CSCE 477/877: Cryptography and Computer Security Dr. Chris Bourke Department of Computer Science & Engineering University of Nebraska|Lincoln Lincoln, NE 68588, USA http://cse.unl.edu/~cbourke [email protected] 2015/02/10 11:14:38 Contents 1. Introduction5 1.1. Administrivia.................................5 1.2. What is Security?...............................5 1.3. Alphabet Soup................................6 I. Classical Ciphers & Cryptanalysis8 2. Classical Ciphers8 2.1. Basic Definitions...............................8 2.2. Basic Algebra.................................9 2.2.1. Algebraic Structures......................... 10 2.2.2. Finding Inverses: Euclid's Algorithm................ 13 2.3. Substitution Cipher.............................. 15 2.4. Affine Cipher................................. 15 2.5. Permutation Cipher.............................. 16 2.6. Hill Cipher................................... 16 2.6.1. Computing matrix inverses over Zm ................. 17 2.7. Others..................................... 19 2.8. Cryptanalysis................................. 19 2.8.1. Frequency Analysis.......................... 20 2.8.2. Incidence of Coincidence....................... 20 1 2.9. \Perfect" Cryptography & The One-time Pad............... 22 2.9.1. A discussion on Randomness..................... 24 2.10. Entropy & English.............................. 25 2.11. Summary, Discussion............................. 27 II. Modern Block Ciphers 28 3. Substitution-Permutation Networks 28 4. DES 32 5. AES 35 5.0.1. Overall Description (128 bit version)................ 36 5.0.2. Add Round Key............................ 37 5.0.3. Algebra................................ 37 5.0.4. Mix Columns............................. 37 5.0.5. Key Schedule............................. 40 5.0.6. Conclusion............................... 40 5.1. Modes of Operation.............................. 41 5.1.1. Galois Counter Mode......................... 44 III. Hash Functions 45 6. Basics 45 6.1. Types of Attacks............................... 46 6.2. Resources................................... 49 7. MD4 & MD5 50 8. SHA1 50 8.1. Merkle-Damg˚ardConstructions....................... 50 9. SHA-2 54 9.1. SHA-512.................................... 54 10.SHA3: Keccek 62 10.0.1. Sponge Function........................... 62 10.0.2. Operation............................... 64 11.Message Authentication Codes 68 12.Authentication & Password Management 69 12.1. Doing it Right................................. 70 2 12.2. Centralized Authentication Services & Protocols.............. 71 12.2.1. Breaking Passwords.......................... 73 IV. Public Key Cryptography 74 13.RSA 74 13.1. The System.................................. 74 13.1.1. Necessary Tools............................ 75 13.1.2. Repeated Squaring/Fast Binary Exponentiation.......... 75 13.1.3. Small example............................. 77 13.2. Foundations.................................. 78 13.2.1. Fermat's Little Theorem....................... 79 13.2.2. Euler's Theorem........................... 81 13.3. Primality Testing............................... 81 13.3.1. Fermat's Test............................. 82 13.3.2. Solovay-Strassen........................... 83 13.3.3. Miller-Rabin.............................. 85 13.3.4. Lucas-Lehmer............................. 88 13.3.5. Baillie-PSW.............................. 88 13.3.6. AKS.................................. 89 13.4. Factoring Attacks............................... 90 13.4.1. Trial Division & Sieve of Eratosthenes............... 91 13.4.2. Fermat's Factorization (and strong primes)............. 91 13.4.3. Pollard p − 1............................. 92 13.4.4. Pollard-Rho.............................. 95 13.4.5. Dixon's Method............................ 96 13.4.6. Quadratic Sieve............................ 99 13.4.7. Number Field Sieve.......................... 100 13.4.8. Elliptic Curve Factorization..................... 100 13.4.9. Shor's Algorithm: Quantum Factorization............. 100 13.5. Non-Factoring Attacks............................ 101 13.5.1. Exposing φ(n)............................. 101 13.5.2. Exposing The Decryption Exponent................. 101 13.5.3. Wiener's small a (decryption) attack................ 102 13.5.4. Chosen Ciphertext Attack...................... 102 13.5.5. Common Modulus Attack...................... 103 13.5.6. Hastad/Coppersmith Attack..................... 104 13.6. RSA In Practice................................ 104 13.6.1. Size of Modulus............................ 104 13.6.2. Choice of Exponent.......................... 105 13.6.3. Padding................................ 105 13.6.4. Chinese Remainder Theorem Speed Up............... 110 13.6.5. Misc.................................. 112 3 14.Discrete Logarithm 112 14.1. Problem.................................... 