cryptography
play

Cryptography Deian Stefan Adopted slides from Kirill Levchenko and - PowerPoint PPT Presentation

Oct 16, 2022 •161 likes •701 views

CSE 127: Computer Security Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography Is: A tremendous tool The basis for many security mechanisms Is not: The solution to all security problems

  1. CSE 127: Computer Security Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh

  2. Cryptography • Is: ➤ A tremendous tool ➤ The basis for many security mechanisms • Is not: ➤ The solution to all security problems ➤ Reliable unless implemented and used properly ➤ Something you should try to invent yourself ➤ Blockchain

  3. Cryptography • Is: ➤ A tremendous tool ➤ The basis for many security mechanisms • Is not: ➤ The solution to all security problems ➤ Reliable unless implemented and used properly ➤ Something you should try to invent yourself ➤ Blockchain

  4. Cryptography • Is: ➤ A tremendous tool ➤ The basis for many security mechanisms • Is not: ➤ The solution to all security problems ➤ Reliable unless implemented and used properly ➤ Something you should try to invent yourself ➤ Blockchain

  5. This class: secure communication Eve Alice Bob ➤ Authenticity: Parties cannot be impersonated ➤ Secrecy: No one else can read messages ➤ Integrity: messages cannot be modified

  6. Attacker models Eve Alice Bob ➤ Passive attacker: Eve only snoops on channel ➤ Active attacker: Eve can snoop, inject, block, tamper, etc.

  7. In the real world (SSL/TLS) ➤ Handshake Protocol: Establish shared secret key 
 using public-key cryptography ➤ Record Layer: Transmit data protected by symmetric-key cryptography (using negotiated key)

  8. Outline • Symmetric-key crypto ➤ Encryption ➤ Hash functions ➤ Message authentication code • Asymmetric (public-key) crypto ➤ Encryption ➤ Digital signatures

  9. Symmetric-key encryption m c c m E D k k • Encryption: (key, plaintext) → ciphertext ➤ E k (m) = c • Decryption: (key, ciphertext) → plaintext ➤ D k (c) = m

  10. Symmetric-key encryption m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  11. Symmetric-key encryption m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  12. Symmetric-key encryption n n m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  13. Symmetric-key encryption Need unique/random nonce n n m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  14. Encryption properties • Encryption and decryption are inverse operations ➤ D k (E k (m)) = m • Secrecy: ciphertext reveals nothing about plaintext ➤ More formally: can’t distinguish which of two plaintexts were encrypted without key

  15. First example: One Time Pad Vernam (1917) 0 1 0 1 1 1 0 0 1 0 Key: ⊕ 1 1 0 0 0 1 1 0 0 0 Plaintext: 1 0 0 1 1 0 1 0 1 0 Ciphertext: ➤ Encryption: c = E k (m) = m ⨁ k ➤ Decryption: D k (c) = c ⨁ k = (m ⨁ k) ⨁ k = m

  16. First example: One Time Pad Vernam (1917) 0 1 0 1 1 1 0 0 1 0 Key: ⊕ 1 1 0 0 0 1 1 0 0 0 Plaintext: 1 0 0 1 1 0 1 0 1 0 Ciphertext: ➤ Encryption: c = E k (m) = m ⨁ k ➤ Decryption: D k (c) = c ⨁ k = (m ⨁ k) ⨁ k = m

  17. First example: One Time Pad Vernam (1917) 0 1 0 1 1 1 0 0 1 0 Key: ⊕ 1 1 0 0 0 1 1 0 0 0 Plaintext: 1 0 0 1 1 0 1 0 1 0 Ciphertext: ➤ Encryption: c = E k (m) = m ⨁ k ➤ Decryption: D k (c) = c ⨁ k = (m ⨁ k) ⨁ k = m

  18. OTP security • Shannon (1949) ➤ Information theoretic security: without key, ciphertext reveals no “information” about plaintext • Problems with OTP ➤ Can only use key once ➤ Key is as long as the message

  19. Computational cryptography • Want the size of the secret to be small ➤ If pre-arranged secret smaller than message, not all plaintexts equally probable — ciphertext reveals info about plaintext • Modern cryptography based on idea that learning anything about plaintext from ciphertext is computationally difficult without secret

