giacinto@unica · symmetric and asymmetric cryptography • symmetric cryptography – the...

Pattern Recognitionand Applications Lab

Universityof Cagliari, Italy

Department of Electrical and Electronic

Engineering

CRYPTOGRAPHY

Giorgio Giacinto

[email protected]

Spring Semester 2019-2020

http://pralab.diee.unica.it 2

Cryptography and Security• Used to hide the content of a message

• Goals– Confidentiality– Authenticity– Integrity

• The text is modified by an encryption function– An interceptor should not be able to understand all or part

of the message content

http://pralab.diee.unica.it

Encryption/Decryption Process

3

Key(Optional)

OriginalPlaintext

Plaintext Ciphertext

Key(Optional)

Encryption Decryption


Keys and Locks

4


KeysL F A Y B D E T C A

R C S E E T Y H G S

O U S U D H R D F C

E I D B T E M E P Q

X N R C I D S F T U

A E T C A U R M F N

P E C J N A C R D B

E M K C I O P F B E

W U X I Y M C R E P

F N O G I D C N T M

5


KeysL F A Y B D E T C A

R C S E E T Y H G S

O U S U D H R D F C

E I D B T E M E P Q

X N R C I D S F T U

A E T C A U R M F N

P E C J N A C R D B

E M K C I O P F B E

W U X I Y M C R E P

F N O G I D C N T M

6


Steganography

7

-

=

https://towardsdatascience.com/steganography-hiding-an-image-inside-another-77ca66b2acb1


Definitions• Cryptography algorithm

C = E(K,M)A function E with two inputs– a message M– a key Kthat outputs– the encrypted message C

The algorithm is based on a shared secret between the sender and the receiver

K The Encryption Key


Symmetric and Asymmetric Cryptography• Symmetric cryptography– The algorithm relies on one key

the key is the shared secret between the sender and the receiver

• Asymmetric cryptography– The algorithm relies on two keys

one key is secret, not shared with anyone – the private keythe other key is public – anyone can have it


Cryptosystems

10

Rivest-Shamir-Adelman

Encryption Decryption OriginalPlaintextPlaintext Ciphertext

(a) Symmetric Cryptosystem

DecryptionKey

Encryption Decryption OriginalPlaintextPlaintext Ciphertext

EncryptionKey

(b) Asymmetric Cryptosystem

Key


Cryptographic primitives• Substitution– Each character of the plain text is substituted by another

character according to some rule– This technique aims at the confusion of the message

content in the ciphertext

• Transposition– The message is subdivided into parts, and their position is

modified according to some rule– This technique aims at the diffusion of the message

content in the ciphertext

11


Stream and Block ciphers

12

Stream Cipherseach byte is encrypted separately

• Speed of transformation• Low error propagation• Low diffusion• Susceptibility to malicious

insertions and modifications

Encryption

Key(Optional)


…ISSOPMI wdhuw…

IH

Key(Optional)


.. XN OI TP ES

pobaqckdem..

Encryption

Block Ciphers a group of symbols is encrypted as a single block

• Slowness of encryption• Padding• Error propagation• High diffusion• Immunity to insertion of symbols


Substitution Ciphers


The Imitation Game (2014)

14


Caesar Cipher• Each character in the plaintext is substituted by the

character 3 positions aheadci = E(pi) = pi + 3for examplecomputer securitybecomesfrpsxwhu vhfxulwb


Other substitutions• A word is selected as a key to set the substitution of the

first letters of the alphabet (e.g., chiefly).

ABCDEFGHIJKLMNOPQRSTUVWXYZ

CHIEFLYABDGJKLMNOPQRSTUWXZ

• Substitution by using as a key a permutation of the alphabet one letter in 3, mod 26

ABCDEFGHIJKLMNOPQRSTUVWXYZ

ADGJMPSVYBEHKNQTWZCFILORUX


Other substitutions• OTP (One Time Pad)– a pad of sheets of papers with one-time keys– the encryption of a message of N characters in length will

need as many keys as to cover all the N characters– the sender will encrypt the message according to some

substitution rule involving each character of the message and the corresponding character of the key• for example, the Vigenère table


Transpositions


Column-based Transpositions• We can convert this text

THIS IS A SAMPLE MESSAGE

into a five-columns sequence of charactersT H I S IS A S A MP L E M ES S A G E

The resulting encrypted messages is

TSPS HALS ISEA SAMG IMEE


A useful tool for encoding and encryption

20

https://cryptii.com


“Secure” encryption algorithms


Shannon and the definition of “good” ciphersCommunication Theory of Secrecy Systems (1949)

