+ All Categories
Home > Documents > Information Security

Information Security

Date post: 25-Feb-2016
Category:
Upload: kermit
View: 23 times
Download: 0 times
Share this document with a friend
Description:
Information Security. Methods and Practices in Classical and Quantum Regimes. Cryptography. What’s that mean? Kryptos : hidden, secret Gráphō : to write What does it do? Encryption: plaintext  ciphertext Decryption: ciphertext  plaintext Why would you want that? Confidentiality - PowerPoint PPT Presentation
Popular Tags:
46
Information Security Methods and Practices in Classical and Quantum Regimes
Transcript
Page 1: Information Security

Information SecurityMethods and Practices in Classical and Quantum Regimes

Page 2: Information Security

Cryptography•What’s that mean?

▫Kryptos: hidden, secret▫Gráphō: to write

•What does it do?▫Encryption: plaintext ciphertext▫Decryption: ciphertext plaintext

•Why would you want that?▫Confidentiality▫Integrity, authentication, signing, interactive

proofs, secure multi-party computation

Page 3: Information Security

Cryptology, Cryptanalysis, Cryptolinguistics• Frequency analysis

• Brute force• Differential• Integral• Impossible differential• Boomerang• Mod n• Related key• Slide• Timing• XSL• Linear• Multiple linear• Davies’ attack• Improved Davies’ attack

Page 4: Information Security

Demands for resilient crypto• Auguste Kerckhoff’s principle

▫ Cipher practically indecipherable▫ Cipher and keys not required to be secret▫ Key communicable and retainable▫ Applicable to telegraphic communication▫ Portable and human effort efficient▫ Easy to use

• Bruce Shneier▫ “Secrecy … is a prime cause of brittleness… Conversely, openness

provides ductility.”• Eric Raymond

▫ “Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source.”

• Shannon’s maxim▫ “The enemy knows the system.”

Page 5: Information Security

Classical RegimeWritten language text

Page 6: Information Security

Transposition•Exchange the position of two symbols in

the text•Like an anagram

•Scytale

E.g. text cipherHello world! eHll oowlr!d

Page 7: Information Security

Substitution•Systematically exchange a symbol in the

text with another symbol

•Caesar cipher, EXCESS-3

E.g. text cipherAabcd Ddefg

Page 8: Information Security

Poly-Alphabetic Substitution•Repeated and dynamic

substitution(s)

•Wehrmacht Enigma•Series of rotors

Page 9: Information Security

One Time Pad•Perfect secrecy

▫Coined by Shannon▫H(M) = H(M|C)

•Requirements▫Perfect randomness▫Secure key generation and

exchange▫Careful adherence to process

Page 10: Information Security

Classical RegimeBinary bit sequence

Page 11: Information Security

Secret Key Crypto•Perfect secrecy

▫Coined by Shannon▫H(M) = H(M|C)

•Requirements▫Perfect randomness▫Secure key generation and

exchange▫Careful adherence to

process

Page 12: Information Security

Symmetric Key Crypto• The same (or similar) key

▫ For both encryption and decryption

• Data Encryption Standard▫ 56 bit key▫ Feistel network▫ Broken in 1999 in 22 hours 15 minutes by Deep Crack

• Triple-DES▫ 56 bit keys (3 unique)▫ en-de-en-crypt

• Advanced Encryption Standard (Rijndael)▫ 128-192-256 bit keys▫ Substitution permutation network

Page 13: Information Security

Feistel Network•Expansion•Key mixing•Substitution•Permutation

Page 14: Information Security

Substitution Permutation Network•Substitution

▫1/n input change 1/2 output change

▫confusion•Permutation

▫mix up inputs▫diffusion

•Round keys

Page 15: Information Security

Public Key Crypto•Asymmetric keys

▫public and private•No secret key•Multiple use

•TLS, SSL, PGP, GPG, digital signatures

Page 16: Information Security

RSA• Ron Rivest, Adi Shamir, Leonard Adleman; 1978

• Key generation▫ Pick two distinct, large prime numbers: p, q▫ Compute their product: n = pq▫ Compute its totient: phi = (p-1)(q-1)▫ Pick a public key exponent: 1 < e < phi, e and phi coprime▫ Compute private key exponent: de = 1 (mod phi)

