introduction to security cryptography
play

Introduction to Security Cryptography Ming Chow - PowerPoint PPT Presentation

Feb 18, 2024 •404 likes •697 views

Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Understand the difference between symmetric and asymmetric cryptography

  1. Introduction to Security Cryptography Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow

  2. Learning Objectives • By the end of this week, you will be able to: • Understand the difference between symmetric and asymmetric cryptography • Understand and use one-way hash functions • Understand how Transport Layer Security (TLS) works • Understand how and how not to store users' passwords

  3. Why Cryptography? • To put it quite simply, it is the backbone of Cyber Security, critical for protecting information (confidentiality and integrity) • Week 1 on networking and attacking networks alluded to the importance of Cryptography • Imagine a world without Cryptography. Imagine your usernames, passwords, credit card numbers, messages, secrets, account details, personal information, emails, etc. were all transmitted over a computer network in plaintext, unencrypted

  4. Warning • This week is not a comprehensive study on Cryptography • Cryptography stands as a course and field of its own • While Cryptography is critical in Cyber Security, Cryptography and Cyber Security are not the same. Some academic institutions still teach Cyber Security as Cryptography. There is a lot more to Cyber Security than Cryptography.

  5. Definitions • Cryptography - The process of communicating secretly through the use of cipher • Cryptanalysis - The process of cracking or deciphering; code breaking • Cryptology - The study of cryptography or cryptanalysis • Cleartext / plaintext - What you are reading now • Encrypt - convert information or data into code to prevent unauthorized access • Decrypt – convert an encoded or unclear message into something intelligible, to plaintext • Cipher - An algorithm to perform encryption and/or decryption • Cryptosystem - Suite of algorithms to perform encryption and/or decryption

  6. The Golden Rule • “Don’t roll your own crypto” • The reason: https://security.stackexchange.com/questions/18197/why- shouldnt-we-roll-our-own • “Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.” –Bruce Schneier • Snake oil: https://www.schneier.com/crypto- gram/archives/1999/0215.html#snakeoil

  7. Ancient History: Caesar Cipher • A substitution cipher • “Each letter in the original message (plaintext) is replaced with a letter corresponding to a certain number of letters up or down in the alphabet.” • In this way, a message that initially was quite readable, ends up in a form that can not be understood at a simple glance. • Source: https://learncryptography.com/classical- encryption/caesar-cipher • The purpose of this: what if a messenger for Julius Caesar got mugged or murdered and the message that was supposed to be delivered to another party got intercepted or stolen by enemy?

  8. Security of a Cryptosystem • The only perfectly secure algorithm is the One-Time Pad • Is any crypto algorithm perfectly secure? • Tradeoff 1: the cost of breaking a cipher exceeds the value of the encrypted information • Tradeoff 2: the time required to break the cipher exceeds the useful lifetime of the information • Very difficult to estimate cost and time required to break a cipher • There is always brute force • ...and then there is plain-old stealing or just asking for it

  9. One-Time Pad (OTP) • Invented in 1917 • Impossible to crack • The secret key (the cipher), with random data, must be the same length as the plaintext • Assume "A" = 0, "B" = 1, "C" = 2, etc. • Simple to use: just XOR, modular addition • https://www.khanacademy.org/computing/computer- science/cryptography/modarithmetic/e/modular-addition • Encryption: addition, mod 26 • Decryption: subtraction, if result is negative, add 26 and mod 26 • Rather impractical

  10. Algorithms • Hash functions - one way encryption, no decryption thus no secret key • MD5 (insecure) • SHA1 (insecure), SHA256, SHA512 • Symmetric - single key for encryption and decryption • DES • AES • RC4 • Asymmetric a.k.a., public key - uses two different keys: one public (for encryption) and one private (for decryption) • Diffie-Hellman • RSA

  11. Base64 • NOT encryption! • An encoding scheme of representing binary data using only printable (text) characters • Example: an image (JPG, PNG) contains binary data. Convert the binary data to text characters. https://www.base64- image.de/ • RFC 4648: https://www.ietf.org/rfc/rfc4648.txt • Operations: encode and decode https://www.base64decode.org/ • Example: hello encoded in Base64 is aGVsbG8= . The “=” at the end of encoding serves as padding. • • Many programming languages include a Base64 library • Has an important place in Cyber Security • Used quite a bit, including for HTTP Basic Authentication • References: • https://en.wikipedia.org/wiki/Basic_access_authentication • https://stackoverflow.com/questions/201479/what-is-base-64-encoding-used-for • https://stackoverflow.com/questions/4070693/what-is-the-purpose-of-base-64-encoding-and-why-it-used-in-http-basic- authentica

