1 overview of cryptography. contents introduction symmetric-key cryptography block ciphers...

47
1 Overview of Cryptography

Upload: abraham-patterson

Post on 02-Jan-2016

244 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

1

Overview of Cryptography

Page 2: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Contents Introduction Symmetric-key cryptography

Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher

Public-key cryptography Digital signature Public key distribution Public-key algorithms

Cryptographic hash function Attack complexity Application

Digital signature Message authentication code

Key establishment server-based Public-key based Key agreement (Diffie-Hellman)

Page 3: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Information security objectives Confidentiality Data integrity Authentication

Entity authentication (identification) Message authentication (data origin

authentication) Verification of message timeliness and sequences

Non-repudiation Availability Access control

Page 4: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Security primitives (tools)

Unkeyed primitives Arbitrary length hash functions One-way permutations Random sequences

Symmetric-key primitives Symmetric-key ciphers

Block ciphers Stream ciphers

Arbitrary length hash functions (MACs) Signatures Pseudorandom sequences Identification primitives

Public-key primitives Public-key ciphers Signatures Identification primitives

Page 5: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Criteria

The crypto attributes are evaluated w.r.t. various criteria. Level of security Functionality Methods of operation Performance Ease of implementation

Page 6: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Crypto

Cryptology: the art and science of making and breaking “secrete codes”

Cryptography: making “secrete codes”

Cryptanalysis: breaking “secrete codes”

Page 7: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Symmetric-key encryption

Other terms: single-key, one-key, private-key,

conventional encryption Why do symmetric cryto need a key,

not just a certain transformation? One of the major issues is to find an

efficient method to agree upon and exchange keys securely. Key distribution problem

Page 8: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Plaintext

source

encryption

Ee(m)=c

key

sourcee

destination

decryption

De(c)=m

m munsecure channel

c

Secure channele

adversary

Page 9: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

block ciphers

Substitution ciphers Transposition ciphers Composition ciphers Product ciphers

Page 10: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Symmetric-key encryption algorithms

Data Encryption Standard (DES) Adapted in 1973 by NIST 64-bits blocks, 56 bits key

Triple DES ANSI X9.17 in 1986 168 bits key

Advanced Encryption Standard (AES) Adapted in 2001 by NIST 128 bits block length, key length 128 bits(192, 256)

International Data Encryption Algorithm (IDEA) Published in 1991 Block size 64bits, key size 128 bits

Blowfish In 1993 Key size: variable to 448, block size: 64bits

RC5 In 1994 Key size: variable to 2048, block size: 64bits

Page 11: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Cipher Block modes

Block cipher modes of operation ECB: Electronic code book CBC: Cipher block chaining CFB: Cipher feedback OFB: Output feedback CTR: Counter mode

Page 12: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Stream cipher

plaintext is XORed with keystream generated from secret key and initialization vector (IV) Vernam cipher (one-time pad) RC4, Seal LFSR

Page 13: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Public-key cryptography

First publicly proposed by Diffie and Hellman in 1976.

Each entity maintains two keys: public key(K+) which is known to everyone and private key(K-) which is known to the owner. DK-(EK+(M))=M, DK+(EK-(M))=M

Page 14: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Public-key encryption

Plaintext

source

encryption

EKB+(m)=c

key

sourceKB+(Bob’s public key)

destination

decryption

DKB-(c)=m

m munsecure channel

c

unsecure channel

K-(Bob’s private key)

adversary

Alice Bob

Page 15: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Advantage of Public-key crypto Suppose N entities, how can any pair of

them establish a secret key? To use symmetric-key crypto, requires secret and authentic

channel to set up shared secret (symmetric) key Need O(N2) keys Key management is challenging

Public-key crypto advantage Each entity only needs to know N-1 authentic public keys Easier to establish authentic public keys than symmetric keys

Page 16: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Public-key application

Message encryption : hardly used Digital signature Symmetric-Key distribution

Page 17: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Digital Signature

Digital signature

key

source

Message

source M’

EK-(m)=S

m

Signer A

K-

accept

If m∈M’

DK+(s)=m

m

K+

s

Verifier B

Page 18: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

m

EK-(M)

S

(signature)

m

DK+(S)=m’S

m=m’?

Signerverifier

Page 19: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Public-key Distribution

K1-

C=EK6+(m)

K6-

m=DK6-(c)

A1 A2

A3

A4

A5

A6 A1: K1+

A2: K2+

A3: K3+

A4: K4+

A5: K5+

A6: K6+

public file

K5-

K4-

K3-

K2-

Page 20: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

A1: K1+

A2: K2+

A3: K3+

A4: K4+

A5: K5+

A6: Ka+

Impersonation by adversary

An adversary alters the public file by replacing the public key K6+ by Ka+

c=E ka+(m)

A1

private key Ka-

adversary

Dka-(c)=m EK6+(m)=c’

A6

c

c’

Ka+

K1-

K6-

m=DK6-(c)

Page 21: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Authentication by Trusted Third Party(TTP)

The entities must use a TTP to certify the public key of each entity. (verify the authenticity of the public key)

TTP distributes a pair of a public key and its owner, with the TTP’s signature which is formed by TTP’s private key.

