cs cs 683 683 security y and privacy sp spri ring 2018
play

CS CS 683 683 - Security y and Privacy Sp Spri ring 2018 In - PowerPoint PPT Presentation

CS CS 683 683 - Security y and Privacy Sp Spri ring 2018 In Instructor or: Ka Karim El Elde defrawy Un University ty of of Sa San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching/ spring2018/cs683/cs683_main.htm


  1. CS CS 683 683 - Security y and Privacy Sp Spri ring 2018 In Instructor or: Ka Karim El Elde defrawy Un University ty of of Sa San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching/ spring2018/cs683/cs683_main.htm (https://goo.gl/t396Fw) 1

  2. Lectures 3 and 4 Encryption Suggested Readings: • Chs 3 & 4 in KPS (recommended) • Ch 3 in Stinson (optional) 2

  3. Cryptography Cr The word cryptography comes from the Greek words κρυπτός (hidden or secret) and γράφειν (writing). So historically cryptography has been the “art of secret writing.” Most of cryptography is currently well grounded in mathematics and it can be debated whether there’s still an “art” aspect to it. 3 3

  4. Histor Hi orical (P (Primiti tive) ) Ciphers • Shift (e.g., Caesar): Enc (x) = x+k mod 26 k • Affine: Enc (x) = k1 *x + k2 mod 26 k1,k2 • Substitution: Enc (x) = perm(x) perm • Vigenere: Enc (x) = ( X[0]+K[0], X[1]+K[1], … ) K • Vernam: One-Time Pad (OTP) 4

  5. Som Some Hi Histor ory: Caesar’s Cipher Homo Krpr Hominem Krplqhp Lupus! Oxsxv! 5

  6. Sh Shift t (Caesar) Cipher Example: K = 11 W E W I L L M E E T A T M I D N I G H T 22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 19 7 15 7 19 22 22 23 15 15 4 11 4 23 19 14 24 19 17 18 4 H P H T W W X P P E L E X T O Y T R S E • How many keys are there? • How many trials are needed to find the key? 6

  7. Probability of Occurrence of Lette Pr ters in English 0.14 0.127 0.12 0.1 0.091 0.082 0.08 0.075 0.07 0.067 0.063 0.061 0.06 0.06 0.043 0.04 0.04 0.028 0.028 0.024 0.023 0.022 0.02 0.02 0.019 0.02 0.015 0.01 0.008 0.002 0.001 0.001 0.001 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 7

  8. Encryp Enc yption n Princ ncipl ples • A cryptosystem has (at least) five ingredients: – Plaintext – Secret Key – Ciphertext – Encryption Algorithm – Decryption Algorithm • Security usually depends on the secrecy of the key, not the secrecy of the algorithms 8

  9. Cr Cryp ypto Ba Basi sics 9

  10. Average Ti Time Required fo for Exha Exhaus ustive Ke Key Sear earch (f (for Bru Brute Fo Force Atta ttacks) ) Key Size Number of Time required at 10 6 (bits) Alternative Keys Decryption/µs 2 32 = 4.3 x 10 9 32 2.15 milliseconds 2 56 = 7.2 x 10 16 56 10 hours 5.4 x 10 18 years 128 2 128 = 3.4 x 10 38 5.9 x 10 30 years 168 2 168 = 3.7 x 10 50 10

  11. Ty Types of Attainable Security • Perfect, unconditional or “information theoretic”: the security is evident free of any (computational/hardness) assumptions • Reducible or “provable”: security can be shown to be based on some common (often unproven) assumptions, e.g., the conjectured difficulty of factoring large integers • Ad hoc: the security seems good often -> “snake oil”… Take a look at: http://www.ciphersbyritter.com/GLOSSARY.HTM 11

  12. Comp Co mputational Se Securi rity • Encryption scheme is computationally secure if – Cost of breaking it (via brute force) exceeds the value of the encrypted information; or – Time required to break it exceeds useful lifetime of the encrypted information • Most modern schemes we will see are considered computationally secure – Usually rely on very large key-space, impregnable to brute force • Most advanced schemes rely on lack of knowledge of effective algorithms for certain hard problems, not on a proven inexistence of such algorithms (reducible security)! – Such as: factoring, discrete logarithms, etc. 12

  13. Decryption Examples 13

  14. Caesar Cipher Examples • Decode this ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ • Decode this ciphertext: PELCGBTENCUL VF ABG NF RNFL NF VG ZNL FRRZ 15

  15. Probability of Occurrence of Lette Pr ters in English 0.14 0.127 0.12 0.1 0.091 0.082 0.08 0.075 0.07 0.067 0.063 0.061 0.06 0.06 0.043 0.04 0.04 0.028 0.028 0.024 0.023 0.022 0.02 0.02 0.019 0.02 0.015 0.01 0.008 0.002 0.001 0.001 0.001 0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 14

