cryptography
play

Cryptography Deian Stefan Adopted slides from Kirill Levchenko and - PowerPoint PPT Presentation

Oct 16, 2022 •161 likes •701 views

CSE 127: Computer Security Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh Cryptography Is: A tremendous tool The basis for many security mechanisms Is not: The solution to all security problems

  1. CSE 127: Computer Security Cryptography Deian Stefan Adopted slides from Kirill Levchenko and Dan Boneh

  2. Cryptography • Is: ➤ A tremendous tool ➤ The basis for many security mechanisms • Is not: ➤ The solution to all security problems ➤ Reliable unless implemented and used properly ➤ Something you should try to invent yourself ➤ Blockchain

  3. Cryptography • Is: ➤ A tremendous tool ➤ The basis for many security mechanisms • Is not: ➤ The solution to all security problems ➤ Reliable unless implemented and used properly ➤ Something you should try to invent yourself ➤ Blockchain

  4. Cryptography • Is: ➤ A tremendous tool ➤ The basis for many security mechanisms • Is not: ➤ The solution to all security problems ➤ Reliable unless implemented and used properly ➤ Something you should try to invent yourself ➤ Blockchain

  5. This class: secure communication Eve Alice Bob ➤ Authenticity: Parties cannot be impersonated ➤ Secrecy: No one else can read messages ➤ Integrity: messages cannot be modified

  6. Attacker models Eve Alice Bob ➤ Passive attacker: Eve only snoops on channel ➤ Active attacker: Eve can snoop, inject, block, tamper, etc.

  7. In the real world (SSL/TLS) ➤ Handshake Protocol: Establish shared secret key 
 using public-key cryptography ➤ Record Layer: Transmit data protected by symmetric-key cryptography (using negotiated key)

  8. Outline • Symmetric-key crypto ➤ Encryption ➤ Hash functions ➤ Message authentication code • Asymmetric (public-key) crypto ➤ Encryption ➤ Digital signatures

  9. Symmetric-key encryption m c c m E D k k • Encryption: (key, plaintext) → ciphertext ➤ E k (m) = c • Decryption: (key, ciphertext) → plaintext ➤ D k (c) = m

  10. Symmetric-key encryption m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  11. Symmetric-key encryption m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  12. Symmetric-key encryption n n m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  13. Symmetric-key encryption Need unique/random nonce n n m c c m E D k k • One-time key: used to encrypt one message ➤ E.g., encrypted email, new key generate per email • Multi-use key: used to encrypt multiple messages ➤ E.g., SSL, same key used to encrypt many packets

  14. Encryption properties • Encryption and decryption are inverse operations ➤ D k (E k (m)) = m • Secrecy: ciphertext reveals nothing about plaintext ➤ More formally: can’t distinguish which of two plaintexts were encrypted without key

  15. First example: One Time Pad Vernam (1917) 0 1 0 1 1 1 0 0 1 0 Key: ⊕ 1 1 0 0 0 1 1 0 0 0 Plaintext: 1 0 0 1 1 0 1 0 1 0 Ciphertext: ➤ Encryption: c = E k (m) = m ⨁ k ➤ Decryption: D k (c) = c ⨁ k = (m ⨁ k) ⨁ k = m

  16. First example: One Time Pad Vernam (1917) 0 1 0 1 1 1 0 0 1 0 Key: ⊕ 1 1 0 0 0 1 1 0 0 0 Plaintext: 1 0 0 1 1 0 1 0 1 0 Ciphertext: ➤ Encryption: c = E k (m) = m ⨁ k ➤ Decryption: D k (c) = c ⨁ k = (m ⨁ k) ⨁ k = m

  17. First example: One Time Pad Vernam (1917) 0 1 0 1 1 1 0 0 1 0 Key: ⊕ 1 1 0 0 0 1 1 0 0 0 Plaintext: 1 0 0 1 1 0 1 0 1 0 Ciphertext: ➤ Encryption: c = E k (m) = m ⨁ k ➤ Decryption: D k (c) = c ⨁ k = (m ⨁ k) ⨁ k = m

  18. OTP security • Shannon (1949) ➤ Information theoretic security: without key, ciphertext reveals no “information” about plaintext • Problems with OTP ➤ Can only use key once ➤ Key is as long as the message

  19. Computational cryptography • Want the size of the secret to be small ➤ If pre-arranged secret smaller than message, not all plaintexts equally probable — ciphertext reveals info about plaintext • Modern cryptography based on idea that learning anything about plaintext from ciphertext is computationally difficult without secret

  20. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  21. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key PRG ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  22. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key E k (m) = PRG (k) ⊕ m PRG ⊕ message ciphertext ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  23. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key key E k (m) = PRG (k) ⊕ m PRG ⊕ message ciphertext ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  24. Stream ciphers • Problem: OTP key is as long as message • Solution: Pseudo random key Computationally hard to distinguish from random key E k (m) = PRG (k) ⊕ m PRG ⊕ message ciphertext ➤ Examples: ChaCha, Salsa, Sosemanuk, etc.

