cryptography zsecurity xin companies passwords, policies, procedures, etc. physical security...
TRANSCRIPT
Cryptography
SecurityIn companies
• Passwords, policies, procedures, etc.• Physical security
Networks (connecting companies)• Loss of connection• Modification of data• Wire tapping• Fabrication
Cryptography
• Verification of sender• Sender signs documents electronically
Encryption
Cryptography and OSI
The OSI modelPhysical layer
• Link encryption• Header and data are encrypted• Traffic analysis is possible• Hardware use possible
Transport layer• The whole session must be encrypted
Presentation layer• Only data needs to be encrypted (hence most often
here)• Software (usually)
Terminology
Plaintext Encryption Cipher Ciphertext Decryption
Interceptor/intruder Key
Single key Key pair (public and private keys)
Substitution
Substitution cipher Encodes the alphabet with numbers for
letter positions and substitutes the valuesExample Caesar cipher
• ci = E(pi) = pi + 3
Encrypt TREATY IMPOSSIBLEWUHDWB LPSRVVLEOH
Transposition
Transposition/Permutation Encodes the alphabet with numbers and
multiplies by a value Example
• ci = E(pi) = 5*pi + 3
Can also be shown as column transposition
Double transposition
Encryption
KeyWrite the key first then the alphabet in
order leaving out letters from the key
Mono-alphabeticFrequency distribution reflects the
distribution of the underlying alphabet poly-alphabetic
Encryption
Poly-alphabetic Key is used to select different alphabet frequency
distributions cancel out Vigenère table
Single or Secret key1.If key is known encryption and decryption of all
messages is possible2.Distributing keys is problematic3.The number of keys grows with the number of people
exchanging information, squared
DES algorithm an example• Combination of transposition and substitution
Public key
Public keyPublic key is shared, private key is used for
decryption
Example RSA• Encryption
– C = Pe mod n Key(e, n)• Decryption
– P = Cd mod n Key(d, n)
Public key
P = Cd mod n = (Pe)d mod n = (Pd)e mod n
1. Select prime number p and q larger than 10100
2. Calculate n = p * q and z = (p-1)(q-1)3. Select e so that 1 < e < z. e and z are relatively
prime4. Find d so that d * e mod z = 1
• Factoring of 200 bits number takes 4 billion years of computer calculations
Cryptography
ProtocolsArbitratedAdjudicatedSelf-enforcing
Cryptography
Digital signatureUnforgeableAuthentic
Not alterableNot reusable
RSA ensures this by using a private keyDES needs an arbiter
Attacks against encryption systems
Weekness in the algorithnBrute force against the keyWeekness in the surrounding system
system
Singel key
One time padsPassword encryption (unix)AES
Public key
ElgamelDigital signatur algoritmeEliptic curve encryption
Digital signatur
(figure 11-8 s. 262)Secure hash function
Key management
Key creationKey distributionKey certificationKey protectionKey revocationKey recovery
Trust in encryption sysems
Hierarchy (fig. 11.10 p. 271)Web (fig. 11.11 p. 273)
We’ve covered
P. 276