Overview � Goals of Cryptography Cryptographic Technologies � Encryption and Decryption Algorithms � Symmetric Algorithms: DES and AES � Asymmetric Algorithm: RSA � Pretty Good Privacy (PGP) Chapter 5 � Symmetric vs. Asymmetric Cryptosystems � Digital Signatures Lecturer: Pei-yih Ting � Digital Certificates 1 2 Goals of Cryptography Goals of Cryptography (cont ’ d) � Four primary goals � Integrity � Ensures that the message received is the same as the � Many applications provide multiple cryptographic message that was sent benefits simultaneously � Uses hashing to create a unique message digest from � Confidentiality is most commonly addressed goal the message that is sent along with the message � The meaning of a message is concealed in the � Recipient uses the same technique to create a second ciphertext digest from the message to compare to the original one � The sender encrypts the message using a cryptographic encrypting algorithm with a suitable key � This technique only protects against unintentional alteration of the message � The recipient decrypts the message using a � A variation is used to create digital signatures to cryptographic decrytion algorithm with a matched key protect against malicious alteration that may or may not be the same as the one used by the sender 3 4
Cryptographic Algorithms Goals of Cryptography (cont ’ d) � Non-repudiation � Two types of cryptographic algorithms � The sender of a message cannot later claim he/she did � Symmetric and asymmetric not send it � An encryption algorithm is used to conceal a message � Available only with asymmetric cryptosystems that can � transform from plaintext to ciphertext create digital signatures � A decryption algorithm is used to uncover the message � Authentication carried by ciphertext stream � A user or system can prove their identity to another � transform from ciphertext back to plaintext who does not have personal knowledge of their � Early algorithms embodied security through obscurity identity � Accomplished using digital certificates in a asymmetric � Modern algorithms are rigorously and openly examined cryptosystem � Less vulnerabilities and backdoors � Kerberos is a common cryptographic authentication � Security depends solely on the length of the key system using symmetric cryptosystems 5 6 Cryptographic Algorithms Cryptographic Algorithms (cont ’ d) (cont ’ d) Cryptographic Cryptographic Key Key Plaintext Ciphertext Ciphertext Plaintext Hello there … QnTtrAdka3 … QnTtrAdka3 … Hello there … Cryptographic Cryptographic Algorithm Algorithm Figure 5.1 Basic encryption operation Figure 5.2 Basic decryption operation 7 8
Key Length Key Length (cont ’ d) � Key length dominates the level of security Table 5.1 Possible Keys of a Given Length � The longer the key, the greater the degree of protection Key Length Approximate Number of � A common attack against cryptosystems is the Possible Keys brute force attack 56 bits 72,057,594,037,927,936 � All possible keys are tried 128 bits 3.40x10 38 � Longer keys create an enormous number of possible 256 bits 1.16x10 77 combinations, frustrating brute force attacks 512 bits 1.34x10 154 � The number of combinations is 2 n where n is the key 1,024 bits 1.80x10 308 length in bits 2,048 bits 3.23x10 616 9 10 Symmetric Algorithms Data Encryption Standard (DES) � One of the most common symmetric cryptosystems since 1977, FIPS 46-6 � The sender and receiver using the same key (in some cases, there are two keys but can be easily � Uses a 56-bit key with four modes of operation derived from one another) � Electronic codebook (ECB), ciphertext block chaining (CBC), output feedback (OFB), ciphertext feedback (CFB) � Key is called shared secret key or secret key � A fatal problem � Symmetric cryptosystems are sometimes called � A 56-bit key is no longer considered strong enough to survive brute force attacks nowadays secret key cryptosystems � Current applications of DES use three separate iterations of DES encryption on each message � Triple DES (3DES) 11 12
