lecture 3
play

Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS - PowerPoint PPT Presentation

Apr 25, 2023 •226 likes •945 views

Lecture 3 Encryption Suggested Readings: Chs 3 & 4 in KPS (recommended) Ch 3 in Stinson (optional) 1 Encryp Enc yption n Princ ncipl ples A cryptosystem has (at least) five ingredients: Plaintext Secret Key

  1. Lecture 3 Encryption Suggested Readings: • Chs 3 & 4 in KPS (recommended) • Ch 3 in Stinson (optional) 1

  2. Encryp Enc yption n Princ ncipl ples • A cryptosystem has (at least) five ingredients: – Plaintext – Secret Key – Ciphertext – Encryption Algorithm – Decryption Algorithm • Security usually depends on the secrecy of the key, not the secrecy of the algorithms 2

  3. Cr Cryp ypto Ba Basi sics 3

  4. Average Ti Time Required fo for Exha Exhaus ustive Ke Key Sear earch (f (for Bru Brute Fo Force Atta ttacks) ) Key Size Number of Time required at 10 6 (bits) Alternative Keys Decr/µs 2 32 = 4.3 x 10 9 32 2.15 milliseconds 2 56 = 7.2 x 10 16 56 10 hours 128 2 128 = 3.4 x 10 38 5.4 x 10 18 years 168 2 168 = 3.7 x 10 50 5.9 x 10 30 years 4

  5. Ty Types of Attainable Security • Perfect, unconditional or “information theoretic”: the security is evident free of any (computational/hardness) assumptions • Reducible or “provable”: security can be shown to be based on some common (often unproven) assumptions, e.g., the conjectured difficulty of factoring large integers • Ad hoc: the security seems good often -> “snake oil”… Take a look at: http://www.ciphersbyritter.com/GLOSSARY.HTM 5

  6. Comp Co mputational Se Securi rity • Encryption scheme is computationally secure if – cost of breaking it (via brute force) exceeds the value of the encrypted information; or – time required to break it exceeds useful lifetime of the encrypted information • Most modern schemes we will see are considered computationally secure – Usually rely on very large key-space, impregnable to brute force • Most advanced schemes rely on lack of knowledge of effective algorithms for certain hard problems, not on a proven inexistence of such algorithms (reducible security)! – Such as: factoring, discrete logarithms, etc. 6

  7. Cr Cryp yptosystems ms Classified along three dimensions: • Type of operations used for transforming plaintext into ciphertext – Binary arithmetic: shifts, XORs, ANDs, etc. • Typical for conventional (or symmetric) encryption – Integer arithmetic • Typical for public key (or asymmetric) encryption • Number of keys used – Symmetric or conventional (single key used) – Asymmetric or public key (2 keys: 1 to encrypt, 1 to decrypt) • How plaintext is processed: – One bit at a time – A string of any length – A block of bits 7

  8. Co Conventional (S (Symme ymmetri ric) ) Cr Cryp yptography K AB K AB decryption encryption ciphertext plaintext plaintext algorithm algorithm m m = K ( ) K (m) K (m) AB AB AB • Alice and Bob share a key K AB which they somehow agree upon (how?) • key distribution / key management problem • ciphertext is roughly as long as plaintext • examples: Substitution, Vernam OTP, DES, AES 8

  9. Us Uses es of Conven entio tional al Cryptograp aphy • Message Transmission (confidentiality): • Communication over insecure channels • Secure Storage: crypt on Unix • Strong Authentication: proving knowledge of a secret without revealing it: • See next slide • Eve can obtain chosen <plaintext, ciphertext> pair • Challenge should be chosen from a large pool • Integrity Checking: fixed-length checksum for message via secret key cryptography • Send MAC along with the message MAC=H(m,K) 9

  10. Challenge-Re Ch Response Authentication Ex Exampl ple K AB K AB r a challenge K AB (r a ) challenge reply r b challenge K AB (r b ) challenge reply 10

  11. Co Conventional Cr Cryp yptography Ø Advantages l high data throughput l relatively short key size l primitives to construct various cryptographic mechanisms Ø Disadvantages l key must remain secret at both ends l key must be distributed securely and efficiently l relatively short key lifetime 11

