Introduction to Cryptography C h

Dr. Nguyen Tuan Nam songuku99@yahoo.com

What Is Cryptography?

Cryptography comes from the Greek words

= hidden or secret = writing The art of secret writing

Basic service

The ability to send information between participants in a way that prevents others from reading it Representing information as numbers Manipulating those numbers mathematically Integrity checking Authentication

The Th scope of thi class: kind of cryptography where f this l ki d f t h h

Provides th P id other services such as i h

Nguyen Tuan Nam/NetSec/Win2010

Plaintext and Ciphertext

Plaintext or cleartext

Message in its original form The Th mangled information l di f ti The process for p p producing ciphertext from p g p plaintext The reverse of encryption
plaintext encryption cyphertext decryption plaintext

Ciphertext

Encryption

Decryption

Nguyen Tuan Nam/NetSec/Win2010

Fundamental Tenet of Cryptography

Cryptographers yp g p

Invent clever secret codes Attempt to break these codes

Cryptanalysts

These 2 disciplines constantly try to keep ahead of each other th r The success of the cryptographers rests on the Fundamental Tenet of Cryptography

If lots of smart people have failed to solve a problem it probably wont be solved (soon)
Nguyen Tuan Nam/NetSec/Win2010 4

Cryptographic System

Involve both

An algorithm A secret value, known as a key value, y

Why do we need a key? A good cryptographic scheme g yp g p

Perfectly OK to have everyone (including the bad guys and cryptanalysts) know the algorithm Because knowledge of the algorithm without the key does not help un-mangle the information easily unComputational diffi l C i l difficulty
5

How H good should i b ? d h ld it be?

Nguyen Tuan Nam/NetSec/Win2010

Computational Difficulty

Important for cryptographic algorithms to be reasonably efficient for the good guy to compute d t t

Good guys are the ones with knowledge of the keys

Cryptographic algorithms are not impossible to break without the key. Why? key. The security of a cryptographic scheme depends on how much work it is for the bad guys to break it

10 million years to break using all of the computers in the world considered reasonably secure Combination lock consists of 3 numbers Takes 10 seconds to dial in a combination reasonably convenient for the good guy How much work is it for the bad guy? (worst case, average) Combination lock example?

Example:

A scheme can be made more secure by making the key longer

Nguyen Tuan Nam/NetSec/Win2010

Key Lengths

Computer can be used to exhaustively try keys

Faster than people Dont get tired Thousands or millions of keys can be tried per second More keys can be tried in parallel if you have multiple computers y p y p p Can be made more secure by increasing the length of the key Increasing the length of the key by 1 bits

VariableVariable-length key

Good G d guys job just a bit h d j bj bi harder Bad guys job, how much harder?

FixedFixed-length key

Similar algorithm with a longer key can be devised g g y If the computers get 1000 times faster, how much longer should the key length be?

Quiz

Nguyen Tuan Nam/NetSec/Win2010

A Bolt Cutter

Breaking the cryptographic scheme is only one way

A bolt cutter works no matter how many digits are in the combination

Good guys: A kind word is a key to get what you want Bad guys: However you can get further with a kind word However, and a gun than you can with a kind word alone

Nguyen Tuan Nam/NetSec/Win2010

To Publish or Not to Publish

View Vi 1
Keeping a cryptographic algorithm as secret as possible

View 2
g g Publishing the algorithm, so that it is widely known

Common practice today Commercial cryptosystems to be published. Some in published the US may be unpublished. Why? Military cryptosystems to be kept secret. Why? secret
Nguyen Tuan Nam/NetSec/Win2010 9

Secret Codes

Secret code or cipher

Any method of encrypting data Substitute for each letter of the message, the letter which is 3 letters later in h l h b (wrap around) i the alphabet ( d) Pick a number n between 1 and 25 Substitute f each l S b i for h letter of the message, the l f h h letter which i n hi h hi h is higher (wrap around) Arbitrary mapping of one letter to another letter How many possible parings of letters? If took 1 microsecond to try each one take about 10 trillion years However?
Nguyen Tuan Nam/NetSec/Win2010 10

Caesar cipher

Captain Midnight Secret Decoder rings

MonoMono-alphabetic cipher

What Is This?

Cf lqrxs xsnyctm n eqxxqgsy iqul qf wdcp eqqh, lqr xs eqqh erl lqrx qgt iqul!

Nguyen Tuan Nam/NetSec/Win2010

11

Breaking an Encryption Scheme

The three basic attacks

Ciphertext only Known plaintext Chosen plaintext

Nguyen Tuan Nam/NetSec/Win2010

12

Ciphertext Only

Assumption: Fred, the bad guy

Seen some ciphertext (not difficult to obtain) Can analyze at leisure Searches all the keys Essential for this attack:

How

Recognize when he has succeeded

Combination lock Recognizable plaintext attack XYZ

Enough ciphertext

Sometimes, not necessary to search through a l of k S i h h h lot f keys

Statistical analysis (common English words)

A cryptographic algorithm MUST be secure against a ciphertext only attack. Why? attack
Nguyen Tuan Nam/NetSec/Win2010 13

Known Plaintext

Fred somehow obtained some <plaintext, ciphertext> pairs. How? With a mono-alphabetic cipher mono

A small amount of known plaintext would be bonanza for Fred

Some cryptographic schemes

Good enough to be secure against ciphertext only attacks Not good enough against known plaintext attacks Important to design the systems to minimize the possibility that a bad guy will ever be able to obtain <plaintext, p pairs ciphertext> p

Nguyen Tuan Nam/NetSec/Win2010 14

Chosen Plaintext

Fred
Can choose any plaintext he wants Get the system to tell him what the corresponding ciphertext is How could it happen?