TTP’s public key is known to every entity, and they trust the TTP’s public key is genuine.

When entities receive a public key, they decrypt the attached signature by TTP’s public key, proving the pair is genuine. In this way all entities can obtain the public keys of the other entities.

TTP is often called the Certificate Authority (CA).

Page 22: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Public-key crypto algorithms

RSA Since it was first published in 1978, it has

become the most widely accepted algorithm. Digital Signature Standard(DSS)

NIST standard Used only for digital signature, not for encryption

or key exchange Elliptic-Curve cryptography (ECC)

IEEE P1367 Appeared to be secure for smaller key size than

RSA

Page 23: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Encrypting Large File with RSA? Duration of 1024-bit RSA encryption

~1 ms on 1 GHz Pentium Duration of 1024-bit RSA decryption

~10 ms on 1 GHz Pentium Duration to encrypt 1 Mbyte file?

Encrypt 1024 bits / RSA operation = 128 bytes 1 Mbyte = 220 bytes Time: 220 / 27 * 1ms = 213 ms = 8 seconds! Compare with the time by the symmetric key?

Page 24: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Symmetric-key vs. public-key Symmetric crypto

Need shared secret key 80 bit key for high security (year 2010) ~1,000,000 ops/s on 1GHz processor 10x speedup in HW

Public-key crypto Need authentic public key 2048 bit key (RSA) for high security (year 2010) ~100 signatures/s

~1000 verify/s (RSA) on 1GHz processor Limited speedup in HW

Page 25: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Cryptographic Hash function

A computationally efficient function mapping binary strings of arbitrary length to binary strings of some fixed length, called hash-values.

Properties of a secure hash function One-way

Given y = H(x), cannot find x’ s.t. H(x’) = y Weak collision resistance

Given x, cannot find x’ ≠ x s.t. H(x) = H(x’) Strong collision resistance

Cannot find x, x’ s.t. x’ ≠ x and H(x) = H(x’)

Page 26: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Attack complexity: One-way

Assume secure hash function with n-bit

output

One-wayness: given output y, how many

operations does it take to find any x,

such that H(x) = y? Assumption: best attack is random search

For each trial x, probability that output is y is 2-n

P[find x after m trials]=1-(1-2-n)m

Rule of thumb: find x after 2n-1 trials on average

Page 27: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Attack complexity: Weak collision Weak collision resistance: given input

x, how many operations does it take to find another x’ ≠ x, s.t. H(x) = H(x’)? Assumption: best attack is random search For each trial x’, probability that output is

equal is 2-n P[find x after m trials]=1-(1-2-n)m Rule of thumb: find x’ after 2n-1 trials on

average

Page 28: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Attack complexity: strong collision Strong collision resistance: how many

operations does it take to find x and x’, s.t. x’ ≠ x and H(x) = H(x’)? Assumption: best attack is random search Algorithm picks random x’, checks whether H(x’)

matches any other output value previously seen P[find col after m trials]=

1-(1-1/2n)(1-2/2n)(1-3/2n)…(1-(m+1)/2n) Rule of thumb: find collision after 2n/2 trials on

average (1.17*2n/2 to be a bit more precise)

Page 29: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Pre-Birthday Problem

Suppose N people in a room How large must N be before the

probability someone has same birthday as me is 1/2 ? Solve: 1/2 = 1 (364/365)N for N We find N = 253

Page 30: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Birthday Paradox How many people need to be in a

room to have a probability > 50% that at least two people have the same birthday?

Answer: approximately 1.17*3651/2 ~ 22.4

Page 31: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

One-way hash function algorithms SHA-1

Developed by NIST and published in 1993 Input: max. length of less than 264bits

Input is processed in 512 bits blocks. Output: 160 bits hash code

MD5 RFC 1321 Input: arbitrary length, output: 128 bits

RIPEMD-160 Developed by European RACE Integrity

Primitives Evaluation (RIPE) project Input: arbitrary length, output: 160 bits

Page 32: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

How secure is SHA-1?

SHA-1 does not provide collision resistance any more: requires only 269 operations to find a hash collision(2005)

How long would it take to find collision? 269 / (220 * 220 ) = 229 seconds 1 year has approximately 225 seconds 229 / 225 ~ 16 years

Page 33: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Earlier this week, three Chinese cryptographers showed that SHA-1 is not

collision-free. That is, they developed an algorithm for finding collisions

faster than brute force.

