Chapter 5 (part 1) include objectives: Explain general cryptography concepts, explain basic hashing concepts, basic encryption concepts, explain and implement protocols, explain core concepts of public key cryptography.
Trang 2Objectives
* Explain general cryptography concepts
* Explain basic hashing concepts
* Basic encryption concepts
* Explain and implement protocols
Trang 3Cryptography
aaa
* Cryptography — science of encrypting information
* “scrambles” (xao tron) data so only authorized parties can “unscramble” and read data using two methods
* Can substitute — change one letter with a different letter (thay thé)
* Can transpose — scramble the order of letters, without actually
changing one for another (chuyén vi)
Trang 5- a method of storing and transmitting data
In a form only intended for authorized parties to read or process
- science of studying,
breaking, and reverse engineering algorithms and keys
— the method of transforming data
(plaintext) into an unreadable format
— the format (usually
readable) of data before being encrypted
Trang 6Cryptographic Terminology
* Decryption (giai ma) — the method of turning cipher text
back into plain text
“ Encryption algorithm — a set or rules or procedures that dictates how to encrypt and decrypt data Also called an encryption “cipher”
“ Key — (crypto variable) a values used in the encryption
Trang 7Cryptographic Terminology
* Key space (khong gian khoa) — the range of possible values used to construct keys * example: * ifa key can be 4 digits (0-9) * key space = 10,000 (0000 — 9999) * If it can be 6 digits * key space = 1,000,000 (000,000 — 999,999)
“ Key Clustering — Instance when two different keys generate the same cipher text from the same plaintext
Trang 8Các mục tiêu cúa mã hóa
LLL
| confidentiality/privacy (Tinh bi mat)
| Integrity (Tinh toan ven)
' Authentication (Tinh xac thuc)
Trang 9Cryptography History
Trang 11
Transposition (hoan vi) Cipher
Trang 12
Transposition Cipher
Moon beams are nice
| In this example, text is
|_ Moon} | Beams | | Are} |_Nice grouped in five-character blocks
| onMo | | amsBe | | reA || ceNi |
Trang 14
Steganography (an thong tin)
yaaa
“ Hiding one message in another
Trang 15Vigenere Cipher
* The Vigenere cipher is named for Blaise de Vigenère, although Giovan Battista Bellaso had invented the cipher
earlier Vigenere did invent a stronger autokey cipher
* Vigenere cipher is a method of encrypting alphabetic text
by using a series of different Caesar ciphers based on the
letters of a keyword It is a simple form of polyalphabetic Substitution
Trang 17For example, suppose that the plaintext to be encrypted Is: The person sending the message chooses a keyword and repeats it until it matches the length of the plaintext, for
example, the keyword "LEMON":
The first letter of the plaintext, A, is enciphered using the alphabet in row L, which ts the first letter of the key This is done by looking at the letter in row L and column A of the
Vigenere square, namely L The rest of the plaintext is enciphered in a similar fashion
Plaintext:
Trang 18Encryption Modes - Block
Trang 19
Block (ECB encryption) Plaintext Plaintext Plaintext anyone — màn
Block Cipher Block Cipher Block Cipher
Key —*_ Encryption Key ——>k Encryption Key —> Encryption
EEEEEEE- EETTTETT1 ESE4 Bì BỊ E E4 Em
Ciphertext Ciphertext Ciphertext
Trang 21Solving Block Encryption Problems
* Often with block encryption, we include a value in addition to the key that changes for each block, so we don't get
repetitive cipher text blocks This is called Cipher Block
Chaining (see next slide)
Trang 24“ XOhing is a Boolean mathematical “function” which
creates an output bit based on two input bits It outputs a 1 IF and ONLY if one bit of input is 1 and the other is a O
INPUT1T INPUT 2 XOR OUTPUT
0 0 = 0
0 1 = 1
1 0 = 1
Trang 25Stream Encryption (Mã hóa luồng)
“ [he “key” Is used as a key stream generator, which
creates a series of bits each are is mathematically
combined with the bit stream of plaintext to produce cipher
text This is done for small pieces of information, or information not In blocks
“ Keyboard input
“ Morse code
Trang 31One Time Pad
* 1011 — plain text
“ 0101 — pad
* 1110 — cipher text
Trang 32One Time Pad
* A “perfect cryptosystem”
* Unbreakable if implemented properly * The key is a series of bits (O and 1) “ The plain text is converted to bits
* The message is XORed with the pad/key to generated the
cipher text
Trang 33One Time Pad considerations
* The pad must be used only one time * The pad must be shared by both sides * The pad must be as long as the message * The pad must be securely distributed
Trang 35Symmetric Encryption
LLL 66g
* Called Symmetric or “Private Key encryption”
%* Must securely distribute keys to both parties
© %s Chicken in the egg situation with networks
oe
* Anyone with the key can either encrypt or decrypt
© %s Very Fast to encrypt or decrypt
Trang 37Symmetric Algorithms - DES
* Data Encryption Standard (1976)
“ Developed from at NIST request for an encryption standard
* Chosen algorithm was called “Lucifer” from IBM
“ Block Cipher
* Fixed sized blocks of 64 bits
* Key size 64 bits, effective size is 56 bits
* 16 rounds of substitution and transposition
Trang 41AES (Advanced Encryption Standard) -
Tiêu chuẩn mã hóa tiên tiến
* Developed as a replacement to DES, 1998
Trang 42RCS LLL * Ronald Rivest , 1994 * Block cipher * Block size 32, 64, 128
* Key Size up to 2048 bits
Trang 43Nee
cac 6
Trang 44RC4
* Stream cipher — what was that again?
