encryption the problem
play

Encryption The Problem Using HTTP , anyone with access to your - PowerPoint PPT Presentation

Aug 19, 2022 •12 likes •232 views

Encryption The Problem Using HTTP , anyone with access to your packets can see everything you are doing online This includes your passwords! Who has access to my packets? Your ISP at home UBIT on campus Tier 1 Networks

  1. Encryption

  2. The Problem • Using HTTP , anyone with access to your packets can see everything you are doing online • This includes your passwords! • Who has access to my packets? • Your ISP at home • UBIT on campus • Tier 1 Networks • .. and everyone within wifi range of your device!

  3. The Solution • We'll just add an S to our protocol and call it HTTPS • HTTP over TLS • Overview • Background in public key encryption (Today) • Symmetric key encryption, key exchange, certificates, CAs (Wednesday) • Examples (Friday)

  4. Encryption • Hide communication from attackers/eavesdroppers • Want to send a plaintext message • Could be HTML, JSON, JavaScript, text, an image, etc • Plaintext is a cryptographic term to mean unencrypted • We encrypt at the byte level • Encrypting the plaintext outputs a random looking cyphertext • No one should be able to read this cypher text except the intended recipient • Only the intended recipient can decrypt the cyphertext and read the plaintext message

  5. Encryption Meet us at the stick Encrypt VH6rMQ3CNIVe9FfEzyQgXhc6FZGe3ydwjF6aTr8aIw5zde/ 2BpckQ0kwnBkIBKH4NpGLMYNpjaI1Q2xWhA7qclTfe17C2dXiAKMhdTWQ5+k6w Km3wnKCl71TOtsNEVZ3yUEW4jZC+r4a7k7PENhTFWm2kyad62grjBha731Sa+g= Decrypt Meet us at the stick

  6. Public Key Encryption • How do we ensure that only the intended recipient can decrypt the message? • Public Key Encryption • Generate a public and private encryption key • Private key is kept private • Public key is shared with anyone/everyone • A message encrypted with the public key can only be decrypted by the corresponding private key • If I want to send a message to someone, I can encrypt the message with their public key

  7. Public Key Encryption • The public and private key are inherently related • An attacker must not be able to determine the private key given the public key [In any reasonable amount of time] • An attacker must not be able to decrypt cyphertext without the private key [In any reasonable amount of time] • Any public key encryption algorithm must have these property [And more] • Math and theory will help us

  8. Public Key Encryption - RSA • RSA - Rivest-Shamir-Adleman • A public key crypto system with the desired properties [we hope] • Provides algorithms to: • Generate a public/private key pair • Encrypt with the public key • Decrypt with the private key

  9. Public Key Encryption - RSA Key Generation • Choose two [large] prime numbers p and q • n = p*q • λ (n) = lcm(p-1, q-1) • Choose e < λ (n) and gcd(e, λ (n)) = 1 • d = e^{-1} mod λ (n) • Share e and n as the public key • Keep d as the private key • Discard p, q, and λ (n)

  10. Public Key Encryption - RSA Encryption • To send a message m • Compute c = m^e mod(n) • Send c Decryption • Receive c • Compute m = c^d mod(n) • Read m

  11. Public Key Encryption - RSA • RSA key generation gives us: m = m^(e*d) mod(n) • This means that we can also encrypt with the private key and decrypt with the public key • We call this a signature • Everyone can decrypt the message so there is no privacy • However, there is a guarantee that the author is legitimate (You know I'm the one who sent this message) • Useful to sign authentication tokens so the server know that it authorized this user

  12. Public Key Encryption - RSA • What about a brute force attack? • Attacker has the public key • Keep encrypting "guesses" of the plaintext until the cryptotext matches • Solution: Use a padding algorithm • Add random bits to the end of each message • Attacker must guess these random bits • Adds security! • Unlike salting, this padding can be kept secret and adds entropy • We'll discuss salting when we hash user passwords • Makes encryption of even short messages secure

  13. Public Key Encryption - RSA Key Generation • Choose two [large] prime numbers p and q • n = p*q • λ (n) = lcm(p-1, q-1) • Choose e < λ (n) and gcd(e, λ (n)) = 1 • d = e^{-1} mod λ (n) • Given p, q, and e an attacker can easily compute d (private key) • Everyone already has e and n (the public key) • So just factor n to get p and q, then compute the private key

  14. Public Key Encryption - RSA Factoring is hard [We hope] • There is no publicly know algorithm that can e ffi ciently factor a number • Worst case is factoring the multiplication of two large primes • Exactly what RSA relies on for security • It has not been proven that factoring is a "hard" problem • Quantum computers can factor e ffi ciently • We call the factoring problem a cryptographic primitive

  15. Public Key Encryption - RSA Encryption • To send a message m • Compute c = m^e mod(n) • Send c • Everyone knows e and n (The public key) • An attacker can read c if they are within wifi range • Just have to compute the discrete log_e of c mod n

  16. Public Key Encryption - RSA Computing a Discrete Log is hard [We hope] • There is no publicly know algorithm that can e ffi ciently compute discrete logarithms • This problem is another cryptographic primitive

  17. Public Key Encryption Java Demo

  18. HTTPS Man-in-the-middle attack • The first step in an HTTPS connection: • Client requests the server's public key • An attacker controlling a router in one of the networks handling your packets can intercept this request and replace it with their own public key • Attacker then intercepts all subsequent requests, decrypts them and responds with their responses • It looks like you're talking to the server.. • Certificate Authorities (CA) can fix that

  19. Certificate Authority (CA) • A CA is a trusted source with a known public key • Public key is pre-installed in your browser (Called a root CA) • Assume no man-in-the-middle attack during your browser download and installation • The CA issues certificates for domains and subdomains • You verify that you control the domain • Send them your public key • They send you a certificate

  20. Certificate Authority (CA) • Certificate includes • Your public key • Domain name and CA name • A cryptographic signature of a hash of the certificate body • The signature uses the CA's private key so you can verify it with their pre-installed public key that this was in fact issued by the CA • Man-in-the-middle cannot fake this without the CA's private key!

