Post on 06-Nov-2020
transcript
Crypto Fundamentals
Dr. Mohammed Shafiul Alam Khan
Assistant ProfessorInstitute of Information Technology (IIT), University of Dhaka (DU)
shafiul@du.ac.bd
December 10, 2017
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 1 / 31
Outline
1 Fundamental Security Properties
2 Quick View on Different Ciphers
3 Diffie-Hellman Key Exchange
4 Public Key Infrastructure (PKI)
5 Hash Functions
6 Conclusion
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 2 / 31
Fundamental Security Properties
Outline
1 Fundamental Security Properties
2 Quick View on Different Ciphers
3 Diffie-Hellman Key Exchange
4 Public Key Infrastructure (PKI)
5 Hash Functions
6 Conclusion
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 3 / 31
Fundamental Security Properties
Fundamental Security Properties
Properties
Confidentiality
Integrity
Availability OR Authentication
protecting the information from disclosure to unauthorized parties
protecting information from being modified by unauthorized parties
ensuring that authorized parties are able to access the informationwhen needed
The CIA triad is a very fundamental concept in security. However, it hasbeen suggested that the CIA triad is not enough.
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 4 / 31
Fundamental Security Properties
How Crypto Comes in the Scene
It is insufficient to protect ourselves with laws; we needto protect ourselves with mathematics. — Bruce Schneier
Security/Cryptographic Tools
Encryption
Hash / Message Authentication Code
Encryption ensures confidentiality property
Hash / Message Authentication Code ensures integrity property
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 5 / 31
Quick View on Different Ciphers
Outline
1 Fundamental Security Properties
2 Quick View on Different Ciphers
3 Diffie-Hellman Key Exchange
4 Public Key Infrastructure (PKI)
5 Hash Functions
6 Conclusion
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 6 / 31
Quick View on Different Ciphers
What is a Cipher OR Encryption
Examples
When we use Google search or In general when we use https in webbrowsing
Different applications, for example, voice and data communication intelecommunication network
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 7 / 31
Quick View on Different Ciphers
How Cipher Works
Every cipher should work with
an Algorithm (suppose to be public), anda key which is private
Mostly the algorithm does a set of Substitution and Transpositionbased on the secret key.
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 8 / 31
Quick View on Different Ciphers
Types of Encryption
Symmetric Encryption — use same key for both encryption anddecryption
Asymmetric Encryption (Public key encryption) — use different keysin encryption and decryption
Block ciphers — Encrypt/Decrypt a block of data at a time.Example: AES, RSA
Stream ciphers — Encrypt/Decrypt a bit stream. Example: RC4, RC5
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 9 / 31
Quick View on Different Ciphers
Symmetric Encryption
Symmetric Encryption
Provides only confidentiality service
Need to share the key with the receiver
If there are n users, then number of keys required are of order n2
Key distribution is challenging
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 10 / 31
Quick View on Different Ciphers
Asymmetric Encryption
Asymmetric Encryption
Could provides both confidentiality and authentication service
If there are n users, then 2n keys are required
What could be problem in such encryption? What about key distribution?
CA
PKI
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 11 / 31
Quick View on Different Ciphers
Asymmetric Encryption
Asymmetric Encryption
Could provides both confidentiality and authentication service
If there are n users, then 2n keys are required
What could be problem in such encryption? What about key distribution?
CA
PKI
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 11 / 31
Quick View on Different Ciphers
Key Bit Length and Key Space
Cipher algorithms vary in support of different key length. Forexample,
DES uses 56-bit keyAES has 128-bit, 192-bit and 256-bit versionsRSA keys could be 1024-bit or 2048-bit
Bit length impact on the key space
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 12 / 31
Quick View on Different Ciphers
Attacks on Encryption
Brute force attack — Search for all possible keys in the key space.For example,
in DES 256 keys need to explorein AES 2128, 2192 or 2256 keys need to explorein RSA 21024 or 22048 keys need to explore
Cryptanalysis attack — Use probabilistic theories to find the key
Known plaintext attack
Choosen plaintext attack
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 13 / 31
Quick View on Different Ciphers
Attacks on Encryption
Dictionary Attack
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 14 / 31
Quick View on Different Ciphers
Traditional Ciphers
Mono-Alphabetic Cipher
Extension could be poly-alphabetic ciphers.