1. The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption

2. The set of keys and the enciphering algorithm should be free from complexity

3. The implementation of the process should be as simpleas possible

4. Errors in ciphering should not propagate and cause corruption of further information in the message

5. The size of the enciphered text should be no larger than the text of the original message

22


Cryptanalysis• Goal: break an encryption– break (decrypt) a single message– recognize patterns in encrypted messages– infer some meaning without even breaking the

encryption, such as from the frequency of messages– easily deduce the key to break one message and perhaps

subsequent ones– find weaknesses in the implementation or environment of

use of encryption by the sender– find general weaknesses in an encryption algorithm

An algorithm is called breakable whengiven enough time and data

an analyst can determine the algorithm


Inputs to cryptanalysis

• Ciphertext Only– Look for patterns, similarities, and discontinuities among

many messages that are encrypted alike

• Plaintext and Ciphertext pair– Full or Partial Plaintext

• known-plaintext or probable-plaintext– Ciphertext of Any Plaintext

• chosen-plaintext

24


Breaking Enigma

25

The Imitation Game (2014)

https://www.youtube.com/watch?v=_C25CwNlVjA


Trustworthy cryptosystems

• Based on sound mathematical foundations

• Analyzed by competent experts and found to be sound

• Stood the “test of time”

26


Symmetric Encryption Algorithms


Symmetric Encryption

28

Plaintextinput

Y = E[K, X] X = D[K, Y]

X

K K

Transmittedciphertext

Plaintextoutput

Secret key shared bysender and recipient

Secret key shared bysender and recipient

Encryption algorithm(e.g., DES)

Decryption algorithm(reverse of encryption

algorithm)

Figure 2.1 Simplified Model of Symmetric Encryption


Standard and Commercial algorithms

• Block ciphers– DES (Data Encryption Standard) – 3DES (Triple DES)– AES (Advanced Encryption Standard)– Blowfish (1993, Bruce Schneier)

• Stream ciphers– RC4 (1987, Ron Rivest)

29


DES• In 1972 the U.S. National Bureau of Standards (NBS, nowadays

NIST) called for proposals for producing a public encryption algorithm.

• In the second call, in 1974, the most promising proposal was IBM’s Lucifer. IBM developed for NBS the Data Encryption Standard (DES) based on Lucifer.

• DES was officially adopted as a U.S. federal standard in November 1977.DES was later accepted as an international standard by ISO.


The complete DES

31

L2 = R 1 R2

Substitution

Permutation

Key Permuted

Key Shifted

L15 = R14 R15

L16 = R15 R16

Substitution

Permutation

Key Shifted

L0 R0

L1 = R 0 R1

Substitution

Permutation

Key Permuted

Key Shifted

Inverse Initial Permutation

Output

Initial Permutation

Input

Cycle 1

Cycle 2

Cycle 16

... ...

Key Permuted

64-bit blocks64-bit key

The algorithm at workhttp://page.math.tu-berlin.de/~kant/teaching/hess/krypto-ws2006/des.htm


A cycle in DES

32

Left Data Half

32 bits

Right Data Half

32 bits

New Left Data Half (Old Right Half)

New Right Data Half

Substitution, Permuted Choice

Permutation

KeyPermuted

ExpansionPermutation

48 bits

Key Shifted 56 bits

48 bits

32 bits


DES variants


Security of DES• Diffie and Hellman in 1977 argued that a 56-bit key is too

short given the increasing power of computers

• In 1998 researchers built a “DES cracker” machine for approximately $200,000 U.S. that could find a DES key in four days (later improved to a few hours)

• In 1995 the NIST began the search for a new, strong, and more flexible algorithm The result was the Advanced Encryption Standard - AES


AES• In 1997 NIST called for cryptographers to develop a new

encryption system– unclassified– publicly disclosed– royalty free for use worldwide– symmetric block cipher of at least 128 bit– keys 128, 192, and 256 bits long

• In Aug 1998, 15 algorithms chosen from the submissions

• In Aug 1999, 5 finalists

• In 2001 the winning algorithm became the official U.S. standard


AES

36

Name of the algorithm: Rijndaelderived from the creators’ namesRijmen e Daemen

Substitutions, transpositions, shifts, XOR, additions

Example source codehttp://www.hoozi.com/posts/advanced-encryption-standard-aes-implementation-in-cc-with-comments-part-1-encryption/

