1 / 45

Introduction to Cryptography

Introduction to Cryptography. Outline. Function of Cryptography Crash Course in Cryptography Public Key Infrastructure (PKI) Example: SSL. Cryptography. Cryptography is the science or study of secret writing (cipher texts). Cryptanalysis is the science or study of breaking cipher texts

Download Presentation

Introduction to Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Cryptography

  2. Outline • Function of Cryptography • Crash Course in Cryptography • Public Key Infrastructure (PKI) • Example: SSL

  3. Cryptography • Cryptography is the science or study of secret writing (cipher texts). • Cryptanalysis is the science or study of breaking cipher texts • Cryptology is the study of cryptography and cryptanalysis

  4. Uses of Cryptography? • Private communications • What else? • Electronic Information Has Unique Characteristics • Can be given away and still kept • Can be stolen and not missed • Can be owned and no one can tell • Can be distributed instantly to almost everyone • Cannot tell if it is “real” or not

  5. BOB For Sale: $500 ALICE Examples of Threats • Bob wants to buy Alice’s car. • He agrees to pay her $500 and transfer it to her bank account via their online bank.

  6. BOB BANK Transfer $50 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Simple Transmission error?

  7. BOB BANK Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $50000 from Bob’s account 1234 to Hal’s account 5666 “Man in the Middle” “Session Hijack”

  8. Transfer $500 from Bob’s account 1234 to Alice’s account 5678 ALICE BOB BANK Transfer $500 from Bob’s account 1234 to Alice’s account 5678 REPLAY ATTACK Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Transfer $500 from Bob’s account 1234 to Alice’s account 5678

  9. BOB BOB BANK LATER….. I didn’t authorize that transaction!!! Transfer $500 from Bob’s account 1234 to Alice’s account 5678 Bob repudiates the transaction.

  10. Functions of Cryptography • Integrity : Has the data changed since it was sent? • Confidentiality : Can we keep an eavesdropper from learning our message? • Authentication : Can we identify the source of the data? • Non-Repudiation : Can we prove to a third party the source of the data? • Access Control : Can we control who accesses data?

  11. Tools • Hash Functions • Encryption • (Symmetric vs. Asymmetric) • Keyed Hash (MAC) • Key Exchange • Digital Signatures

  12. Hash Functions • h should be chosen so that it is • Easy to compute h(x) • Given y=h(x) it is computationally infeasible to find x (pre-image resistant) • It is computationally infeasible to find x, x’ such that h(x)=h(x’) (collision resistant) • Common Hash functions in cryptography: • SHA-1 • MD5 h maps strings of arbitrary lengths to a fixed length string: h(1101010000…….11001000111) = 100110011101

  13. BANK Problem: Still subject to man in middle (Hacker can Hash) Hash Functions • Hash Functions can be used for message integrity (M’,h(M)’) (M,h(M)) Bank checks that h(M’)=h(M)’ (eliminates transmission errors)

  14. Hashing with Authentication: Message Authentication Codes (MACs) • MACs are also known as keyed hashes. • The sender and receiver share a key that is hashed with the message: • MAC = Hash(M,Key) • A MAC can give integrity and authentication

  15. BANK Hacker cannot change message because the MAC won’t verify! MAC (M,h(M,K)) (M’,h(M,K)’) Bank checks that h(M’,K)=h(M,K)’

  16. Encryption/Decryption • An encryption algorithm takes plaintext and transforms it into ciphertext. • The corresponding decryption algorithm transforms the ciphertext back into the original plaintext. • Cryptographic keys are used in both transformations: • There are two types of encryption/decryption algorithms – symmetric (key1=key2) and asymmetric (key1  key2) E(key1,plaintext)=ciphertext D(key2,ciphertext)=plaintext

  17. Encryption (symmetric) Encryption/ Decryption Algorithm Plaintext Ciphertext Private Key Shared With Trusted Channel Encryption/ Decryption Algorithm Ciphertext Plaintext

  18. Encryption Decryption Example of Symmetric Key Cipher Key = Key1=Key2 = random string of zeros and ones Plaintext = 110010101000110101 Key = 111000111000111000 If key is as long as PT (& only used once): “one time pad”

  19. Keys are the Key • Cryptography moves the information to be protected from the message to be sent into the key for the cryptosystem • The key must be protected!!! • How easy is it for a cryptanalyst to break the cipher - I.e., find the key?

