DOCSLIB.ORG

Outline Cryptography Encryption/Decryption

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Outline ■ Basic Crypto Concepts and Definitions ■ Some Early (Breakable) Cryptosystems ■ “Key” Issues CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography 2 Cryptography ■ Cryptography: the art of secret writing ■ Converts data into unintelligible (random- looking) form ■ Must be reversible (can recover original data without loss or modification) Basic Concepts and Definitions ■ Not the same as compression ■ n bits in, n bits out ■ Can be combined with compression ■ What’s the right order? 3 4 Cryptography vs. Steganography Encryption/Decryption ■ Cryptography conceals the ■ Steganography (hiding contents of communication in plain sight) conceals plaintext ciphertext plaintext between two parties the very existence of encryption decryption ■ Anonymous communication communication conceals who is key key communicating ■ Examples? ■ Watermark ■ Plaintext: a message in its original form ■ Info leakage ■ Ciphertext: a message in the transformed, unrecognized ■ Kerckhoffs's principle ■ Security through form ■ A cryptosystem should be obscurity ■ Encryption: the process that transforms a plaintext into a secure even if everything ciphertext about the system, except ■ Defense in depth ■ Decryption: the process that transforms a ciphertext to ■ Open source software? the key, is public the corresponding plaintext knowledge ■ Key: the value used to control encryption/decryption. 5 6 Cryptanalysis Ciphertext Only Attacks ■ “code breaking”, “attacking the cipher” ■ Ex.: attacker can intercept encrypted ■ Difficulty depends on communications, nothing else ■ sophistication of the cipher ■ when is this realistic? ■ amount of information available to the ■ Breaking the cipher: analyze patterns in code breaker the ciphertext ■ Any cipher can be broken by exhaustive ■ provides clues about the encryption trials, but rarely practical method/key ■ When can you recognize if you have succeeded? 7 8 Known Plaintext Attacks Chosen Plaintext Attacks ■ Ex.: attacker intercepts encrypted text, but ■ Ex.: attacker can choose any plaintext also has access to some of the desired, and intercept the corresponding corresponding plaintext (definite ciphertext advantage) ■ When is this realistic? ■ When is this realistic? ■ Requires plaintext-ciphertext pairs to ■ Choose exactly the messages that will recover the key, but the attacker cannot reveal the most about the cipher choose which particular pairs to access. ■ Makes some codes (e.g., mono- alphabetic ciphers) very easy to break 9 10 Chosen Ciphertext Attacks The “Weakest Link” in Security ■ Ex.: attacker can present any ciphertext ■ Cryptography is rarely the weakest link desired to the cipher, and get the ■ Weaker links corresponding plaintext ■ Implementation of cipher ■ When is this realistic? ■ Distribution or protection of keys ■ Isn’t this the goal of cryptanalysis??? 11 12 Perfectly Secure Ciphers Computationally Secure Ciphers 1. Ciphertext does not reveal any information 1. The cost of breaking the cipher quickly exceeds about which plaintexts are more likely to have the value of the encrypted information produced it and/or ■ i.e., the cipher is robust against chosen ciphertext 2. The time required to break the cipher exceeds attacks the useful lifetime of the information and ■ Under the assumption there is not a faster / cheaper way to break the cipher, waiting to be 2. Plaintext does not reveal any information about discovered which ciphertexts are more likely to be produced ■ i.e, the cipher is robust against chosen plaintext attacks 13 14 Secret Keys vs. Secret Algorithms Secret Keys vs. Secret Algorithms ■ Security by obscurity ■ Commercial world ■ We can achieve better security if we keep the ■ Published algorithms secret ■ Hard to keep secret if used widely ■ Wide review, trust ■ Reverse engineering, social engineering ■ Military ■ Keep algorithms secret ■ Publish the algorithms ■ Avoid giving enemy good ideas ■ Security of the algorithms depends on the secrecy of the keys ■ Military has access to the public domain ■ Less unknown vulnerability if all the smart (good) knowledge anyway. people in the world are examine the algorithms 15 16 Caesar Cipher ■ Replace each letter with the one 3 letters later in the alphabet ■ ex.: plaintext CAT ! ciphertext FDW plaintext Some Early Ciphers alphabet A B C D E F G H I J K … ciphertext A B C D E F G H I J K … alphabet Trivial to break 17 18 “Captain Midnight Secret Decoder” Ring Mono-Alphabetic Ciphers ■ Replace each letter by one that is δ positions ■ Generalized substitution cipher: an arbitrary (but later, where is selectable (i.e., is the key) δ δ fixed) mapping of one letter to another ■ example: IBM ! HAL (for δ=25) 26 88 ■ 26! (≈ 4.0*10 ≈ 2 ) possibilities ■ Also trivial to break