  12. Hash Functions • Maps a variable length string of data to produce a fixed-length output in deterministic, public, and random manner • No secret key • Properties of a perfect hash function (recall properties of a hash function for hash tables in a Data Structures course): • One-way: cannot decrypt • No collisions: two unique strings cannot produce the same result • Randomness • Unfeasible to produce the whole hash space (pre-image resistance) • Given a hash result, unfeasible to produce the string

  13. Hash Functions: Tradeoffs • Strengths: • Verifying integrity • Weaknesses: • MD5 (128-bit hash value) is broken --not collision-resistant (two researchers created two files that shared the same hash value). Read: • http://www.cs.colorado.edu/~jrblack/papers/md5e-full.pdf • http://eprint.iacr.org/2004/199.pdf • SHA1 (160-bit hash value) is broken –badly; big news in February 2017 • http://www.schneier.com/blog/archives/2005/02/sha1_broken.html, • http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html • https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html • https://shattered.io/

  14. Hash Function Applications • Password storage • Checksum of software packages • Digital signatures • Commits in Git which use SHA-1 • https://gist.github.com/masak/2415865

  15. Example: Verifying the integrity of a download 1. Let’s download the popular VLC Media Player for Windows (64-bit) at https://get.videolan.org/vlc/2.2.6/win64/vlc-2.2.6-win64.exe 2. Most software downloads will provide a checksum. For this version of VLC, we see SHA-256 checksum: 21670eae2c8041d6f26667c664f97e8931f5977225bcc3c146902beb263 05ed2

  16. Example: Verifying the integrity of a download (continued) 3. On Linux or Mac OS X terminal, run the following in the folder where the vlc-2.2.6-win64.exe file is: shasum -a 256 vlc-2.2.6- win64.exe . Result should match the checksum provided on the website. If result does NOT match, either a tampered download or corrupted download –both not good!

  17. Symmetric Algorithms • One key for encryption and decryption • Let K = secret key (think password), C = Ciphertext, P = Plaintext, E = Encrypt function, D = Decrypt function • C = Ek(P) • P = Dk(C) • Example: One-Time Pad • Applications • Password protect a ZIP file –which uses AES: https://security.stackexchange.com/questions/35818/are-password-protected- zip-files-secure • Strengths: • Modified key K will result in garbage plaintext in decryption • Fast! • Weaknesses: • Those who know K can participate in communications (eavesdropping) • Impersonation attack if attacker knows K • Not good for authenticity

  18. Asymmetric Algorithms a.k.a. Public Key Algorithms Two keys • Public key: which anyone can have, can be distributed publicly • Private key: only you should have • • How it works: Alice and Bob agree on a public-key cryptosystem • Alice and Bob have their own public and private keys • • Alice gives Bob her public key Bob encrypts message with Alice's public key Alice decrypts the message with her private key • Even better: key signing (encrypt message with own private key) • • Arguably the most popular algorithm: RSA. Walkthough: http://www.di-mgt.com.au/rsa_alg.html Strengths: • Public key can be distributed any way possible • • Confidentiality: only holder of private key can decrypt message Integrity: any modification of the message would be revealed when decrypting • Non repudiation: Bob can prove to a third party that Alice is the originator of the message • • Weakness: No authentication: anyone can encrypt a message given a public key • Man-in-the-Middle (MitM) attack •

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Related textbooks Main reference: Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography Chapman & Hall/CRC, 2nd ed., 2014 Further reading: Markus Kuhn Christof Paar, Jan Pelzl: Understanding

794 views • 27 slides
Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac

Python Cryptography & Security Jos Manuel Ortega | @jmortegac https://speakerdeck.com/jmortega Security Conferences INDEX 1 Introduction to cryptography 2 PyCrypto and other libraries 3 Django Security 4 OWASP & Best Practices 5

881 views • 61 slides
Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to

Related textbooks Jonathan Katz, Yehuda Lindell: Security II: Cryptography Introduction to Modern Cryptography Chapman & Hall/CRC, 2008 Christof Paar, Jan Pelzl: Markus Kuhn Understanding Cryptography Springer, 2010