  20. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  21. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key PRG ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  22. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key E k (m) = PRG (k) ⊕ m PRG ⊕ message ciphertext ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  23. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key E k (m) = PRG (k) ⊕ m PRG ⊕ message ciphertext ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  24. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key Computationally hard to distinguish from random key E k (m) = PRG (k) ⊕ m PRG ⊕ message ciphertext ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  25. Dangers in using stream ciphers • Can we use a key more than once? ➤ E.g., c 1 ← m 1 ⊕ PRG(k) c 2 ← m 2 ⊕ PRG(k) ➤ A: yes, B: no ➤ Eavesdropper does: c 1 ⊕ c 2 → m 1 ⊕ m 2 ➤ Enough redundant information in English that: 
 m 1 ⊕ m 2 → m 1 , m 2

  26. Dangers in using stream ciphers • Can we use a key more than once? ➤ E.g., c 1 ← m 1 ⊕ PRG(k) c 2 ← m 2 ⊕ PRG(k) ➤ A: yes, B: no ➤ Eavesdropper does: c 1 ⊕ c 2 → m 1 ⊕ m 2 ➤ Enough redundant information in English that: 
 m 1 ⊕ m 2 → m 1 , m 2

  27. Block ciphers: crypto work horses m c c m E D k k • Block ciphers operate on fixed-size blocks ➤ E.g., 3DES: |m| = |c| = 64 bits, |k| = 168 bits ➤ E.g., AES: |m| = |c| = 128 bits, |k| = 128, 192, 256 • A block cipher = permutation of fixed-size inputs ➤ Each input mapped to exactly one output

  28. How do they work? key k key expansion k 1 k 2 k 3 k n R(k 1 , ⋅ ) R(k 2 , ⋅ ) R(k 3 , ⋅ ) R(k n , ⋅ ) m c R(k,m): round function for 3DES (n=48), for AES-128 (n=10)

  29. How do they work?

  30. Challenges with block ciphers • Block ciphers operate on single fixed-size block • How do we encrypt longer messages? ➤ Several modes of operation for longer messages • How do we deal with messages that are not block-aligned? ➤ Must pad messages in a distinguishable way

  31. Challenges with block ciphers • Block ciphers operate on single fixed-size block • How do we encrypt longer messages? ➤ Several modes of operation for longer messages • How do we deal with messages that are not block-aligned? ➤ Must pad messages in a distinguishable way

  32. Challenges with block ciphers • Block ciphers operate on single fixed-size block • How do we encrypt longer messages? ➤ Several modes of operation for longer messages • How do we deal with messages that are not block-aligned? ➤ Must pad messages in a distinguishable way

  33. ECB mode Source: wikipedia

  34. Is ECB good? A: yes, B: no Source: wikipedia

  35. Is ECB good? A: yes, B: no E k ( )= Source: wikipedia

  36. CBC mode with random IV Source: wikipedia

  37. CBC mode with random IV Subtle attacks that abuse padding possible! Source: wikipedia

  38. CTR mode with random IV Source: wikipedia

  39. CTR mode with random IV Essentially use block cipher as stream cipher! Source: wikipedia

  40. What security do we actually get? • All encryption breakable by brute force given enough knowledge about plaintext • Try to decrypt ciphertext with every possible key until a valid plaintext is found • Attack complexity proportional to size of key space ➤ 64-bit key requires 2 ⁶ ⁴ decryption attempts

  41. Outline • Symmetric-key crypto ➤ Encryption ➤ Hash functions ➤ Message authentication code • Asymmetric (public-key) crypto ➤ Encryption ➤ Digital signatures

  42. 
 
 Hash Functions • A (cryptographic) hash function maps arbitrary length input into a fixed-size string 
 m h=H(m) H h ➤ |m| is arbitrarily large ➤ |h| is fixed, usually 128-512 bits 


  43. Hash Function Properties • Finding a pre-image is hard ➤ Given h, find m such that H(m)=h • Finding a collision is hard ➤ Find m 1 and m 2 such that H(m 1 )=H(m 2 )

  44. Hash Functions • MD5: Message Digest ➤ Designed by Ron Rivest ➤ Very popular hash function ➤ Output: 128 bits ➤ Broken — do not use!