with modern computers (only ■ The key must specify which permutation; how 26 possibilities) many bits does that take? plaintext A B C D E F G H I J K … plaintext alphabet A B C D E F G H I J K … alphabet … … ciphertext A B C D E F G H I J K … alphabet ciphertext A B C D E F G H I J K … alphabet 19 20 Attacking Mono-Alphabetic Ciphers Attacking… (Cont’d) ■ If all words equally likely, probability of any one ■ Broken by statistical analysis of letter, word, and word would be quite low phrase frequencies of the language ■ how many words are there in the English language? ■ Frequency of single letters in English language, taken from a large corpus of text: ■ Actual frequencies of some words in English language: 21 22 (Tip: Counting Letter Frequencies) Vigenere Cipher ■ Program letter, written by TJ O’Connor ■ A set of mono-alphabetic substitution ■ Output for Declaration of Independence: rules (shift amounts) is used ■ the key determines what the sequence of rules is ■ also called a poly-alphabetic cipher ■ Ex.: key = (3 1 5) ■ i.e., substitute first letter in plaintext by letter+3, second letter by letter+1, third letter by letter+5 ■ then repeat this cycle for each 3 letters 23 24 Vigenere… (Cont’d) Hill Ciphers ■ Ex.: plaintext = “BANDBAD” ■ Encrypts m letters of plaintext at each step plaintext message ■ i.e., plaintext is processed in blocks of size m B A N D B A D ■ Encryption of plaintext p to produce ciphertext c is accomplished by: c = Kp shift amount ■ the m×m matrix K is the key 3 1 5 3 1 5 3 ■ K’s determinant must be relatively prime to ciphertext message size of alphabet (26 for our example) E B S G C F G ■ decryption is multiplication by inverse: p = K-1c Breaking the cipher: look for repeated patterns in the ■ remember: all arithmetic mod 26 ciphertext 25 26 Hill Cipher Example Hill… (Cont’d) 1 2 -1 21 2 ■ For m = 2, let K = , K = ■ Fairly strong for large m 3 5 3 25 ■ But, vulnerable to chosen plaintext attack A B X Y D G Plaintext p = ■ choose m plaintexts, generate 0 1 23 24 3 6 corresponding ciphertexts (21*15+2*13) mod 26 ■ form a m x m matrix X from the (1*0+2*1) mod 26 plaintexts, and (3*23+5*24) mod 26 m x m matrix Y from the ciphertexts 2 5 19 7 15 13 (details omitted) Ciphertext c = -1 C F T H P N ■ can solve directly for K (i.e., K = Y X ) 27 28 Permutation Ciphers Permutation… (Cont’d) ■ The previous codes are all based on ■ Permutation cipher ex. #1: substituting one symbol in the alphabet for ■ Permute each successive block of 5 letters in the another symbol in the alphabet message according to position offset <+1,+3,-2,0,-2> ■ Permutation cipher: permute (rearrange, plaintext message transpose) the letters in the message W H Y O W H Y C A N T I F L Y ■ the permutation can be fixed, or can change over the length of the message Y W W O H C H N A Y F T Y L I ciphertext message 29 30 Permutation… (Cont’d) Permutation… (Cont’d) ■Permutation cipher ex. #2: ■ A longer example: plaintext = ■ arrange plaintext in blocks of n columns and m rows “ATTACK POSTPONED UNTIL TWO AM” ■ then permute columns in a block according to a key K n = 4 Key: 4 3 1 2 5 7 6 plaintext A T T A C K P Key (perm. of columns) ! 4 3 1 2 O S T P O N E Plaintext 1 2 3 4 symbol D U N T I L T 5 6 7 8 m = 3 positions W O A M X Y Z 9 10 11 12 ciphertext ciphertext sequence (by plaintext position) for one block 3 7 11 4 8 12 2 6 10 1 5 9 TTNA APTM TSUO AODW COIX PETZ KNLY 31 32 A Perfectly Secure Cipher: One-Time Pads OTP… (Cont’d) ■ According to a theorem by Shannon, a ■ Idea perfectly secure cipher requires: ■ generate a random bit string (the key) as long as the ■ a key length at least as long as the plaintext, and share with the other communicating message to be encrypted party ■ encryption: XOR this key with plaintext to get ■ the key can only be used once (i.e., for ciphertext each message we need a new key) ■ decrypt: XOR same key with ciphertext to get plaintext plaintext ■ Very limited use due to need to negotiate plaintext ciphertext ⊕ ⊕ and distribute long, random keys for every message Key 33 34 OTP… (Cont’d) plaintext 01011001 01000101 01010011 ⊕ = key (pad) 00010111 00001010 01110011 = ⊕ Some “Key” Issues ciphertext 01001110 01001111 00100000 ■ Why can’t the key be reused? 35 36 Types of Cryptography Secret Key Cryptography ■ Number of keys ■ Hash functions: no key plaintext ciphertext plaintext ■ Secret key cryptography: one key encryption decryption ■ Public key cryptography: two keys - public, private key Same key key ■ The way in which the plaintext is processed ■ Same key is used for encryption and decryption ■ Stream cipher: encrypt input message one ■ Also known as symbol at a time ■ Symmetric cryptography ■ Block cipher: divide input message into blocks ■ Conventional cryptography of symbols, and processes the blocks in sequence
Recommended publications
  • Basic Cryptography

