1. Trang chủ
  2. » Công Nghệ Thông Tin

Lecture Information systems security - Chapter 5 (part 1): Cryptography basics

76 37 0
Tài liệu được quét OCR, nội dung có thể không chính xác

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 76
Dung lượng 1,33 MB

Nội dung

Chapter 5 (part 1) include objectives: Explain general cryptography concepts, explain basic hashing concepts, basic encryption concepts, explain and implement protocols, explain core concepts of public key cryptography.

Trang 2

Objectives

* Explain general cryptography concepts

* Explain basic hashing concepts

* Basic encryption concepts

* Explain and implement protocols

Trang 3

Cryptography

aaa

* Cryptography — science of encrypting information

* “scrambles” (xao tron) data so only authorized parties can “unscramble” and read data using two methods

* Can substitute — change one letter with a different letter (thay thé)

* Can transpose — scramble the order of letters, without actually

changing one for another (chuyén vi)

Trang 5

- a method of storing and transmitting data

In a form only intended for authorized parties to read or process

- science of studying,

breaking, and reverse engineering algorithms and keys

— the method of transforming data

(plaintext) into an unreadable format

— the format (usually

readable) of data before being encrypted

Trang 6

Cryptographic Terminology

* Decryption (giai ma) — the method of turning cipher text

back into plain text

“ Encryption algorithm — a set or rules or procedures that dictates how to encrypt and decrypt data Also called an encryption “cipher”

“ Key — (crypto variable) a values used in the encryption

Trang 7

Cryptographic Terminology

* Key space (khong gian khoa) — the range of possible values used to construct keys * example: * ifa key can be 4 digits (0-9) * key space = 10,000 (0000 — 9999) * If it can be 6 digits * key space = 1,000,000 (000,000 — 999,999)

“ Key Clustering — Instance when two different keys generate the same cipher text from the same plaintext

Trang 8

Các mục tiêu cúa mã hóa

LLL

| confidentiality/privacy (Tinh bi mat)

| Integrity (Tinh toan ven)

' Authentication (Tinh xac thuc)

Trang 9

Cryptography History

Trang 11

Transposition (hoan vi) Cipher

Trang 12

Transposition Cipher

Moon beams are nice

| In this example, text is

|_ Moon} | Beams | | Are} |_Nice grouped in five-character blocks

| onMo | | amsBe | | reA || ceNi |

Trang 14

Steganography (an thong tin)

yaaa

“ Hiding one message in another

Trang 15

Vigenere Cipher

* The Vigenere cipher is named for Blaise de Vigenère, although Giovan Battista Bellaso had invented the cipher

earlier Vigenere did invent a stronger autokey cipher

* Vigenere cipher is a method of encrypting alphabetic text

by using a series of different Caesar ciphers based on the

letters of a keyword It is a simple form of polyalphabetic Substitution

Trang 17

For example, suppose that the plaintext to be encrypted Is: The person sending the message chooses a keyword and repeats it until it matches the length of the plaintext, for

example, the keyword "LEMON":

The first letter of the plaintext, A, is enciphered using the alphabet in row L, which ts the first letter of the key This is done by looking at the letter in row L and column A of the

Vigenere square, namely L The rest of the plaintext is enciphered in a similar fashion

Plaintext:

Trang 18

Encryption Modes - Block

Trang 19

Block (ECB encryption) Plaintext Plaintext Plaintext anyone — màn

Block Cipher Block Cipher Block Cipher

Key —*_ Encryption Key ——>k Encryption Key —> Encryption

EEEEEEE- EETTTETT1 ESE4 Bì BỊ E E4 Em

Ciphertext Ciphertext Ciphertext

Trang 21

Solving Block Encryption Problems

* Often with block encryption, we include a value in addition to the key that changes for each block, so we don't get

repetitive cipher text blocks This is called Cipher Block

Chaining (see next slide)

Trang 24

“ XOhing is a Boolean mathematical “function” which

creates an output bit based on two input bits It outputs a 1 IF and ONLY if one bit of input is 1 and the other is a O

INPUT1T INPUT 2 XOR OUTPUT

0 0 = 0

0 1 = 1

1 0 = 1

Trang 25

Stream Encryption (Mã hóa luồng)

“ [he “key” Is used as a key stream generator, which

creates a series of bits each are is mathematically

combined with the bit stream of plaintext to produce cipher

text This is done for small pieces of information, or information not In blocks

“ Keyboard input

“ Morse code

Trang 31

One Time Pad

* 1011 — plain text

“ 0101 — pad

* 1110 — cipher text

Trang 32

One Time Pad

* A “perfect cryptosystem”

* Unbreakable if implemented properly * The key is a series of bits (O and 1) “ The plain text is converted to bits

* The message is XORed with the pad/key to generated the

cipher text

Trang 33

One Time Pad considerations

* The pad must be used only one time * The pad must be shared by both sides * The pad must be as long as the message * The pad must be securely distributed

Trang 35

Symmetric Encryption

LLL 66g

* Called Symmetric or “Private Key encryption”

%* Must securely distribute keys to both parties

© %s Chicken in the egg situation with networks

oe

* Anyone with the key can either encrypt or decrypt

© %s Very Fast to encrypt or decrypt

Trang 37

Symmetric Algorithms - DES

* Data Encryption Standard (1976)

“ Developed from at NIST request for an encryption standard

* Chosen algorithm was called “Lucifer” from IBM

“ Block Cipher

* Fixed sized blocks of 64 bits

* Key size 64 bits, effective size is 56 bits

* 16 rounds of substitution and transposition

Trang 41

AES (Advanced Encryption Standard) -

Tiêu chuẩn mã hóa tiên tiến

* Developed as a replacement to DES, 1998

Trang 42

RCS LLL * Ronald Rivest , 1994 * Block cipher * Block size 32, 64, 128

* Key Size up to 2048 bits

Trang 43

Nee

cac 6

Trang 44

RC4

* Stream cipher — what was that again?

