Outline Cryptography and Encryption • Uses of cryptography Algorithms • Symmetric cryptography CS 239 • Asymmetric cryptography Computer Security February 5, 2003 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2003 CS 239, Winter 2003 Uses of Cryptography Cryptography and Secrecy • What can we use cryptography for? • Pretty obvious • Lots of things • Only those knowing the proper keys can decrypt the message –Secrecy –Thus preserving secrecy –Authentication • Used cleverly, it can provide other –Prevention of alteration forms of secrecy Lecture 7 Lecture 7 Page 3 Page 4 CS 239, Winter 2003 CS 239, Winter 2003 Cryptography and Zero- Cryptography and Authentication Knowledge Proofs • How can I prove to you that I created a • With a really clever use, cryptography piece of data? can be used to prove I know a secret • What if I give you the data in encrypted –Without telling you the secret form? – Using a key only you and I know • Seems like magic, but it can work • Then only you or I could have created it • Basically, using multiple levels of – Unless one of us told someone else the cryptography in very clever ways key . . . Lecture 7 Lecture 7 Page 5 Page 6 CS 239, Winter 2003 CS 239, Winter 2003 1
Some Limitations on Cryptography and Non- Cryptography and Authentication Alterability • If both parties cooperative, cryptography • Changing one bit of an encrypted can authenticate message completely garbles it – Problems with non-repudiation, though • If a checksum is part of encrypted data, • What if three parties want to share a key? that’s detectable – No longer certain who created anything • If you don’t need secrecy, can get the – Public key cryptography can solve this same effect problem, too –By just encrypting the checksum • What if I want to prove authenticity without secrecy? Lecture 7 Lecture 7 Page 7 Page 8 CS 239, Winter 2003 CS 239, Winter 2003 Symmetric and Asymmetric Description of Symmetric Cryptosystems Systems • Symmetric - the encrypter and • C = E(K,P) decrypter share a secret key • P = D(K,C) –Used for both encrypting and • E() and D() are not necessarily decrypting symmetric operations • Asymmetric – encrypter has different key than decrypter Lecture 7 Lecture 7 Page 9 Page 10 CS 239, Winter 2003 CS 239, Winter 2003 Advantages of Symmetric Key Disadvantage of Symmetric Key Systems Systems + Encryption and authentication performed in – Encryption and authentication a single operation performed in a single operation + Well-known (and trusted) ones perform • Makes signature more difficult faster than asymmetric key systems – Key distribution can be a problem + Doesn’t require any centralized authority – Scaling • Though key servers help a lot Lecture 7 Lecture 7 Page 11 Page 12 CS 239, Winter 2003 CS 239, Winter 2003 2
Scaling Problems of Symmetric Sample Symmetric Key Ciphers Cryptography K 5 K 4 K 1 • The Data Encryption Standard K 4 K 6 How many keys am I K 2 • The Advanced Encryption Standard going to need to handle • There are many others the entire Internet???? K 5 K 3 K 3 K 2 K 6 K 1 Lecture 7 Lecture 7 Page 13 Page 14 CS 239, Winter 2003 CS 239, Winter 2003 The Data Encryption Standard History of DES • Developed in response to National Bureau • Probably the best known symmetric of Standards studies key cryptosystem • Developed by IBM • Developed in 1977 • Analyzed , altered, and approved by the • Still in wide use National Security Agency –Which implies no one has seriously • Adopted as a federal standard broken it, yet • One of the most widely used encryption algorithms • But showing its age Lecture 7 Lecture 7 Page 15 Page 16 CS 239, Winter 2003 CS 239, Winter 2003 Overview of DES Algorithm More On DES Algorithm • A block encryption algorithm • Uses substitutions to provide confusion – 64 bit blocks – To hide the set of characters sent • Uses substitution and permutation • Uses transpositions to provide diffusion – Repeated applications – To spread the effects of one plaintext bit • 16 cycles worth into other bits • 64 bit key • Uses only standard arithmetic and logic – Only 56 bits really used, though functions and table lookup Lecture 7 Lecture 7 Page 17 Page 18 CS 239, Winter 2003 CS 239, Winter 2003 3
