cryptography i
play

Cryptography I David Basin Institut f ur Informatik - PowerPoint PPT Presentation

Cryptography I David Basin Institut f ur Informatik Albert-Ludwigs-Universit at Freiburg IT-Security: Theory and Practice (WS02) David Basin 1 Motivation then and now Three can keep a secret, if two of them are dead. Benjamin


  1. Cryptography I David Basin Institut f¨ ur Informatik Albert-Ludwigs-Universit¨ at Freiburg IT-Security: Theory and Practice (WS02)

  2. David Basin 1 Motivation then and now Three can keep a secret, if two of them are dead. — Benjamin Franklin We interact and transact by directing flocks of digital packets towards each other through cyberspace, carrying love notes, digital cash, and secret corporate documents. Our personal and economic lives rely on our ability to let such ethereal carrier pigeons mediate at a distance what we used to do with face-to-face meetings, paper documents, and a firm handshake. How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of $10,000,000,000 to another bank? Fortunately, the mathematics of cryptography can help. — Ron Rivest IT-Security: Theory and Practice (WS02) 29.10.02

  3. David Basin 2 Road map • Basic concepts • A mathematical formalization • Symmetric-key encryption IT-Security: Theory and Practice (WS02) 29.10.02

  4. David Basin 3 Network security model Trusted Third Party Principal Principal Message Message Information Channel Secret Secret Information Information Opponent Since information channel is untrusted, measures must be taken to ensure confidentiality (integrity, ...) of transactions. IT-Security: Theory and Practice (WS02) 29.10.02

  5. David Basin 4 Security measures and mechanisms • Prevention: measures that hinder asset damage. Real-world: build a castle with a moat and crocodiles. E-Commerce: encrypt your credit card number. • Detection: measures to detect when an asset has been damaged, how it has been damaged, and who caused the damage. Real-world: install a closed-circuit television. E-Commerce: monthly statement of credit card transactions. • Reaction: take measures to recover your assets or rectify damages. Real-world: call the police and pray. E-Commerce: block old card and request a new one. IT-Security: Theory and Practice (WS02) 29.10.02

  6. David Basin 5 Information hiding STEGANOGRAPHY (hidden) SECRET CODE WRITING (replace words) SUBSTITUTION CRYPTOGRAPHY CIPHER (scrambled) (replace letters) TRANSPOSITION • Cryptology: the study of secret writing. • Steganography: the science of hiding messages in other messages. • Cryptography: the science of secret writing. N.B. Terms like encrypt, encode, and encipher are often (loosely and wrongly) used interchangeably IT-Security: Theory and Practice (WS02) 29.10.02

  7. David Basin 6 Cryptographic algorithms • General Schema: E key 1 ( P ) = C , D key 2 ( C ) = P Key1 Key2 Ciphertext Plaintext Plain Text Encryption Decryption P C P • Security depends on secrecy of the key, not the algorithm • Symmetric algorithms – Key1 = Key2, or are easily derived from each other. • Asymmetric or public key algorithms – Different keys, which cannot be derived from each other. – Public key can be published without compromising private key. IT-Security: Theory and Practice (WS02) 29.10.02

  8. David Basin 7 Other cryptographic primitives • A function f : X → Y is a one-way function, if f is “easy” to compute for all x ∈ X , but f − 1 is “hard” to compute “Easy” and “hard” with respect to complexity theory • A hash function is a one-way function that maps messages of arbitrary length to a fixed size value (e.g., 128 bits) • We will see other cryptographic primitives later Trapdoor functions, pseudo-random generators, . . . IT-Security: Theory and Practice (WS02) 29.10.02

  9. David Basin 8 Goals for cryptographic algorithms Key1 Key2 Ciphertext Plaintext Plain Text Encryption Decryption P C P • Encryption and decryption are easy if keys are known. • Keep plaintext (or keys) secret from attacker. I.e., it is hard to: – get P from C without Key2. – get the keys even if given one or more pairs of C and corresponding P , IT-Security: Theory and Practice (WS02) 29.10.02

  10. David Basin 9 Cryptanalysis • Cryptanalysis: science of recovering the plaintext from ciphertext without the key. • Always assume attackers know the algorithms used! – Worst-case analysis and realistic in open systems – Algorithms should be published to facilitate the evaluation of their security. • Contrast with security by obscurity. Analogy : hide a letter under your mattress versus lock it in a safe, whose design has been published and whose locking mechanism has withstood attacks from the world’s best safecrackers. IT-Security: Theory and Practice (WS02) 29.10.02