* Was proprietary, but released on Internet in 1994, “ARC4” is the “open version of RC4”

* Key length 8 — 2048 bits

Trang 46

IDEA

* International Data Encryption Algorithm (Thuat toan Ma hoa DU liéu QuOc té)

* James Massey, Xuejia Lai, 1991 * Proposed AES candidate

* Block cipher

* 64 bit blocks * 128 bit keys

* Not free, Patent expires soon though

Trang 47

Symmetric

<<

* That’s Symmetric Encryption

* Understand the concept (shared keys)

Trang 48

Enter Non-Repudiation (Khong thoai

(| @

* Non-Repudiation — being able to definitively prove someone said or wrote something

* Proves they actually sent a message

* Proves the message was not altered

“ How do we provide non-repudiation? We'll see soon after

Trang 50

Asymmetric Encryption

* Called Public key encryption

* Requires 2 related keys

* Public key — given to anyone * Private key — kept secret

* Public key is used to encrypt message * Private key is used to decrypt message

* Private key is used to sign messages

Trang 51

Asymmetric Encryption

* Key exchange Is simple!

* Asymmetric Encryption is SLOW, not suitable for encrypting large amounts of data

Trang 52

Diffie-Hellman

ae © Whitfield Diffie , Martin Hellman, 1976

* The original Asymmetric algorithm * Used with SSL, VPNs, ssh

* Used ONLY for key exchange

Trang 53

Asymmetric Algorithms - RSA

* Ron Rivest, Adi Shamir , Len Adleman, 1977, MIT

“ Can be 100 times slower than DES

* Can be used for encryption, key exchange and digital

signatures

Trang 56

ECC - Elliptic Curve Cryptography

[LLL LLL ẻ' 'ẻẻẻẽ

* Neal Koblitz, Victor S Miller, 1985

* Encryption, key exchange or digital signatures

* Security based on analyzing elliptic curves in finite fields

Trang 57

Asymmetric Overview

* Uses 2 keys, one for encryption, one for decryption

* This mitigates the key management, key distribution

problem (kind of )

* Is VERY slow (orders of magnitude slower)

* Can provide integrity and proof of sender (non-repudiation) * Often used in a hybrid system (along with private key

encryption)

“ Encrypt symmetric keys using asymmetric algorithms

Trang 58

Hashing - Bam

E911 * Hashing is similar to encryption but different

* Hashing Is a one way operation

* Take input message

* Put through hashing function

* Retrieve fixed length value (hash digest)

Trang 60

Hashes

* Once hashed, no way to get

back the original message

Trang 61

Hashes

Hashing can provide integrity (assuming no MIM (next

slide))

Hashes can be combined with a_ private key to provide

protection against MIM attacks (visualization in a few slides

next slide)

© %s

© %s

© %s The more bits in the digest, generally the more secure (less

change for collision generally)

© %s One Example of a hash that you are probably familiar with

Trang 62

Normal use of Hash _—“ ư*> |msg 4 hash “g digest “Rene =>

Alice creates a message, and computes the hash digest and send both to Sam

=

2 S hash

xổ 6 digest

Trang 63

Hash MiM attack (phase

Alice sends Sam a message and the

hash digest of the message

Trang 64

Hash MiM attack (phase 2)

Hacker sends the altered message

and hash digest to Sam

Sam recieves the message, computes the

hash, verifies it's matches the hash he

recieved and thinks that the message from

Trang 66

HMAC

function hmac (key, message)

if (length(key) > blocksize) then

key = hash(key) // keys longer than

blocksize are shortened

end if

if (length(key) < blocksize) then

key = key || zeroes(blocksize -

length(key)) // keys shorter than blocksize are zero-padded

end if

Trang 67

Hash algorithms - SHA

“ Secure Hash Algorithm

* Designed/Published by NIST and NSA

Trang 68

MD2

* Developed by Ronald Rivest (of RC and RSA fame) * Optimized to run on 8 bit computers

* 128 bit digest

Trang 70

MD5

© %s Similar to MD4, but more secure

Trang 71

Hash overview a : “ Know what a hash ts * Concept

* Fixed length digest

“* What is a hash used for “* Know what a collision is

** Know it’s susceptible to MiM

“* Know what HMAC is, and what it tries to accomplish * Be familiar with MDx, and SHA-x

Trang 72

Digital Signatures

Trang 74

Digital Signing

“ Generally when | digital sign something | don’t encrypt the whole message Instead

“ Run message through hash algorithm, generated message digest

* Sign the “message digest”

Ngày đăng: 30/01/2020, 12:25