    Basic Cryptography

    Basic cryptography • How cryptography works... • Symmetric cryptography... • Public key cryptography... • Online Resources... • Printed Resources... I VP R 1 © Copyright 2002-2007 Haim Levkowitz How cryptography works • Plaintext • Ciphertext • Cryptographic algorithm • Key Decryption Key Algorithm Plaintext Ciphertext Encryption I VP R 2 © Copyright 2002-2007 Haim Levkowitz Simple cryptosystem ... ! ABCDEFGHIJKLMNOPQRSTUVWXYZ ! DEFGHIJKLMNOPQRSTUVWXYZABC • Caesar Cipher • Simple substitution cipher • ROT-13 • rotate by half the alphabet • A => N B => O I VP R 3 © Copyright 2002-2007 Haim Levkowitz Keys cryptosystems … • keys and keyspace ... • secret-key and public-key ... • key management ... • strength of key systems ... I VP R 4 © Copyright 2002-2007 Haim Levkowitz Keys and keyspace … • ROT: key is N • Brute force: 25 values of N • IDEA (international data encryption algorithm) in PGP: 2128 numeric keys • 1 billion keys / sec ==> >10,781,000,000,000,000,000,000 years I VP R 5 © Copyright 2002-2007 Haim Levkowitz Symmetric cryptography • DES • Triple DES, DESX, GDES, RDES • RC2, RC4, RC5 • IDEA Key • Blowfish Plaintext Encryption Ciphertext Decryption Plaintext Sender Recipient I VP R 6 © Copyright 2002-2007 Haim Levkowitz DES • Data Encryption Standard • US NIST (‘70s) • 56-bit key • Good then • Not enough now (cracked June 1997) • Discrete blocks of 64 bits • Often w/ CBC (cipherblock chaining) • Each blocks encr. depends on contents of previous => detect missing block I VP R 7 © Copyright 2002-2007 Haim Levkowitz Triple DES, DESX,
  • Truecrack Bruteforcing Per Volumi Truecrypt