  12. Public Key Crypto Pu tography • Asymmetric Cryptography • Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir-Adleman) • Two keys: private (SK), public (PK) • Encryption: with public key; • Decryption: with private key • Digital Signatures: Signing by private key; Verification by public key. i.e., “encrypt” message digest/hash -- h ( m ) -- with private key • Authorship (authentication) • Integrity: Similar to MAC • Non-repudiation: cannot do with secret key cryptography • Much slower (~1000x) than conventional cryptography • Often used together with conventional cryptography, e.g., to encrypt session keys 12

  13. Ge Genesis is of of P Public Ke Key Cryptography: Dif Diffie ie- Hellm Hellman an Paper aper 13

  14. Public Key Crypto Pu tography Bob’s public key Bob’s private key PK B SK B encryption decryption plaintext ciphertext plaintext algorithm algorithm message, m message PK (m) B m = SK ( PK (m) ) B B 14

  15. Us Uses es of Public lic Key Cryptograp aphy • Data Transmission (confidentiality): • Alice encrypts m a using PK B , Bob decrypts it to obtain m a using SK b . • Secure Storage: encrypt with own public key, later decrypt with own private key • Authentication: • No need to store secret s , only need public keys. • Secret key cryptography: need to share secret key for every person one communicates with • Digital Signatures (authentication, integrity, non- repudiation) 15

  16. Pu Public Key Crypto tography Ø Advantages l only the private key must be kept secret l relatively long life time of the key l more security services l relatively efficient digital signatures mechanisms Ø Disadvantages l low data throughput l much larger key sizes l distribution/revocation of public keys l security based on conjectured hardness of certain computational problems 16

  17. Co Comp mpari riso son Su Summa mmary Ø Public Key l Encryption, signatures (esp., non-repudiation) and key management Ø Conventional l Encryption and some data integrity applications Ø Key Sizes l Keys in public key crypto must be larger ( e.g., 2048 bits for RSA ) than those in conventional crypto ( e.g., 112 bits for 3-DES or 256 bits for AES ) • most attacks on “good” conventional cryptosystems are exhaustive key search (brute force) • public key cryptosystems are subject to “short-cut” attacks (e.g., factoring large numbers in RSA) 17

  18. “M “Moder dern” n” Block Cipher phers Da Data E a Encr cryptio ion S Stan andar ard ( (DE DES)

  19. Ge Generic ic Ex Exampl mple of of Block k Encryp yption 20

  20. Fe Feistel Ci Cipher St Stru ructure • Virtually all conventional block encryption algorithms, including DES, have a structure first described by Horst Feistel of IBM in 1973 • Specific realization of a Feistel Network depends on the choice of the following parameters and features: 20

  21. Fe Feistel Ci Cipher St Stru ructure • Block Size: larger block sizes mean greater security • Key Size: larger key size means greater security • Number of Rounds: multiple rounds offer increasing security • Subkey Generation Algorithm: greater complexity will lead to greater difficulty of cryptanalysis • Fast Software En/De-cryption: speed of execution of the algorithm becomes a concern 21

  22. Cl Classi ssic Fe Feistel Ne Network “Round Keys” are generated from original key via subkey generation algorithm 22

  23. Bl Block k Ci Ciphers • Originated with early 1970's IBM effort to develop banking security systems • First result was Lucifer, most common variant has 128- bit key and block size • Was not secure in any of its variants • Called a Feistel or product cipher • F()-function is a simple transformation, does not have to be reversible • Each step is called a round; the more rounds, the greater the security (to a point) • Most famous example of this design is DES 23

  24. Co Conventional Enc Encryp yption St Standard • Data Encryption Standard (DES) • Most widely used encryption method (AES is probably taking over by now) • Block cipher (in native ECB mode) • Plaintext processed in 64-bit blocks • Key is 56 bits 24

  25. Data Da a Enc Encryp yption St Standard (DES) S) • 64 bit input block • 64 bit output block • 16 rounds • 64 (effective 56) bit key • Key schedule computed at startup • Aimed at bulk data • > 16 rounds does not help • > 56 bit key does not help • Other S-boxes usually hurt … 25