* Was proprietary, but released on Internet in 1994, “ARC4” is the “open version of RC4”
* Key length 8 — 2048 bits
Trang 46IDEA
* International Data Encryption Algorithm (Thuat toan Ma hoa DU liéu QuOc té)
* James Massey, Xuejia Lai, 1991 * Proposed AES candidate
* Block cipher
* 64 bit blocks * 128 bit keys
* Not free, Patent expires soon though
Trang 47Symmetric
<<
* That’s Symmetric Encryption
* Understand the concept (shared keys)
Trang 48Enter Non-Repudiation (Khong thoai
⁄
(| @
* Non-Repudiation — being able to definitively prove someone said or wrote something
* Proves they actually sent a message
* Proves the message was not altered
“ How do we provide non-repudiation? We'll see soon after
Trang 50Asymmetric Encryption
* Called Public key encryption
* Requires 2 related keys
* Public key — given to anyone * Private key — kept secret
* Public key is used to encrypt message * Private key is used to decrypt message
* Private key is used to sign messages
Trang 51Asymmetric Encryption
* Key exchange Is simple!
* Asymmetric Encryption is SLOW, not suitable for encrypting large amounts of data
Trang 52Diffie-Hellman
ae © Whitfield Diffie , Martin Hellman, 1976
* The original Asymmetric algorithm * Used with SSL, VPNs, ssh
* Used ONLY for key exchange
Trang 53Asymmetric Algorithms - RSA
* Ron Rivest, Adi Shamir , Len Adleman, 1977, MIT
“ Can be 100 times slower than DES
* Can be used for encryption, key exchange and digital
signatures
Trang 56ECC - Elliptic Curve Cryptography
[LLL LLL ẻ' 'ẻẻẻẽ
* Neal Koblitz, Victor S Miller, 1985
* Encryption, key exchange or digital signatures
* Security based on analyzing elliptic curves in finite fields
Trang 57Asymmetric Overview
* Uses 2 keys, one for encryption, one for decryption
* This mitigates the key management, key distribution
problem (kind of )
* Is VERY slow (orders of magnitude slower)
* Can provide integrity and proof of sender (non-repudiation) * Often used in a hybrid system (along with private key
encryption)
“ Encrypt symmetric keys using asymmetric algorithms
Trang 58Hashing - Bam
E911 * Hashing is similar to encryption but different
* Hashing Is a one way operation
* Take input message
* Put through hashing function
* Retrieve fixed length value (hash digest)
Trang 60Hashes
* Once hashed, no way to get
back the original message
Trang 61Hashes
Hashing can provide integrity (assuming no MIM (next
slide))
Hashes can be combined with a_ private key to provide
protection against MIM attacks (visualization in a few slides
next slide)
© %s
© %s
© %s The more bits in the digest, generally the more secure (less
change for collision generally)
© %s One Example of a hash that you are probably familiar with
Trang 62Normal use of Hash _—“ ư*> |msg 4 hash “g digest “Rene =>
Alice creates a message, and computes the hash digest and send both to Sam
=
2 S hash
xổ 6 digest
Trang 63Hash MiM attack (phase
Alice sends Sam a message and the
hash digest of the message
Trang 64
Hash MiM attack (phase 2)
Hacker sends the altered message
and hash digest to Sam
Sam recieves the message, computes the
hash, verifies it's matches the hash he
recieved and thinks that the message from
Trang 66HMAC
function hmac (key, message)
if (length(key) > blocksize) then
key = hash(key) // keys longer than
blocksize are shortened
end if
if (length(key) < blocksize) then
key = key || zeroes(blocksize -
length(key)) // keys shorter than blocksize are zero-padded
end if
Trang 67Hash algorithms - SHA
“ Secure Hash Algorithm
* Designed/Published by NIST and NSA
Trang 68MD2
* Developed by Ronald Rivest (of RC and RSA fame) * Optimized to run on 8 bit computers
* 128 bit digest
Trang 70MD5
© %s Similar to MD4, but more secure
Trang 71Hash overview a : “ Know what a hash ts * Concept
* Fixed length digest
“* What is a hash used for “* Know what a collision is
** Know it’s susceptible to MiM
“* Know what HMAC is, and what it tries to accomplish * Be familiar with MDx, and SHA-x
Trang 72
Digital Signatures
Trang 74Digital Signing
“ Generally when | digital sign something | don’t encrypt the whole message Instead
“ Run message through hash algorithm, generated message digest
* Sign the “message digest”