SSSS

k k k k

1. Byte Sub

2. Shift Row

3. Mix Columns

4. Add Round Key

Repeatn Times


DES vs. AES

37


RC2, RC4, RC5, and RC6• Authored by Ronald Rivest– one of the inventor of the RSA algorithm and founder of

RSA laboratories

• RC2 (publicly released in 1996)– Block cipher designed as a a simple and fast algorithm

• RC4 (popular before 2000)– Stream cipher, widely used in wireless network (WEP and

WPA)

• RC5 (1994)– Block cipher

• RC6– A modification of RC5 to compete in the AES competition

38


openssl crypto library• openssl (http://www.openssl.org) is an open source

project that provides a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols

• The crypto library implements a wide range of cryptographic algorithms used in various Internet standards

39


openssl symmetric ciphers• encryption of a message using triple-DES

openssl des3 -salt -in file.txt -out file.des3

• decryption of a message using triple-DESopenssl des3 -d -salt -in file.des3 -out file.txt

40


Message Digests

41


One-Way Hash Function• Convert input to a digest– It is infeasible to start with a digest

value and infer the input

• They do not have obvious collisions– it is infeasible to find a pair of

inputs that produce the same digest

42

Encrypted forauthenticity

M

Hashfunction

Messagedigest


Bank Transfers mid 19th century• One-way coding the amount of money to be transferred

between two parties produces a test key for integrity– Sum of the numbers in the tables according to the

positions of the digits in the amount to be transferred

• Example– Coding € 243.561,00

53 (no millions) + 70 (200.000) + 91 (40.000) + 87 (3.000) =301

43


Message Digests• One-way hash functions are cryptographic functions

with multiple uses– They are used in conjunction with asymmetric algorithms

for both encryption and digital signatures– They are used in integrity checking– They are used in authentication– They are used in communications protocols

• They are based on one-way random functions

44


Properties of Current Hash Standards

45

Collisions in MD5: https://www.mscs.dal.ca/~selinger/md5collision/


Asymmetric ciphersThe RSA algorithm


Symmetric key distribution• How can the shared secret symmetric key be exchanged

by two parties?

• In 1976 Diffie and Hellman proposed a novel cryptographic mechanism– each user is given two keys• one key is private, i.e., the owner must keep it secret• the other key is public, i.e., anyone must have it

– the pair of private and public keys is generated by a specific key generation algorithm

Recipients of the 2015 ACM A.M. Turing Award


Public Key to Exchange Secret Keys

48

4., 5

abc 6def

9wxyz

8tuv

7pqrs

Bill, give me your public key

Here is my key, Amy

1

2

3 Here is a symmetric key we can use

6mno

5jkl1

.,

2abc

3def

9wxyz

8tuv

7pqrs

4ghi


Cryptography based on discrete logarithms• A primitive root modulo p is a number whose powers generate all the

nonzero numbers mod p• For example, if we work modulo 7 we find that

- 51 = 5 (mod 7)- 52 = 25≡ 4 (mod 7)- 53 ≡ 4 x 5≡ 6 (mod 7)- 54 ≡ 6 x 5≡ 2 (mod 7)- 55 ≡ 2 x 5≡ 3 (mod 7)- 56 ≡ 3 x 5≡ 1 (mod 7)

• 5 is called a primitive root modulo 7– Given any y, we can always solve the equation y = 5x (mod 7)

x is then called the discrete logarithm of y modulo 7.

• For large random prime numbers p– the discrete logarithm cannot be computed– the mapping 𝒇: 𝒙 → 𝒈𝒙 mod 𝒑 is a one-way function– 𝑓 𝑥 + 𝑦 = 𝑓 𝑥 𝑓 𝑦– 𝑓 𝑛𝑥 = 𝑓 𝑥 "

49


Diffie-Hellmann protocol• Original version of the algorithm– Alice and Bob agree on using two numbers p and g

• p is a prime number • g is a primitive root mod p

– Alice chooses a secret integer x and sends to BobA = gx mod p

– Bob chooses a secret integer y and sends to AliceB = gy mod p

– Alice will compute Bx mod p, Bob will compute AY mod pthat will be the shared secret, as Bx mod p = AY mod p = gxy mod p

50


Diffie-Hellman ExampleHave• Prime number q = 353 • Primitive root a = 3

A and B each compute their public keys after selecting their secret keys, XA=97 and XB=233, respectively • A computes YA = 397 mod 353 = 40 • B computes YB = 3233 mod 353 = 248