    Truecrack Bruteforcing Per Volumi Truecrypt

    Luca Vaccaro http://code.google.com/p/truecrack/ [email protected] User development guide. TrueCrypt © . software application used for on-the-fly encryption (OTFE). TrueCrack . bruteforce password cracker for TrueCrypt © (Copyrigth) volume files, optimazed with Nvidia Cuda technology. This software is Based on TrueCrypt, freely available athttp://www.truecrypt.org/ Master key . Crypt the volume of data. Generated one time in the volume creation phase from random value. Write inside the header section of the volume file. Header key . Crypt the header section of the volume file. Generated from a user password and a random salt (64 bytes). The salt is write in plain text in the first 64 bytes of volume file. Hard disk encryption: . Standard block cipher: XTS . Hash availables: AES, Serpent, Twofish . Default: AES Key derivation function: . Standard algorithm: PBKDF2 . Hash availables: RIPEMD160, SHA-512, Whirpool . Default: RIPEMD160 Master Header Key Key Plain Cipher Volume data data + file header Opening a TrueCrypt volume means to retrieve the Master Key from the Header section In the Header there are some fields (true, crc32) for checking the success of the decipher operation . If the password is right or wrong Header key User password salt Volume Master file key CUDA or Compute Unified Device Architecture is a parallel computing architecture developed by Nvidia. CUDA gives developers access to the virtual instruction set and memory of the parallel computational elements in CUDA GPUs. Each GPU is a collection of multicores. Each core can run mmore cuda «block», and each block can run a numbers of parallel «thread» 1. Level of parallilism : block 2.
  • Analysis of Password Cracking Methods & Applications

    Analysis of Password Cracking Methods & Applications

    The University of Akron IdeaExchange@UAkron The Dr. Gary B. and Pamela S. Williams Honors Honors Research Projects College Spring 2015 Analysis of Password Cracking Methods & Applications John A. Chester The University Of Akron, [email protected] Please take a moment to share how this work helps you through this survey. Your feedback will be important as we plan further development of our repository. Follow this and additional works at: http://ideaexchange.uakron.edu/honors_research_projects Part of the Information Security Commons Recommended Citation Chester, John A., "Analysis of Password Cracking Methods & Applications" (2015). Honors Research Projects. 7. http://ideaexchange.uakron.edu/honors_research_projects/7 This Honors Research Project is brought to you for free and open access by The Dr. Gary B. and Pamela S. Williams Honors College at IdeaExchange@UAkron, the institutional repository of The nivU ersity of Akron in Akron, Ohio, USA. It has been accepted for inclusion in Honors Research Projects by an authorized administrator of IdeaExchange@UAkron. For more information, please contact [email protected], [email protected]. Analysis of Password Cracking Methods & Applications John A. Chester The University of Akron Abstract -- This project examines the nature of password cracking and modern applications. Several applications for different platforms are studied. Different methods of cracking are explained, including dictionary attack, brute force, and rainbow tables. Password cracking across different mediums is examined. Hashing and how it affects password cracking is discussed. An implementation of two hash-based password cracking algorithms is developed, along with experimental results of their efficiency. I. Introduction Password cracking is the process of either guessing or recovering a password from stored locations or from a data transmission system [1].
  • Password Cracking Using Cain & Abel

