cryptography
play

Cryptography [Symmetric Encryption] Spring 2020 Franziska (Franzi) - PowerPoint PPT Presentation

Mar 24, 2023 •146 likes •422 views

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Admin • Lab 1: Checkpoint due today! – Please make sure that you sign up for a Lab 1 Group in Canvas. You will need to scroll *really* far down in the Groups interface... 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 2

  3. Flavors of Cryptography • Symmetric cryptography – Both communicating parties have access to a shared random string K, called the key. • Asymmetric cryptography – Each party creates a public key pk and a secret key sk. – Hard concept to understand, and revolutionary! Inventors won Turing Award � 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 3

  4. Symmetric Setting Both communicating parties have access to a shared random string K, called the key. M Encapsulate Decapsulate M K K Alice Bob K K Adversary 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 4

  5. Asymmetric Setting Each party creates a public key pk and a secret key sk. M Encapsulate Decapsulate M pk B ,sk A pk A ,sk B pk B pk A Alice Bob pk A ,sk A pk B ,sk B Adversary 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 5

  6. Flavors of Cryptography • Symmetric cryptography – Both communicating parties have access to a shared random string K, called the key. • Asymmetric cryptography – Each party creates a public key pk and a secret key sk. 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 6

  7. Flavors of Cryptography • Symmetric cryptography – Both communicating parties have access to a shared random string K, called the key. – Challenge: How do you privately share a key? • Asymmetric cryptography – Each party creates a public key pk and a secret key sk. – Challenge: How do you validate a public key? 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 7

  8. Ingredient: Randomness • Many applications (especially security ones) require randomness • Explicit uses: – Generate secret cryptographic keys – Generate random initialization vectors for encryption • Other �non - ob�io�s� �ses� – Generate passwords for new users – Shuffle the order of votes (in an electronic voting machine) – Shuffle cards (for an online gambling site) 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 8

  9. C’s rand() Function • C has a built-in random function: rand() unsigned long int next = 1; /* rand: return pseudo-random integer on 0..32767 */ int rand(void) { next = next * 1103515245 + 12345; return (unsigned int)(next/65536) % 32768; } /* srand: set seed for rand() */ void srand(unsigned int seed) { next = seed; } • Problem� don�t �se rand() for security-critical applications! – Given a few sample outputs, you can predict subsequent ones 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 9

  10. 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 10

  11. More details� �Ho� We Learned to Cheat at Online Poker� A St�d� in Soft�are Sec�rit�� http://www.cigital.com/papers/download/developer_gambling.php 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 11

  12. PS3 and Randomness http://www.engadget.com/2010/12/29/hackers-obtain- ps3-private-cryptography-key-due-to-epic-programm/ • 2010/2011: Hackers found/released private root key for Son��s PS� • Key used to sign software � now can load any software on PS3 and it �ill e�ec�te as �tr�sted� • Due to bad random number: same �random� �al�e �sed to sign all system updates 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 13

  13. Obtaining Pseudorandom Numbers • For sec�rit� applications� �ant � cryptographically secure pse�dorandom n�mbers� • Libraries include cryptographically secure pseudorandom number generators (CSPRNG) • Linux: – /dev/random – /dev/urandom - nonblocking, possibly less entropy • Internally: – Entropy pool gathered from multiple sources • e.g., mouse/keyboard timings • Challenges with embedded systems, saved VMs 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 14

  14. Now: Symmetric Encryption 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 15

  15. Confidentiality: Basic Problem ----- ----- ? ----- Given (Symmetric Crypto): both parties know the same secret. Goal: send a message confidentially. Ignore for now: How is this achieved in practice?? 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 16

  16. One-Time Pad ��������� ----- ----- ----- � � ��������� � ��������� � ��������� ��������� � Key is a random bit sequence Decrypt by bitwise XOR of as long as the plaintext ciphertext and key: ciphertext � key = (plaintext � key) � key = Encrypt by bitwise XOR of plaintext � (key � key) = plaintext and key: ciphertext = plaintext � key plaintext Cipher achieves perfect secrecy if and only if there are as many possible keys as possible plaintexts, and every key is equally likely (Claude Shannon, 1949) 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 17

  17. Advantages of One-Time Pad • Easy to compute – Encryption and decryption are the same operation – Bitwise XOR is very cheap to compute • As secure as theoretically possible – Given a ciphertext, all plaintexts are equally likely, regardless of attacker�s comp�tational reso�rces – � as long as the key sequence is truly random • True randomness is expensive to obtain in large quantities – � as long as each key is same length as plaintext • But how does sender communicate the key to receiver? 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 18

  18. Problems with One-Time Pad • (1) Key must be as long as the plaintext – Impractical in most realistic scenarios – Still used for diplomatic and intelligence traffic • (2) Insecure if keys are reused 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 19

  19. Dangers of Reuse P1 ----- ��������� ----- C1 ----- � � ��������� � ��������� � ��������� ��������� � P2 ----- ----- C2 ----- � ��������� � ��������� � ��������� Learn relationship between plaintexts C1 � C2 = (P1 � K) � (P2 � K) = (P1 � P2) � (K � K) = P1 � P2 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 20

  20. Problems with One-Time Pad • (1) Key must be as long as the plaintext – Impractical in most realistic scenarios – Still used for diplomatic and intelligence traffic • (2) Insecure if keys are reused – Attacker can obtain XOR of plaintexts 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 21

