Cryptography and Network Security Lecture 0 Manoj Prabhakaran - - PowerPoint PPT Presentation

cryptography
SMART_READER_LITE
LIVE PREVIEW

Cryptography and Network Security Lecture 0 Manoj Prabhakaran - - PowerPoint PPT Presentation

Dec 07, 2023 392 likes •637 views

Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this course: Cryptography as used in network security Network Devices People Cryptography & Security In this course: Cryptography

slide-1
SLIDE 1

Cryptography


and Network Security

Manoj Prabhakaran

IIT Bombay

Lecture 0

slide-2
SLIDE 2

People Devices

Security

Network In this course:
 Cryptography
 as used in
 network security

slide-3
SLIDE 3

Security

In this course:
 Cryptography
 as used in
 network security

Cryptography &

Crypto Network
 Security

slide-4
SLIDE 4

In the News

“Properly implemented strong crypto systems are one of the few things that you can rely on. ” “… Unfortunately, endpoint security is so terrifically weak that [the adversary] can frequently find ways around it. ”

slide-5
SLIDE 5

What is Cryptography?

It’ s all about controlling access to information A tool for enforcing policies on who can learn and/or influence information Do we know what we are talking about?

slide-6
SLIDE 6

What is information?

Or rather the lack of it? Uncertainty Measured using Entropy Borrowed from thermodynamics An inherently “probabilistic” notion

Rudolf Clausius 
 (1822-1888) Ludwig Boltzmann
 (1844-1906) Claude Shannon
 (1916-2001)

slide-7
SLIDE 7

What is information?

Information Theory: ways to quantify information Application 1: to study efficiency

  • f communication (compression,

error-correction) Application 2: to study the possibility of secret communication The latter turned out to be a relatively easy question! Secret communication possible only if (an equally long) secret key is shared ahead of time

Claude Shannon
 (1916-2001)

slide-8
SLIDE 8

Access to Information

A second look Information at hand may still not be “accessible” if it is hard to work with it Computation! Shannon’ s information may reduce uncertainty only for computationally all-powerful parties

slide-9
SLIDE 9

Computational Complexity

A systematic study of what computationally bounded parties can and cannot do A young and rich field Much known, much more unknown Much “believed”

Alan Turing Stephen Cook Leonid Levin Richard Karp

Basis of the Modern Theory of Cryptography

slide-10
SLIDE 10

Compressed Secret-Keys

Impossible in the information-theoretic sense: 
 a truly random string cannot be compressed But possible against computationally bounded players: use pseudo-random strings! Pseudo-random number generator a.k.a Stream Cipher Generate a long string of random-looking bits from a short random seed

Andy Yao Manuel Blum

slide-11
SLIDE 11

The Public-Key Revolution

“Non-Secret Encryption” No a priori shared secrets Instead, a public key. Anyone can create encryptions, only the creator of the key can decrypt! Publicly verifiable digital signatures Forms the backbone of today’ s secure communication

Clifford Cocks Malcolm Williamson Merkle, Hellman, Diffie James Ellis Shamir, Rivest, Adleman

slide-12
SLIDE 12

Crypto-Mania

Public-Key cryptography and beyond! Secret computation: collaboration among mutually distrusting parties Compute on distributed data, without revealing their private information to each other Compute on encrypted data And other fancy things... with sophisticated control

  • ver more complex “access” to information

Do it all faster, better, more conveniently and more securely (or find out if one cannot). And also make sure we know what we are trying to do.

slide-13
SLIDE 13

Turing Awards

For theoretical cryptographers:

Manuel Blum Turing Award ‘95 Andrew Yao Turing Award ‘00 Shamir , Rivest & Adleman Turing Award ‘02 Goldwasser & Micali
 Turing Award ‘12 (Merkle) Hellman & Diffie Turing Award ‘15

slide-14
SLIDE 14

Independence, Indistinguishability, Infeasibility, Zero-Knowledge, ...

