510 likes | 696 Views
Cryptographic Tools. Symmetric Ciphers, Public Key Crypto, and Hashes. Crypto in This Class. Mechanism A means to achieving security goals Details Beyond the scope of this class Build your own? Beyond the scope of this professor You better know your stuff. Substitution.
E N D
Cryptographic Tools Symmetric Ciphers, Public Key Crypto, and Hashes
Crypto in This Class • Mechanism • A means to achieving security goals • Details • Beyond the scope of this class • Build your own? • Beyond the scope of this professor • You better know your stuff
Substitution • Substitution Cipher • Many keys (how many?) • Easily broken (homework!) a b c d e f g h i j k l m n o p q r s t u v w x y z csj x i n f gz u l mo w d y va q e r z bp h t
R = xvuteeqrdfndidktdlea PT = thegirlinfrontiscute R = ndezdftkenbnewvdfkdy PT = drwrightisveryboring Infinitely Better! • Unbreakable crypto • OTP R PT hbdceuitermqzeplaebx +(mod 26)
We Don’t Use OTP • Why not? • Sources of randomness • Thermal noise • Photoelectric effect • Etc. • Why else? xvuteeqrdfndidktdlea… hbdceuitermqzeplaebx PT
Transposition • Permutation of text • america • maacrie • What is the key?
03 10 17 24 04 11 18 25 02 09 16 23 01 08 15 22 05 12 19 26 06 13 20 27 07 04 21 28 Improved Cryptography • Double Transposition 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 17 09 05 27 24 16 12 07 10 02 22 20 03 25 15 13 04 23 19 14 11 01 26 21 18 08 06 28
Block Ciphers • Functions • Encrypt • Input: plaintext block of n bits, key • Output: ciphertext block of n bits • Familiar operations • Substitution • Transposition • Rounds
Block Cipher Security • Key length • Protect against trying all keys • How long should the key be? • Design • Protect against cryptanalysis
Public Key Crypto Or: How Alice Learned to Stop Worrying and Love the Bob
The Big Problem • Alice and Bob want to talk sure, Alice. but I need to keep it secret. hey, u look like superman. let’s chat. OK - text me a key. well, let’s encrypt the chat session never mind. ur dumb.
Key Exchange • Use a KDC • What if you don’t trust the KDC? • Central point of failure • Scale • Suppose we have n users • How many keys needed? • What about new users? • Internet scale?
Key Exchange “What good would it do after all to develop impenetrable cryptosystems, if their users were forced to share their keys with aKDC that could be compromised by either burglary or subpoena?” • Whit Diffie
Let’s Imagine • A Public Key • Everyone should know • Including Alice • New York Times? • Can be used to encrypt • A Private Key • Only Alice should have it • Can be used to decrypt
A Metaphor • A lockbox and a key KRa KUa • Did we solve the key exchange problem?
Key Exchange • Public Keys kewl. but it still needs to be secret OK - send me a key. My public key is KUbob that was mean of me. let’s chat. well, let’s encrypt the chat session Ekey[“u stink”] EKUbob[key]
More Formally • A simple protocol • What’s the vulnerability? A to B: KUa B to A: E[KUa,Ks] A to B: E[Ks,M]
Test Protocols • Is it confidential? Does it work? 1. A to B: E[KUB,M] 2. B to A: E[KUB,Ks], E[Ks,M] 3. A to B: E[KUB,Ks], E[Ks,M] 4. B to A: E[KUA,Ks||E[Ks,M]]
Signatures • Suppose … • Alice could encrypt with her private key • And Bob could decrypt it with her public key • Why? • Sign (given private key) S = EKRa(M) • Verify (given public key) M = EKUa(S)
More for your Metaphor • A special lockbox KRa KUa
Test Protocols • What security properties do you get? 1. A to B: E[KRB,M] 2. B to A: E[KRB,Ks], E[Ks,M] 3. A to B: E[KUB,E[KRA,M]] 4. B to A: E[KRB,Ks||E[Ks,M]] 5. A to B: E[KRA,M]
Security of RSA • How could we break it? • Guess d! • Very hard -- 1024 bit keys or more • Factor n into it’s two primes • Factoring large numbers • Slow! • 600+ bits
Hash Functions • Purpose • pack information into a fixed size container • Random-looking • Reproducible • Does NOT provide integrity • Benefits • Fixed size • typically smaller than the data • Can keep data in clear text
0 0 1 Example • A simple hash • Bitwise XOR of all blocks
What is a Hash Function? • Basic Requirements: • take input of any size • produce a fixed-length output • easy to compute • Collision Resistance • weak collision resistance • given x, hard to find y s.t. H(y) = H(x)
Why Weak Collision Resistance? • “Encrypted Hash” method • Message x, hash h = H(x) • send x||EK(h) • K is a secret shared between A and B • The attack: • Mallory gets x||EK(h) • Mallory finds a message ys.t. H(y) = h • How does he know what h is? • What good is y?
