cast of characters
play

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice - PDF document

Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending secret messages to Basic Tools and Protocols each other. Eve Frank Beatrous Eve is always listening in (Eavesdropping) on Alices and Bobs


  1. Cast of Characters Alice and Bob Applied Cryptography Week 1 Alice and Bob are always sending secret messages to Basic Tools and Protocols each other. Eve Frank Beatrous Eve is always listening in (Eavesdropping) on Alice’s and Bob’s conversations. Mallory Mallory is always trying to tamper with Alice’s and Bob’s data. Applied Cryptography Week 1Basic Tools and Protocols – p.1/53 Applied Cryptography Week 1Basic Tools and Protocols – p.2/53 The Basic Problems of Cryptography Secrecy Alice wants to send Bob a message without revealing it’s content to Eve. Basic Tool: Symmetric Encryption Applied Cryptography Week 1Basic Tools and Protocols – p.3/53 Applied Cryptography Week 1Basic Tools and Protocols – p.4/53 Symmetric Algorithms Shared Secrets Symmetric encryption (AKA secret key encryption) uses To use symmetric encryption, Alice and Bob must share two algorithms: a secret key. Plaintext Key Ciphertext Key Security of symmetric encryption depends on keeping the key secret from Eve. Encryption Decryption Algorithm Algorithm Ciphertext Plaintext The same key is used for encryption and decryption. Applied Cryptography Week 1Basic Tools and Protocols – p.5/53 Applied Cryptography Week 1Basic Tools and Protocols – p.6/53 A Toy Symmetric Cipher Commonly Used Symmetric Algorithms A toy example: Shift cipher Some commonly used symmetric algorithms: The key is a number k between 0 and 25. DES, 3DES, AES, CAST, IDEA, BLOWFISH, TWOFISH Encryption: Each character is right shifted by k characters, wrapping around to the beginning of the alphabet when the end is reached. plaintext: Z E B R A k = 3 ↓ ↓ ↓ ↓ ↓ ciphertext: C H E U D Decryption: Each character is left shifted by k characters. Applied Cryptography Week 1Basic Tools and Protocols – p.7/53 Applied Cryptography Week 1Basic Tools and Protocols – p.8/53

  2. The Key Exchange Problem Alice and Bob have never met, but want to use symmetric encryption. How can they agree on a shared secret key without revealing it to Eve? Basic Tool: Public Key Encryption Applied Cryptography Week 1Basic Tools and Protocols – p.9/53 Applied Cryptography Week 1Basic Tools and Protocols – p.10/53 Public Key Algorithms Sending a Secret Message Public key encryption (AKA asymmetric encryption) Sending Bob a secret message uses two keys: Bob publishes his encryption key, and keeps his Plaintext Public key Ciphertext Secret key decryption key secret. Alice looks up Bob’s public encryption key. Alice encrypts her message using Bob’s encryption Encryption Decryption key. Algorithm Algorithm Alice sends the encrypted message to Bob. (And Eve, of course, intercepts it.) Ciphertext Plaintext Bob decrypts Alice’s message using his secret decryption key. In contrast with symmetric encryption, different keys are used for encryption and decryption. Applied Cryptography Week 1Basic Tools and Protocols – p.11/53 Applied Cryptography Week 1Basic Tools and Protocols – p.12/53 Basic Security Key Generation Key security requirement: It should be difficult to Key generation: In addition to encryption and decryption recover the decryption key from the encryption key. algorithms, public key methods require a key generation algorithm, which produces matched pairs of keys. Random input Key generation algorithm Encryption Decryption key key Applied Cryptography Week 1Basic Tools and Protocols – p.13/53 Applied Cryptography Week 1Basic Tools and Protocols – p.14/53 Commonly Used Algorithms Widely used public key algorithms: RSA, ElGamal. Hybrid Encryption Applied Cryptography Week 1Basic Tools and Protocols – p.15/53 Applied Cryptography Week 1Basic Tools and Protocols – p.16/53