• Encryption▫ Forward padding ▫ Cipher = text ^ e (mod n)

Exponentiation by squaring

• Decryption▫ Text = cipher ^ d (mod n)

= text ^ de (mod n) = text ^ (1+k*phi) (mod n) = text (mod n)▫ Reverse padding

Page 17: Information Security

Hybrid Crypto• Diffe-Hellman key exchange

• Alice and Bob agree on a finite cyclic group G (Multiplicative group of integers mod p)▫ Period p, prime number▫ Base g, primitive root mod p

• Alice picks a random natural number a and sends ga mod p to Bob.

• Bob picks a random natural number b and sends gb mod p to Alice.

• Alice computes (gb mod p)a mod p• Bob computes (ga mod p)b mod p• Both know gab mod p = gba mod p

Page 18: Information Security

Quantum RegimeBreaking classical crypto

Page 19: Information Security

Peter Shor’s Factorization Algorithm• Polynomial time in log N: O( (log N)3 )• Polynomial gates in log N: O( (log N)2 )• Complexity class Bounded-Error Quantum Polynomial

(BQP)

• Transform from to periodicity▫Pick 1 < r < N: ar = 1 mod N▫ar -1 = (ar/2 +1)(ar/2 -1) = 0 mod N▫N = (ar/2 +1)(ar/2 -1) = pq

• Quantum Fourier Transform▫Map x-space to ω-space▫Measure with 1/r2 probability

Page 20: Information Security

Factor 15• In 2001 IBM

demonstrated Shor’s Algorithm and factored 15 into 3 and 5

• NMR implementation with 7 qubits

• pentafluorobutadienyl cyclopentadienyldicarbonyl-iron complex (C11H5F5O2Fe)

Page 21: Information Security

DWave •Superconducting processors•Adiabatic quantum algorithms•Solving Quantum Unconstrained Binary

Optimization problems (QUBO is in NP)

Page 22: Information Security

Quantum RegimeFuture proof cryptography

Page 23: Information Security

Quantum Key Distribution•Quantum communication channel

▫Single photon, entangled photon pair

•Preparation▫Alice prepares a state, sends to Bob,

measures•Entanglement

▫Alice and Bob each receive half the pair, measure

Page 24: Information Security

Non-Orthogonal Bases•Complementary bases

▫Basis A: { |0>, |1> }▫Basis B: { |+>, |-> }

•Indistinguishable transmission states▫|+> = 0.5 |0> + 0.5 |1>▫|-> = 0.5 |0> - 0.5 |1>

•Random choice of en-de-coding bases ▫Succeeds ~ p = 0.5

Page 25: Information Security

True Random Number Generation•Quantum mechanics at < atomic scale

▫Shot noise▫Nuclear decay▫Optics

•Thermal noise▫Resistor heat▫Avalanche/Zener diode breakdown noise▫Atmospheric noise

Page 26: Information Security

EPR•Einstein, Podolsky, Rosen (1935)

•Entangled qubits

•Violation of Bell Inequality

Page 27: Information Security

BB84•Charles A Bennett, Gilles Brassard (1984) •Single photon source, polarization•One way, Alice prepares sends to Bob

▫Psi encoded as random bits a, random bases b•Bob measures

▫Decoded in random bases b’▫50% successfully measured bits a’ = a

•Measurement bases are shared publicly▫Throw away a, a’ for b != b’

Page 28: Information Security

E91•Artur Ekert (1991)•Entangled photon source

▫Perfect correlation, 100% a = a’ if b = b’▫Non-locality, > 50% a <--> a’▫Eve measurement reduces correlation

Page 29: Information Security

B92• Charles A. Bennett (1992)

• Dim signal pulse, bright reference pulse▫Maintains phase with a single qubit transmitted