  45. Hash Functions • SHA-1: Secure Hash Algorithm 1 ➤ Designed by NSA ➤ Output: 160 bits ➤ Broken — do not use! • SHA-2: Secure Hash Algorithm 2 ➤ Designed by NSA ➤ Output: 224, 256, 384, or 512 bits ➤ Recommended for use today

  46. Hash Functions • SHA-3: Secure Hash Algorithm 3 ➤ Result of NIST SHA-3 contest ➤ Output: arbitrary size ➤ Replacement once SHA-2 broken

  47. Outline • Symmetric-key crypto ➤ Encryption ➤ Hash functions ➤ Message authentication code • Asymmetric (public-key) crypto ➤ Encryption ➤ Digital signatures

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -> C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography & Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
AbOSE Report ( Ab ilene O perational S ecurity E xercise) T. Charles Yun, Internet2 Presentation

AbOSE Report ( Ab ilene O perational S ecurity E xercise) T. Charles Yun, Internet2 Presentation

AbOSE Report ( Ab ilene O perational S ecurity E xercise) T. Charles Yun, Internet2 Presentation Overview 2006 January A bit of scene setting and background Background, Goals Methodology TF-CSIRT, Amsterdam, the Netherlands

762 views • 12 slides
on Emerging Architectures Big Simulation and Big Data Workshop January 9, 2017 Indiana University

on Emerging Architectures Big Simulation and Big Data Workshop January 9, 2017 Indiana University

Accelerating Machine Learning on Emerging Architectures Big Simulation and Big Data Workshop January 9, 2017 Indiana University Judy Qiu Associate Professor of Intelligent Systems Engineering Indiana University SALSA Outline 1. Motivation:

1.11k views • 61 slides
Tutorial http://www.iterativemapreduce.org/ Workshop Workshop Jaliya Ekanayake Community Grids

Tutorial http://www.iterativemapreduce.org/ Workshop Workshop Jaliya Ekanayake Community Grids

Tutorial http://www.iterativemapreduce.org/ Workshop Workshop Jaliya Ekanayake Community Grids Laboratory, Digital Science Center Pervasive Technology Institute Indiana University SALSA Acknowledgements to: Team at IU SeungHee Bae,

930 views • 37 slides
MATH 105: Finite Mathematics 3-1: The Inverse of a Matrix Prof. Jonathan Duncan Walla Walla

MATH 105: Finite Mathematics 3-1: The Inverse of a Matrix Prof. Jonathan Duncan Walla Walla

Introduction to Linear Programming Systems of Linear Inequalities Regions in the Plane Conclusion MATH 105: Finite Mathematics 3-1: The Inverse of a Matrix Prof. Jonathan Duncan Walla Walla College Winter Quarter, 2006 Introduction to

659 views • 50 slides
An Empirical View on Semantic Roles Part V Katrin Erk Sebastian Pado Saarland University

An Empirical View on Semantic Roles Part V Katrin Erk Sebastian Pado Saarland University

An Empirical View on Semantic Roles Part V Katrin Erk Sebastian Pado Saarland University ESSLLI 2006 1 Structure A Historical Introduction 1. Contemporary Frameworks 2. Empirically Difficult Phenomena 3. Role Semantics vs. Formal

299 views • 15 slides
Todays Presenter Tracy LaStella Coordinator for Youth Services, Middle Country Public

Todays Presenter Tracy LaStella Coordinator for Youth Services, Middle Country Public

Todays Presenter Tracy LaStella Coordinator for Youth Services, Middle Country Public Library (NY), and 2015 Library Journal Mover & Shaker Explore and Discover: Nature-Based Spaces and Activities at your Library Tracy LaStella

548 views • 22 slides
Narrowing a Broad Subject 04.14.13 || English 1301: Composition I || D. Glen Smith, instructor

Narrowing a Broad Subject 04.14.13 || English 1301: Composition I || D. Glen Smith, instructor

Narrowing a Broad Subject 04.14.13 || English 1301: Composition I || D. Glen Smith, instructor From Broad Topic to Narrow Subject Step One: Find a Subject: Through a listing technique the writer breaks down the broad topic to a manageable size

352 views • 8 slides
Ask. Dont Tell. Who we are We are Assistant Professors, Teaching Stream, at the University of

Ask. Dont Tell. Who we are We are Assistant Professors, Teaching Stream, at the University of

Ask. Dont Tell. Who we are We are Assistant Professors, Teaching Stream, at the University of Toronto Bernardo Galv ao-Sousa Alfonso Gracia-Saz Sarah Mayes-Tang Jason Siefken What we are doing We are training/mentoring TAs We have

504 views • 22 slides

More recommend