  20. What size key is secure enough? NumberHow long would it take to count to this number from 0 - one count per second? _______________________________________________ 1=100 = 20 1 second 1,000=103~ 210 17 minutes 1,000,000=106 ~ 220 12 days 1,000,000,000=109 ~ 230 32 years 1,000,000,000,000=1012 ~ 240 32,000 years* 1,000,000,000,000,000=1015 ~ 250 32 million years** 1,000,000,000,000,000,000=1018 ~ 260 32 billion years*** * Longer than there has been civilization on earth ** Longer than there have been humans on earth *** More than the age of the Universe Mass of earth: ~6*1027 ~ 6*290 grams Nevertheless, your symmetric key size should be at least 80 bits!! (280)

  21. BOB BANK E(Key,Message)=101011101011000101 D(Key,110111101011110011) = kdsaojriewj???? Encryption can give integrity, confidentiality, and authentication. May need to be combined with a keyed MAC. 110111101011110011

  22. BOB BOB E(Message)=CT=101011101011000101 I did not send that message!!! Prove he did! BANK D(CT)=Transfer Money. Non-repudiation?

  23. New Directions • In 1976, Diffie and Hellman came out with a groundbreaking paper called: “New Directions in Cryptography” • Introduced the idea of asymmetric cryptography based on hard mathematical problems

  24. The key must be K!!! MessageA MessageB Public Key Exchange ???????

  25. Public Key (Asymmetric) Cryptography • Asymmetric algorithms are based on key pairs, a public key and a private key. • The keys are mathematically related such that one key performs an operation on data that only the other key can undo. • Knowledge of the public key reveals nothing about the private key

  26. Public Key Cryptography Public Key: Anyone can use the public key to send a secret to the owner. Private key: Only the private key can unlock the secret. The private key cannot be deduced from the public key.

  27. Public Key Cryptography for Encryption Encryption/ Decryption Algorithm Plaintext Ciphertext Public Key of Receiver Encryption/ Decryption Algorithm Ciphertext Plaintext Private Key of Receiver

  28. Public Key Cryptography - Digital Signatures • Besides being used for encryption and key exchange, public key systems can be used to provide “digital signatures” • The decryption algorithm is used to provide a signature (only the owner of the private key can decrypt or “sign”) • The encryption algorithm is used to “verify” the signature (since this key can be public anyone can verify)

  29. Message + Signature algorithm SigM,k Private key Digital Signatures • Digital Signatures can be used in a way similar to usual signatures. • Only the person with the private key can produce • the signature.

  30. Message Validity Verifying Digital Signatures Message + SigM,k + Verification algorithm Public key • Anyone can verify that the signature is valid.

  31. BOB Digital Signatures • Benefits: • Data authentication: The signature is unique not only to the person who owns the key, but also to the message associated to it. • Non-repudiation: The signer cannot deny signing the message.

  32. Are we done? No. • Obviously we are not done. We still have a lot of work to do: • Proving systems/components are secure • Developing specialized solutions • Integrating crypto into the real world • Etc., etc. etc…

  33. A partial solution: PKI • As a means of addressing these problems, the general idea of a Public Key Infrastructure was born. • PKI is essentially a way to “publish” public key values in a way that is almost (but not really) analogous to a telephone book.

  34. How Does PKI Work? • PKI helps us by providing two things: • Certification: The binding of a public key to something (person, place or thing…) • Validation: The ability to check if such a binding is a valid one.

  35. On-Line Validation • We could just ask the issuing CA if the certificate we are looking at is still good. This is a lot like credit card approval. • PRO: • Immediate notification of certificate revocation. • CON: • Do we really want to ask about every certificate? • Can the CA handle the onslaught of queries?

  36. How Much Protection Do We Really Get? • What is stopping amazon.com from getting a certificate and spoofing the amazon.com web site? • If they have a valid certificate, we might never notice.

  37. What about the little guy? • PKI isn’t really set up to support individuals well. • Less stringent identity verification means less trust in the certificate. • There are 11 Gilbert Bacas in Albuquerque alone. • How well can you protect your personal key?

  38. Public Key Cryptography for Encryption Encryption/ Decryption Algorithm Plaintext Ciphertext Public Key of Receiver Certification Authority or Trusted Channel Encryption/ Decryption Algorithm Ciphertext Plaintext Private Key of Receiver

  39. Example • SSL/TLS

  40. BOB SSL/TLS The Bank

  41. Hi, I’m the Bank Prove it. Here’s my certificate. O.K., here’s a symmetric key encrypted with your public key Encrypted Session SSL (Simplified) The Bank Verify Cert.

  42. The Bank

  43. Tools/summary Integrity | Authentica- | Confiden-| Non- | tion | tiality | Repudiation Hash  MAC  Symmetric Encryption   Public key Encryption    

  44. THANKING YOU

More Related