  • ne-way functions,

collision-resistant hash functions, ... Semantic security, non- malleability, existential unforgeability... Obfuscation, Leakage resilient crypto, Imperfect randomness, ... R S A , e l l i p t i c c u r v e g r

  • u

p s , l a t t i c e s , . . . PK Encryption, Signatures E n c r y p t i

  • n

, A u t h e n t i c a t i

  • n

Stream ciphers, Block ciphers Pseudorandomness generators, PRF , ... Random Oracle Model, Generic group model S S L , T S L Identity-Based Encryption S e c u r e M u l t i

  • P

a r t y C

  • m

p u t a t i

  • n

S e c r e t s h a r i n g , V e r i fi a b l e S e c r e t s h a r i n g Z K p r

  • f

s Concrete cryptanalysis (Birthday attacks, differential cryptanalysis, ...) Blind signatures, Mix-nets, DC-nets,... e

  • c

a s h , e

  • V
  • t

i n g , F a i r E x c h a n g e , P r i v a c y P r e s e r v i n g D a t a m i n i n g , . . . D E S , A E S , S H A , H M A C Hybrid encryption Algorithms, Reductions M a l w a r e , D D

  • S

, S i d e

  • c

h a n n e l s U n i v e r s a l c

  • m

p

  • s

i t i

  • n

Signcryption Formal methods Blockchains

slide-15
SLIDE 15

In This Course

Fundamental notions: secrecy, infeasibility Secure communication
 
 
 
 Mathematical content: Some Probability A little bit of Groups and Number Theory Definitions and proofs

(Petting the Elephant)

Shared-Key Public-Key Encryption

SKE PKE

Authentication

MAC Signature

slide-16
SLIDE 16

Also a Glimpse of…

Security

Security involves many (f)actors other than crypto Crypto is a tool that when correctly used can help us greatly enhance (and understand) security

slide-17
SLIDE 17

Network Security

How to use cryptography to achieve security goals in a real-life scenario? Several new issues:

More complex (often informal/ill-specified) security goals Complexity due to support for extra efficiency/backward compatibility/new features Buggy implementations (software & hardware) Gap between abstract and real-life models: 
 side-channels Human factors, trust, identity, current and legacy technology, …

slide-18
SLIDE 18

Cryptography Information Security Number Theory, Algebra Complexity Theory

Bigger Picture

Information Theory Network Security Formal Methods Combinatorics, Graph theory

Cryptography is just one of the tools used in information security Cryptography studies several problems which may not be of immediate use in information security, but is important in building its own foundations/in establishing links with other areas Many powerful cryptographic tools remain un(der)utilised in practice!

slide-19
SLIDE 19

Course Logistics

Lectures Attendance counts! [ and pop quizzes! 5% ] Grading: Two Quizzes (60%) One during the mid-semester exam week ≈3 HW assignments (15%) Course project (20%) “Theory” course: no significant programming requirement, but course project could be a programming project

slide-20
SLIDE 20

Course Logistics

Office hours when assignments are out schedule TBA Online forum: piazza.com/iitb.ac.in/fall2018/cs406 Course webpage: see cse.iitb.ac.in/~mp/teach/

slide-21
SLIDE 21

Puzzle #1

Alice and Bob hold secret numbers x and y in {0,..,n} resp. Carol wants to learn x+y. Alice and Bob are OK with that. But they don’ t want Carol/ each other to learn anything else!

i.e., Alice should learn nothing about y, nor Bob about x. Carol shouldn’ t learn anything else about x,y “other than” x+y

Can they do it, just by talking to each other (using private channels between every pair of parties)?

slide-22
SLIDE 22

Puzzle #2

Alice and Bob hold secret bits x and y Carol wants to learn x∧y. Alice and Bob are OK with that. But they don’ t want Carol/ each other to learn anything else!

i.e., Alice should learn nothing about y, nor Bob about x. Carol shouldn’ t learn anything else about x,y “other than” x∧y

Can they do it, just by talking to each other (using private channels between every pair of parties)?