Description of DES Algorithm One DES Round • Select 48 bits from the key • Alternate applications of two different • Expand right half of block to 48 bits ciphers • XOR with key bits –A product cipher • Look up result in an S-box • Starts by breaking block in half – Resulting in 32 bits • The algorithm goes through 16 rounds • XOR with left half of block • Result is new right half • Each round consists of a substitution • Old right half becomes new left half followed by a permutation Lecture 7 Lecture 7 Page 19 Page 20 CS 239, Winter 2003 CS 239, Winter 2003 DES Round Diagram S-Boxes Left Right Key • Table lookups to perform substitutions Shift Shift Expand • Permanently defined for DES Compress + • Eight different S-boxes –Six bits out of 48 bits go to each Substitution –Four bits come out of each Permutation • Choice of contents of S-boxes believed + to strongly impact security of DES Key Left Right Lecture 7 Lecture 7 Page 21 Page 22 CS 239, Winter 2003 CS 239, Winter 2003 P-Box Decrypting DES • Maps 32 input bits to 32 output bits • For DES, D() is the same as E() • A single, straight permutation • You decrypt with exactly the same algorithm –Unlike S-boxes, which are table lookups • If you feed ciphertext and the same key into DES, the original plaintext pops out Lecture 7 Lecture 7 Page 23 Page 24 CS 239, Winter 2003 CS 239, Winter 2003 4
Is DES Secure? Key Length and DES • Apparently, reasonably • Easiest brute force attack is to try all • No evidence NSA put a trapdoor in keys • Some keys are known to be weak with –Looking for a meaningful output DES • Cost of attack proportional to number –So good implementations reject them of possible keys • Initially, only brute force attacks have 56 enough keys? • Is 2 cracked DES Lecture 7 Lecture 7 Page 25 Page 26 CS 239, Winter 2003 CS 239, Winter 2003 How the DES Message DES Cracking Experiments Was Cracked • RSA Data Security issued challenge to • Required use of tens of thousands of computers crack a DES-encrypted message • Took four months • Various people got together to do so • The searchers “got lucky” –Harnessing computers across the – Only one quarter of key space searched Internet – On average, brute force requires searching one half of key space –Using a brute-force approach • Done over four years ago • Did it in 1998 – So it would presumably take 1/4 time today Lecture 7 Lecture 7 Page 27 Page 28 CS 239, Winter 2003 CS 239, Winter 2003 Does This Mean DES is Unsafe? Triple DES • Simple way of increasing security of DES • Depends on what you use it for • Apply DES three times iteratively to each • In how many cases will tens of thousands of machines apply spare cycles for several days to block break one message? – Thus, 1/3 as fast as DES • On the other hand, computers will continue to get faster • Use different key for each encryption • And motivated opponents can harness vast • Effectively doubles the key length of DES resources • Approved by NIST • Those who care seriously about security don’t tend to use DES any more – Which recommends using in in preference to DES Lecture 7 Lecture 7 Page 29 Page 30 CS 239, Winter 2003 CS 239, Winter 2003 5
The Advanced Encryption Public Key Encryption Systems Standard • A relatively new cryptographic algorithm • The encrypter and decrypter have • Intended to be the replacement for DES different keys • Chosen by NIST C = E(K E ,P) – Through an open competition P = D(K D ,C) • Chosen cipher was originally called Rijndael • Often, works the other way, too ?? – Developed by Dutch researchers C E K ( , P ) D ? ? – Uses combination of permutation and P D K ( , C ) E substitution Lecture 7 Lecture 7 Page 31 Page 32 CS 239, Winter 2003 CS 239, Winter 2003 History of Public Key Practical Use of Public Key Cryptography Cryptography • Invented by Diffie and Hellman in • Keys are created in pairs 1976 • One key is kept secret by the owner • Merkle and Hellman developed • The other is made public to the world Knapsack algorithm in 1978 • If you want to send an encrypted • Rivest-Shamir-Adelman developed message to someone, encrypt with his RSA in 1978 public key –Most popular public key algorithm –Only he has private key to decrypt Lecture 7 Lecture 7 Page 33 Page 34 CS 239, Winter 2003 CS 239, Winter 2003 Authentication With Shared Keys Authentication With Public Keys • If only two people know the key, and I • If I want to “sign” a message, encrypt didn’t create a properly encrypted it with my private key message - • Only I know private key, so no one –The other guy must have else could create that message • But what if he claims he didn’t? • Everyone knows my public key, so • Or what if there are more than two? everyone can check my claim directly • Requires authentication servers Lecture 7 Lecture 7 Page 35 Page 36 CS 239, Winter 2003 CS 239, Winter 2003 6
Recommend
More recommend