470 views • 20 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
Security in Distributed Systems Introduction Cryptography Authentication Key

Security in Distributed Systems Introduction Cryptography Authentication Key

Security in Distributed Systems Introduction Cryptography Authentication Key exchange Computer Science Lecture 18, page 1 Network Security Intruder may eavesdrop remove, modify, and/or insert messages read and

361 views • 11 slides
Cryptography & Network Security Introduction Introduction Chester Rebeiro IIT Madras CR

Cryptography & Network Security Introduction Introduction Chester Rebeiro IIT Madras CR

Cryptography & Network Security Introduction Introduction Chester Rebeiro IIT Madras CR The Connected World CR 2 Information Storage CR 3 Increased Security Breaches 81% more in 2015 CR

1.46k views • 29 slides
Outline Review of RSA 1 CPSC 418/MATH 318 Introduction to Cryptography More on RSA,

Outline Review of RSA 1 CPSC 418/MATH 318 Introduction to Cryptography More on RSA,

Outline Review of RSA 1 CPSC 418/MATH 318 Introduction to Cryptography More on RSA, Probabilistic Encryption, Provable Security Against Efficiency of RSA 2 Passive Attacks Security of RSA 3 Mathematical Security of RSA Renate Scheidler

410 views • 7 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
Security Protocols Key Establishment, Chapter 13 of Understanding Cryptography by Paar

Security Protocols Key Establishment, Chapter 13 of Understanding Cryptography by Paar

References Introduction to Cryptography Security Protocols Key Establishment, Chapter 13 of Understanding Cryptography by Paar & Pelzl Wide Mouth Frog Protocol from Wikipedia Jim Royer

281 views • 9 slides
An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security Prepared by: Nima Bayan, P.Eng. Fall 2003 Contents ! Introduction " Cryptography and Relativity " Quantum Algorithms " Quantum Computers !

227 views • 11 slides
Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference:

Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference:

Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference: Whitfield Diffie and Martin E. Hellman, Privacy and Authentication: An Introduction to Cryptography, in Proc. IEEE, vol. 67, no.3, pp. 397 - 427,

360 views • 17 slides
Security II: Cryptography Markus Kuhn Computer Laboratory Lent 2012 Part II

Security II: Cryptography Markus Kuhn Computer Laboratory Lent 2012 Part II

Security II: Cryptography Markus Kuhn Computer Laboratory Lent 2012 Part II http://www.cl.cam.ac.uk/teaching/1213/SecurityII/ 1 Related textbooks Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography Chapman & Hall/CRC,

887 views • 39 slides
Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and

CSS441 Introduction Functions Auth. with Encryption Message Authentication Codes Auth. with MAC Security Algorithms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

673 views • 21 slides
Crypto: Public-Key Cryptography Slides credit: Dan Boneh, Doug Tygar Dawn

Crypto: Public-Key Cryptography Slides credit: Dan Boneh, Doug Tygar Dawn

Computer Security Course. Dawn

564 views • 20 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Message authentication and digital signatures " Message authentication verify that the

Message authentication and digital signatures " Message authentication verify that the

Message authentication and digital signatures " Message authentication verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non ! repudiation " Two

439 views • 23 slides
Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig -

Tools in Cryptanalysis Florian Mendel - Tomislav Nad - Martin Schlffer Christoph Dobraunig - Maria Eichlseder Hash Functions A cryptographic hash function produces cryptographic checksums or fingerprints m Fast H Secure h Security

696 views • 42 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Arab Academy for Science & Technology and Maritime Transport Chapter 11 p Message

251 views • 23 slides
Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore

Cryptography Made to Measure Workshop on Applied Cryptography Matt Robshaw NTU, Singapore Orange Labs December 3, 2020 Paris, France Orange Labs A New Kind of Network Telecommunication companies like France Tlcom / Orange are

601 views • 36 slides
Hash Functions Vincent Rijmen Challenges and Perspectives for Academia and Industry Antwerp, May

Hash Functions Vincent Rijmen Challenges and Perspectives for Academia and Industry Antwerp, May

Hash Functions Vincent Rijmen Challenges and Perspectives for Academia and Industry Antwerp, May 27 th , 2008 A cryptographic hash function produces cryptographic checksums or fingerprints cryptographic checksums or fingerprints Fast

716 views • 25 slides

More recommend