  3. Hybrid Encryption Why Use a Hybrid System? Hybrid encryption uses both symmetric and public key Symmetric algorithms are much faster than public key methods. algorithms. Alice looks up Bob’s public encryption key. Public key encryption solves the key exchange problem. Alice generates a random session key. Hybrid systems give the advantages of both by using public key methods only for initial setup. Alice encrypts the session key to Bob’s encryption key. Virtually all public key encryption packages use hybrid Alice sends the encrypted session key to Bob. methods, including PGP , SSL SSH. Bob decrypts the session key with his secret decryption key. Alice and Bob exchange messages using a symmetric algorithm and the shared session key. Applied Cryptography Week 1Basic Tools and Protocols – p.17/53 Applied Cryptography Week 1Basic Tools and Protocols – p.18/53 One Way Hash (AKA Message Digest) A one way hash algorithm takes an arbitrary length message as input and produces a fixed length message digest as output. Authentication Tools Message Hash Algorithm Message Digest “One way” means it’s computationally difficult to find two messages that hash to the same value. Applied Cryptography Week 1Basic Tools and Protocols – p.19/53 Applied Cryptography Week 1Basic Tools and Protocols – p.20/53 Verifying Data with a Hash Message Authentication Codes (MACs) A message digest serves as a digital fingerprint for A MAC is a hash algorithm that takes a secret key as an data. additional input. message key To verify integrity of data: Obtain the message digest from a reliable source. MAC Algorithm Use the hash algorithm to calculate the message digest. MAC Compare the calculated value with the value obtained in the first step. The data is assumed intact Using a secret key protects against forgery. if the two values agree. MAC can only be verified by someone who knows the Popular hash algorithms: MD4, MD5, SHA secret key. Applied Cryptography Week 1Basic Tools and Protocols – p.21/53 Applied Cryptography Week 1Basic Tools and Protocols – p.22/53 Signatures Using Signature Algorithms Digital signatures require separate algorithms for Sending Bob a Signed message signing and verifying, as well as a key generation Alice composes a message to Bob and signs it with algorithm. her secret signing key. Message Secret key Message Signature Public key Alice sends Bob the message and the signature. Bob looks up Alice’s public verification key. Signing Verification Bob uses Alice’s public key to verify Alice’s signature. Algorithm Algorithm Signature Result: valid/invalid Applied Cryptography Week 1Basic Tools and Protocols – p.23/53 Applied Cryptography Week 1Basic Tools and Protocols – p.24/53

  4. Using Signature Algorithms (2) Signing/Verification Keys A valid signature insures that: Popular public key encryption systems (RSA, ElGamal) also support digital signatures The message actually came from Alice, since only Alice knows her secret signing key. Secret decryption keys can also be used for signing. Mallory has not tampered with the message, since a Public encryption keys can also be used for modified message will cause verification to fail. signature verification. In addition to full public key systems supporting both encryption and signing, there is at least one signature only system (DSA) in common use. Applied Cryptography Week 1Basic Tools and Protocols – p.25/53 Applied Cryptography Week 1Basic Tools and Protocols – p.26/53 Signature Length Signing a Message Digest Since no two messages can produce the same Practical signature schemes generally combine signatures signature, a signature must contain as much with one way hashes. information as the message being signed. Message Hash Message Digest Secret key Algorithm A signature must, therefore, be as long as the message. Full signatures are impractical on long messages. Signing Algorithm Signature Applied Cryptography Week 1Basic Tools and Protocols – p.27/53 Applied Cryptography Week 1Basic Tools and Protocols – p.28/53 Verifying a Signed Digest Hash Message Message Signature Public key Digest Algorithm Security Considerations: Symmetric Encryption Verification Algorithm Result: valid/invalid Applied Cryptography Week 1Basic Tools and Protocols – p.29/53 Applied Cryptography Week 1Basic Tools and Protocols – p.30/53 Brute Force Attack (2) Brute Force Attack A brute force attack tries the decryption algorithm with In 1998, the Electronic Frontier Foundation built a every possible key on a given ciphertext until one is dedicated machine for brute forcing DES. found that correctly decrypts. Deep Crack could test 92 billion DES keys per second The time required for a brute force attack depends on the number of possible keys that must be tried and the DES keys could be broken in an average of four speed at which they can be tested. The table below days. compares the time for a brute force attack at rates of one million keys per second and 100 billion keys per The cost of building the machine in 1998 was second for keys of various sizes. $200,000. 10 6 keys/sec 10 11 keys/sec Key length (bits) 40 12.7 days 11 seconds The following year, a DES key was broken in 23 hours using a distributed attack using idle time of over 56 2285 years 8.3 days 100,000 computers. 10 25 years 10 20 years 128 Applied Cryptography Week 1Basic Tools and Protocols – p.31/53 Applied Cryptography Week 1Basic Tools and Protocols – p.32/53

Recommend


More recommend