Đang tải... (xem toàn văn)
Classical cryptography o History of cryptography is over than 3,000 years o The object of the cryptography is characters o Encryption/Decryption is performed manually or by using mechanical principles o Applied commonly in military • A series of three rotors from an Enigma machine, used by Germany Military during World War II
10/09/2017 Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE Introduction to Encryption Symmetric encryption Asymmetric encryption Cryptographic data integrity algorithms 10/09/2017 10/09/2017 Classical cryptography o History of cryptography is over than 3,000 years o The object of the cryptography is characters o Encryption/Decryption is performed manually or by using mechanical principles o Applied commonly in military • A series of three rotors from an Enigma machine, used by Germany Military during World War II Modern cryptography (since 1970) o Beginning with the development of Computer and Information Technology o Processing by Computer using bits o Applying widely in many fields, especially in electronic transactions 10/09/2017 Some examples of applied cryptography are: Public key infrastructure (PKI) Digital certificates Authentication E-commerce RSA MD-5 Secure Hash Algorithm (SHA) Secure Sockets Layer (SSL) Pretty Good Privacy (PGP) Secure Shell (SSH) 10/09/2017 Plaintext: This is the original intelligible message or data that is fed into the algorithm as input Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext Secret key: The secret key is also input to the encryption algorithm The key is a value independent of the plaintext and of the algorithm Ciphertext: This is the scrambled message produced as output It depends on the plaintext and the secret key Decryption algorithm: This is essentially the encryption algorithm run in reverse It takes the ciphertext and the secret key and produces the original plaintext 10/09/2017 10/09/2017 10/09/2017 10/09/2017 10/09/2017 Nguyen Thi Thanh Van - Khoa CNTT 10/09/2017 Introduction Model Application Brute-force and Cryptanalysis 10/09/2017 10 10/09/2017 There are two requirements for secure use of conventional encryption: o A strong encryption algorithm o A secret key Symmetric encryption: o transforms plaintext into ciphertext using a secret key and an encryption algorithm o recoveres from the ciphertext to the plaintext using the same key and a decryption algorithm 10/09/2017 11 Modern symmetric algorithms are great at all of the following: Preserving (protective, maintaining) confidentiality Increasing speed Ensuring simplicity (relatively speaking, of course) Providing authenticity (legitimacy) Symmetric algorithms have their drawbacks: Key management issues Lack of nonrepudiation features 10/09/2017 12 10/09/2017 Data Encryption Standard (DES) Originally adopted by the U.S government in 1977 DES is a 56-bit key algorithm => too short to be used today for any serious security applications Triple DES (3DES): an extension of the DES algorithm, w hich is three times more pow erful than the DES algorithm Used a 168-bit key Blow fish (by B.Schneier.): strong, fast, and simple in its design The algorithm uses a 448-bit key and is optimized for use in today’s 32- and 64-bit processors International Data Encryption Algorithm (IDEA) (1990, Sw itzerland) It used to protect the privacy of e-mail, data This algorithm is seen in applications such as the Pretty Good Privacy (PGP) system MARS This AES finalist w as developed by IBM and supports key lengths of 128–256 bits Advanced Encryption Standard (AES) The successor to DES and chosen to be the new U.S encryption standard by NIST The algorithm is very compact and fast and can use keys that are 128, 192, or 256 bits long RC2,4,5,6 10/09/2017 13 Internet Protocol Security (IPSec): o a set of protocols designed (to operate at the Netw ork layer of the OSI) to protect the confidentiality and integrity of data as it flows over a network Pretty Good Privacy (PGP): o Using public key encryption, PGP is one of the most widely recognized cryptosystems in the world o PGP has been used to protect the privacy of e-mail, data Secure Sockets Layer (SSL) o was developed by Netscape in the mid-1990s and rapidly became a standard mechanism for exchanging data securely over insecure channels such as the Internet 10/09/2017 14 10/09/2017 10/09/2017 15 10/09/2017 16 10/09/2017 X = D(K,Y) 10/09/2017 17 There are two general approaches to attacking a conventional encryption scheme Brute-force attack • Attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained • On average, half of all possible keys must be tried to achieve success 10/09/2017 Cryptanalysis • Attack relies on the nature of the algorithm plus some knowledge of the general characteristics of the plaintext • Attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used 18 10/09/2017 10/09/2017 19 A strong algorithm that meets or of the following criteria: o The cost of breaking the cipher exceeds the value of the encrypted information (Low value) o The time required to break the cipher exceeds the useful lifetime of the information (large time) Average Time Required for Exhaustive Key Search 10/09/2017 20 10 10/09/2017 Message Auth & Integrity, no encryption 10/09/2017 Message Auth & Conf using encryption 116 More commonly, message authentication is achieved using a message authentication code (MAC), also known as a keyed hash function Typically, MACs are used between two parties that share a secret key to authenticate information exchanged between those parties A MAC function takes as input: o a secret key and o a data block o and produces a hash value, referred to as the MAC 10/09/2017 117 58 10/09/2017 MD5 creates hash value of 128-bit from message o Calculations in 32 – bit numbers is fast and widely used with the acceptable security (RFC1321 standard) o it is fast, simple and small => used in many cases even collision was found Calculation Process of MD5: o Add to message 1512 bits to get length of 448 mod 512 o Add one 64-bit value to the message o Begin with 4-word 32-bit (128-bit) block, that is (A,B,C,D) o In 16-word (512-bit) blocks: use rounds to calculate 16- bit numbers in the buffer and blocks Add outputs into inputs to create new buffer values o Hash value is the final result of (A,B,C,D) 118 SHA (Secure Hash Algorithm) originally designed by NIST & NSA in 1993, was revised in 1995 as SHA-1 US standard for use with DSA signature scheme o standard is FIPS 180-1 1995, also Internet RFC3174 o Note that, the algorithm is SHA, the standard is SHS based on design of MD4 with key differences produces 160-bit hash values recent 2005 results on security of SHA-1 have raised concerns on its use in future applications adds additional versions of SHA: SHA-256, SHA-384, SHA-512 10/09/2017 119 59 10/09/2017 two categories of attacks on hash functions: o Brute-force attack: • depend only on bit length of the hash value (not specific algorithm ) • Attack to: One-way function; collision resistant - weak wishes to find a value y such that H(y)=h, try 2m-1 values • Attack to: collision resistant - strong wishes to find messages: x,y, that yield H(y)=H(x), try 2m/2 values o Cryptanalysis: • based on weaknesses in a particular cryptographic algorithm • require a cryptanalytic effort greater than or equal to the BF effort 10/09/2017 120 Nguyen Thi Thanh Van - Khoa CNTT 10/09/2017 60 10/09/2017 Message Authentication Code (MAC) o attached to message o depends on both message and private key that only sender and recipient know o Message length can be arbitrary, but MAC often has certain fixed length (Ex: 128 bit) o To create MAC we can use hash function • To reduce message length • To keep message integrity 122 When A has a message to send to B, it calculates the MAC (checksum) as a function of the message M and the key K: MAC = C(M,K) w here M = input message K = shared secret key C = MAC function MAC = message authentication code, is attached to M When B receive MAC & M, B calculates MAC’ = C(M,K); If MAC = MAC’ we can conclude: o M is not changed o A is the one who sent M 10/09/2017 123 61 10/09/2017 Authentication: Only A & B have key K Confidentiality: Only A & B have key K2 Authentication: Only A & B have key K1 124 Confidentiality: Due to K Authentication: Due to K 125 62 10/09/2017 two categories of attacks on MAC: o Brute-force attack: • depends on the relative size of the key and the tag • more difficult undertaking than BF attack on a hash function because it requires known message-tag pairs o Cryptanalysis: • based on weaknesses in a particular cryptographic algorithm • require a cryptanalytic effort greater than or equal to the BF effort • There is much more variety in the structure of MACs than in hash functions, so it is difficult to generalize about the cryptanalysis of MACs 10/09/2017 10/09/2017 126 Developing a MAC derived from a cryptographic hash function: Cryptographic hash functions such as MD5 and SHA generally execute faster in software than symmetric