� � Introduction�to�Cryptology�(NS�chapter�2)� � � Computer�and�Network�Security� Encryption:�� plaintext�+�key��� → ����ciphertext� CMSC�414� Decryption:�� plaintext������������ ← ����ciphertext�+�same/related�key� CRYPTO � � � � Key�is�secret.��Encryption/decryption�algorithms�not�secret.� Udaya�Shankar� � Given�plaintext�and�cyphertext,�computationally�hard�to�get�key.� shankar@cs.umd.edu� � Attacks�depend�on�what�is�available� ▪ Ciphertext�available:�search�key/plaintext�space,�replay,�…� ▪ Plaintext7ciphertext�pairs�available:�…� ▪ Chosen�plaintext7ciphertext�pairs�available:�…� � Types�of�cryptographic�functions:� ▪ Secret�key�(symmetric�key):��DES,�AES,�…� ▪ Public�key�(asymmetric):�RSA,�DH�(Diffie7Helman),�…�� ▪ Hash�functions�(of�cryptographic�kind):�MD5,�SHA71,�…� 2/6/2009�shankar� � � � � � � crypto�slide�1��� 2/6/2009�shankar� � � � � � � crypto�slide�2��� Secret7key�(symmetric)�crypto� Hashing�(of�cryptographic�kind)� • Single�key:�used�in�encryption�and�in�decryption.�� • Hash�function�H(.)�transforms�plaintext�msg�of�arbitrary�length�� • Ciphertext�about�the�same�length�as�plaintext.� to�fixed7length�hash�H(msg)� o Easy�to�compute�H(msg)�from�msg� • Provides�confidentiality�over�insecure�channel/storage.� o Not�easy�to�find�msg1�and�msg2�such�that�H(msg1)�=�H(msg2)� o A�and�B�share�secret�key�K� o A�sends�K(plaintext).�� • ���������� :�Hash�msg�along�with�a�shared�secret�S,�e.g.,�H(msg|S)� o B�receives�and�decrypts�using�K.� • Keyed�hashing�provides�all�the�capabilites�of�secret7key�crypto.� • Provides�authentication�over�insecure�channel:� • Integrity:� o A�and�B�share�secret�key�K� o Send�msg�and�H(msg|S)�as�MAC.� o A�sends�random�number�r A �to�B,�and�expects�K(r A )�back� • Confidentiality:� o B�sends�random�number�r B �to�A,�and�expects�K(r B )�back� o Generate�sequence�C 0 ,�C 1 ,�C 2 ,�…,�where�C 0 �is�random�and�C i+1� =�H(C i |S);� o This�particular�one�is�flawed.� to�encrypt�an�arbitrary7length�message,�XOR�it�with�the�sequence.� • Provides�integrity�over�insecure�channel:� o So�to�send�message�=�[M 0 ,�M 1 ,�M 2 ,�…],�send�[C 0 ,�M 1 ⊕ C 1 ,�M 2 ⊕ C 2 ,�…]� o A�and�B�share�secret�key�K� o A�sends�plaintext�and� ������������ �part�of�K(plaintext)�to�B,eg,�last�128�bits� o Called�MAC�(msg�authentication�code)�or�MIC�(msg�integrity�code))� o B�receives�plaintext,�computes�its�MAC�and�checks�against�received�MAC� o This�particular�protocol�provides�attacker�with�plaintext7ciphertext�pairs� � 2/6/2009�shankar� � � � � � � crypto�slide�3��� 2/6/2009�shankar� � � � � � � crypto�slide�4���
