Cryptography Ver 1.0
-
Upload
velli-giri -
Category
Documents
-
view
221 -
download
0
Transcript of Cryptography Ver 1.0
-
8/3/2019 Cryptography Ver 1.0
1/86
Applied Cryptography
Sujit ChristyCISA, CRISC, CISSP
-
8/3/2019 Cryptography Ver 1.0
2/86
UNIT 1
-
8/3/2019 Cryptography Ver 1.0
3/86
Introduction
Cryptography is about writing secrets Cryptography involves scrambling of some
kind of useful information, in its original
form called plaintest, into a garbled form,called ciphertext
The intent is to allow two or more parties to
communicate the information whilepreventing other parties from being privy toit
-
8/3/2019 Cryptography Ver 1.0
4/86
Cryptanalysis
Cryptanalysis is the science of cracking codes
decoding secrets
violating authentication schemes and breaking cryptographic protocols
Science devoted to finding and correcting
weaknesses in cryptographic algorithmsAlgorithm should not rely on its secrecy and
be always be available for public scrutiny
-
8/3/2019 Cryptography Ver 1.0
5/86
Cryptanalysis
Generally referred to as attacks Cryptanalytic attacks classified into
categories and distinguished from each
other Name comes from the type of information
that is available to the attacker
-
8/3/2019 Cryptography Ver 1.0
6/86
Cryptanalytic Attacks
Ciphertext-only attack The attacker has a sample of ciphertext,
without having the associated plaintext
The attacker is trying to recover the plaintext Known-plaintext attack
The attacker obtains a sample of ciphertext andthe corresponding plain text
The attacker is trying to recover the key
-
8/3/2019 Cryptography Ver 1.0
7/86
Cryptanalytic Attacks
Chosen-plaintext attack The cryptanalyst is able to choose a quantity of
plain text and then obtain the correspondingencrypted text
Recover the key
Adaptive-chosen-plaintext attack
This is a special case
The attacker is able to choose plaintext samplesdynamically, and alter his or her choices basedon results of previous operation
-
8/3/2019 Cryptography Ver 1.0
8/86
Cryptanalytic Attacks
Chosen-ciphertext attack The attacker selects the ciphertext and can
obtain the corresponding plaintext
Try and recover the keyAdaptive-chosen-ciphertext attack
The attacker is able to choose ciphertextsamples dynamically, depending on theprevious outcomes of the attacks
-
8/3/2019 Cryptography Ver 1.0
9/86
Attacks
Brute-Force Referred to as exhaustive search attacks
Technique involves trying every possible
combination (key) until the correct one isidentified
Growth of internet has made it possible toutilize thousands of machines in a distributed
search by splitting the key spaces and allocatingthose key spaces to each computer
56 Bit, 64 Bit, 80 Bit, 128 Bit
Advanced Encryption Standard (AES), Rijndael
-
8/3/2019 Cryptography Ver 1.0
10/86
Attacks
Symmetric Block Cipher AttacksA block cipher takes a certain number of letters
and encrypts them all at once
The encryption algorithm takes a fixed-lengthblock of plaintext data and creates a fixedlength block ciphertext of the same length
-
8/3/2019 Cryptography Ver 1.0
11/86
Attacks
Symmetric Block Cipher Attacks Differential cryptanalysis
Mounted against block ciphers
Chosen-plaintext attack
Relies on the analysis of the evolution of thedifferences between two related plaintext samples asthey are encrypted using the same key
Probabilities can be assigned to each possible key,and eventually the most probable key is identified asthe correct one
-
8/3/2019 Cryptography Ver 1.0
12/86
Attacks
Symmetric Block Cipher Attacks Linear cryptanalysis
Known-plaintext attack
Using linear approximations to describe the behaviorof block cipher
Given enough pairs of plaintext and correspondingciphertext, information about the key can beobtained
Higher probability of success in cracking the key
-
8/3/2019 Cryptography Ver 1.0
13/86
Attacks
Symmetric Block Cipher Attacks Weak Keys
Secret keys with a certain value for which the blockcipher in question will exhibit certain regularities in
encryption, or in other cases, a poor level ofencryption
DES there are four keys for which the encryption isexactly the same as the decryption. This means if
someone were to encrypt twice with one of theseweak keys, then the original palintext would berecovered
IDEA Algorithm there is a class of keys for which
cryptanalysis is greatly facilitated
-
8/3/2019 Cryptography Ver 1.0
14/86
Attacks
Symmetric Block Cipher AttacksAlgebraic attacks
Rely on block ciphers exhibiting high degree ofmathematical structure
It is conceivable that a block cipher might exhibit agroup structure where encrypting plaintext underone key and then encrypting the result underanother key would always be equivalent to single
encryption under some other key If this is the case, the block cipher would be
