principles of cryptography

7/28/2019 Principles of Cryptography

http://slidepdf.com/reader/full/principles-of-cryptography 1/20

1

Principles of Cryptography

Section 8.2

Ali Erkan & John BarrIthaca College



2

Chapter Outline

8.1: What is network security?

8.2: Principles of cyrptography

8.3: Message Integrity and End-Point Authentication

8.4: Securing e-mail

8.5: Securing TCP connections: SSL

8.6: Network layer security: IPsec and VPNs

8.7: Securing wireless LANs

8.8: Operational Security: Firewalls and Intrusion Detection

Systems



3

What Is Network Security?

Conventional use:

Sender encrypts message, receiver decrypts message

Confidentiality:

A

Authentication:A

Message Integrity:

A

Access and Availability:

Services must be accessible and available to users



4

An Issue That Cuts Across The Protocol Stack

Application Layer:

A

Transport Layer:

A

Network Layer:A

Data-link Layer:

A



5

Who Might Alice And Bob Be?

Secure

sender

Alice

Trudy

Channel

Control, data messages

Secure

receiver

Bob

Data Data

Web browser/server for electronic transactionsOn-line banking client/server

Surveillance systems

DNS servers

Routers exchanging routing table updates



6

What Can Trudy Do? Just Look At That Face...

Secure

sender

Alice

Trudy

Channel

Control, data messages

Secure

receiver

Bob

Data Data

Eavesdrop: Intercept messages

Inject: Actively insert messages into connectionImpersonate: Spoof source address (or any field in packet) in packet

Hijack : Take over ongoing connection by removing sender or

receiver, inserting himself in place

Overload: Prevent service from being used by others (DoS)



7

Notation And Variables

Encryption

algorithm

Ciphertext

Channel

Alice Bob

Decryption

algorithm

Plaintext Plaintext

KA KB

m: A

K A: A

K A(m): A

K B: A

K B(K A(m)): A



8

Notation And Variables

Encryption

algorithm

Ciphertext

Channel

Alice Bob

Decryption

algorithm

Plaintext Plaintext

KA KB

Symmetric key systems:• K A = K B; both are private

Public key systems:• K A,priv used to A

• K A,public used to A



9

Sym. Key Systems: The “Old” Ones

Ceaser cipher, k=3:

plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z

ciphertext d e f g h i j k l m n o p q r s t u v w x y z a b c

With brute force, it takes 26 tries to figure out mapping

Monoalphabetic cipher:

plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z

ciphertext m n b v c x z a s d f g h j k l p o i u y t r e w q

With brute force, it takes 26! tries to figure out mapping

With statistical observations, much easier to crack

Polyalphabetic cipher:plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z

C 1(k = 5) f g h i j k l m n o p q r s t u v w x y z a b c d e

C 2(k = 19) t u v w x y z a b c d e f g h i j k l m n o p q r s

pattern C 1, C 2, C 2, C 1, C 2



10

Sym. Key Systems: Data Encryption Standard

DES:

• US encryption standard [NIST 1993]

• OK for commercial and non-classified use

• 56-bit symmetric key, 64-bit plaintext input

NIST STATEMENT

“The goal is completely scramble the data and key so that every bit of

the ciphertext depends on every bit of the data and every bit of the

key... With a good algorithm, there should be no correlation between

the ciphertext and either the original data or key”.

http://www.nist.org/





11


f(L2,R2,K2)

64-bit input 56-bit key

permute

R1L1

R2L2

f(L1,R1,K1)

48-bit K16

48-bit K2

48-bit K1

64-bit output

permute

R3L3

R17L17

What happens in f ()?

The 64-bit input and the 48-bit

key for the ith round are taken as

input to f () that involves

expansion of 4-bit input chunks

into 6-bit chunks, XOR-ing withthe expanded 6-bit chunks of the

48-bit key K i, a substitution,

XOR-ing with the leftmost 32

bits of the input.

How does decryption work?

By reversing the steps of the

operation.



12


How secure is DES?

• DES Challenge: 56-bit-key-encrypted phrase1 brute forcely

decrypted 4 months (Google ‘des challange’)

• No known “backdoor” decryption approach.

Making DES more secure:

• Use three keys sequentially (3-DES) on each datum

Advanced Encryption Standard:

• New (Nov. 2001) symmetric-key NIST standard, replacing DES

• Processes data in 128 bit blocks

• 128, 192, or 256 bit keys

• Brute force decryption (try each key) taking 1 sec on DES, takes

149 trillion years for AES

1“Strong cryptography makes the world a safer place”



13

Symmetric Key Cryptography

Matt and Griffin need to exchange a number of secret messages:

• Matt and Griffin buy a padlock , each keeping one of the two

identical keys to open it

• Matt puts the exam questions in a box, locks its with the padlock,

and sends it to Griffin

• Griffin receives the box and opens it with his copy of the key

• Griffin puts the money in the box and locks it with the padlock

• Matt receives the box, opens it with his copy of the key



14

Public Key Cryptography

Matt and Griffin need to exchange a number of secret messages:

• Griffin and Matt buy separate padlocks

• Matt asks Griffin to send his open padlock through regular mail

• Matt uses the received padlock to lock the box that will deliver the

message to Griffin

• Griffin receives the box and opens it with the key which only he has

• Griffin asks Matt to send Matt’s open padlock through the regular

mail

• Griffin uses the received padlock to lock the box that will deliver

the message to Matt• Matt receives the box and opens it with the key which only he has



15

Public Key Encryption

Encryption

algorithm

Ciphertext

Decryption

algorithm

Plaintext

message, m

Plaintext

message, m

Private decryption key

m = KB–(KB

+(m))

KB–

KB+(m)

Public encryption keyKB+



16

Public Key Encryption Requirements

Need K +

B

and K −

B

such that

• K −B(K +B(m)) = m. Why? A

• K +B(K −B(m)) = m. Why? A

Given public key K +B , it should be impossible to compute K −B .

• How is this possible?

A

The RSA algorithm (Rivest, Shamir, Adelson) does exactly that.



17

RSA Choice of Keys

Choose two large prime numbers p and q .

Each might be 1024 bits.

Compute n = pq , z = ( p− 1)(q − 1).

Choose e (e < n) that has no common factors with z.

This means e and z are relatively prime.

Compute d such that ed− 1 is exactly divisible by z.

That is, ed mod z = 1.

Public key K +

B

is (n, e)

Private key K −B is (n, d)

What?



18

RSA Encryption, Decryption

To encrypt bit pattern m, compute

c = me mod n

This is the remainder when me is divided by n.

To decrypt received bit pattern c, compute

m = cd mod n

This is the remainder when cd

is divided by n.

This means that, somehow,

m = (me mod n)d

mod n



19

RSA Example

Bob chooses p = 5, q = 7.

Therefore, n = 5× 7 = 35Therefore z = (5− 1)× (7− 1) = 24

Let e be 5; therefore e and z are relatively prime.

Choose d so that ed− 1 is exactly divisible by z:

ed− 1 = kz

ed = kz + 1

d = kz + 1e

Let k = 6

d =6× 24 + 1

5

= 29



20

RSA Example

Transmit letter ‘l’ (i.e. lower case ‘L’):

m = 12

me = 125 = 248832

me mod n = 125 mod 35 = 17

Receive 17:

c = 17

cd = 1729 = 481968572106750915091411825223071697

cd mod n = 1729 mod 35 = 12

principles of cryptography

Documents