  16. Cr Cryp yptosystems ms Classified along three dimensions: 1. Type of operations used for transforming plaintext into ciphertext Binary arithmetic: shifts, XORs, ANDs, etc. • Typical for conventional (or symmetric) encryption • Integer arithmetic • • Typical for public key (or asymmetric) encryption 2. Number of keys used Symmetric or conventional (single key used) • Asymmetric or public key (2 keys: 1 to encrypt, 1 to decrypt) • 3. How plaintext is processed: One bit at a time • A string of any length • A block of bits • 16

  17. Co Conventional (S (Symme ymmetri ric) ) Cr Cryp yptography K AB K AB decryption encryption ciphertext plaintext plaintext algorithm algorithm m m = K ( ) K (m) K (m) AB AB AB • Alice and Bob share a key K AB which they somehow agree upon (how?) • key distribution / key management problem • ciphertext is roughly as long as plaintext • examples: Substitution, Vernam OTP, DES, AES 19

  18. Us Uses es of Conven entio tional al Cryptograp aphy • Message Transmission (confidentiality): • Communication over insecure channels • Secure Storage: crypt on Unix • Strong Authentication: proving knowledge of a secret without revealing it: • See next slide • Eve can obtain chosen <plaintext, ciphertext> pair • Challenge should be chosen from a large pool • Integrity Checking: fixed-length checksum for message via secret key cryptography • Send MAC along with the message MAC=H(m,K) 20

  19. Challenge-Re Ch Response Authentication Ex Exampl ple K AB K AB r a challenge K AB (r a ) challenge reply r b challenge K AB (r b ) challenge reply 19

  20. Co Conventional Cr Cryp yptography Ø Advantages l high data throughput l relatively short key size l primitives to construct various cryptographic mechanisms Ø Disadvantages l key must remain secret at both ends l key must be distributed securely and efficiently l relatively short key lifetime 20

  21. Public Key Crypto Pu tography • Asymmetric Cryptography • Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir-Adleman) • Two keys: private (SK), public (PK) • Encryption: with public key; • Decryption: with private key • Digital Signatures: Signing by private key; Verification by public key. i.e., “encrypt” message digest/hash -- h ( m ) -- with private key • Authorship (authentication) • Integrity: Similar to MAC • Non-repudiation: cannot do with secret key cryptography • Much slower (~1000x) than conventional cryptography • Often used together with conventional cryptography, e.g., to encrypt session keys 21

  22. Ge Genesis is of of P Public Ke Key Cryptography: Dif Diffie ie- Hellm Hellman an Paper aper 22

  23. Public Key Crypto Pu tography Bob’s public key Bob’s private key PK B SK B encryption decryption plaintext ciphertext plaintext algorithm algorithm message, m message PK (m) B m = SK ( PK (m) ) B B 23

  24. Us Uses es of Public lic Key Cryptograp aphy • Data Transmission (confidentiality): • Alice encrypts m a using PK B , Bob decrypts it to obtain m a using SK b . • Secure Storage: encrypt with own public key, later decrypt with own private key • Authentication: • No need to store secrets, only need public keys. • Secret key cryptography: need to share secret key for every person one communicates with • Digital Signatures (authentication, integrity, non- repudiation) 24

  25. Pu Public Key Crypto tography Ø Advantages l only the private key must be kept secret l relatively long life time of the key l more security services l relatively efficient digital signatures mechanisms Ø Disadvantages l low data throughput l much larger key sizes l distribution/revocation of public keys l security based on conjectured hardness of certain computational problems 25

  26. Co Comp mpari riso son Su Summa mmary Ø Public Key l Encryption, signatures (esp., non-repudiation) and key management Ø Conventional l Encryption and some data integrity applications Ø Key Sizes l Keys in public key crypto must be larger ( e.g., 2048 bits for RSA ) than those in conventional crypto ( e.g., 112 bits for 3-DES or 256 bits for AES ) • most attacks on “good” conventional cryptosystems are exhaustive key search (brute force) • public key cryptosystems are subject to “short-cut” attacks (e.g., factoring large numbers in RSA) 26

  27. “M “Moder dern” n” Block Cipher phers Da Data E a Encr cryptio ion S Stan andar ard ( (DE DES)

  28. Generic Example of Block k Encryp yption 30

  29. Fe Feistel Ci Cipher St Stru ructure • Virtually all conventional block encryption algorithms, including DES, have a structure first described by Horst Feistel of IBM in 1973 • Specific realization of a Feistel Network depends on the choice of the following parameters and features: 29

  30. Fe Feistel Ci Cipher St Stru ructure • Block Size: larger block sizes mean greater security • Key Size: larger key size means greater security • Number of Rounds: multiple rounds offer increasing security • Subkey Generation Algorithm: greater complexity will lead to greater difficulty of cryptanalysis • Fast Software En/De-cryption: speed of execution of the algorithm becomes a concern 30

Recommend


More recommend