Then exchange and compute secret key• For A: K = (YB)XA mod 353 = 24897 mod 353 = 160• For B: K = (YA)XB mod 353 = 40233 mod 353 = 160

Attacker must solve• 3z mod 353 = 40 which is hard• Desired answer is 97, then compute key as B does


Asymmetric Cryptography• Symmetric cryptography– two users share one secret key

• Asymmetric cryptography– each user has two keys: one public and one private

• Messages encrypted using the user’s public key can only be decrypted using the user’s private key, and vice versa

52


Asymmetric cryptography

kpub Public key

kpriv Private key

E(k,M) Encryption

D(k,M) Decryption

P Plaintext

P = D(kpriv,E(kpub,P))

some algorithms also allow

P = E(kpub,D(kpriv,P))


Encryption with public key

54

Plaintextinput

Bobs'spublic key

ring


PlaintextoutputEncryption algorithm

(e.g., RSA)Decryption algorithm

Joy

Mike

Mike Bob

TedAlice

Alice's publickey

Alice 's privatekey

(a) Encryption with public key

Plaintextinput




Bob's privatekey

Bob

Bob's publickey

Alice'spublic key

ring

Joy Ted

(b) Encryption with private key

X

X

PUa

PUb

PRa

PRb

Y = E[PUa, X]

Y = E[PRb, X]

X =D[PRa, Y]

X =D[PUb, Y]

Figure 2.6 Public-Key Cryptography

Alice

Bob Alice


Encryption with private key

55

Plaintextinput

Bobs'spublic key

ring




Joy

Mike

Mike Bob

TedAlice

Alice's publickey

Alice 's privatekey

(a) Encryption with public key

Plaintextinput




Bob's privatekey

Bob

Bob's publickey

Alice'spublic key

ring

Joy Ted

(b) Encryption with private key

X

X

PUa

PUb

PRa

PRb

Y = E[PUa, X]

Y = E[PRb, X]

X =D[PRa, Y]

X =D[PUb, Y]

Figure 2.6 Public-Key Cryptography

Alice

Bob Alice


Asymmetric Encryption with RSA• Since its introduction in 1978, no serious flaws have yet

been found

• The encryption algorithm is based on the underlying problem of factoring large prime numbers– the fastest known algorithm is exponential in time

• Two keys, d and e, are used for decryption and encryption, and they are interchangeable

• The plaintext block P is encrypted as Pe mod n = C

• The decrypting key d is chosen so that Cd mod n = PP = Cd mod n = (Pe)d mod n = (Pd)e mod n

56


Secret Key vs. Public Key Encryption

57


Asymmetric Encryption Algorithms

RSA (Rivest, Shamir,

Adleman)Developed in 1977

Most widely accepted and implemented

approach to public-key encryption

Block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n.

Diffie-Hellman key exchange

algorithm

Enables two users to securely share a

secret key for symmetric encryption

Limited to the exchange of the

keys

Digital Signature

Standard (DSS)

Provides only a digital signature

function with SHA-1

Cannot be used for encryption or key

exchange

Elliptic curve cryptography

(ECC)

Security like RSA, but with much

smaller keys


RSA in openssl

• Creation of a RSA private keyopenssl genrsa –out key.pem

• Creation of the corresponding public keyopenssl rsa -in key.pem -pubout -out pubkey.pem

59


RSA in openssl• openssl rsautl

with the following parameters-in filename

-out filename

-inkey filefilename containing the key (default: the private key)

-pubinin the case the input key is the public key

60


RSA in openssl-encryptRSA encryption of the input file with the public key

-decryptRSA decryption of the input file with the public key

61


Example• Public key encryption

openssl rsautl –encrypt -inkey pubkey.pem -pubin–in <infile> -out <file_enc>

• Private key decryptionopenssl rsautl –decrypt –inkey key.pem–in <file_enc> -out <file_dec>

62


Certificates

63


Certificates• In real life identity and authenticity are certified by

trusted authorities through a hierarchy of mutual trust– Government servants issue and verify

• ID cards• Passports• …

• Other sources of authenticity– Stamps– Headed letters– …

64


Digital CertificatesTrustable Identities and Public Keys• A certificate is – a public key – an identity

bound together and signed by a certificate authority

• A Certificate Authority (CA) is an authority that users trust to accurately verify identities before generating certificates that bind those identities to keys

• A Public Key Infrastructure is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

65


Delegation of trust

66


Certificate Signing and Hierarchy

67

Name: DianaPosition: Division ManagerPublic key: 17EF83CA ...

