cryptography zsecurity xin companies passwords, policies, procedures, etc. physical security...

Cryptography

SecurityIn companies

• Passwords, policies, procedures, etc.• Physical security

Networks (connecting companies)• Loss of connection• Modification of data• Wire tapping• Fabrication

Cryptography

• Verification of sender• Sender signs documents electronically

Encryption

Cryptography and OSI

The OSI modelPhysical layer

• Link encryption• Header and data are encrypted• Traffic analysis is possible• Hardware use possible

Transport layer• The whole session must be encrypted

Presentation layer• Only data needs to be encrypted (hence most often

here)• Software (usually)

Terminology

Plaintext Encryption Cipher Ciphertext Decryption

Interceptor/intruder Key

Single key Key pair (public and private keys)

Substitution

Substitution cipher Encodes the alphabet with numbers for

letter positions and substitutes the valuesExample Caesar cipher

• ci = E(pi) = pi + 3

Encrypt TREATY IMPOSSIBLEWUHDWB LPSRVVLEOH

Transposition

Transposition/Permutation Encodes the alphabet with numbers and

multiplies by a value Example

• ci = E(pi) = 5*pi + 3

Can also be shown as column transposition

Double transposition

Encryption

KeyWrite the key first then the alphabet in

order leaving out letters from the key

Mono-alphabeticFrequency distribution reflects the

distribution of the underlying alphabet poly-alphabetic

Encryption

Poly-alphabetic Key is used to select different alphabet frequency

distributions cancel out Vigenère table

Single or Secret key1.If key is known encryption and decryption of all

messages is possible2.Distributing keys is problematic3.The number of keys grows with the number of people

exchanging information, squared

DES algorithm an example• Combination of transposition and substitution

Public key

Public keyPublic key is shared, private key is used for

decryption

Example RSA• Encryption

– C = Pe mod n Key(e, n)• Decryption

– P = Cd mod n Key(d, n)

Public key

P = Cd mod n = (Pe)d mod n = (Pd)e mod n

1. Select prime number p and q larger than 10100

2. Calculate n = p * q and z = (p-1)(q-1)3. Select e so that 1 < e < z. e and z are relatively

prime4. Find d so that d * e mod z = 1

• Factoring of 200 bits number takes 4 billion years of computer calculations

Cryptography

ProtocolsArbitratedAdjudicatedSelf-enforcing

Cryptography

Digital signatureUnforgeableAuthentic

Not alterableNot reusable

RSA ensures this by using a private keyDES needs an arbiter

Attacks against encryption systems

Weekness in the algorithnBrute force against the keyWeekness in the surrounding system

system

Singel key

One time padsPassword encryption (unix)AES

Public key

ElgamelDigital signatur algoritmeEliptic curve encryption

Digital signatur

(figure 11-8 s. 262)Secure hash function

Key management

Key creationKey distributionKey certificationKey protectionKey revocationKey recovery 

Trust in encryption sysems

Hierarchy (fig. 11.10 p. 271)Web (fig. 11.11 p. 273)

We’ve covered

P. 276