  25. Dangers in using stream ciphers • Can we use a key more than once? ➤ E.g., c 1 ← m 1 ⊕ PRG(k) c 2 ← m 2 ⊕ PRG(k) ➤ A: yes, B: no ➤ Eavesdropper does: c 1 ⊕ c 2 → m 1 ⊕ m 2 ➤ Enough redundant information in English that: 
 m 1 ⊕ m 2 → m 1 , m 2

  26. Dangers in using stream ciphers • Can we use a key more than once? ➤ E.g., c 1 ← m 1 ⊕ PRG(k) c 2 ← m 2 ⊕ PRG(k) ➤ A: yes, B: no ➤ Eavesdropper does: c 1 ⊕ c 2 → m 1 ⊕ m 2 ➤ Enough redundant information in English that: 
 m 1 ⊕ m 2 → m 1 , m 2

  27. Block ciphers: crypto work horses m c c m E D k k • Block ciphers operate on fixed-size blocks ➤ E.g., 3DES: |m| = |c| = 64 bits, |k| = 168 bits ➤ E.g., AES: |m| = |c| = 128 bits, |k| = 128, 192, 256 • A block cipher = permutation of fixed-size inputs ➤ Each input mapped to exactly one output

  28. How do they work? key k key expansion k 1 k 2 k 3 k n R(k 1 , ⋅ ) R(k 2 , ⋅ ) R(k 3 , ⋅ ) R(k n , ⋅ ) m c R(k,m): round function for 3DES (n=48), for AES-128 (n=10)

  29. How do they work?

  30. Challenges with block ciphers • Block ciphers operate on single fixed-size block • How do we encrypt longer messages? ➤ Several modes of operation for longer messages • How do we deal with messages that are not block-aligned? ➤ Must pad messages in a distinguishable way

  31. Challenges with block ciphers • Block ciphers operate on single fixed-size block • How do we encrypt longer messages? ➤ Several modes of operation for longer messages • How do we deal with messages that are not block-aligned? ➤ Must pad messages in a distinguishable way

  32. Challenges with block ciphers • Block ciphers operate on single fixed-size block • How do we encrypt longer messages? ➤ Several modes of operation for longer messages • How do we deal with messages that are not block-aligned? ➤ Must pad messages in a distinguishable way

  33. ECB mode Source: wikipedia

  34. Is ECB good? A: yes, B: no Source: wikipedia

  35. Is ECB good? A: yes, B: no E k ( )= Source: wikipedia

  36. CBC mode with random IV Source: wikipedia

  37. CBC mode with random IV Subtle attacks that abuse padding possible! Source: wikipedia

  38. CTR mode with random IV Source: wikipedia

  39. CTR mode with random IV Essentially use block cipher as stream cipher! Source: wikipedia

  40. What security do we actually get? • All encryption breakable by brute force given enough knowledge about plaintext • Try to decrypt ciphertext with every possible key until a valid plaintext is found • Attack complexity proportional to size of key space ➤ 64-bit key requires 2 ⁶ ⁴ decryption attempts

  41. Outline • Symmetric-key crypto ➤ Encryption ➤ Hash functions ➤ Message authentication code • Asymmetric (public-key) crypto ➤ Encryption ➤ Digital signatures

  42. 
 
 Hash Functions • A (cryptographic) hash function maps arbitrary length input into a fixed-size string 
 m h=H(m) H h ➤ |m| is arbitrarily large ➤ |h| is fixed, usually 128-512 bits 


  43. Hash Function Properties • Finding a pre-image is hard ➤ Given h, find m such that H(m)=h • Finding a collision is hard ➤ Find m 1 and m 2 such that H(m 1 )=H(m 2 )

  44. Hash Functions • MD5: Message Digest ➤ Designed by Ron Rivest ➤ Very popular hash function ➤ Output: 128 bits ➤ Broken — do not use!

  45. Hash Functions • SHA-1: Secure Hash Algorithm 1 ➤ Designed by NSA ➤ Output: 160 bits ➤ Broken — do not use! • SHA-2: Secure Hash Algorithm 2 ➤ Designed by NSA ➤ Output: 224, 256, 384, or 512 bits ➤ Recommended for use today

  46. Hash Functions • SHA-3: Secure Hash Algorithm 3 ➤ Result of NIST SHA-3 contest ➤ Output: arbitrary size ➤ Replacement once SHA-2 broken

  47. Outline • Symmetric-key crypto ➤ Encryption ➤ Hash functions ➤ Message authentication code • Asymmetric (public-key) crypto ➤ Encryption ➤ Digital signatures

Recommend

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -> C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography ("secret writing"): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography & Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004

FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004

FIPS 201 Cryptography FIPS 201 Cryptography Tim Polk tim.polk@nist.gov Nov 18, 2004 Cryptography in FIPS 201 Cryptography in FIPS 201 Digital signatures on logical credentials o CHUID, X.509 certificates, biometrics Cryptographic

272 views • 12 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239,

263 views • 11 slides
Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric

Outline Cryptography and Encryption Uses of cryptography Algorithms Symmetric cryptography CS 239 Asymmetric cryptography Computer Security January 26, 2005 Lecture 5 Lecture 5 Page 1 Page 2 CS 239, Winter 2005 CS 239,

321 views • 13 slides
Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of

Cryptography Intro and RSA Well, a gentle intro to cryptography, followed by a description of public key crypto and RSA. Fall 2018 CS 222: Discrete Structures 1 Definition Cryptology is the study of secret writing Concerned with

681 views • 54 slides
Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption

Cryptography Basics Part 1: Concepts Cryptology: Contents Cryptography goals Encryption principles Encryption quality Cryptography Public key cryptography The art of making Next week: Example algorithms DES, AES, AES

893 views • 78 slides
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital signing Public

682 views • 26 slides
Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent slow speed of the public key

442 views • 14 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption: with

445 views • 17 slides

More recommend