Diana creates and delivers to Edward:

Edward adds:

Edward signs with his private key:


hash value128C4


hash value128C4

Which is Diana’s certificate.

Name: DelwynPosition: Dept ManagerPublic key: 3AB3882C ...

Delwyn creates and delivers to Diana:

Diana adds:

Diana signs with her private key:


hash value48CFA

And appends her certificate:

Which is Delwyn’s certificate.


hash value128C4

To create Diana’s certificate: To create Delwyn’s certificate:


hash value48CFA


hash value48CFA


Certificate Hierarchy

68


Structure of a digital certificate• Users identity and public key

• Signed by a certificate authority (CA)– Actalis, Comodo, DigiCert, Symantec/VeriSign, …

• self-signed certificates– http://www.akadia.com/services/ssh_test_certificate.html

no authority certify the authenticity, and you need to trust the entity the signed the certificate


Certificates in openssl• Creation

openssl req -new -key server.key -out server.csr

– server.key is the private key associated to the server

• Self-signed x509 certificateopenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

70


Random numbers

71


Random Numbers• They are needed to generate:– Keys for public-key algorithms– Stream key for symmetric stream cipher– Symmetric key for use as a temporary session key or in

creating a digital envelope– Handshaking to prevent replay attacks– Session key


Randomness• Criteria

– Uniform distribution• Frequency of occurrence

of each of the numbers should be approximately the same

– Independence• No one value in the

sequence can be inferred from the others

Unpredictability• Each number is statistically

independent of other numbers in the sequence

• Opponent should not be able to predict future elements of the sequence on the basis of earlier elements

Random Number Requirements


Random versus PseudorandomAlgorithmic techniques for random number generation• Algorithms are deterministic and therefore produce

sequences of numbers that are not statistically random

Pseudorandom numbers are• Sequences that satisfy statistical randomness tests• Likely to be predictable

True random number generator (TRNG)• Nondeterministic source to produce randomness• Mostly by measuring unpredictable natural processes

• e.g. radiation, gas discharge, leaky capacitors• Increasingly provided on modern processors


Digital Signatures


Digital Signature Properties• Unforgeable (mandatory)– No one other than the signer can produce the signature

without the signer’s private key

• Authentic (mandatory)– The receiver can determine that the signature really came

from the signer

• Not alterable (desirable)– No signer, receiver, or any interceptor can modify the

signature without the tampering being evident

• Not reusable (desirable)– Any attempt to reuse a previous signature will be detected

by receiver

76


Digital Signature

• The general way of computing digital signatures is with public key encryption– The signer computes a signature value by using a private key– Others can use the public key to verify that the signature came

from the corresponding private key

77

Mark onlythe sendercan make

Authentic Unforgeable

Mark fixedto

document


Digital signatures with public key encryption

78

Signature Verification


Digital signatures in openssl• Creation of the signature for a file using the private key

openssl rsautl -sign -in file -inkey key.pem-out sig

• Verification of the authenticity of the signatureopenssl rsautl -verify -in sig -inkey pubkey.pem-pubin

79


Digital signature and secret message

80


Digital Envelopes

81


Symmetric and Asymmetric Encryption

• Symmetric algorithms provide for efficient and effective way for protecting confidentiality and integrity of data at rest or in transit

• Asymmetric encryption is used for– exchanging symmetric encryption keys– signing data to show authenticity and proof of origin

82


Internet and Cryptography


Link encryption• The plaintext message is encrypted just before being

sent through the physical layer– the plaintext is available in all upper layers

84


Link encryption: packet format

85

Encryption implemented at the hardware level


end-to-end encryption• The message content is encrypted at the application or

presentation layer

86


Packet format end-to-end encryption

87

Encryption implemented at the application levelKey exchange protocol


Example: the Signal protocol• The Signal protocol was developed by Open Whisper

Systems (https://signal.org) in 2013 to provide end-to-end encryption for instant messaging.

• It has been implemented into applications such as WhatsApp, Facebook Messenger, Google Allo.

