Chapter 1 – Introduction Part 3
description
Transcript of Chapter 1 – Introduction Part 3
Chapter 1 – IntroductionPart 3
1
Cryptographic Concepts• Encryption: a means to allow two parties,
customarily called Alice and Bob, to establish confidential communication over an insecure channel that is subject to eavesdropping.
2
Alice Bob
Eve
Encryption and Decryption
• The message M is called the plaintext.• Alice will convert plaintext M to an encrypted
form using an encryption algorithm E that outputs a ciphertext C for M.
3
encrypt
decrypt
ciphertextplaintext
sharedsecret
key
sharedsecret
key
CommunicationchannelSender Recipient
Attacker(eavesdropping)
plaintext
Encryption and Decryption
• As equations:C = E(M)M = D(C)
• The encryption and decryption algorithms are chosen so that it is infeasible for someone other than Alice and Bob to determine plaintext M from ciphertext C. Thus, ciphertext C can be transmitted over an insecure channel that can be eavesdropped by an adversary.
4
Cryptosystem
1. The set of possible plaintexts2. The set of possible ciphertexts3. The set of encryption keys4. The set of decryption keys5. The correspondence between encryption
keys and decryption keys6. The encryption algorithm to use7. The decryption algorithm to use
5
Caesar Cipher
• Replace each letter with the one “three over” in the alphabet.
6Public domain image from http://commons.wikimedia.org/wiki/File:Caesar3.svg
CIT 380: Securing Computer Systems Slide #7
Example: Cæsar cipherABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC
• Plaintext is HELLO WORLD• Change each letter to the third letter
following it (X goes to A, Y to B, Z to C)– Key is 3, usually written as letter ‘D’
• Ciphertext is KHOOR ZRUOG
Example: Cæsar cipher key=3
ABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC
Decrypt: FRPSXWHU
CIT 380: Securing Computer Systems Slide #8
Symmetric Cryptosystems
• Alice and Bob share a secret key, which is used for both encryption and decryption.
9
encrypt
decrypt
ciphertextplaintext
sharedsecret
key
sharedsecret
key
CommunicationchannelSender Recipient
Attacker(eavesdropping)
plaintext
Symmetric Key Distribution
• Requires each pair of communicating parties to share a (separate) secret key.
10
n (n-1)/2 keys
sharedsecret
sharedsecret
sharedsecret
sharedsecret
sharedsecret
sharedsecret
Example of Symmetric Cryptography
• DES (Data Encryption Standard) 1977-8– 56 bit key
• Triple DES• AES (Advanced Encryption Standard) 1997– Rijndael– 128, 192, or 256 bit key size
Symmetric Cryptosystems
• Alice and Bob share a secret key, which is used for both encryption and decryption.
12
encrypt
decrypt
ciphertextplaintext
sharedsecret
key
sharedsecret
key
CommunicationchannelSender Recipient
Attacker(eavesdropping)
plaintext
Public-Key Cryptography
• Bob has two keys: a private key, SB, which Bob keeps secret, and a public key, PB, which Bob broadcasts widely. – In order for Alice to send an encrypted message to
Bob, she need only obtain his public key, PB, use that to encrypt her message, M, and send the result, C = EPB (M), to Bob. Bob then uses his secret key to decrypt the message as M = DSB (C).
13
Public-Key Cryptography
• Separate keys are used for encryption and decryption.
14
encrypt decrypt
ciphertext
plaintext
publickey
privatekey
CommunicationchannelSender Recipient
Attacker(eavesdropping)
plaintext plaintext
Public Key Distribution
• Only one key is needed for each recipient
15
n key pairs
private
private private
private
public public
public public
Disadvantage of Public Key Encryption
• 1,000 times slower than symmetric key
Sharing Secret Key
• Figure 1.12 on page 30
Digital Signatures
• Public-key encryption provides a method for doing digital signatures
• To sign a message, M, Alice just encrypts it with her private key, SA, creating C = ESA(M).
• Anyone can decrypt this message using Alice’s public key, as M’ = DPA(C), and compare that to the message M.
18
Sign and Encrypt
• Alice encrypts with Bob’s public key and signs with her private key– C = ESA(DPB(M))
• Bob first applies Alice’s public key. This proves the message came from Alice.
• Then Bob decrypt with his private key.– M = DSB(EPA(C))
Man-in-the-Middle Attack
• Page 32 Figure 1.13
Brute Force Attack
• Page 33 – Figure 1.14• Caesar Cipher attack
Cryptographic Hash Functions
• A checksum on a message, M, that is:• One-way: it should be easy to compute
Y=H(M), but hard to find M given only Y• Collision-resistant: it should be hard to find
two messages, M and N, such that H(M)=H(N).• Examples: MD5,SHA-1, SHA-256.
22
Hashing
• http://hash.online-convert.com/