An Introduc+on to Applied Cryptography › ~chester › courses › 17e_ac › slides › 01... ·...
Transcript of An Introduc+on to Applied Cryptography › ~chester › courses › 17e_ac › slides › 01... ·...
CR
AnIntroduc+ontoAppliedCryptography
ChesterRebeiroIITMadras
CR
ConnectedandStoredEverythingisconnected!
2
Everythingisstored!
CR
IncreasedSecurityBreaches
81%morein2015
h9p://www.pwc.co.uk/assets/pdf/2015-isbs-execuGve-summary-02.pdf
3
CR
SecurityThreats(whydifficulttoprevent?)
A9ackersneedtotargettheweakestlinkinthechain
Networks/CommunicaGonlinks
Hardware
Peripherals
SystemSoPware(OperaGngSystems/Hypervisor)
ApplicaGons
4
CR
SecurityStudies(Research)Networks/CommunicaGonlinks
Hardware
Peripherals
SystemSoPware(OperaGngSystems/Hypervisor)
ApplicaGons
NetworkSecurity
HardwareSecurity
SystemSecurity
OSSecurity
CloudSecurityWebSecurity
DBMSSecurity
EmbeddedSecurity
Cryptography
5
CR
Cryptography
• Acrucialcomponentinallsecuritysystems• Fundamentalcomponenttoachieve
– Confiden+ality
Allowsonlyauthorizedusersaccesstodata
6
CR
Cryptography(itsuse)
• Acrucialcomponentinallsecuritysystems• Fundamentalcomponenttoachieve
– ConfidenGality– DataIntegrity
CryptographycanbeusedtoensurethatonlyauthorizeduserscanmakemodificaGons(forinstancetoabankaccountnumber)
7
CR
Cryptography(itsuse)
• Acrucialcomponentinallsecuritysystems• Fundamentalcomponenttoachieve
– ConfidenGality– DataIntegrity– Authen+ca+on
CryptographyhelpsproveidenGGes
8
CR
Cryptography(itsuse)
• Acrucialcomponentinallsecuritysystems• Fundamentalcomponenttoachieve
– ConfidenGality– DataIntegrity– AuthenGcaGon– Non-repudia+on
Thesenderofamessagecannotclaimthatshedidnotsendit
Ididnotsendthat
9
CR
SchemeforConfiden+ality
Alice Bob
messageA9ackatDawn!!
untrustedcommunicaGonlink
MalloryProblem:AlicewantstosendamessagetoBob(andonlytoBob)throughanuntrustedcommunicaGonlink
10
CR
Encryp+on
Alice Bob
message“A9ackatDawn!!”
untrustedcommunicaGonlink
MallorySecrets• OnlyAliceknowstheencrypGonkeyKE• OnlyBobknowsthedecrypGonkeyKD
E D
KE KD
“A9ackatDawn!!”encrypGon decrypGon
#%AR3Xf34^$(ciphertext)
Onlyseesciphertext.cannotgettheplaintextmessagebecauseshedoesnotknowthekeys
11
CR
Encryp+onAlgorithms
Alice BobuntrustedcommunicaGonlinkE D
KE KD
“A9ackatDawn!!”encrypGon decrypGon
#%AR3Xf34($(ciphertext)
• ShouldbeeasytocomputeforAlice/Bob(whoknowthekey)• ShouldbedifficulttocomputeforMallory(whodoesnotknowthekey)• Whatis‘difficult’?
• Idealcase:ProvethattheprobabilityofMallorydeterminingtheencrypGon/decrypGonkeyisnobe&erthanarandomguess
• Computa+onally:ShowthatitisdifficultforMallorytodeterminethekeysevenifshehasmassivecomputaGonalpower
12
CR
Ciphers• SymmetricAlgorithms
– EncrypGonandDecrypGonusethesamekey– i.e.KE=KD– Examples:
• BlockCiphers:DES,AES,PRESENT,etc.• StreamCiphers:A5,Grain,etc.
• AsymmetricAlgorithms– EncrypGonandDecrypGonkeysaredifferent– KE≠KD– Examples:
• RSA• ECC
13
E D
CR
Encryp+onKeys
• Howarekeysmanaged– HowdoesAlice&Bobselectthekeys?– Needalgorithmsforkeyexchange
14
Alice BobuntrustedcommunicaGonlinkE D
KE KD
“A9ackatDawn!!”encrypGon decrypGon
#%AR3Xf34($(ciphertext)
CR
AlgorithmicARacks
• CanMalloryusetrickstobreakthealgorithm
• Therebyreducingthe‘difficulty’ofgemngthekey.