• The protocol combines – the Double Ratchet Algorithm– Prekeys– a triple Diffie–Hellman (3-DH) handshake,– uses Curve25519, AES-256 and HMAC-SHA256 as

primitives

88

https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf


Link vs. End-to-End

89


WiFi Security - WEP• WEP - Wired Equivalent Privacy was designed at the

same time as the original 802.11 WiFi standards

• Weaknesses in WEP were first identified in 2001, four years after release– More weaknesses were discovered, until any WEP-

encrypted communication could be cracked in minutes

90


How WEP Works• Client and access point (AP) have a pre-shared key– AP sends a random number to the client, which the client

then encrypts using the key and returns to the AP– The AP decrypts the number using the key and checks that

it’s the same number to authenticate the client– Once the client is authenticated, the AP and client

communicate using messages encrypted with the key

91


WEP Main Weaknesses• Weak encryption key– WEP allows to be either 64- or 128-bit, but 24 of those bits

are reserved for initialization vectors (IV)– Keys were either alphanumeric or hex phrases that users

typed in, therefore vulnerable to dictionary attacks

• Static key

• Weak encryption process– A 40-bit key can be brute forced easily

• Weak encryption algorithm– WEP used RC4 in a strange way, that allowed attackers to

decrypt large portions of any WEP communication

92


WPA (WiFi Protected Access)• WPA was designed in 2003 to replace WEP • WPA2 followed in 2004, the current standard• Non-static encryption key

– WPA uses a hierarchy of keys• New keys are generated for each session, and the encryption key is

automatically changed on each packet

• Strong encryption– WPA supports AES

• Integrity protection– WPA includes a 64-bit cryptographic integrity check

• Session initiation– WPA sessions begin with authentication and a four-way

handshake • separate keys for encryption and integrity on both ends

93


VPN - Virtual Private Network• An encrypted tunnel for communication between two

sites of the same organization over public networks

• VPN usually implemented by firewalls– link encryption

Firewall A

Firewall B

Office A

Office B

A1 A2 A3 A4

B1 B2 B3 B4

Encrypted

To othersites


VPN - Virtual Private Network• VPNs also used for the secure connection of a teleworker

to the remote office

95

Firewall AOffice

A1 A2 A3 A4

Encrypted

To othersites

Teleworker


Secure Shell (SSH)• Originally developed for UNIX

• Provides an authenticated, encrypted path to the OS command line over the network

• Replacement for insecure utilities such as telnet, rlogin, and rsh

• The protocol involves negotiation between local and remote sites for– encryption algorithm (e.g., DES or AES)– authentication

96


SSL and TLS• Secure Sockets Layer (SSL) was designed by Netscape in

the 1990s to protect communication between the web browser and server

• In a 1999 upgrade to SSL, it was renamed Transport Layer Security (TLS)

• While the protocol is still commonly called SSL, TLS is the modern, and much more secure, protocol

• SSL is implemented at OSI layer 4 (transport) and provides– Server authentication– Client authentication (optional)– Encrypted communication

97


The TLS protocol• A server replies to a client that wants to initiate a secure

connection with its certificate

• The client sends part of a symmetric key encrypted with the public key of the server

• Client and server compute the remaining part of the session key– Diffie-Hellman protocol

• The session key is used to encrypt the communication through a symmetric encryption algorithm


email encryption• TLS for the confidentiality of the password between

client and server

• PGP (Pretty Good Privacy) or S/MIME (Secure/Multipurpose Internet Mail Extensions) for encrypting the message content – both based on public keys for authentication and the

exchange of the symmetric session key– PGP relies on each user’s exchanging keys with all

potential recipients (a circle of trust)– S/MIME uses hierarchically validated certificates


Anonymous browsing: the TOR project

• The receiver should not be able to identify the computer that initiated the request– The request is handled by intermediate nodes that hide

the identity of the initiator– The intermediate nodes should not be aware of the path

of the packets

100


Onion RoutingThe TOR network

• The Tor network is an overlay network

• Each onion router (OR) runs as a normal user-level process without any special privileges.

• Each onion router maintains a TLS connection to every other onion router.

• Each user runs local software called an onion proxy (OP) – to fetch directories, establish circuits across the network, and

handle connections from user applications.

• These onion proxies accept TCP streams and multiplex them across the circuits.

• The onion router on the other side of the circuit connects to the requested destinations and relays data.

101


Key exchange and encryption in Onion routing

102𝐸!" " : Encryption with public key𝐻 " : Cryptographic Hash function


Anonymous HTTP browsingTOR network

103


The TOR network

104


The TOR network

105

giacinto@unica · symmetric and asymmetric cryptography • symmetric cryptography – the...

Documents