  26. Ba Basi sic St Stru ructure of of DE DES 26

  27. Enc Encryp yption vs vs De Decr cryptio ion in in DE DES 27

  28. DES S DE System Encryption Process Key Schedule 64 Bit Plaintext 64 Bit Key Initial Permutation Permutation Choice 1 Building 32 Bit L 0 32 Bit R 0 56 Bit Key Blocks + F(R 0 ,K 1 ) 28 Bit C 0 28 Bit D 0 Left Shift Right Shift 32 Bit L 1 32 Bit R 1 K 1 (48 bits) C 1 D 1 32 Bit L 15 32 Bit R 15 Permuted Choice 2 + F(R 15 ,K 16 ) C 16 D 16 K 16 (48 bits) 32 Bit L 16 32 Bit R 16 Permuted Choice 2 Final Permutation 64 Bit Ciphertext 27

  29. Functio Func tion n F L i-1 R i-1 32 bits 32 bits 56 bits Key Permuted Choice Expansion (E) 48 bits Permutation 48 bits S-Box Substitution choses 32 bits P-box Permutation L i R i 32 bits 32 bits 28

  30. DE DES S Substit itutio ion B Boxes O Operatio ion 30 29

  31. Op Operation Tables s of f DES (I (IP, , IP -1 , , E E and P) 31 30

  32. 32 31

  33. 33 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then

Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then

Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then reviewed the final point of lecture #3: Hennigs logical approach to tree inference is valid as logic, but we have a hard time using it because our data

660 views • 7 slides
Algorithms (2IL15) Lecture 13 Wrap-up lecture 1 TU/e Algorithms (2IL15) Lecture 13

Algorithms (2IL15) Lecture 13 Wrap-up lecture 1 TU/e Algorithms (2IL15) Lecture 13

TU/e Algorithms (2IL15) Lecture 13 Algorithms (2IL15) Lecture 13 Wrap-up lecture 1 TU/e Algorithms (2IL15) Lecture 13 Part I of the course: Optimization Problems we want to find valid solution minimizing cost (or maximizing

904 views • 20 slides
In 2020SP, this lecture and lecture 20 are both optional extra material CS 5412/LECTURE 17 Ken

In 2020SP, this lecture and lecture 20 are both optional extra material CS 5412/LECTURE 17 Ken

In 2020SP, this lecture and lecture 20 are both optional extra material CS 5412/LECTURE 17 Ken Birman LEAVE NO TRACE BEHIND Spring, 2020 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 THE PRIVACY PUZZLE FOR I O T We have sensors

1.04k views • 65 slides
Recall last lecture ... Lecture 8 Also last lecture: Painter's Algorithm More Hidden Surface

Recall last lecture ... Lecture 8 Also last lecture: Painter's Algorithm More Hidden Surface

Recall last lecture ... Lecture 8 Also last lecture: Painter's Algorithm More Hidden Surface Removal Sort polygons in depth. Use the farthest vertex in each polygon as the sorting key. Efficient Painter - binary space partition (BSP)

563 views • 6 slides
Plan Lecture 1 - String diagrams and symmetric monoidal categories Lecture 2 -

Plan Lecture 1 - String diagrams and symmetric monoidal categories Lecture 2 -

Plan Lecture 1 - String diagrams and symmetric monoidal categories Lecture 2 - Resource-sensitive algebraic theories Lecture 3 - Interacting Hopf monoids and graphical linear algebra Lecture 4 - Signal Flow Graphs and recurrence

1.2k views • 61 slides
Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A

Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A

Where are we at - Topic overview Lecture 1A: Security requirements/features Lecture 7A Threatens Privacy Threatens Try to achieve Lecture 2B: Network threats Lecture 3A: Attacks on Lecture 6A: Security Protocols Web servers, malware

381 views • 25 slides
Lecture Capture Introduction to Lecture Capture Learning Outcomes What will lecture capture

Lecture Capture Introduction to Lecture Capture Learning Outcomes What will lecture capture

ISDS &amp; Digital Business Skills Lecture Capture Introduction to Lecture Capture Learning Outcomes What will lecture capture actually do? What happens before a lecture? What happens during a lecture? What does the button do?