Nguyen Tuan Nam/NetSec/Win2010

15

Types of Cryptographic Functions

Three kinds of cryptographic functions

Public key functions: two keys Secret key functions: one key Hash functions: zero key

Nguyen Tuan Nam/NetSec/Win2010

16

Secret Key Cryptography

Involves the use of a single key g y

Given a message (plaintext) and a key Encryption produces

Unintelligible data which is about the same length as the plaintext data, was Using the same key as encryption g y yp

Decryption is the reverse

Also called

Conventional cryptography Symmetric r pt r ph S mm tri cryptography

Example?

Nguyen Tuan Nam/NetSec/Win2010

17

Security Uses of Secret Key Cryptography

Transmitting over an insecure channel Secure storage on insecure media Authentication A h i i Integrity check

Nguyen Tuan Nam/NetSec/Win2010

18

Authentication Using Secret Key Cryptography

Strong authentication g

Someone can prove knowledge of a secret without revealing it Possible ith P ibl with cryptography t h Particularly useful when 2 computers trying to communicate over an insecure network Alice
rA rA encrypted with KAB rB

Bob

rB encrypted with KAB

Nguyen Tuan Nam/NetSec/Win2010

Problem?
19

Integrity Check

What is a checksum?

Original derivation of checksum CRC

Only protect against faulty hardware, but not an intelligent attacker CRC algorithms are published attacker can re-compute CRC after altering the remessage needs secret checksum algorithms

Cryptographic checksum

Common (known) algorithm Secret key At least 48 bits long chance is only one in 280 trillion to guess the MAC InterInter-bank electronic funds transfers Messages are not kept secret, but their integrity is insured

MAC (message authentication code) or MIC (message integrity code)

Example

Nguyen Tuan Nam/NetSec/Win2010

20

Public Key Cryptography

Relatively new field, invented in 1975 Involves the use of 2 key

A private key that is not revealed to anyone A public key that is preferably known to the entire world No shared key between the 2 communicating parties

Nguyen Tuan Nam/NetSec/Win2010

21

Public Key Cryptography Encryption and Digital Signature

plaintext encryption encr ption ciphertext decryption decr ption plaintext

public key

private key

plaintext

signing

signed message

verification

plaintext

private key

public key

Nguyen Tuan Nam/NetSec/Win2010

22

Quiz

What are the differences between a checksum and a digital signature? What are the differences between a MAC and a digital signature?

Nguyen Tuan Nam/NetSec/Win2010

23

Security Uses of Public Key Cryptography

Public key cryptography can do anything secret key cryptography can do Might be used in the beginning of communication to
Authenticate Establish a temporary shared secret key The secret key is used to encrypt the remainder of y yp the conversation using secret key technology Why?

Nguyen Tuan Nam/NetSec/Win2010 24

Scenario

Alice wants to talk to Bob securely What should happen?

Nguyen Tuan Nam/NetSec/Win2010

25

Transmitting Over an Insecure Channel

Using public key cryptography to encrypt message before transmitting How?

Nguyen Tuan Nam/NetSec/Win2010

26

Secure Storage on Insecure Media

Same as secret key cryptography For performance reasons

Use U together with secret k cryptography h ih key h

Nguyen Tuan Nam/NetSec/Win2010

27

Authentication

If Bob wants to prove his identity to lots of entities

Secret key technology:

Remember lots of secret keys

Public key technology:

Remember only his private keys Know (be able to obtain) others public key ( ) p y

Does not need to keep any secret in order to verify others

Nguyen Tuan Nam/NetSec/Win2010 28

Digital Signatures

Nguyen Tuan Nam/NetSec/Win2010

29

Hash Algorithms

Also known as message digests or one-way g g one- y transformations Mathematical transformation that takes a message of arbitrary length and computes from it a fixed-length b d fixedd (short) number h(m) is the hash of a message m, with the following m properties

For any message m, relatively easy to compute h(m) y g y y p ( ) Given h(m), no way to find an m that hashes to h(m) It is computationally infeasible to find 2 values that hash to the same thing
Nguyen Tuan Nam/NetSec/Win2010 30

Password Hashing

/etc/passwd
Used to be publicly readable Shadow file

Nguyen Tuan Nam/NetSec/Win2010

31

Message Integrity

Cryptographic hash function can be used to generate a MAC to protect the integrity Method 1:
Sent the message Use the h h of the message as a MAC U h hash f h

Method 2?

Nguyen Tuan Nam/NetSec/Win2010

32

Message Fingerprint

Want to know whether some large data structure has been modified
Method 1: keep another copy Method 2: use a hash function (save storage)

Watch out W h

Bad guy may changes both the data and the hash program

Nguyen Tuan Nam/NetSec/Win2010

33

Digital Signature Efficiency

Public key algorithms are sufficiently processorprocessorintensive Compute a message digest of the message Digitally sign the hash result, instead of the whole message h l

Nguyen Tuan Nam/NetSec/Win2010

34