� Secret�Key�Crypto�(NS�chapter�3)� Public�key�(asymmetric)�crypto� • Consider� ������������ �message�of�k�bits�here.�� o Variable7length�message�addressed�later.� • Each�principal�has�two�related�keys:� o private�key�(not�shared)� • Fixed7length�message�and�Fixed7length�key� → ��message7length�output� o public�key�(shared�with�world).�� o DES:�647bit�message,�567bit�key� o Plaintext�encrypted�with�one�can�only�be�decrypted�with�the�other.� • If�key�length�j�is�too�small,�insecure.��If�j�is�too�large,�expensive.�� • Confidentiality:� o B�transmits�pubkey A (plaintext).�A�decrypts�using�privkey A .� • Want�function�S�mapping�k7bit�msg�to�k7bit�output�such�that:� o For�decryption,�S�must�be�171�mapping�from�2 K �to�2 K .� • Integrity�and�digital�signature�(non7repudiation)� o For�security,�S�must�be�“random”:�� o A�transmits�privkey A (plaintext)� • even�if�msg1�and�msg2�differ�in�just�one�bit,�� o Anyone�with�pubkey A �can�decrypt�it�� and�be�assured�that�it�could�only�have�been�sent�by�A.� • S(msg1)�and�S(msg2)�differ�in�many�bits�(approx�k/2�bits).�� o So�S�cannot�be�a�“simple”�function;�so�following�are�no�good:� • But�public7key�crypto�is�orders�slower�than�secret7key�crypto/hashing,� � S(msg)�=�msg� ⊕ �key� so�it�is�used�in�conjunction�with�the�latter.� � S(msg)�=�msg�bits�in�reverse�order� • To�sign�a�message:�sign�the�hash�of�the�message.� • To�encrypt�or�integrity7protect�a�message:� o First�use�public7key�crypto�to�establish�a�per7sesssion�secret;� eg,�B�creates�per7session�key�K�and�sends�pubkey A (K)�to�A� o Then�use�secret7key�crypto�or�keyed7hashing.� � 2/6/2009�shankar� � � � � � � crypto�slide�5��� 2/6/2009�shankar� � � � � � � crypto�slide�6��� Secret�Key�Crypto�(contd.)� DES� • ������������������������������������������� o “Substitution”�table:�random�permutation�of�all�N7bit�strings.� 647bit�input� 567bit�key� � o S(i)�is�ith�row�of�table� o Table�obtained�with�physical7world�randomness�(eg,�coin�toss).� initial permutation � � o Pro:�S�is�perfectly�random� generate�16�� � o Con:�need�to�store�table�of�size�k.2 k .�Impractical�for�k=64� 647bit�intermediate� 487bit�keys� � K1,�K2,�...,�K16� • ������ Deterministic�algorithm�that�produces�“random�looking”�output.� round�i,�i�=�0,�1,�...,�15,�uses� �� � Want�each�output�bit�to�be�“influenced”�by�all�input�bits. � Ki�and�output�of�previous�round� � • �������������� :�mix�permutations�and�substitutions�� 647bit�intermediate� � � o Divide�k7bit�block�into�p7bit�blocks�for�reasonably�small�p�(eg,�p=8).� o Use�p�x�p�substitution�tables�“garble”�p7bit�output�blocks.�� swap�left�and�right�halve s � � o Concatenate�the�p7bit�output�blocks�to�get�a�k7bit�block�� 647bit�output� � o and�permute�to�get�garbled�k7bit�output�block.�� o Repeat�1,�2,�3�for�n�rounds,�where�n�is�large�enough�to�get�good�scrambling.� final�permutation�(inverse�of�initial)� • ���������� ,�ie,�reversing,�is�no�more�expensive.� 647bit�output� Often�can�be�done�with�the�same�algorithm/hardware.�� � Final�permutation�is�inverse�of�initial�permutation.� Not�of�security�value�(why?,�what�does�this�mean?)� 2/6/2009�shankar� � � � � � � crypto�slide�7��� 2/6/2009�shankar� � � � � � � crypto�slide�8���
Recommend
More recommend
![Introduction to Software Testing [Reading assignment: Chapter 1, pp. 9-22] What is a computer](https://c.sambuz.com/752438/introduction-to-software-testing-s.jpg)
