Chapter 1 – IntroductionPart 3

1

Cryptographic Concepts• Encryption: a means to allow two parties,

customarily called Alice and Bob, to establish confidential communication over an insecure channel that is subject to eavesdropping.

2

Alice Bob

Eve

Encryption and Decryption

• The message M is called the plaintext.• Alice will convert plaintext M to an encrypted

form using an encryption algorithm E that outputs a ciphertext C for M.

3

encrypt

decrypt

ciphertextplaintext

sharedsecret

key

sharedsecret

key

CommunicationchannelSender Recipient

Attacker(eavesdropping)

plaintext

Encryption and Decryption

• As equations:C = E(M)M = D(C)

• The encryption and decryption algorithms are chosen so that it is infeasible for someone other than Alice and Bob to determine plaintext M from ciphertext C. Thus, ciphertext C can be transmitted over an insecure channel that can be eavesdropped by an adversary.

4

Cryptosystem

1. The set of possible plaintexts2. The set of possible ciphertexts3. The set of encryption keys4. The set of decryption keys5. The correspondence between encryption

keys and decryption keys6. The encryption algorithm to use7. The decryption algorithm to use

5

Caesar Cipher

• Replace each letter with the one “three over” in the alphabet.

6Public domain image from http://commons.wikimedia.org/wiki/File:Caesar3.svg

CIT 380: Securing Computer Systems Slide #7

Example: Cæsar cipherABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC

• Plaintext is HELLO WORLD• Change each letter to the third letter

following it (X goes to A, Y to B, Z to C)– Key is 3, usually written as letter ‘D’

• Ciphertext is KHOOR ZRUOG

Example: Cæsar cipher key=3

ABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC

Decrypt: FRPSXWHU

CIT 380: Securing Computer Systems Slide #8

Symmetric Cryptosystems

• Alice and Bob share a secret key, which is used for both encryption and decryption.

9

encrypt

decrypt

ciphertextplaintext

sharedsecret

key

sharedsecret

key

CommunicationchannelSender Recipient

Attacker(eavesdropping)

plaintext

Symmetric Key Distribution

• Requires each pair of communicating parties to share a (separate) secret key.

10

n (n-1)/2 keys

sharedsecret

sharedsecret

sharedsecret

sharedsecret

sharedsecret

sharedsecret

Example of Symmetric Cryptography

• DES (Data Encryption Standard) 1977-8– 56 bit key

• Triple DES• AES (Advanced Encryption Standard) 1997– Rijndael– 128, 192, or 256 bit key size

Symmetric Cryptosystems

• Alice and Bob share a secret key, which is used for both encryption and decryption.

12

encrypt

decrypt

ciphertextplaintext

sharedsecret

key

sharedsecret

key

CommunicationchannelSender Recipient

Attacker(eavesdropping)

plaintext

Public-Key Cryptography

• Bob has two keys: a private key, SB, which Bob keeps secret, and a public key, PB, which Bob broadcasts widely. – In order for Alice to send an encrypted message to

Bob, she need only obtain his public key, PB, use that to encrypt her message, M, and send the result, C = EPB (M), to Bob. Bob then uses his secret key to decrypt the message as M = DSB (C).

13

Public-Key Cryptography

• Separate keys are used for encryption and decryption.

14

encrypt decrypt

ciphertext

plaintext

publickey

privatekey

CommunicationchannelSender Recipient

Attacker(eavesdropping)

plaintext plaintext

Public Key Distribution

• Only one key is needed for each recipient

15

n key pairs

private

private private

private

public public

public public

Disadvantage of Public Key Encryption

• 1,000 times slower than symmetric key

Sharing Secret Key

• Figure 1.12 on page 30

Digital Signatures

• Public-key encryption provides a method for doing digital signatures

• To sign a message, M, Alice just encrypts it with her private key, SA, creating C = ESA(M).

• Anyone can decrypt this message using Alice’s public key, as M’ = DPA(C), and compare that to the message M.

18

Sign and Encrypt

• Alice encrypts with Bob’s public key and signs with her private key– C = ESA(DPB(M))

• Bob first applies Alice’s public key. This proves the message came from Alice.

• Then Bob decrypt with his private key.– M = DSB(EPA(C))

Man-in-the-Middle Attack

• Page 32 Figure 1.13

Brute Force Attack

• Page 33 – Figure 1.14• Caesar Cipher attack

Cryptographic Hash Functions

• A checksum on a message, M, that is:• One-way: it should be easy to compute

Y=H(M), but hard to find M given only Y• Collision-resistant: it should be hard to find

two messages, M and N, such that H(M)=H(N).• Examples: MD5,SHA-1, SHA-256.

22

Hashing

• http://hash.online-convert.com/