    Password Cracking Using Cain & Abel

    Password Cracking Using Cain & Abel Learning Objectives: This exercise demonstrates how password could be cracked through ​ various methods, specifically regarding MD5 encrypted passwords. Summary: You will use Cain & Abel for this exercise. ​ Deliverables: Submit a lab report by answering the review questions. In some review ​ questions, you may provide screen captures. Dictionary attack Dictionary attack uses a predetermined list of words from a dictionary to generate possible passwords that may match the MD5 encrypted password. This is one of the easiest and quickest way to obtain any given password. 1. Start Cain & Abel via the Desktop Shortcut ‘Cain’ or Start menu. ​ ​ ​ ​ ​ ​ a. (Start > Programs > Cain > Cain). 2. Choose ‘Yes’ to proceed when a ‘User Account Control’ notification pops up regarding ​ ​ software authorization. 3. Once on, select the ‘Cracker’ tab with the key symbol, then click on MD5 Hashes. The ​ ​ ​ result should look like the image below. 1 Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 4. As you might have noticed we don’t have any passwords to crack, thus for the next few steps we will create our own MD5 encrypted passwords. First, locate the Hash Calculator among a row of icons near the top. Open it. 5. Next, type into ‘Text to Hash’ the word password. It will generate a list of hashes ​ ​ ​ pertaining to different types of hash algorithms. We will be focusing on MD5 hash so ​ copy it. Then exit calculator by clicking ‘Cancel’ (Fun Fact: Hashes are case sensitive so ​ any slight changes to the text will change the hashes generated, try changing a letter or two and you will see.
  • Block Ciphers and the Data Encryption Standard

    Block Ciphers and the Data Encryption Standard

    Lecture 3: Block Ciphers and the Data Encryption Standard Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) January 26, 2021 3:43pm ©2021 Avinash Kak, Purdue University Goals: To introduce the notion of a block cipher in the modern context. To talk about the infeasibility of ideal block ciphers To introduce the notion of the Feistel Cipher Structure To go over DES, the Data Encryption Standard To illustrate important DES steps with Python and Perl code CONTENTS Section Title Page 3.1 Ideal Block Cipher 3 3.1.1 Size of the Encryption Key for the Ideal Block Cipher 6 3.2 The Feistel Structure for Block Ciphers 7 3.2.1 Mathematical Description of Each Round in the 10 Feistel Structure 3.2.2 Decryption in Ciphers Based on the Feistel Structure 12 3.3 DES: The Data Encryption Standard 16 3.3.1 One Round of Processing in DES 18 3.3.2 The S-Box for the Substitution Step in Each Round 22 3.3.3 The Substitution Tables 26 3.3.4 The P-Box Permutation in the Feistel Function 33 3.3.5 The DES Key Schedule: Generating the Round Keys 35 3.3.6 Initial Permutation of the Encryption Key 38 3.3.7 Contraction-Permutation that Generates the 48-Bit 42 Round Key from the 56-Bit Key 3.4 What Makes DES a Strong Cipher (to the 46 Extent It is a Strong Cipher) 3.5 Homework Problems 48 2 Computer and Network Security by Avi Kak Lecture 3 Back to TOC 3.1 IDEAL BLOCK CIPHER In a modern block cipher (but still using a classical encryption method), we replace a block of N bits from the plaintext with a block of N bits from the ciphertext.
  • User Authentication and Cryptographic Primitives

    User Authentication and Cryptographic Primitives

    User Authentication and Cryptographic Primitives Brad Karp UCL Computer Science CS GZ03 / M030 16th November 2016 Outline • Authenticating users – Local users: hashed passwords – Remote users: s/key – Unexpected covert channel: the Tenex password- guessing attack • Symmetric-key-cryptography • Public-key cryptography usage model • RSA algorithm for public-key cryptography – Number theory background – Algorithm definition 2 Dictionary Attack on Hashed Password Databases • Suppose hacker obtains copy of password file (until recently, world-readable on UNIX) • Compute H(x) for 50K common words • String compare resulting hashed words against passwords in file • Learn all users’ passwords that are common English words after only 50K computations of H(x)! • Same hashed dictionary works on all password files in world! 3 Salted Password Hashes • Generate a random string of bytes, r • For user password x, store [H(r,x), r] in password file • Result: same password produces different result on every machine – So must see password file before can hash dictionary – …and single hashed dictionary won’t work for multiple hosts • Modern UNIX: password hashes salted; hashed password database readable only by root 4 Salted Password Hashes • Generate a random string of bytes, r Dictionary• For user password attack still x, store possible [H(r,x after), r] in attacker seespassword password file file! Users• Result: should same pick password passwords produces that different aren’t result close to ondictionary every machine words. – So must see password file
  • 1 Perfect Secrecy of the One-Time Pad