• Bases: rectilinear, circular▫P0 = 1 - |u1><u1|

P0 |u0> = 1 ; p= 1 - |< u0 | u1 >|2 > 0 P0 |u1> = 0

▫P1 = 1 - |u0><u0| P1 |u0> = 0 P1 |u1> = 1 ; p= 1 - |< u0 | u1 >|2 > 0

• Throw away measurements != 1

Page 30: Information Security

SARG04•Scarani et. al. (2004)

•Attenuated laser pulses

Page 31: Information Security

Information Reconciliation•1992 Bennett, Bessette, Brassard, Salvail, Smolin•Cascade protocol, repititious •Compare block parity bits

▫Odd 1 count: parity = 1; even 1 count transmitted▫Even 1 count: parity = 0; even 1 count transmitted

•Two-out-of-five code▫Every transmission has two 1s and three 0s

•Hamming codes▫Additional bits used to identify and correct errors

Page 32: Information Security

Privacy Amplification•Shortened key length•Universal hash function

▫Range r▫Collision probability p < 1/r

Page 33: Information Security

Quantum RegimeAttacks

Page 34: Information Security

Intercept and Resend•Eve measures the qubit in basis b’’

▫50% probability of correct measurement•Eve sends to a’’ Bob

▫25% probability of correct measurement

•Probability of detection ▫P = 1 – (0.75)n ▫99% in n = 16 bits

Page 35: Information Security

Security Proofs•BB84 is proven unconditionally secure

against unlimited resources, provided that:▫Eve cannot access Alice and Bob's encoding

and decoding devices▫The random number generators used by Alice

and Bob must be trusted and truly random▫The classical communication channel must be

authenticated using an unconditionally secure authentication scheme

Page 36: Information Security

Man in the Middle•Senders and recipients are

indistinguishable on public channels•Eve could pose as Bob

▫Receiving some large portion of messages▫Responding promptly, at least before Bob

•Wegman-Carter authentication▫Alice and Bob share a secret key

Page 37: Information Security

Photon Number Splitting•No true single photon sources•Attenuated laser pulses

▫Some small number of photons per pulse, i.e. 0.1

•If > 1 photon are present, splitting can occur without detection during reconciliation

•A secure key is still possible, but requires additional privacy amplification

Page 38: Information Security

Hacking• Gain access to security equipment

▫ Foil random number generation▫ Plant Trojan horse

• Faked state attack▫ Eve - actively quenched detector module

• Phase remapping attack▫ Move from { |0>, |1>, |+>, |-> } to { |0>, |δ/2>, |δ>, |3δ/2> }

• Time-shift attack▫ Demonstrated to have ~ 4% mutual information gathered from

the idQuantique ID-500 QKD

Page 39: Information Security

Denial of Service•Stop Alice and Bob from communicating

▫Via Classical channel(s)▫Via Quantum channel(s)

•Physically block transmissions•Introduce large volume of errors

Page 40: Information Security

Quantum RegimeCommercially available devices

Page 41: Information Security

MagiQ – QPN 8505•“Any sufficiently advanced technology is

indistinguishable from magic.” –Arthur C Clarke

•Transmits qubit polarization over optical fiber

•256 bit AES; 1,000 keys per second•140 km range, more with repeaters

Page 42: Information Security

idQuantique – Cerberis, Centauris•Transmits qubit phase over

optical fiber•High speed layer 2

encryption•256 bit AES; 12 key-devices

per minute, 100 km range

Page 43: Information Security

SmartQuantum – KeyGen, Defender•Generate and distribute secret keys over

quantum channel

•Use classical encryption and communication

Page 44: Information Security

Quintessence Labs•G2 QKD

•Continuous variable brightness laser beams▫Cheaper than SPS

•Dense wavelength division multiplexing▫Erbium doped fiber amplifiers ~ 1550 nm

Page 45: Information Security

BBN Technologies •DARPA QNet

▫Fully operational October 23, 2003▫Harvard University▫Boston University▫BBN Technologies

•QKD▫Weak coherence▫5 MHz pulse rate▫0.1 mean photons/pulse

Page 46: Information Security

John KrahUniversity of WashingtonPhysics Department


Recommended