  21. Integrity? 0 ��������� ----- ----- ----- 0 � � ��������� � ��������� � ��������� ��������� � Key is a random bit sequence Decrypt by bitwise XOR of as long as the plaintext ciphertext and key: ciphertext � key = (plaintext � key) � key = Encrypt by bitwise XOR of plaintext � (key � key) = plaintext and key: ciphertext = plaintext � key plaintext 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 22

  22. Problems with One-Time Pad • (1) Key must be as long as the plaintext – Impractical in most realistic scenarios – Still used for diplomatic and intelligence traffic • (2) Insecure if keys are reused – Attacker can obtain XOR of plaintexts • (3) Does not guarantee integrity – One-time pad only guarantees confidentiality – Attacker cannot recover plaintext, but can easily change it to something else 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 23

  23. Reducing Key Size • What to do when it is infeasible to pre-share huge random keys? – When one- time pad is �nrealistic� • Use special cryptographic primitives: block ciphers, stream ciphers – Single key can be re-used (with some restrictions) – Not as theoretically secure as one-time pad 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 24

  24. Stream Ciphers • One-time pad: Ciphertext(Key,Message)=Message � Key – Key must be a random bit sequence as long as message • Idea� replace �random� �ith �pse�do - random� – Use a pseudo-random number generator (PRNG) – PRNG takes a short, truly random secret seed and e�pands it into a long �random - looking� seq�ence • E.g., 128-bit seed into a 10 6 -bit No efficient algorithm can tell pseudo-random sequence this sequence from truly random • Ciphertext(Key,Msg)=Msg � PRNG(Key) – Message processed bit by bit (like one-time pad) 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 25

  25. Block Ciphers • Operates on a single ch�nk ��block�� of plainte�t – For example, 64 bits for DES, 128 bits for AES – Each key defines a different permutation – Same key is reused for each block (can use short keys) Plaintext block Key cipher Ciphertext 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 26

  26. More on block ciphers next time! 4/17/2020 CSE 484 / CSE M 584 - Spring 2020 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -> C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography & Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
std::rand::random::<Talk>() Huon Wilson December 18, 2014 http://huonw.github.io/rand-dec14

std::rand::random::<Talk>() Huon Wilson December 18, 2014 http://huonw.github.io/rand-dec14

std::rand::random::<Talk>() Huon Wilson December 18, 2014 http://huonw.github.io/rand-dec14 Digital Randomness Digital Randomness A sequence of bits, e.g. 3 11011110 11111000 01001010 00111100 . . . , Digital Randomness A sequence

426 views • 24 slides
Achieving Practical Applications of Quantum Computers Matthew Otten otten@anl.gov February 7th,

Achieving Practical Applications of Quantum Computers Matthew Otten otten@anl.gov February 7th,

Achieving Practical Applications of Quantum Computers Matthew Otten otten@anl.gov February 7th, 2020 Quantum Supremacy Frank Arute et al. Quantum supremacy using a programmable superconducting processor. In: Nature 574.7779 (2019), pp.

1.01k views • 38 slides
Think like the pros Emanuele Viola January 17, 2012 SLIDES VERSION 1 = Disclaimer.

Think like the pros Emanuele Viola January 17, 2012 SLIDES VERSION 1 = Disclaimer.

Think like the pros Emanuele Viola January 17, 2012 SLIDES VERSION 1 = Disclaimer. This is a draft. Any comment is highly appreciated! 2 Contents 1 Claims 4 1.1 Implication . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.51k views • 130 slides
Maximal objects in the projective hierarchy J org Brendle Kobe University Sant Bernat,

Maximal objects in the projective hierarchy J org Brendle Kobe University Sant Bernat,

Maximal objects in the projective hierarchy J org Brendle Kobe University Sant Bernat, November 18, 2018 Reflections on Set Theoretic Reflection In celebration of Joan Bagarias 60th birthday J org Brendle Maximal objects in the

1.06k views • 78 slides
Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU

Introduction Nondeterministic Hidden Logic Nondeterministic Hidden Logic with Sharing Conclusion Nondeterminism as first class citizen for Hidden Logic Daniel Gebler and J org Endrullis VU University Amsterdam CMCS 2012, Tallinn 1 / 14

548 views • 30 slides
Randomized algorithms Quick-sort Closest pair of points Inge Li Grtz 1 2

Randomized algorithms Quick-sort Closest pair of points Inge Li Grtz 1 2

Randomized algorithms Today What are randomized algorithms? Properties of randomized algorithms Three examples: Median/Select. Randomized algorithms Quick-sort Closest pair of points Inge Li Grtz 1 2

358 views • 10 slides
A-list example -> (find Building ((Course 105) (Building Robinson) (Instructor

A-list example -> (find Building ((Course 105) (Building Robinson) (Instructor

A-list example -> (find Building ((Course 105) (Building Robinson) (Instructor Fisher))) Robinson -> (val ksf (bind Office Halligan-242 (bind Courses (105) (bind Email comp105-staff ())))) ((Email

250 views • 22 slides
Avoid discarding createEngines returned reference , or Down with art s getEngine! Kyle J.

Avoid discarding createEngines returned reference , or Down with art s getEngine! Kyle J.

Avoid discarding createEngines returned reference , or Down with art s getEngine! Kyle J. Knoepfel LArSoft Coordination Meeting 29 January 2019 Random number engines in art /LArSoft art provides random-number management via the

323 views • 16 slides

More recommend