1

Chap 1: Introduction

• Some background– The message is usually represented as M or

P (plaintext), the encryption result is usually represented as C (ciphertext).

– C usually has the same length as M or even longer

– E(M) = C, D(C) = M– D(E(M)) = M– Can you apply the encryption and decryption

algorithm to some random sequence?

2

• What functionality can the encryption algorithms provide:– Confidentiality– Authentication– Integrity– Non-repudiation

3

Introduction

• Two kinds of cryptographic algorithms– Keep the method secret

• Good: safe for low security requirement• Bad: user group dynamics, proof of correctness, how to

communicate with outsider, reverse engineering

– Make the algorithm public but keep the key secret• Now the encryption/decryption algorithms need the key as a

parameter• Safety depends on the key only• Good: safety analysis can be conducted, have standard

implementation (user can setup the key)

4

Introduction (cnt’d)

• Symmetric algorithms– The encryption and decryption key can be

calculated from each other easily (most of the time the same).

– Block algorithms and stream algorithms• DES and XOR operation

– Good: efficient and fast, easy to deploy– Bad: key pre-distribution, scalability,

broadcast or multicast, proof to third party

5

Introduction (cnt’d)

• Public-key encryption– First appear in 1970’s– Two keys: public key and private key– Private key cannot be derived from public key– Everyone can send a packet to Alice

– Only Alice has the private key to recover the packet– If Alice uses the private key to encrypt a message,

can be viewed as a digital signature – Strong, scalable, easy for broadcast and multicast,

but very slow

)(messageE APub

6

Introduction (cnt’d)

• Attack to encryption system– Cipher-text only attack

• The amount of traffic matters

– Known plaintext attack: try to get the key or a method to decrypt

– Chosen plaintext attack: try to get the key or a method to decrypt

– It is not difficult to have the 2nd or 3rd type of attack

• Key point– Keep the cost to break the system higher than the

gain of the information

7

Introduction (cnt’d)

• Can you always break an encryption system?– One time pad– Brute-force attack: Try every possible key– Make it impossible in practical world

• How much energy required to flip a bit in the memory, and how much memory we are generating per year. Real example at NASA

• How much aluminum is needed to store 1TB data, and how much aluminum do we have on the Earth.

8

Introduction (cnt’d)

• Several old fashion encryption algorithms– Substitution ciphers

• Replace a character in the plaintext with another character• Replace a multi-char group with another multi-char group• Example: Caesar cipher• Try to figure out the length of the key

– Transposition ciphers• Shuffle the order of characters• The frequency of characters does not change

– XOR and one-time pad: • Many good properties of XOR• If the random bits repeat in cycle, it is dangerous • Synchronization at both side is always a problem

9

Vigenère Cipher

• Like Caesar cipher, but use a longer key• Example

– Message THE BOY HAS THE BALL– Key VIG (right shift 21, 8, 6 times, then start again)– Encipher using Caesar cipher for each letter:

key VIG VIG VIG VIG VIGV

plain THE BOY HAS THE BALL

cipher OPKWWE CIY OPK WIRG

10

11

Chap 2: Building blocks

• There are hundreds of security related protocols, fortunately, only a limited number of building blocks are involved

• Secure blocks may construct not-secure protocols

• How to organize these blocks shows the skills of the researchers

• Security protocols:– Prevent eavesdroppers– Prevent or detect cheaters

12

Building blocks (cnt’d)

• Classification of protocols– Arbitrated Protocols

• Example: Buying a used car from a stranger• Good: simple, everyone feels safe• Bad: how to find the Trusted Third Party (TTP) on

the network, who will pay the cost, bottleneck at TTP, single point of failure

13

Building blocks (cnt’d)

• Classification of protocols– “Judge” Involved Protocols

• TTP get in only when disagreement arise• Similar to the difference between prevention and

detection• Good: avoid the bottleneck• Bad: still need to keep the TTP, and need to keep

evidence now

14

Building blocks (cnt’d)

• Classification of protocols– Self enforced protocols

• The best group of protocols• If one party wants to cheat, the other party can

detect and abort the procedure• Good: avoid the bottleneck• Bad: usually more complicated and more overhead

