Cryptographic Tools and Algorithms Public Key Crypto
Total Page:16
File Type:pdf, Size:1020Kb
INF140 Cryptography Overview Confidentiality Symmetric Crypto Authentication Cryptographic Tools and Algorithms Public Key Crypto Digital Signatures Key Management INF140 - Introduction to Cybersecurity Summary Chunlei Li1 1 1/89 The slides are adjusted from the one by Steve Gordon INF140 Contents Cryptography Overview Cryptography for Security Confidentiality Symmetric Crypto Encryption for Confidentiality Authentication Public Key Crypto Digital Signatures Symmetric Cryptography Key Management Summary Integrity and Authenticity Public Key Cryptography Digital Signatures Key Management Summary 2/89 INF140 No Cryptography, No Security! Cryptography Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto Digital Signatures Key Management Summary Cryptography is necessary but not sufficient for security 3/89 INF140 Security Attributes by Cryptography Cryptography Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto Digital Signatures Key Management Summary Non-repudiation: one aspect for accountability 4/89 INF140 Contents Cryptography Overview Cryptography for Security Confidentiality Symmetric Crypto Encryption for Confidentiality Authentication Public Key Crypto Digital Signatures Symmetric Cryptography Key Management Summary Integrity and Authenticity Public Key Cryptography Digital Signatures Key Management Summary 5/89 INF140 Encryption for Confidentiality Cryptography Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto I Aim: assure confidential information not made available Digital Signatures to unauthorised individuals (data confidentiality) Key Management I How: encrypt the original data; anyone can see the Summary encrypted data, but only authorised individuals can decrypt to see the original data I Used for both sending data across network and storing data on a computer system 6/89 INF140 Model of Encryption for Confidentiality Cryptography Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto Digital Signatures Key Management Summary 7/89 INF140 Model of Encryption for Confidentiality Cryptography Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto Digital Signatures Key Management Summary I Symmetric Cryptography: Key1 = Key 2 I Public Key Cryptography: Key1 6= Key 2 8/89 INF140 Terminology Cryptography Overview Plaintext original message Confidentiality Symmetric Crypto Ciphertext encrypted or coded message Authentication Encryption convert from plaintext to ciphertext Public Key Crypto (enciphering) Digital Signatures Decryption restore the plaintext from ciphertext Key Management (deciphering) Summary Key information used in cipher known only to sender/receiver Cipher a particular algorithm (cryptographic system) Cryptography study of algorithms used for encryption Cryptanalysis study of techniques for decryption without knowledge of plaintext Cryptology cryptography + cryptanalysis 9/89 INF140 Characterising Cryptographic Systems Cryptography Overview Confidentiality Operations used for encryption: Symmetric Crypto Authentication Substitution replace one element in plaintext with another Public Key Crypto Transposition re-arrange elements Digital Signatures Product systems multiple stages of substitutions and Key Management transpositions Summary Mathematical Transformation trap-door one-way functions Number of keys used: Symmetric sender/receiver use same key (single-key, secret-key, shared-key, conventional) Public-key sender/receiver use different keys (asymmetric) 10/89 INF140 Contents Cryptography Overview Cryptography for Security Confidentiality Symmetric Crypto Encryption for Confidentiality Authentication Public Key Crypto Digital Signatures Symmetric Cryptography Key Management Summary Integrity and Authenticity Public Key Cryptography Digital Signatures Key Management Summary 11/89 INF140 Symmetric Key Encryption for Confidentiality Cryptography Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto Digital Signatures Key Management Summary Requirements I Strong encryption algorithm: given algorithm, ciphertext and known pairs of (plaintext, ciphertext), attacker should be unable to find plaintext or key I Shared secret keys: sender and receiver both have shared a secret key; no-one else knows the key 12/89 INF140 Attacks Cryptography Overview Goal of the Attacker Confidentiality I Discover the plaintext (good) Symmetric Crypto Authentication I Discover the key (better) Public Key Crypto Digital Signatures Assumed Attacker Knowledge Key Management I Ciphertext Summary I Algorithm I Other pairs of (plaintext, ciphertext) using same key Attack Methods Brute-force attack Try every possible key on ciphertext Cryptanalysis Exploit characteristics of algorithm to deduce plaintext or key Assumption: attacker can recognise correct plaintext 13/89 INF140 Block vs Stream Ciphers Cryptography Overview Block Ciphers Confidentiality Symmetric Crypto I Encrypt plaintext block by block, typically 64 or 128 bits Authentication I Encryption performed by scrambling plaintext and key Public Key Crypto I Different operation modes with probabilistic encryption Digital Signatures for improved security Key Management Summary I Widely used in e-commerce Stream Ciphers I Encrypt plaintext by bits/bytes/words I Encryption performed by XOR plaintext with keystream (created by pseudo-random number generator) I Fast algorithms/implementations in hardware I Cannot re-use keys 14/89 INF140 Examples of Substitution Ciphers Cryptography Overview Caesar Cipher Confidentiality Symmetric Crypto I Earliest known cipher, used by Julius Caesar (Roman Authentication general 2000 years ago) Public Key Crypto I Replace each letter by the letter three positions along in Digital Signatures alphabet Key Management Summary Generalised Caesar Cipher (try cryptool-online) I Allow shift by k positions I Assume each letter assigned number (a = 0, b = 1, . ) C = E(k; p) = (P + K) mod 26 P = D(k; C) = (C − K) mod 26 I Security: vulnerable to the brute force attack 15/89 INF140 Cryptography Mono-alphabetic (Substitution) Ciphers Overview Mono-alphabetic: use a single alphabet for both Confidentiality I Symmetric Crypto plaintext and ciphertext Authentication I Arbitrary substitution: one element maps to any other Public Key Crypto element Digital Signatures I n element alphabet allows n! permutations or keys Key Management I Example: Summary Plain :A B C D E ... W X Y Z Cipher:D Z G L S ... B T F Q I Security I Caesar cipher: 26 keys I Mono-alphabetic (English alphabet): 26! keys (> 4 × 1026) I Vulnerable to frequency attacks 16/89 INF140 Cryptography Playfair Cipher - Initialization Overview 1. Create 5x5 matrix and write keyword (row by row) Confidentiality Symmetric Crypto 2. Fill out remainder with alphabet, not repeating any Authentication letters Public Key Crypto 3. Special: Treat I and J as same letter Digital Signatures Key Management Playfair Cipher - Encryption Summary 1. Operate on pair of letters (digram) at a time 2. Special: if digram with same letters, separate by special letter (e.g. x) 3. Plaintext in same row: replace with letters to right 4. Plaintext in same column: replace with letters below 5. Else, replace by letter in same row as it and same column as other plaintext letter 17/89 INF140 Cryptography I Plaintext: helloworld Overview Confidentiality I Keyword: security Symmetric Crypto S E C U R Authentication I T Y A B Public Key Crypto D F G H K Digital Signatures Key Management L M N O P Summary Q V W X Z Plaintext: HE LX XL OW OR LD Ciphertext: FU OQ QO ... QL Security I frequency attack: diagram of 676 entries I relatively easy (digrams, trigrams, expected words) 18/89 INF140 Vigen`ereCipher Cryptography I Set of 26 general Caesar ciphers Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto Digital Signatures Key Management Summary I Letter in key determines the Caesar cipher to use I Example: key = uib Plain : INTERNETTECHNOLOGIES Key: UIBUIBUIBUIBUIBUIBUIBUI Cipher: CVUYZOYBUYKIHWMIOJYA I Multiple ciphertext letters for each plaintext letter, e.g., 19/89 the first I!C and the second I!J INF140 Vigen`ereCipher - Is it Breakable? Cryptography Overview Confidentiality I Yes Symmetric Crypto I Monoalphabetic or Vigen`erecipher? Letter frequency Authentication analysis Public Key Crypto Digital Signatures I Determine length of keyword Key Management I For keyword length m, Vigen`ereis m mono-alphabetic Summary substitutions I Break the mono-alphabetic ciphers separately I Weakness is repeating, structured keyword How to destroy the structure of keyword in the key string? I combine the keyword and plaintext: Autokey cipher I have sufficiently long key: Vernam cipher 20/89 INF140 Rotor Machine - Enigma Cryptography Overview Confidentiality Symmetric Crypto Authentication Public Key Crypto Digital Signatures Key Management Summary I Web-based Simulator of Enigma I Web-based Simulator of Turing Bomb 21/89 INF140 Example Transposition Cipher: Rail-Fence Cryptography Railfence Overview Encryption: Plaintext letters written in diagonals over K Confidentiality rows; ciphertext obtained by reading row-by-row. For Symmetric Crypto example, Authentication Public Key Crypto I plaintext: attackpostponed Digital Signatures I key: 3 Key Management ciphertext: ACSNTAKOTOETPPD Summary I Column-Transposition Cipher Encryption: Ciphertext obtained by reading column-by-column, but re-arranged transposition according to the key. For example I plaintext: attackpostponeduntiltwoamxyz I key: 4312567 I ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