Crypto.

ppt - Presentation Transcript

1. Encryption only the basics

2. Reading Assignment
o Why crypto is hard http://www.counterpane.com/whycrypto.html
3. Topics
o What is Cryptology?
o Conventional Encryption (secret key)
 Terminology and Properties
o Public Key Encryption
 Terminology
 Usage
 Properties
o Cryptanalysis
4. Cryptology Definition
o Cryptography is the making of ciphers and codes.
o Cryptanalysis is the analysis and breaking of those ciphers.
o Cryptology is the study of both.
5. Cryptography
o Classified along three independent dimensions:
 The type of operations used for transforming plaintext to ciphertext
 The number of keys used
 symmetric (single key)
 asymmetric (two-keys, or public-key encryption)
 The way in which the plaintext is processed
6. Secret Key Cryptography
o An encryption scheme has five ingredients:
 Plaintext
 Encryption algorithm
 Secret Key
 Ciphertext
 Decryption algorithm
o Security depends on the secrecy of the key, not the secrecy of the algorithm
7. Use of Conventional Encryption
8. Average time required for exhaustive key search 2.15 milliseconds 2 32 = 4.3 x 10 9 32 5.9 x 10 30 years 2
168 = 3.7 x 10 50 168 5.4 x 10 18 years 2 128 = 3.4 x 10 38 128 10 hours 2 56 = 7.2 x 10 16 56 Time required at 10
6 Decryption/ µs Number of Alternative Keys Key Size (bits)
9. Feistel Cipher Structure
o Many conventional block encryption algorithms, including DES have a structure first described
by Horst Feistel of IBM in 1973
o The realization of a Fesitel Network depends on the choice of the following parameters and
design features (see next slide) :
10. Feistel Cipher Structure
o Block size: larger block sizes mean greater security
o Key Size: larger key size means greater security
o Number of rounds: multiple rounds offer increasing security
o Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis.
o Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern
11.  
12. Conventional Encryption Algorithms
o Data Encryption Standard (DES)
 The most widely used encryption scheme
 The algorithm is referred to as the Data Encryption Algorithm (DEA)
 DES is a block cipher
 The plaintext is processed in 64-bit blocks
 The key is 56-bits in length
13.  
14.  
15. Time to break a code (10 6 decryptions/µs)
16. Triple DEA
o Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
 C = ciphertext
 P = Plaintext
 EK[X] = encryption of X using key K
 DK[Y] = decryption of Y using key K
o Effective key length of 168 bits

C = E K3 [D K2 [E K1 [P]]]

17. Other Symmetric Block Ciphers

o International Data Encryption Algorithm (IDEA)
 128-bit key
 Used in PGP
o Blowfish
 Easy to implement
 High execution speed
 Run in less than 5K of memory
18. Other Symmetric Block Ciphers
o RC5
 Suitable for hardware and software
 Fast, simple
 Adaptable to processors of different word lengths
 Variable number of rounds
 Variable-length key
 Low memory requirement
 High security
 Data-dependent rotations
o Cast-128
 Key size from 40 to 128 bits
 The round function differs from round to round
19. Analysis of DES
o Advantages
 Attacks well known
 3DES has effective key length of 168
o Disadvantages
 No efficient software implementation
 Must use 64 bit block
20. AES
o AES (Advanced Encryption Standard) was adopted by NIST in November 2001. Also called the
Rijndael algorithm.
o Supports key size of 128, 192, and 256 bits.
o Symmetric block cipher with block length of 128 bits.
o Efficient hardware and software implementations.
o Not a Feistal block cipher.
21. Location of Encryption Device
o Link encryption:
 A lot of encryption devices
 High level of security
 Decrypt each packet at every switch
o End-to-end encryption
 The source encrypt and the receiver decrypts
 Payload encrypted
 Header in the clear
o High Security: Both link and end-to-end encryption are needed
22.  
23. Key Distribution
o A key could be selected by A and physically delivered to B.
o A third party could select the key and physically deliver it to A and B.
 o If A and B have previously used a key, one party could transmit the new key to the other,
encrypted using the old key.
o If A and B each have an encrypted connection to a third party C, C could deliver a key on the
encrypted links to A and B.
24. Key Distribution
o Session key:
 Data encrypted with a one-time session key. At the conclusion of the session the
key is destroyed
o Permanent key:
 Used between entities for the purpose of distributing session keys
25.  
26. Public-Key Cryptography Principles
o The use of t wo keys has consequences in: k ey distribution, confidentiality and authentication .
o The scheme has six ingredients
 Plaintext
 Encryption algorithm
 Public and private key
 Ciphertext
 Decryption algorithm
27. Encryption using Public-Key system
28. Authentication using Public-Key System
29. Applications for Public-Key Cryptosystems
o Three categories:
 Encryption/decryption: The sender encrypts a message with the recipient’s public
key.
 Digital signature: The sender ”signs” a message with its private key.
 Key exchange: Two sides cooperate two exhange a session key.
30. Requirements for Public-Key Cryptography
o Computationally easy for a party B to generate a pair (public key K U b , private key KR b )
o Easy for sender to generate ciphertext:
o Easy for the receiver to decrypt ciphertext using private key:
31. Requirements for Public-Key Cryptography
o Computationally infeasible to determine private key (KR b ) knowing public key (KU b )
o Computationally infeasible to recover message M, knowing KU b and ciphertext C
o Either of the two keys can be used for encryption, with the other used for decryption:
32. Public-Key Cryptographic Algorithms
o RSA and Diffie-Hellman
o RSA - Ron Rives, Adi Shamir and Len Adleman at MIT, in 1977.
 RSA is a block cipher
 The most widely implemented
o Diffie-Hellman
 Exchange a secret key securely
 Compute discrete logarithms
33. Diffie-Hellman Key Exchange
34. Other Public-Key Cryptographic Algorithms
o Digital Signature Standard (DSS)
 Makes use of the SHA-1
 Not for encryption or key exchange
o Elliptic-Curve Cryptography (ECC)
 Good for smaller bit size
 Low confidence level, compared with RSA
 Very complex
35. Cryptographic Hash Functions
o Example: http:// nsfsecurity .pr. erau . edu / crypto / generichash .html
36. Cryptanalysis
o If only the ciphertext is available
 Pattern and frequency analysis for simple ciphers
 Brute force – try all possible keys
o If <plaintext, ciphertext> is available
 Previously classified info is unclassified
  Encrypted info includes known patterns (packet headers)
37. For Further Reading
o “Cryptography and Network Security, Principles and Practice” third edition, William Stallings,
Prentice Hall
o For more detailed coverage, take the Applied Math course: AMTH 387