15

Block 1: one way functions

• One way function is easy to calculate in one direction, but not the other.– Given x, easy to get f(x)– Given f(x), even f() is known, still not easy to get a x

that satisfies f(x)

• Trap door one way function– Given x, easy to calculate f(x)– Given f(x), difficult to get x– Given f(x) and a secret y, easy to get x– Think about asymmetric encryption

16

Block 1: one way hash function

• Map a variable-length input string to a fixed length string: fingerprint the file– Easy to get Hash(x) when giving x– Almost impossible to find a x that satisfies Hash(x)– Almost impossible to find two files x and x’ to have the

same hash value– Minor change in x, large changes in Hash(x)

• Since the hash value is shorter, we have conflict:– We can easily rule out files, but not guarantee this is

the origin file– Still good enough in courts, like DNA tests

17

Block 1: one way hash function

• Usage of hash function– Timestamp a file and prove that you are the creator

(can be used to timestamp the homework)– MD5 values of the downloaded files– A commitment that cannot be easily changed– Verify the integrity of the files in a file system

• Security problems: how and where to save the hash values• Use a secret key k, do not store k on the computer, use

Hash(x, k) to prevent change on the computer: usually called MAC code (message authentication code)

18

Block 2: communication using symmetric crypto algorithms

• Steps:(1) Alice and Bob agree on a key k and an encryption

algorithm(2) Alice calculates E_k (message) and sends the

cipher text to Bob(3) Bob decrypts the message and gets the plaintext

• Problems– How to determine the key: must in a secret place– How to convince other people it is from Alice instead

of Bob– Number of keys increases fast, not scalable

19

Block 3: communication using asymmetric crypto algorithms

• First appeared in 1976, proposed by Diffie and Hellman• Two keys: public key and private key, it is almost

impossible to get private key from public key.• A certain kind of trap door one way functions: private

key is the secret• Steps:

(1) Alice and Bob agree on a public key encryption algorithm(2) Bob sends his public key to Alice(3) Alice calculates E_pubB (message) and sends the cipher text

to Bob(4) Bob decrypts the message with the private key and gets the

plaintext

20

Block 3: communication using asymmetric crypto algorithms

• Solve the problem in symmetric crypto methods: the key can be transferred in public

• More scalable, easy for multicast• New problems:

– How can we make sure it is Bob’s public key• Trusted Third Party• Certificate for the public key

– How to guarantee the sender’s identity• Some story about public key

– NSA says it is unnecessary– But claims credit for it

21

Hybrid crypto systems

• Symmetric methods are fast, easy to implement, but require special attention during key distribution

• Asymmetric methods are slow, but more secure– Careful about the forward search attack

• Hybrid:– Using asymmetric method to distribute key– Using symmetric method to encrypt data

22

Communication using hybrid crypto systems

• Steps(1) Bob sends Alice his public key

(2) Alice encrypts the session key with this public key and sends to Bob

(3) Both Alice and Bob know the session key and can use it for data traffic

Open question: why should B trust A’s capabilities to generate keys?

23

Merkle’s puzzle

• Make the life of an eavesdropper difficult– The receiver can randomly choose one

message– The eavesdropper has to try almost all of

them

24

Block 4: Digital signature

• Signature by symmetric encryption:– TTP will get involved– Who should store the encrypted messages?– How to send to a third party: through TTP again

• Signature with asymmetric encryption– Using the private key for signature– If the signature is like “I owe Bob $100”, a timestamp

should also be included in the signature to avoid replay attack.

25

• Never ever sign a random message or something you cannot see the plaintext

26

Block 5: Random number

• Pseudo random numbers:– Usually will repeat after a long sequence– Must long enough

• Real random numbers:– Lava lamp– Earthquake strength or interval

27

Dual encryption

• Let’s assume that everyone in the network has a public-private key pair. Alice wants to send a message to Bob and convince that it is from Alice.

• Two possible format: which is better??

28

Dual encryption

• Answer:– Alice should first sign the message, then use

Bob’s public key to encrypt the packet• Reason 1: If Alice’s private key is the outer layer,

everyone with Alice’s public key will be able to decrypt it.

• Reason 2: never sign a random string that you do not know what it is (Example of RSA)

– Two pair of public-private keys for everyone: one for encryption, one for digital signature