  11. David Basin 10 Kinds of attacks Ciphertext only Given: C 1 = E K ( M 1 ) , . . . , C n = E K ( M n ) Deduce: M 1 , . . . , M n or algorithm to compute M n +1 from C n +1 = E K ( M n +1 ) Known plaintext Given: M 1 , C 1 = E K ( M 1 ) , . . . , M n , C n = E K ( M n ) Deduce: Inverse key or algorithm to compute M n +1 from C n +1 = E K ( M n +1 ) Chosen plaintext Same as above but cryptanalyst may choose M 1 , . . . , M n . Adaptive chosen plaintext Cryptanalyst can not only choose plaintext, but he can modify the plaintext based on encryption results. Chosen ciphertext Cryptanalyst can chose different ciphertexts to be decrypted and gets access to the decrypted plaintext. Rubber-hose Cryptanalyst bribes or tortures someone until he gets the key! IT-Security: Theory and Practice (WS02) 29.10.02

  12. David Basin 11 Road map • Basic concepts • A mathematical formalization • Symmetric key encryption IT-Security: Theory and Practice (WS02) 29.10.02

  13. David Basin 12 Encryption/decryption • A , the alphabet, is a finite set. • M , the message space, is A ∗ , the finite strings over A . M ∈ M is a plaintext (message). • C is the ciphertext space, whose alphabet may differ from M . • K denotes the key space of keys. • Each e ∈ K determines a bijective function from M to C , denoted by E e . E e is the encryption function (or transformation). • For each d ∈ K , D d denotes a bijection from C to M . D d is the decryption function. • Applying E e (or D d ) is called encryption (or decryption). IT-Security: Theory and Practice (WS02) 29.10.02

  14. David Basin 13 Encryption/decryption (cont.) • An encryption scheme (or cipher) consists of a set { E e : e ∈ K} and a corresponding set { D e : e ∈ K} with the property that for each e ∈ K there is a unique d ∈ K such that D d = E − 1 ; i.e., e D d ( E e ( m )) = m for all m ∈ M . • The keys e and d above form a key pair, sometimes denoted by ( e , d ) . They can be identical. • To construct an encryption scheme requires fixing a message space M , a ciphertext space C and a key space K , as well as encryption transformations { E e : e ∈ K} and corresponding decryption transformations { D d : d ∈ K} . IT-Security: Theory and Practice (WS02) 29.10.02

  15. David Basin 14 Question — why bother with keys? • Formalization based on two parties exchanging a key pair ( e , d ) to achieve confidentiality. • Why not just exchange encryption/decryption functions? IT-Security: Theory and Practice (WS02) 29.10.02

  16. David Basin 14 Question — why bother with keys? • Formalization based on two parties exchanging a key pair ( e , d ) to achieve confidentiality. • Why not just exchange encryption/decryption functions? • Answer: By exchanging key pairs, if some encryption/decryption transformation is revealed, one doesn’t have to redesign entire scheme. Just exchange new keys! • Analogy with combination lock: If your combination is compromised, just change it, not the physical lock. However, if the lock design is compromised . . . IT-Security: Theory and Practice (WS02) 29.10.02

  17. David Basin 15 An example Let M = { m 1 , m 2 , m 3 } and C = { c 1 , c 2 , c 3 } . There are 3! = 6 bijections from M to C . The key space K = { 1 , 2 , 3 , 4 , 5 , 6 } specifies these transformations. E1 E2 E3 m1 c1 m1 c1 m1 c1 m2 c2 m2 c2 m2 c2 m3 c3 m3 c3 m3 c3 E4 E5 E6 m1 c1 m1 c1 m1 c1 m2 c2 m2 c2 m2 c2 m3 c3 m3 c3 m3 c3 Suppose Alice and Bob agree on the transformation E 1 . To encrypt m 1 , Alice computes E 1 ( m 1 ) = c 3 . Bob decrypts c 3 by reversing the arrows on the diagram for E 1 and observing that c 3 points to m 1 . IT-Security: Theory and Practice (WS02) 29.10.02

  18. David Basin 16 Road map • Basic concepts • A mathematical formalization • Symmetric-key encryption Codes, substitution ciphers, transposition ciphers, one-time pads. IT-Security: Theory and Practice (WS02) 29.10.02

  19. David Basin 17 Symmetric key encryption • Consider an encryption scheme { E e : e ∈ K} and { D d : d ∈ K} . The scheme is symmetric-key if for each associated pair ( e , d ) it is computationally “easy” to determine d knowing only e and to determine e from d . In practice e = d . • Other terms: single-key, one-key, private-key, and conventional encryption. • A block cipher is an encryption scheme that breaks up the plaintext message into strings (blocks) of a fixed length t and encrypts one block at a time. • A stream cipher is one where the block-length is 1. • In contrast, codes work on words of varying length. IT-Security: Theory and Practice (WS02) 29.10.02

  20. David Basin 18 Codes • Code: a string of symbols stands for a complete message. • Translation given by a ‘code-book’. Word Code ... ... The 1701 secret 5603 mischiefs 4008 that 3790 I 2879 set 0524 ... ... IT-Security: Theory and Practice (WS02) 29.10.02

Recommend


More recommend