1
play

1 Symmetric algorithm Public key algorithm Secret key public key - PDF document

Cryptography security Cryptography may be a component of a secure system Cryptographic Systems Adding cryptography may not make a Authentication & Communication system secure Protocols Paul Krzyzanowski Distributed Systems


  1. Cryptography ≠ security Cryptography may be a component of a secure system Cryptographic Systems Adding cryptography may not make a Authentication & Communication system secure Protocols Paul Krzyzanowski • Distributed Systems Terms Terms: types of ciphers Plaintext (cleartext), message M • restricted cipher encryption , E( M ) • sym m etric algorithm produces ciphertext , C = E( M ) • public key algorithm decryption : M = D( C ) Cryptographic algorithm, cipher Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems Restricted cipher The key Secret algorithm • Leaking • Reverse engineering – RC4 – All digital cellular encryption algorithms – DVD and DIVX video compression – Firewire – Enigma cipher machine – Every NATO and Warsaw Pact algorithm during Cold War Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems 1

  2. Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E public ( M ) C = E K ( M ) M = D private ( C 1 ) M = D K ( C ) also: C 2 = E private ( M ) M = D public ( C 2 ) Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems McCarthy’s puzzle (1958) McCarthy’s puzzle • Two countries are at war Challenge – How can a guard authenticate a person • One country sends spies to the other without knowing the password? country • To return safely, spies must give the – Enemies cannot use the guard’s knowledge border guards a password to introduce their own spies • Spies can be trusted • Guards chat – information given to them may leak Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems Solution to McCarthy’s puzzle One-way functions Michael Rabin, 1958 • Easy to compute in one direction • Difficult to compute in the other Use one- w ay function , B= f ( A ) – Guards get B … Examples: • Enemy cannot compute A Factoring : – Spies give A , guards compute f(A) pq = N EASY • If the result is B, the password is correct. find p , q given N DIFFICULT Example function: Discrete Log: Middle squares a b mod c = N EASY • Take a 100-digit number (A), and square it find b given a, c, N DIFFICULT • Let B = middle 100 digits of 200-digit result Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems 2

  3. More terms McCarthy’s puzzle example Example with an 18 digit number • one-w ay function – Rabin, 1958: McCarthy’s problem A = 289407349786637777 A 2 = 83756614110525308948445338203501729 – middle squares, exponentiation, … 110525308948445338 • [ one-way] hash function Middle square, B = 110525308948445338 – message digest, fingerprint, cryptographic checksum, integrity check Given A, it is easy to compute B • encrypted hash Given B, it is extremely hard to compute A – message authentication code – only possessor of key can validate message Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems More terms Yet another term • Stream cipher • Digital Signature – Encrypt a m essage a character at a time – Authenticate, not encrypt message – Use pair of keys (private, public) • Block cipher – Owner encrypts message with private key – Sender validates by decrypting with public key – Encrypt a m essage a chunk at a time – Generally use hash(message). Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems Cryptography: what is it good for? Cryptographic toolbox • Authentication • Symmetric encryption – determine origin of message • Public key encryption • I ntegrity • One-way hash functions – verify that m essage has not been modified • Random number generators • Nonrepudiation • Message authentication codes – sender should not be able to falsely deny • Digital signatures that a message was sent • Confidentiality – others cannot read contents of the message Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems 3

  4. Classic Cryptosystems Substitution Ciphers Cæsar cipher Cæsar cipher Earliest docum ented m ilitary use of crypto – Julius Caesar c. 60 BC – shift cipher: simple variant of a substitution cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z – each letter replaced by one n positions away U V W X Y Z A B C D E F G H I J K L M N O P Q R S T modulo alphabet size shift alphabet by n (6) n = shift value = key Sim ilar scheme used in India – early Indians also used substitutions based on phonetics similar to pig latin currently seen as ROT13 in netnews Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems Cæsar cipher Cæsar cipher MY CAT HAS FLEAS MY CAT HAS FLEAS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T GS GSWUNBMUFZYUM • Convey one piece of information for decryption: shift value • trivially easy to crack (26 possibilities for a 26 character alphabet) Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems 4

  5. Ancient Hebrew variant (ATBASH) Substitution cipher MY CAT HAS FLEAS MY CAT HAS FLEAS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Z Y X W V U T S R Q P O N M L K J I H G F E D C B A M P S R L Q E A J T N C I F Z W O Y B X G K U D V H NBXZGSZHUOVZH IVSMXAMBQCLMB • c. 600 BC • General case: arbitrary mapping • No information (key) needs to be conveyed! • both sides must have substitution alphabet Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems Substitution cipher Polyalphabetic ciphers Designed to thwart frequency analysis Easy to decode: techniques – vulnerable to frequency analysis – different ciphertext symbols can represent the same plaintext symbol • 1 → many relationship between Moby Dick Shakespeare letter and substitute J (1.2M chars) (55.8M chars) Leon Battista Alberti: 1466: invented key G M P Q A B Z – two disks S Y C e 12.300% e 11.797% D – line up predetermined letter on o 7.282% o 8.299% inner disk with outer disk d 4.015% d 3.943% – plaintext on inner → ciphertext on b 1.773% b 1.634% outer x 0.108% x 0.140% – after n symbols, the disk is rotated to encrypt: A → J a new alignment decrypt: J → A Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher • Blaise de Vigenère , court of Henry III of France, 1518 plaintext letter • Use table and key word to encipher a message A B C D E F G H I J K L M N O P Q R S T • repeat keyword over text: (e.g. key= FACE) FA CEF ACE FACEF .... A B C D E F G H I J K L M N O P Q R S T MY CAT HAS FLEAS B C D E F G H I J K L M N O P Q R S T U • encrypt: find intersection: C D E F G H I J K L M N O P Q R S T U V row = keyword letter D E F G H I J K L M N O P Q R S T U V W column = plaintext letter keytext E F G H I J K L M N O P Q R S T U V W X • decrypt: column = keyword letter, search for letter F G H I J K L M N O P Q R S T U V W X Y intersection = ciphertext letter • message is encrypted with as many substitution ciphers ciphertext letter as there are letters in the keyword Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems 5

  6. Vigenère polyalphabetic cipher Vigenère polyalphabetic cipher FA CEF ACE FACEF FA CEF ACE FACEF MY CAT HAS FLEAS MY CAT HAS FLEAS R RY EEY HCW KLGEX A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems Transposition ciphers • Permute letters in plaintext according to rules • Knowledge of rules will allow message to be decrypted Transposition Ciphers Paul Krzyzanowski • Distributed Systems Transposition ciphers: staff cipher Transposition ciphers: staff cipher MYCATHASFLEAS MYCATHASFLEAS M M Y Y C C HAS HAS MHE MHEYAA CSS EAS EAS M C H S E S Paul Krzyzanowski • Distributed Systems Paul Krzyzanowski • Distributed Systems 6

Recommend


More recommend