112 14.1.1. Preliminaries............................. 112 14.1.2. Definition............................... 114 14.1.3. Examples............................... 114 14.2. ElGamal System............................... 115 14.2.1. Examples............................... 116 14.3. Algorithms................................... 117 15.Elliptic Curve Cryptography 118 15.1. Elliptic Curves................................ 119 15.1.1. Elliptic Curves Over Zp ....................... 120 15.2. Example.................................... 121 15.3. Example Encryption System......................... 123 15.4. Additional Resources............................. 124 15.5. Curves in Practice.............................. 125 15.6. Curve25519.................................. 125 16.Diffie-Helman Key Exchange 125 17.Digital Signatures 126 V. Real-world Systems and Protocols 127 18.Transport Layer Security 127 18.1. OSI & TCP/IP Models............................ 127 18.2. TLS Handshake................................ 131 18.3. TLS algorithm suite............................. 133 18.4. TLS Versions & Problems.......................... 134 18.5. Other Issues.................................. 135 VI. Misc 136 19.Other Standards 136 20.Other Topics 136 21.Resources 137 21.1. Java Resources................................ 138 References 138 4 1. Introduction 1.1. Administrivia • Introduction • Roll • Blackboard resources • Syllabus and policies • Text books • Homework now available (due dates: TBD based on pace) • Project • Coursera: highly encouraged • What this course is: an introduction (Classical, modern ciphers, PK, hashes, etc.) • What this course is not: not a review of network protocols, not a pen testing, etc. • Mixture of theory and practice: neither in depth; both in breadth 1.2. What is Security? \A secure channel over which a message can be transmitted such that no one can eaves- drop" • Security involves storage, not just communication • A secure channel is not enough: what about the two end points? • Also need a mechanism for identification/authentication/non-repudiation \A system is secure if no untrusted party can gain access to information" • Edward Snowden \Security is ensuring that secrets are not revealed" • A locked box may not reveal any secrets, but it does reveal that secrets exist • A bank likely has money in it • Existence of communication indicates existence of entities communicating • Secure communication reveals a lot (you have a mole, existence of a spy etc.); honeypots \Security is a `solved' problem" • Data breaches and not going down • Potential loss and cost of breaches going up • Stakes will only increase • Most breaches are due to poor implementation, human error 5 • Not a solved problem Things to remember: • No such thing as perfect security • Security is a continuous process of escalation • Risk can only be mitigated, not eliminated • Catching the \bad" guy is not winning: if they got in, you already failed Security is a balance: • Convenience (if cost of usage is too high, users undermine it) • Efficiency • Provable vs. Probable security (theorists vs. pragmatists) The Big 4 and other Important Principles • Privacy and confidentiality • Integrity • Authentication • Non-repudiation • Communication scenarios and attack vectors • Kerckhoff's Principle: \A cryptographic system should be secure even if everything about the system, except the key, is public knowledge." • Obscurity is not security • Don't roll your own: in any real applications: { Don't implement your own adaptations of cryptographic algorithms { Don't invent your own algorithms or protocols { Don't mix cryptographic primitives into your own protocol { DO: rely on public and academic vetting of algorithms and protocols { DO: rely on well-established and tested libraries (some are even FIPS/NIST certified) { DO: have fun (roll your own for hobby/interest/this course) Course cavets: • I'm not a security expert or researcher • Lack of \current" resources; huge discipline, lots of RFCs, etc. • Suggestion: take Coursera's Security Specialization (free): https://www.coursera.org/specialization/cybersecurity/7/courses 1.3. Alphabet Soup DSA { Digital Signature Algorithm 6 ECDHE { Elliptic Curve Diffie-Hellman Ephemeral ECDSA { Elliptic Curve Digital Signature Algorithm FIPS { Federal Information Processing Standards ISO { International Organization for Standardization NIST { National Institute of Standards and Technology NSA { National Security Administration 7 Oscar Alice x eK (x) y Unsecure Channel Bob dK (y) x K Secure Channel Figure 1: Secure Communication Scenario Part I. Classical Ciphers & Cryptanalysis 2. Classical Ciphers 2.1. Basic Definitions Communication Scenario