  21. Certificate Authority (CA) • Key chain • Not all CA public keys are pre-installed in your browser • A CA can have their public key certified by a root CA • A domain must provide a key chain that leads to a root CA • Example key chain • Let's Encrypt certificate is signed by DST Root CA • Let's Encrypt will sign your certificate • Your key chain contains your public key signed by Let's Encrypt and Let's Encrypt's certificate signed by DST • Your browser starts with it's installed DST cert to verify the chain • If a cert cannot be verified by a root CA it is called Self-signed and should not be trusted

  22. Certificates Example

Recommend

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key

Network and Communications Security (IN3210/IN4210) Asymmetric Cryptography Key Exchange 3 Recapitulation: Symmetric Encryption One problem: key exchange Eve 6R4Y2 hlbMZ CB... Dear Dear Bob Decryption Bob Encryption .... ....

831 views • 63 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
The RSA Cryptosystem February 27, 2008 Introducing PS4: RSA encryption Problem set 4 is about

The RSA Cryptosystem February 27, 2008 Introducing PS4: RSA encryption Problem set 4 is about

The RSA Cryptosystem February 27, 2008 Introducing PS4: RSA encryption Problem set 4 is about implementing a famous public key cryptosystem, RSA. Administrative Details: Posted by tomorrow. Due Friday March 7, at Noon. My office hours will be

610 views • 23 slides
Improvement of Certain Encryption Approaches Based on the LPN Problem Miodrag Mihaljevic and

Improvement of Certain Encryption Approaches Based on the LPN Problem Miodrag Mihaljevic and

Employment of Homophonic Coding for Improvement of Certain Encryption Approaches Based on the LPN Problem Miodrag Mihaljevic and Hideki Imai Research Center for Information Security (RCIS), National Institute AIST, Tokyo Symmetric Key

551 views • 42 slides
Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap

Defining Encryption Lecture 2 1 Roadmap 2 Roadmap First, Symmetric Key Encryption 2 Roadmap First, Symmetric Key Encryption Defining the problem Well do it elaborately, so that it will be easy to see different levels of security 2

1.67k views • 136 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
The Missing Difference Problem, and its Applications to Counter Mode Encryption Gatan Leurent,

The Missing Difference Problem, and its Applications to Counter Mode Encryption Gatan Leurent,

Introduction The counter mode Missing difference problem Cryptanalysis Conclusion The Missing Difference Problem, and its Applications to Counter Mode Encryption Gatan Leurent, Ferdinand Sibleyras Inria, quipe SECRET EUROCRYPT 2018 1 /

856 views • 56 slides
Adiantum: length-preserving encryption for entry-level processors Paul Crowley and Eric Biggers

Adiantum: length-preserving encryption for entry-level processors Paul Crowley and Eric Biggers

Adiantum: length-preserving encryption for entry-level processors Paul Crowley and Eric Biggers Google LLC March 28, 2019 Overview The problem The solution Section 1 The problem The problem Hardware (eg ARM CE) makes AES fast

801 views • 24 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
A Public Key encryption scheme based on the Polynomial Reconstruction problem Daniel Augot

A Public Key encryption scheme based on the Polynomial Reconstruction problem Daniel Augot

A Public Key encryption scheme based on the Polynomial Reconstruction problem Daniel Augot Matthieu Finiasz Eurocrypt 2003 Warsaw Reed-Solomon Codes Definition Reed-Solomon code of length n and dimension k Choose a set of

290 views • 16 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

773 views • 39 slides
Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
BitmasK: BitmasK: encryption for encryption for mere mortals mere mortals FOSDEM 2018 FOSDEM

BitmasK: BitmasK: encryption for encryption for mere mortals mere mortals FOSDEM 2018 FOSDEM

# # BitmasK: BitmasK: encryption for encryption for mere mortals mere mortals FOSDEM 2018 FOSDEM 2018 kali - meskio - kwadronaut kali - meskio - kwadronaut https://leap.se Problem: encrypted email is Problem: encrypted email is

686 views • 52 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein University of Illinois at Chicago &amp; m Technische Universiteit Eindhoven c k More details, credits: competitions.cr.yp.to network

1.33k views • 118 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key Management Service Client Side Encryption AWS Encryption SDK Server Side Encryption S3 Object Encryption Amazon Simple Storage Service

387 views • 22 slides
Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption Changhyun Lee, Yeonju Choi, Hyeongmin Park, Kangbin Yim, and Sun-Young Lee Soonchunhyang University IMIS 2019 Presenter: Brandon Falk (

645 views • 21 slides

More recommend