SHA-1 produces a 160-bit hash. That is, every message hashes down to a

160-bit number. Given that there are an infinite number of messages that

hash to each possible value, there are an infinite number of possible

collisions. But because the number of possible hashes is so large, the

odds of finding one by chance is negligibly small (one in 280

, to be exact). If

you hashed 280

random messages, you'd find one pair that hashed to the

same value. That's the "brute force" way of finding collisions, and it

depends solely on the length of the hash value. "Breaking" the hash

function means being able to find collisions faster than that. And that's

what the Chinese did.

They can find collisions in SHA-1 in 269

calculations, about 2,000 times

faster than brute force. Right now, that is just on the far edge of feasibility

with current technology. Two comparable massive computations illustrate

that point.

(Feb. 15, 2005. Bruce Schneier)

Page 34: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Message Authentication Code (MAC) One of the main applications of the hash

function is to generate a small block of message tag which is called MAC.

MAC provides the authenticity and integrity of messages (no confidentiality) A sender computes MAC( K, M ), or MACK( M )

where K is the shared secret key between two entities.

and send <M, MAC( K, M )>.

Page 35: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

MAC by symmetric-key encryption without hash function Using a symmetric-key, a sender

generates a small block of data, known as a message authentication code (MAC) and appends it to the message.

EKAB(M)

Take the last L bits.

L: the length of MAC

M

MAC

MAC

M

MAC

C=EKAB(M)

Take the last L bits.M

=

Alice Bob

Page 36: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

MAC by symm-key encryption

A sender applies a symm-key encryption to a small block of data which is generated by a hash function.

M

MAC

MAC

M

MAC

M

=

Alice Bob

EKAB(H(M))

H(M)

H

H H(M)

DKAB(MAC)

Page 37: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

MAC by public-key (Digital Signature) Hash function provides the fast way of

generating digital signature using the public-key cryptography.

M

MAC

MAC

M

MAC

M

=

Alice Bob

EKA-(H(M))

H(M)

H

H H(M)

DKA+(MAC)

Page 38: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

MAC with shared secret key

Hash functions such as SHA-1 does not rely on a secret key.

HMAC is the most widely accepted algorithm for MAC which incorporates a secret key into existing hash function algorithm.

In HMAC, a hash function is treated as a “black box,” which means any available hash function can be used.

RFC 2104

Page 39: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Example: HMAC-MD5

H: MD5 hash function

MAC(K, M ) = H(K opad || H(K ipad || M))

ipad = 3636..36, opad = 5C5C..5C (512bits)

Page 40: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Key establishment

Key establishment Process by which a shared secret key

becomes available to two or more parties Key management

A set of processes and mechanisms which support key establishment and the maintenance of ongoing keying relationships between parties, including replacing older keys with new keys

Page 41: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Key establishment

Server-less key establishment Server-based key establishment Public-key based key establishment Key agreement algorithm

Diffie-Hellman

Page 42: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Key establishment with TTP

A Trusted Third Party (TTP) generates a key k (session key) and sends it encrypted by each of the fixed keys.

K1

A1

K6

A6

K5

A5

K2

A2

K3

A3

K4

A4

Key

source

TTP

Ek1(k15)

Ek5(k)

Ek15(m)

Page 43: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Key establishment by public key A sender encrypts the shared secret

key by the other entity’s public key.

EKAB(m)m

EKB+(KAB)

EKAB(m)

EKB+(KAB)

Alice Bob

Page 44: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Key agreement: Diffie-Hellman key exchange The Diffie-Hellman key exchange

algorithm enables two entities to exchange a secret key securely.

The algorithm depends on the difficulty of computing discrete logarithms.

Page 45: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Discrete Logarithm Problem

Public values: large prime p, generator g ga mod p = x Discrete logarithm problem: given x, g, and p, find a Table g=2, p=11

a 1 2 3 4 5 6 7 8 9 10

ga 2 4 8 5 10 9 7 3 6 1

Cyclic Group G

α1 α2 α3 …Generator α αx = β

1st element

nth element

Page 46: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Diffie-Hellman Key exchange Public values:

large prime p, generator g (primitive root of p) Alice has secret value a, Bob has secret b

A B: ga (mod p)

B A: gb (mod p)

Bob computes (ga)b = gab (mod p)

Alice computes (gb)a = gab (mod p)

Symmetric key= gab (mod p)

Page 47: 1 Overview of Cryptography. Contents Introduction Symmetric-key cryptography Block ciphers Symmetric-key algorithms Cipher block modes Stream cipher Public-key

Classes of attacks

Passive attacks Active attacks

Attacks of protocols Known-key attack Replay Impersonation Dictionary Forward search Interleaving attack