    1 Perfect Secrecy of the One-Time Pad

    1 Perfect secrecy of the one-time pad In this section, we make more a more precise analysis of the security of the one-time pad. First, we need to define conditional probability. Let’s consider an example. We know that if it rains Saturday, then there is a reasonable chance that it will rain on Sunday. To make this more precise, we want to compute the probability that it rains on Sunday, given that it rains on Saturday. So we restrict our attention to only those situations where it rains on Saturday and count how often this happens over several years. Then we count how often it rains on both Saturday and Sunday. The ratio gives an estimate of the desired probability. If we call A the event that it rains on Saturday and B the event that it rains on Sunday, then the intersection A ∩ B is when it rains on both days. The conditional probability of A given B is defined to be P (A ∩ B) P (B | A)= , P (A) where P (A) denotes the probability of the event A. This formula can be used to define the conditional probability of one event given another for any two events A and B that have probabilities (we implicitly assume throughout this discussion that any probability that occurs in a denominator has nonzero probability). Events A and B are independent if P (A ∩ B)= P (A) P (B). For example, if Alice flips a fair coin, let A be the event that the coin ends up Heads. If Bob rolls a fair six-sided die, let B be the event that he rolls a 3.
  • Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA

    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA

    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA John Kelsey Bruce Schneier David Wagner Counterpane Systems U.C. Berkeley kelsey,schneier @counterpane.com [email protected] f g Abstract. We present new related-key attacks on the block ciphers 3- WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differen- tial related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks. 1 Introduction Related-key cryptanalysis assumes that the attacker learns the encryption of certain plaintexts not only under the original (unknown) key K, but also under some derived keys K0 = f(K). In a chosen-related-key attack, the attacker specifies how the key is to be changed; known-related-key attacks are those where the key difference is known, but cannot be chosen by the attacker. We emphasize that the attacker knows or chooses the relationship between keys, not the actual key values. These techniques have been developed in [Knu93b, Bih94, KSW96]. Related-key cryptanalysis is a practical attack on key-exchange protocols that do not guarantee key-integrity|an attacker may be able to flip bits in the key without knowing the key|and key-update protocols that update keys using a known function: e.g., K, K + 1, K + 2, etc. Related-key attacks were also used against rotor machines: operators sometimes set rotors incorrectly.
  • Chapter 2 the Data Encryption Standard (DES)

    Chapter 2 the Data Encryption Standard (DES)

    Chapter 2 The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmet- ric or secret key cryptography and asymmetric or public key cryptography. Symmet- ric key cryptography is the oldest type whereas asymmetric cryptography is only being used publicly since the late 1970’s1. Asymmetric cryptography was a major milestone in the search for a perfect encryption scheme. Secret key cryptography goes back to at least Egyptian times and is of concern here. It involves the use of only one key which is used for both encryption and decryption (hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for security purposes that the secret key never be revealed. Secret Key (K) Secret Key (K) ? ? - - - - Plaintext (P ) E{P,K} Ciphertext (C) D{C,K} Plaintext (P ) Figure 2.1: Secret key encryption. To accomplish encryption, most secret key algorithms use two main techniques known as substitution and permutation. Substitution is simply a mapping of one value to another whereas permutation is a reordering of the bit positions for each of the inputs. These techniques are used a number of times in iterations called rounds. Generally, the more rounds there are, the more secure the algorithm. A non-linearity is also introduced into the encryption so that decryption will be computationally infeasible2 without the secret key. This is achieved with the use of S-boxes which are basically non-linear substitution tables where either the output is smaller than the input or vice versa. 1It is claimed by some that government agencies knew about asymmetric cryptography before this.
  • Passwords CS 166: Information Security Authentication: Passwords

