crypto fundamentals · other public key crypto-systems are ecc (elliptic curve cryptography),...

Crypto Fundamentals

Dr. Mohammed Shafiul Alam Khan

Assistant ProfessorInstitute of Information Technology (IIT), University of Dhaka (DU)

[email protected]

December 10, 2017

M S A Khan (IIT, DU) Crypto Fundamentals December 10, 2017 1 / 31

Outline

1 Fundamental Security Properties

2 Quick View on Different Ciphers

3 Diffie-Hellman Key Exchange

4 Public Key Infrastructure (PKI)

5 Hash Functions

6 Conclusion


Fundamental Security Properties

Outline





5 Hash Functions

6 Conclusion




Properties

Confidentiality

Integrity

Availability OR Authentication

protecting the information from disclosure to unauthorized parties

protecting information from being modified by unauthorized parties

ensuring that authorized parties are able to access the informationwhen needed

The CIA triad is a very fundamental concept in security. However, it hasbeen suggested that the CIA triad is not enough.



How Crypto Comes in the Scene

It is insufficient to protect ourselves with laws; we needto protect ourselves with mathematics. — Bruce Schneier

Security/Cryptographic Tools

Encryption

Hash / Message Authentication Code

Encryption ensures confidentiality property

Hash / Message Authentication Code ensures integrity property


Quick View on Different Ciphers

Outline





5 Hash Functions

6 Conclusion



What is a Cipher OR Encryption

Examples

When we use Google search or In general when we use https in webbrowsing

Different applications, for example, voice and data communication intelecommunication network



How Cipher Works

Every cipher should work with

an Algorithm (suppose to be public), anda key which is private

Mostly the algorithm does a set of Substitution and Transpositionbased on the secret key.



Types of Encryption

Symmetric Encryption — use same key for both encryption anddecryption

Asymmetric Encryption (Public key encryption) — use different keysin encryption and decryption

Block ciphers — Encrypt/Decrypt a block of data at a time.Example: AES, RSA

Stream ciphers — Encrypt/Decrypt a bit stream. Example: RC4, RC5



Symmetric Encryption

Symmetric Encryption

Provides only confidentiality service

Need to share the key with the receiver

If there are n users, then number of keys required are of order n2

Key distribution is challenging



Asymmetric Encryption

Asymmetric Encryption

Could provides both confidentiality and authentication service

If there are n users, then 2n keys are required

What could be problem in such encryption? What about key distribution?

CA

PKI



Key Bit Length and Key Space

Cipher algorithms vary in support of different key length. Forexample,

DES uses 56-bit keyAES has 128-bit, 192-bit and 256-bit versionsRSA keys could be 1024-bit or 2048-bit

Bit length impact on the key space



Attacks on Encryption

Brute force attack — Search for all possible keys in the key space.For example,

in DES 256 keys need to explorein AES 2128, 2192 or 2256 keys need to explorein RSA 21024 or 22048 keys need to explore

Cryptanalysis attack — Use probabilistic theories to find the key

Known plaintext attack

Choosen plaintext attack



Attacks on Encryption

Dictionary Attack



Traditional Ciphers

Mono-Alphabetic Cipher

Extension could be poly-alphabetic ciphers.

Are not suitable in the age of computing (easily breakable using bruteforce attack)



Modern Ciphers

AES (Advanced Encryption Standard) — Symmetric crypto-systems

RSA (Rivest-Shamir-Adleman) — one of the first practical public-keycrypto-systems

RSA is based on the difficulties of finding prime factors of a largenumber. (demo with an url)

Other public key crypto-systems are ECC (Elliptic CurveCryptography), ElGamal crypto-systems

RC5 — a symmetric stream cipher

In RC5 a key stream is generated based on the secret key and thegenerated key stream is Xored with the input message.


Diffie-Hellman Key Exchange

Outline





5 Hash Functions

6 Conclusion




Features

Allows two users to exchange a secret key (Addressed the challenge ofsymmetric ciphers)

Requires no prior secrets

Real-time over an untrusted network

Ensure perfect forward secrecy — a property of secure communicationprotocols in which compromise of long-term keys does notcompromise past session keys



How it Works

Based on the difficulty of computing discrete logarithms of large numbers



Applications and Drawback

Applications

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

Secure Shell (SSH)

Internet Protocol Security (IPSec)

Drawbacks

Although there is no successful attack on the mathematical aspect ofthe protocol, however, Man-in-the-Middle attack is possible in theprotocol if not carefully designed.

Authenticated Diffie-Hellman Key Agreement (1992) could protectsuch attack


Public Key Infrastructure (PKI)

Outline





5 Hash Functions

6 Conclusion




Features

Provides a set of roles, policies, and procedures needed to create,manage, distribute, use, store, and revoke digital certificates

Manage public-key encryption




Application

In network, PKI allows for the centralization of network authentication

Authentication of client systems using SSL (Secure Socket Layer)signatures or encryption in web browser.

Other applications include the transmission of authenticated emailmessages using S/MIME (Secure/Multi-purpose Internet MailExtensions), OpenPGP (Open Pretty Good Privacy) and othertechnologies


Hash Functions

Outline





5 Hash Functions

6 Conclusion


Hash Functions

Hash Functions

Properties

deterministic so the same message always results in the same hash

infeasible to find two different messages with the same hash value

infeasible to generate a message from its hash value except by tryingall possible messages


Hash Functions

Hash Functions

Properties

small change to a message should change the hash value soextensively that the new hash value appears uncorrelated with the oldhash value

quick to compute the hash value for any given message

Examples

MD5 — Generate 160-bit hash with a set of defined procedure

MD5 is not secure as it could be reversible (Though in theory MD5 isnot reversible but using databases one may find out which textresulted in a particular hash value.)

SHA-1 — A 160-bit hash function which resembles the earlier MD5algorithm.


Hash Functions

Hash Functions

Examples

SHA-2 — A family of two similar hash functions, with different blocksizes, known as SHA-256 and SHA-512. They differ in the word size;SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.(Designed by NSA)

SHA-3 — A hash function formerly called Keccak, chosen in 2012after a public competition among non-NSA designers


Hash Functions

Hashed Message Authentication Code (HMAC)

Properties

Ensures authentication along with integrity


Conclusion

Outline





5 Hash Functions

6 Conclusion


Conclusion

Conclusion

Discuss the required security service in a network

Discuss how different cryptographic systems provide those services

Limitations of cryptographic systems

Different attacks on such systems


crypto fundamentals · other public key crypto-systems are ecc (elliptic curve cryptography),...

Documents