Transcript of CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos...
- Slide 1
- CS457 Introduction to Information Systems Security Cryptography
1b Elias Athanasopoulos elathan@ics.forth.gr
- Slide 2
- Cryptography Elements SSymmetric Encryption -B-Block Ciphers
-S-Stream Ciphers AAsymmetric Encryption CCryptographic Hash
Functions AApplications CS-457Elias Athanasopoulos2
- Slide 3
- CS-457Elias Athanasopoulos3
- Slide 4
- The need for randomness Key distribution Replay attacks
(nonces) Session key generation Generation of keys for the RSA
public-key encryption algorithm Stream ciphers CS-457Elias
Athanasopoulos4
- Slide 5
- Randomness Uniform distribution - The distribution of bits in
the sequence should be uniform; that is, the frequency of
occurrence of ones and zeros should be approximately equal.
Independence - No one subsequence in the sequence can be inferred
from the others. Security requirement - Unpredictability
CS-457Elias Athanasopoulos5
- Slide 6
- Random Generator Types True Random Number Generators (TRNGs)
Pseudo-random Number Generators (PRNGs) Pseudo-random Functions
(PRFs) CS-457Elias Athanasopoulos6
- Slide 7
- CS-457Elias Athanasopoulos7
- Slide 8
- TRNGs CS-457Elias Athanasopoulos8
- Slide 9
- PRNGs r = f(seed); CS-457Elias Athanasopoulos9
- Slide 10
- Requirements Uniformity - Occurrence of a zero or one is
equally likely. The expected number of zeros (or ones) is n/2,
where n = the sequence length Scalability - Any test applicable to
a sequence can also be applied to subsequences extracted at random.
If a sequence is random, then any such extracted subsequence should
also be random Consistency - The behavior of a generator must be
consistent across starting values (seeds) CS-457Elias
Athanasopoulos10
- Slide 11
- Tests Frequency test - Determine whether the number of ones and
zeros in a sequence is approximately the same as would be expected
for a truly random sequence Runs test - Determine whether the
number of runs of ones and zeros of various lengths is as expected
for a random sequence Maurers universal statistical test - Detect
whether or not the sequence can be significantly compressed without
loss of information. A significantly compressible sequence is
considered to be non-random CS-457Elias Athanasopoulos11
- Slide 12
- Unpredictability Forward unpredictability - If the seed is
unknown, the next output bit in the sequence should be
unpredictable in spite of any knowledge of previous bits in the
sequence Backward unpredictability - It should also not be feasible
to determine the seed from knowledge of any generated values. No
correlation between a seed and any value generated from that seed
should be evident; each element of the sequence should appear to be
the outcome of an independent random event whose probability is 1/2
CS-457Elias Athanasopoulos12
- Slide 13
- Seed CS-457Elias Athanasopoulos13
- Slide 14
- Cryptographic PRNGs Purpose-built algorithms - Designed
specifically and solely for the purpose of generating pseudorandom
bit streams. Algorithms based on existing cryptographic algorithms
- Cryptographic algorithms have the effect of randomizing input.
Indeed, this is a requirement of such algorithms. Three broad
categories of cryptographic algorithms are commonly used to create
PRNGs: Symmetric block ciphers - Stream ciphers Asymmetric ciphers
- RSA, compute primes Hash functions and message authentication
codes CS-457Elias Athanasopoulos14
- Slide 15
- Example X n+1 = (aX n + c) mod m Selection of a, c, and m, is
very critical: a=7, c=0, m=32 {7, 17, 23, 1, 7, etc.} a=5 - {5, 25,
29, 17, 21, 9, 13, 1, 5, etc.} In theory m should be very large
(2^31) CS-457Elias Athanasopoulos15 1 can be factored in a unique
way as: CS-457Elias Athanasopoulos22">
- More maths Any integer a > 1 can be factored in a unique way
as: CS-457Elias Athanasopoulos22
- Slide 23
- CS-457Elias Athanasopoulos23
- Slide 24
- Public-Key Cryptography CS-457Elias Athanasopoulos24
- Slide 25
- Properties 2 keys - Public Key (no secrecy) - Private Key (if
stolen everything is lost) Easy algorithm, but hard to reverse - Y
= f(X), easy - X = f -1 (X), computationally hard - Computationally
hard means solvable in non- polynomial time CS-457Elias
Athanasopoulos25
- Slide 26
- RSA Plaintext = M, cipher = C C = M e mod n M = C d mod n = (M
e mod n) d = M ed mod n Public Key = {e, n} Private Key = {d, n}
CS-457Elias Athanasopoulos26
- Slide 27
- Eulers totient function Written (n), and defined as the number
of positive integers less than n and relatively prime to n. By
convention, (1) = 1. CS-457Elias Athanasopoulos27
- Slide 28
- CS-457Elias Athanasopoulos28 Just believe me that this holds!
(i.e., (pq) =(p) (q))
- Slide 29
- Eulers theorem , n, relative prime - the only positive integer
that evenly divides both of them is 1 CS-457Elias
Athanasopoulos29
- Slide 30
- RSA Steps p, q, two prime numbers - Private n = pq - n can be
public, but recall that it is hard to infer p and q by just knowing
n e is relative prime to (n) - Public - Recall (n) = (p-1)(q-1) d
from e, and (n) - Private CS-457Elias Athanasopoulos30
- Slide 31
- RSA example 1. Select p = 17 and q = 11 2. Then, n = pq = 1711
= 187. 3. (n) = (p-1)(q-1) = 1610 = 160. 4. Select e relatively
prime to (n) = 160 and less than (n); e = 7. 5. Determine d - de =
1 (mod 160) and d < 160, - The correct value is d = 23, because
23 7 = 161 = (1 160) + 1; CS-457Elias Athanasopoulos31
- Slide 32
- Computational Aspects RSA builds on exponents Intensive
operation Side channels CS-457Elias Athanasopoulos32
- Slide 33
- CS-457Elias Athanasopoulos33
- Slide 34
- How it works? CS-457Elias Athanasopoulos34
- Slide 35
- Integrity and Message Authentication Integrity - (e.g.,
download a file) - Message digest Message Authentication Code (MAC)
- Used between two parties that share a secret key to authenticate
information exchanged between those parties - Input is a secret key
and a data block and the product is their hash value, referred to
as the MAC - An attacker who alters the message will be unable to
alter the MAC value without knowledge of the secret key CS-457Elias
Athanasopoulos35
- Slide 36
- Digital Signatures The hash value of a message is encrypted
with a users private key. Anyone who knows the users public key can
verify the integrity of the message that is associated with the
digital signature. CS-457Elias Athanasopoulos36
- Slide 37
- Simple Hash Functions CS-457Elias Athanasopoulos37
- Slide 38
- Essentially based on compression CS-457Elias
Athanasopoulos38
- Slide 39
- Requirements CS-457Elias Athanasopoulos39
- Slide 40
- Applications for Hash Functions CS-457Elias Athanasopoulos40
Passwords - Never stored in plain - Server stores only the hash
value - Salt (same plain goes to different hash) Cracking - GPUs -
Dictionary attacks