences Informatics Vice Chair of Medicine for Data Integrity and Analytics Johns Hopkins Medical Institutions sray@jhmi.edu

576 views • 25 slides

More recommend