Advanced Encryption Standard DES (cont ’ d) (AES) � Solicited in a competition sponsored by the National � 3DES provides an acceptably strong level of Institute of Standards and Technology (NIST), 1997 protection, equivalent to a 112-bit key algorithm � Candidate algorithms published their inner workings � Variations of 3DES use either 2 or 3 keys � Winner was the Rijndael algorithm, 2001 � 3DES-EEE (encrypt-encrypt-encrypt) uses 3 keys � AES allows the user to select from 3 different key � 3DES-EDE (encrypt-decrypt-encrypt) can use from 1 to lengths 3 keys with different levels of protection � 128, 192, or 256 bits � The longer the key, the greater the security DES DES DES plaintext ciphertext � AES is gaining momentum, but the volume of Encryption Decryption Encryption applications that use DES makes conversion slow K 1 K 2 K 1 13 14 Asymmetric Algorithms Asymmetric Algorithms Example � Differ from symmetric algorithms because sender � Renee and Michael wish to communicate and receiver use different keys that cannot be sensitive information derived from each other � Renee and Michael share their public keys � Each user has a pair of keys � When Renee sends a message to Michael, she � Public key and private key encrypts it with Michael ’ s public key � Keys are mathematically related – � Only Michael can decrypt the message because Messages encrypted with public key can only be decryption requires his private key, which he does decrypted with private key not share with anyone � Public keys are freely distributed so that anyone can use them to encrypt a message � Asymmetric cryptosystems are referred to as public key cryptosystems 15 16
Asymmetric Algorithms (cont ’ d) Pretty Good Privacy (PGP) � A cross-platform solution for email and file � Rivest, Shamir, Adelman algorithm (RSA) encryption � One of the most well-known public key � An implementation of several cryptographic cryptosystem algorithms (including RSA) � Published in 1976 � Supports management of a decentralized public � Relies on the fact that it is extremely difficult to key infrastructure factor large composite numbers � Supports digital signature � PGP is a proprietary product. � An alternative, GnuPG, has been released under the Free Software Foundation ’ s Open License http://www.gnupg.org 17 18 Symmetric vs. Asymmetric The Web of Trust Model Cryptosystems � Key exchange is a difficult problem � Choice between symmetric and asymmetric cryptosystems: � Before PGP, it was necessary to exchange keys offline � Symmetric cryptosystems don ’ t scale well � PGP introduced the “ web of trust ” model � Key exchange for symmetric cryptosystem is difficult � Allows users to rely on the judgment of others that a public key is authentic � Symmetric cryptosystems are efficient. Asymmetric cryptosystems are slower than symmetric ones � Four levels of trust � Symmetric cryptosystems are excellent for securing � Implicit trust: for keys that you own the ends of a communication circuit such as a Virtual � Full trust: trust this user to provide other keys to you Private Network � Marginal trust: requires at least one other user that � Asymmetric cryptosystems are more practical when you marginally trust to vouch for any new public key there are a large number of users � Untrusted: do not trust a user to introduce you a new key 19 20
Digital Envelop � Hybrid system (public key and secret key) � Efficiency: computation of RSA is about 1000 times slower than DES � Key exchange and scalability: RSA requires trusted third party as certificate authority, each user has only one public key document document document plaintext ciphertext plaintext DES k DES k -1 RSA Enc() RSA Dec() RSA random random secret encrypted secret key: k key: k secret key receiver RSA receiver RSA public key (n, e) private key (n, d) 21 22 Digital Signatures Digital Signatures (cont ’ d) � Signature verification � Add integrity and non-repudiation functionalities to cryptosystems � Recipient decrypts the message and extracts the plaintext message and digital signature � Non-repudiation can only be enforced with � Recipient applies the same hash function to the asymmetric algorithms message as that used by the sender to create a new message digest � Signature creation � Recipient decrypts the digital signature using the � A unique message digest is created by applying a hash sender ’ s public key to extract the sender ’ s message function to the message digest � Variations of the Secure Hash (SHA-1, SAH-256, SHA- � The recipient compares the two message digests 384, SHA-512) and MD (MD2, MD4, MD5, RIPEMD160) � If the message digests match, signature is authentic Algorithms are commonly used � Non-matching signatures can be malicious but also can � Sender encrypts the message digest with his/her be due to transmission errors, etc. private key 23 24
Recommend
More recommend