Are not suitable in the age of computing (easily breakable using bruteforce attack)
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 15 / 31
Quick View on Different Ciphers
Modern Ciphers
AES (Advanced Encryption Standard) — Symmetric crypto-systems
RSA (Rivest-Shamir-Adleman) — one of the first practical public-keycrypto-systems
RSA is based on the difficulties of finding prime factors of a largenumber. (demo with an url)
Other public key crypto-systems are ECC (Elliptic CurveCryptography), ElGamal crypto-systems
RC5 — a symmetric stream cipher
In RC5 a key stream is generated based on the secret key and thegenerated key stream is Xored with the input message.
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 16 / 31
Diffie-Hellman Key Exchange
Outline
1 Fundamental Security Properties
2 Quick View on Different Ciphers
3 Diffie-Hellman Key Exchange
4 Public Key Infrastructure (PKI)
5 Hash Functions
6 Conclusion
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 17 / 31
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Features
Allows two users to exchange a secret key (Addressed the challenge ofsymmetric ciphers)
Requires no prior secrets
Real-time over an untrusted network
Ensure perfect forward secrecy — a property of secure communicationprotocols in which compromise of long-term keys does notcompromise past session keys
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 18 / 31
Diffie-Hellman Key Exchange
How it Works
Based on the difficulty of computing discrete logarithms of large numbers
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 19 / 31
Diffie-Hellman Key Exchange
Applications and Drawback
Applications
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
Secure Shell (SSH)
Internet Protocol Security (IPSec)
Drawbacks
Although there is no successful attack on the mathematical aspect ofthe protocol, however, Man-in-the-Middle attack is possible in theprotocol if not carefully designed.
Authenticated Diffie-Hellman Key Agreement (1992) could protectsuch attack
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 20 / 31
Public Key Infrastructure (PKI)
Outline
1 Fundamental Security Properties
2 Quick View on Different Ciphers
3 Diffie-Hellman Key Exchange
4 Public Key Infrastructure (PKI)
5 Hash Functions
6 Conclusion
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 21 / 31
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
Features
Provides a set of roles, policies, and procedures needed to create,manage, distribute, use, store, and revoke digital certificates
Manage public-key encryption
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 22 / 31
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
Application
In network, PKI allows for the centralization of network authentication
Authentication of client systems using SSL (Secure Socket Layer)signatures or encryption in web browser.
Other applications include the transmission of authenticated emailmessages using S/MIME (Secure/Multi-purpose Internet MailExtensions), OpenPGP (Open Pretty Good Privacy) and othertechnologies
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 23 / 31
Hash Functions
Outline
1 Fundamental Security Properties
2 Quick View on Different Ciphers
3 Diffie-Hellman Key Exchange
4 Public Key Infrastructure (PKI)
5 Hash Functions
6 Conclusion
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 24 / 31
Hash Functions
Hash Functions
Properties
deterministic so the same message always results in the same hash
infeasible to find two different messages with the same hash value
infeasible to generate a message from its hash value except by tryingall possible messages
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 25 / 31
Hash Functions
Hash Functions
Properties
small change to a message should change the hash value soextensively that the new hash value appears uncorrelated with the oldhash value
quick to compute the hash value for any given message
Examples
MD5 — Generate 160-bit hash with a set of defined procedure
MD5 is not secure as it could be reversible (Though in theory MD5 isnot reversible but using databases one may find out which textresulted in a particular hash value.)
SHA-1 — A 160-bit hash function which resembles the earlier MD5algorithm.
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 26 / 31
Hash Functions
Hash Functions
Examples
SHA-2 — A family of two similar hash functions, with different blocksizes, known as SHA-256 and SHA-512. They differ in the word size;SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.(Designed by NSA)
SHA-3 — A hash function formerly called Keccak, chosen in 2012after a public competition among non-NSA designers
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 27 / 31
Hash Functions
Hashed Message Authentication Code (HMAC)
Properties
Ensures authentication along with integrity
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 28 / 31
Conclusion
Outline
1 Fundamental Security Properties
2 Quick View on Different Ciphers
3 Diffie-Hellman Key Exchange
4 Public Key Infrastructure (PKI)
5 Hash Functions
6 Conclusion
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 29 / 31
Conclusion
Conclusion
Discuss the required security service in a network
Discuss how different cryptographic systems provide those services
Limitations of cryptographic systems
Different attacks on such systems
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 30 / 31
M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 31 / 31