block ciphers such as DES Library code for cryptographic hash functions is widely available 127 63 10/09/2017 Append zeros to the left end of to create a b-bi t string K+ (e.g., i f is of l ength 160 bi ts a nd , then will be a ppended wi th 44 zeroes) XOR (bi twise exclusive-OR) with i pad to produce the b-bit block Si Append M to Si Appl y H to the stream generated i n step XOR wi th opad to produce the b-bit block S0 Append the hash result from step to S0 Appl y H to the stream generated i n step a nd output the result HMAC: 128 based on an embedded hash function o depends on strength of the core hash function o the probability of successful fake with time spent and some message–tag pairs created with the same key Attack: o compute an output of the compression function o finds collisions in the hash function 10/09/2017 129 64 10/09/2017 Data Authentication Algorithm (DAA) (obsolete – old) o based on DES, has been one of the most widely used MACs o 10/09/2017 using the cipher block chaining (CBC) mode of operation of DES 130 operation for use with AES and triple DES: using three keys: o one key of length to be used at each step of the cipher block chaining and o tw o keys of length , w here is the key length and is the cipher block length This proposed construction: the two -bit keys could be derived from the encryption key, rather than being provided separately 10/09/2017 131 65 10/09/2017 10/09/2017 132 Nguyen Thi Thanh Van - Khoa CNTT 10/09/2017 66 10/09/2017 A digital signature: o enables the creator of a message to attach a code that acts as a signature o is formed by taking the hash of the message and encrypting the message with the creator’s private key digital signature properties: o verify the author and time of the signature o authenticate the contents at the time of the signature o It must be verifiable by third parties, to resolve disputes 10/09/2017 134 10/09/2017 135 67 10/09/2017 Hash code is used to provide a digital signature 10/09/2017 136 hash code is used to provide a digital signature: o E(K,[M,E(PRa, H(M))]): confidential o This is a common technique 10/09/2017 137 68 10/09/2017 DSS: Digital Signature Standard o US Govt approved signature scheme o designed by NIST & NSA in early 90's o published as FIPS-186 in 1991, revised in 1993, 1996, 2000 o Use RSA to create the digital signature process DSA: Digital Signature Algorithm o new digital signature technique o is a public-key technique SHA: Secure Hash Algorithm o Is American standard in Digital Signature Algorithm DSA 10/09/2017 138 RSA is used to create the digital signature process Assume we have the process RSA {(e,N), (d,N)} To sign the message M we calculate: S = Md(mod N) Signature S should be attached to message M: {M,S} To check signature we have to verify the equality of M and Se: Se(mod N) = Me.d(mod N) = M(mod N) 139 69 10/09/2017 DSS 10/09/2017 uses an algorithm that is designed to provide only the digital signature function 140 it cannot be used for encryption The DSA is based on the difficulty of computing discrete logarithms and is based on schemes originally 10/09/2017 141 70 10/09/2017 10/09/2017 142 History of Encryption Symmetric encryption Substitution Techniques: Caesar Cipher, Monoalphabetic Ciphers, Playfair Cipher, Polyalphabetic Ciphers Transposition Techniques: Rail Fence Steganography Block cipher: Feistel, DES, AES, operations cipher (CBC,CFB…) Stream cipher Asymmetric encryption Cryptographic data integrity algorithms o o o 10/09/2017 RSA Message Authentication: Encryption, HASH function, MAC, HMAC, CMAC Digital signature 143 71 10/09/2017 2007, Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, Fifth Edition, o Chapter 2,3,5,6,8,9,11,12,13 2014, Cryptography and Network Security, Principles and Practice, William Stallings, Prentice Hall, Sixth Edition, 2014, CEHv8: Certified Ethical Hacker Version Study Guide o Chapter 2,3 10/09/2017 144 72 ... 10/09 /20 17 10/09 /20 17 10/09 /20 17 10/09 /20 17 10/09 /20 17 Nguyen Thi Thanh Van - Khoa CNTT 10/09 /20 17 Introduction Model Application Brute-force and Cryptanalysis 10/09 /20 17 10 10/09 /20 17... L1L2 => L1=(rowL1,colL2); L2= =(rowL2,colL1); Ex, BF is decrypted AG; GA is decrypted FB 10/09 /20 17 36 18 10/09 /20 17 * * * * * * A B C D * E G H P * * R S * * T U X Z Ex1: EC -> HA, BC -> AB,... 10/09 /20 17 Rail fence 21 Nguyen Thi Thanh Van - Khoa CNTT 10/09 /20 17 11 10/09 /20 17 Caesar Cipher, Monoalphabetic Ciphers, Playfair Cipher, Polyalphabetic Ciphers 10/09 /20 17 23 Caesar