    Passwords CS 166: Information Security Authentication: Passwords

    Passwords CS 166: Information Security Authentication: Passwords Prof. Tom Austin San José State University Access Control • Authentication: Are you who you say you are? – Determine whether access is allowed – human to machine, or machine to machine • Authorization: Are you allowed to do that? – Once you have access, what can you do? – Enforces limits on actions Chapter 7: Authentication Guard: Halt! Who goes there? Arthur: It is I, Arthur, son of Uther Pendragon, from the castle of Camelot. King of the Britons, defeater of the Saxons, sovereign of all England! ¾ Monty Python and the Holy Grail Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan: and there fell at that time of the Ephraimites forty and two thousand. ¾ Judges 12:6 Authentication: Are You Who You Say You Are? • How to authenticate human a machine? • Can be based on… –Something you know • e.g. password –Something you have • e.g. smartcard –Something you are • e.g. fingerprint Something You Know • Passwords • Lots of things act as passwords! –PIN –Social security number –Mother’s maiden name –Date of birth –Name of your pet, etc. Why Passwords? • Why is “something you know” more popular than “something you have” and “something you are”? • Cost: passwords are free • Convenience: easier for admin to reset pwd than to issue a new thumb Authenticating with Passwords I am Thor Prove it My password is Mjölnir Authenticating with Passwords I am Thor Prove it My
  • Chap 2. Basic Encryption and Decryption

    Chap 2. Basic Encryption and Decryption

    Chap 2. Basic Encryption and Decryption H. Lee Kwang Department of Electrical Engineering & Computer Science, KAIST Objectives • Concepts of encryption • Cryptanalysis: how encryption systems are “broken” 2.1 Terminology and Background • Notations – S: sender – R: receiver – T: transmission medium – O: outsider, interceptor, intruder, attacker, or, adversary • S wants to send a message to R – S entrusts the message to T who will deliver it to R – Possible actions of O • block(interrupt), intercept, modify, fabricate • Chapter 1 2.1.1 Terminology • Encryption and Decryption – encryption: a process of encoding a message so that its meaning is not obvious – decryption: the reverse process • encode(encipher) vs. decode(decipher) – encoding: the process of translating entire words or phrases to other words or phrases – enciphering: translating letters or symbols individually – encryption: the group term that covers both encoding and enciphering 2.1.1 Terminology • Plaintext vs. Ciphertext – P(plaintext): the original form of a message – C(ciphertext): the encrypted form • Basic operations – plaintext to ciphertext: encryption: C = E(P) – ciphertext to plaintext: decryption: P = D(C) – requirement: P = D(E(P)) 2.1.1 Terminology • Encryption with key If the encryption algorithm should fall into the interceptor’s – encryption key: KE – decryption key: K hands, future messages can still D be kept secret because the – C = E(K , P) E interceptor will not know the – P = D(KD, E(KE, P)) key value • Keyless Cipher – a cipher that does not require the
  • Block Cipher and Data Encryption Standard (DES)

    Block Cipher and Data Encryption Standard (DES)

    Block Cipher and Data Encryption Standard (DES) 2021.03.09 Presented by: Mikail Mohammed Salim Professor 박종혁 Cryptography and Information Security 1 Block Cipher and Data Encryption Standard (DES) Contents • What is Block Cipher? • Padding in Block Cipher • Ideal Block Cipher • What is DES? • DES- Key Discarding Process • Des- 16 rounds of Encryption • How secure is DES? 2 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • An encryption technique that applies an algorithm with parameters to encrypt blocks of text. • Each plaintext block has an equal length of ciphertext block. • Each output block is the same size as the input block, the block being transformed by the key. • Block size range from 64 -128 bits and process the plaintext in blocks of 64 or 128 bits. • Several bits of information is encrypted with each block. Longer messages are encoded by invoking the cipher repeatedly. 3 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • Each message (p) grouped in blocks is encrypted (enc) using a key (k) into a Ciphertext (c). Therefore, 푐 = 푒푛푐푘(푝) • The recipient requires the same k to decrypt (dec) the p. Therefore, 푝 = 푑푒푐푘(푐) 4 Block Cipher and Data Encryption Standard (DES) Padding in Block Cipher • Block ciphers process blocks of fixed sizes, such as 64 or 128 bits. The length of plaintexts is mostly not a multiple of the block size. • A 150-bit plaintext provides two blocks of 64 bits each with third block of remaining 22 bits. • The last block of bits needs to be padded up with redundant information so that the length of the final block equal to block size of the scheme.