15
E
CR
CipherImplementa+ons
Cryptographyisalwaysanoverhead!!• Forsecurity,thealgorithmsneedtobecomputaGon
intensive.• OPenrequirelargenumbers,complexmathemaGcaloperaGons.
• DesignChallenges:Performance,Size,Power.• Algorithmstoachievethis
16
E
CR
Implementa+onARacks(SideChannelAnalysis)
Alice Bob
message“A9ackatDawn!!”
untrustedcommunicaGonlink
MallorySideChannelsEg.Powerconsump+on/radia+onofdevice,execu+on+me,etc.
E D
KE KD
“A9ackatDawn!!”encrypGon decrypGon
#%AR3Xf34($(ciphertext)
GetsinformaGonaboutthekeysbymonitoringSidechannelsofthedevice
sidechannels
17
CR
SideChannelAnalysis
18
Radia+onfromDevice
0 1 1 1Secretinforma+on 0 1
Alice
message“A9ackatDawn!!”
E
00111
encrypGon
CR
CiphersDesignChallenges
Wewantcryptoalgorithmstobefastandsmall
Forsecurity,thealgorithmsarecomputaGonallyintensive.Typicallyuselargenumbers,complexoperaGons
Needtoprotectagainstsidechannela9acks.
TradeoffsbetweenSecurity,Speed,Side-ChannelARacks
CR
CryptographyStudy
• MathemaGcs+EngineeringMathemaGcs ElectricalEngg.
ComputerSc.
cryptography
20
Physics
CR
SomeHotResearchTrends
21
lightweightcryptographypost-quantumcryptography
Leakageresilientcryptographysidechannelanalysis
efficientimplementaGons
cryptanalysis
cloudsecurityhomomorphicencrypGon
privacyenhancingsecurity
CR
ThePlanAhead• Howareciphersdesigned?
– IdealsecurityvsComputaGonalsecurity– Blockciphers/Streamciphers – AsymmetricKeyciphers– TradeoffsbetweensecurityandimplementaGon
• ARacks– Algorithmic/ImplementaGonbasedA9acks
• Applica+ons– HowaretheyusedtoachieveconfidenGality,integrity,authenGcaGon,
non-repudiaGon
• CaseStudies– KeyEstablishments,DigitalSignatures,Bitcoins
22
CR
CourseStructure• ClassicalCryptography• Shannon’sTheory• BlockCiphers
– DES,AES,theirimplementaGonsandtheira9acks• StreamCiphers• DigitalSignaturesandAuthenGcaGon
– HashfuncGons• Publickeyciphers
– RSA,implementaGons,anda9acks– ECC
• Sidechannelanalysis• CaseStudies:Bitcoins
23
CR
ExpectedLearningOutcomes
24
• Whatyouwouldlearnbytheendofthecourse?§ DisGnguishbetweencipheralgorithms
- Wheretousewhatalgorithm?
§ EvaluateciphersandtheirimplementaGonsforsecurity- MathemaGcalcryptanalysisofsomealgorithms- Sidechannelbaseda9acksoncipherimplementaGons
§ Applyalgorithmstosolvesecurityproblemsinreal-worldsystems
CR
Books/References
25
Textbooks (STINSON) ''Cryptography: Theory and Practice", Third Edition, by Douglas R. Stinson, CRC Press, Taylor and Francis Group References (STALLINGS) ''Cryptography and Network Security: Principles and Practices'', Sixth Edition, by William Stallings (HANDBOOK) ''Handbook of Applied Cryptography'', Fifth Printing, by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, CRC Press
CR
Grading
• Quiz1:20%on(18/2/2016)• Quiz2:20%on(25/3/2016)• Endsemester:30%on(28/4/2016)• Assignments:15%• Tutorials:15%
26
CR
CourseWebpages
• Forslides/syllabus/scheduleetc.
• Fordiscussions/announcements/submissions
CSEMoodleGoogleGroups(aciitm_2017)
27
h9p://www.cse.iitm.ac.in/~chester/courses/17e_ac/index.html
CR
Logis+cs
• CS36• Time:
– Tuesdays:11:00-11:50AM– Wednesdays:10:00-10:50AM– Thursdays:8:00-8:50AM– Fridays:4:50–5:40PM
28