When Weak Collision is Weak Alice sends this message M: To LocalBank: I have enclosed $10,000 to be deposited in my beloved son Anthony’s money market account (#12345) so that I may help him pay for graduate school. • -Alice She signs a 16-bit hash h = H(M) and sends this signature
An Evilsmith Production To LocalBank: I have enclosed a check for $10,000 to be deposited in my beloved friend Mallory Evilsmith’s money market account (#98765) so that I may help him pay for graduate school. He’s such a hard-working, honest student, and he always follows the code of conduct for his classes in information security. • -Alice
Many Equivalent Letters { - || To} LocalBank { - || , Inc.} : I {have enclosed || am including} { - || a check for} {$10,000 || ten thousand dollars} to {be deposited || deposit} in my {beloved || favorite} {friend || pal} {- || Mr.} {Mallory || M.} Evilsmith’s money market account {(#98765) || (no. 98765)} so that I {may || can} help him {pay for || afford} {attending || - } graduate school { - || at UTA}. {He’s || he is} such a {hard-working || diligent}, {honest || responsible} {student || person}, and he always follows the code of conduct for his {classes || courses} in {computer || information} security. • - Alice • 221 possibilities
When Weak Collision is Weak • Alternately • “space-space-backspace” • Replace some with “space-backspace-space” • Images • Small low-order bit changes in a bitmap • Re-compress into JPEG • Cost to the attacker • How much?
scytale History • Cool Ideas
Beware the Ides of Class • Encoding • a = 1, b = 2, w = ? • Encryption • “hw wx euxwh” ? • “et tu brute” “You too my son, will have a taste of power"
Friends, Romans, Cryptographers • Encryption • f(“et tu brute”, ) = “hw wx euxwh” • Input = plaintext • Output = ciphertext • Algorithm • What is the Caesar Cipher algorithm? • [Pair Up!]
Wrapped in a Riddle • WWII • Essentially repeated substitutions • Continually updated • 159 Quintillion keys • Broken!
Modern Block Ciphers • Familiar operations • Substitution • Transposition • Rounds • Sub-keys • Key is expanded • Different sub-key in each round
Substitution on Bits • S-Boxes • Important: non-linear input: 011011
Transposition on Bits • p-boxes
Secure Block Ciphers • Block size • What if you had 1 bit blocks? • Today: 128-bits+ • Diffusion • Flip one bit in PT, many bits of CT • Confusion • Difficult to reverse (without key) • Difficult determine key bits • Rounds
Requirements • Easy • Key Generation (KUa, KRa) • Encryption (given public key) C = EKUa(M) • Decryption (given private key) M = EKRa(C) • Hard • Get the private key (given the public key) • Decrypt (given just the public key)
RSA • Setup • Select n = pq, two primes • Find e, no common factors w/ n • Find d, ed 1 mod (p-1)(q-1) • Public Key • KUa = n, e • Private Key • KRa = n, d
RSA • Encryption • C = Me mod n • Decryption • M = Cd mod n = Med mod n • Magic
Cryptography • A little etymology… • Krypto = hidden • Grafo = writing • Legein (logy) = speaking • Roots • Information theory, mathematics, CS
A More Complex Hash • Using a block cipher • Use known IV for the key (e.g. all 0’s) • XOR all ciphertexts together • CBC Mode • Take the last ciphertext P1 P2 0 C1 … AES AES Key Key C1 C2