527 views • 18 slides
CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How

CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How

CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How can we predict binary or categorical variables? {0,1}, {True, False} {1, , N} Last lecture Will I purchase this product? (yes) Will I click

1.74k views • 60 slides
CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How

CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How

CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How can we predict binary or categorical variables? {0,1}, {True, False} {1, , N} Last lecture Will I purchase this product? (yes) Will I click

850 views • 46 slides
CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How

CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How

CSE 158 Lecture 4 Web Mining and Recommender Systems More Classifiers Last lecture How can we predict binary or categorical variables? {0,1}, {True, False} {1, , N} Last lecture Will I purchase this product? (yes) Will I click

839 views • 58 slides
Usability of Programming Languages Lecture 4 - directed by your research interests Lecture

Usability of Programming Languages Lecture 4 - directed by your research interests Lecture

Overview Practical experimental course lectures are only introductory Lecture 1 - theoretical principles classic approaches l h current trends in leading research. Lecture 2 - candidate research methods advantages and

499 views • 15 slides
Introduction to AI &amp; Intelligent Agents This Lecture Chapters 1 and 2 Next Lecture

Introduction to AI &amp; Intelligent Agents This Lecture Chapters 1 and 2 Next Lecture

Introduction to AI &amp; Intelligent Agents This Lecture Chapters 1 and 2 Next Lecture Chapter 3.1 to 3.4 (Please read lecture topic material before and after each lecture on that topic) What is Artificial Intelligence? Thought

636 views • 31 slides
Introduction to Numerical Optimization Biostatistics 615/815 Lecture 14 Lecture 14 Course is

Introduction to Numerical Optimization Biostatistics 615/815 Lecture 14 Lecture 14 Course is

Introduction to Numerical Optimization Biostatistics 615/815 Lecture 14 Lecture 14 Course is More Than Half Done! If you have comments they are very welcome y y Lectures Lecture notes Weekly Homework Midterm

795 views • 42 slides
Lecture 12: Clustering 1 6.0002 LECTURE 12 Re Reading Chapter 23 6.0002 LECTURE 12 2 Mach Ma

Lecture 12: Clustering 1 6.0002 LECTURE 12 Re Reading Chapter 23 6.0002 LECTURE 12 2 Mach Ma

Lecture 12: Clustering 1 6.0002 LECTURE 12 Re Reading Chapter 23 6.0002 LECTURE 12 2 Mach Ma chine e Lea earn rning Paradigm Observe set of examples: training data Infer something about process that generated that data Use

847 views • 36 slides
Lecture Outline Regeltechniek Previous lecture: Stability and transient response. Lecture 4

Lecture Outline Regeltechniek Previous lecture: Stability and transient response. Lecture 4

Lecture Outline Regeltechniek Previous lecture: Stability and transient response. Lecture 4 Basics of Feedback Control Robert Babu ska Today: Steady-state response. Delft Center for Systems and Control Faculty of Mechanical

388 views • 7 slides
Psycholinguistics Lecture 2 By Dr.Chelli Lecture Objectives At the end of this lecture, students

Psycholinguistics Lecture 2 By Dr.Chelli Lecture Objectives At the end of this lecture, students

Psycholinguistics Lecture 2 By Dr.Chelli Lecture Objectives At the end of this lecture, students will be able to: Discuss the different stages in the history of psycholinguistics Identify the scholars in the field of psycholinguistics

589 views • 28 slides
Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute

Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute

Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group 1 / 23 History Due to severe problems, DES, 3DES had to be replaced 1997: NIST

523 views • 23 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering

Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering

CPE 542: CRYPTOGRAPHY &amp; NETWORK SECURITY Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 History

323 views • 8 slides
Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography

Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography

Cryptography Advanced Encryption Standard Overview of AES Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography AES in OpenSSL AES in Python School of Engineering and Technology CQUniversity

2.59k views • 30 slides
Outline Arithmetic on Bytes and 4-Byte Vectors 1 CPSC 418/MATH 318 Introduction to Cryptography

Outline Arithmetic on Bytes and 4-Byte Vectors 1 CPSC 418/MATH 318 Introduction to Cryptography

Outline Arithmetic on Bytes and 4-Byte Vectors 1 CPSC 418/MATH 318 Introduction to Cryptography The Rijndael Algorithm 2 Advanced Encryption Standard, Brute Force Attacks on Block Ciphers Overview Description of the Algorithm Renate

425 views • 9 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation

Outline Crypto basics, contd Stream ciphers CSci 5271 Block ciphers and modes of operation Introduction to Computer Security Announcements Cryptography, symmetric and public-key Hash functions and MACs Stephen McCamant Building a secure

440 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides

More recommend