considered weaker because the use of multipleencryption would offer no additional security over
single encryption
-
8/3/2019 Cryptography Ver 1.0
15/86
Attacks
Stream Cipher Attacks Takes a keystream which is somehow
randomly generated and encrypted using(combined with) a secret key, and combine thatkeystream with the message being encrypted,normally using the XOR (Exclusive OR)operation
The sender and receiver must use the samealgorithm and key to generate the keystream
To be effective, they must use a keystream thatis totally random
-
8/3/2019 Cryptography Ver 1.0
16/86
Attacks
Stream Cipher Attacks The attacker should have no additional
advantage in being able to predict any of thesubsequent bits of sequence
It is imperative that a keystream generated bythe stream cipher have no structuralweaknesses that would allow an attacker to
deduce some of the keystreams and,eventually, the key itself
-
8/3/2019 Cryptography Ver 1.0
17/86
Attacks
Hash Function Attacks The hash function has to be one-way and
collision free
A good hash function should not produce thesame hash value from two different inputs. If itdoes, this is know as collision
Most attacks against hash function involve
choosing inputs to the hash function at randomuntil an input that gives the target output isfound, or finding two inputs that produce thesame output is found
-
8/3/2019 Cryptography Ver 1.0
18/86
Attacks
Message Authentication Code (MAC) Attacks There are a variety of threats to the security of
a MAC
Use of MAC should not reveal information aboutsecret key being used
Should not be possible for the attacker to forgethe correct MAC to some message without
knowing the secret key, even after being ableto see many messages and their associatedMACs
-
8/3/2019 Cryptography Ver 1.0
19/86
Attacks
Message Authentication Code (MAC) Attacks It should also not be possible to replace the
message in a message/MAC pair with anothermessage for which the MAC remains legitimate
The most pertinent attacks against MAC involvethe sophisticated application of the birthdayparadox
The birthday paradox can be used in attackinghash functions
-
8/3/2019 Cryptography Ver 1.0
20/86
Attacks
The Birthday Paradox The probability that two or more people in a
group of 23 share the same birthday is greaterthan 50%
This paradox can be applied mathematically toattack types of hashing functions
Considered a type of brute-force attack because
the attacker keeps trying hash messages untilones that yield the same hash are obtained
A good hashing algorithm will resist, as much aspossible, the possibilities that duplicate hashes
-
8/3/2019 Cryptography Ver 1.0
21/86
Attacks
The Birthday Paradox The birthday paradox shows that the probaility
that two messages will end up with the samehash is high even if the number of messages isconsiderably less than the number of hashespossible
-
8/3/2019 Cryptography Ver 1.0
22/86
-
8/3/2019 Cryptography Ver 1.0
23/86
UNIT 2
-
8/3/2019 Cryptography Ver 1.0
24/86
Padlocks Combinations = Keys
Lock = Methods or algorithms
Work factor
-
8/3/2019 Cryptography Ver 1.0
25/86
Block Ciphers
The block ciphers takes a certain number ofletters (actually bits) and encrypts all ofthem at once
The encryption algorithm is taking a fixed-length block of plaintext data and creating ablock of ciphertext data of the same length
This transformation takes place under theaction of users secret key
-
8/3/2019 Cryptography Ver 1.0
26/86
Block Ciphers
Decryption is performed by applying thereverse transformation to the ciphertextusing the same secret key
The fixed length is called the block size Block ciphers the size is 64 bits
-
8/3/2019 Cryptography Ver 1.0
27/86
Stream Ciphers
Stream ciphers typically operate on smallerunits of plaintext, usually bits
A stream cipher generates a keystream,
which is a sequence of bits used as a key Encryption is accomplished by combining
the keystream with plaintext, usually with
an XOR operation Stream ciphers can be designed to be
exceptionally fast, much faster than any
block cipher
-
8/3/2019 Cryptography Ver 1.0
28/86
Stream Ciphers
It takes a simple bit of plaintext andcombines it with a simple bit of thekeystreams
The operation is simple binary arithmetic Example of XOR operation
Keystream: 10010000000
Plaintext: 01110011011 XOR Result: 11100011011
-
8/3/2019 Cryptography Ver 1.0
29/86
Stream Ciphers
Stream cipher to be effective Keystream length = plaintext that is being
encrypted
Keystream is generated using an algorithmbased on the input from the user (the key)
Generation of keystream should be independentof the plaintext and the ciphertext
-
8/3/2019 Cryptography Ver 1.0
30/86
INFORMATION SECURITY &ENCRYPTION
-
8/3/2019 Cryptography Ver 1.0
31/86
Information Security & Encryption
Protect Stored Information
Transmitted information while in transit
-
8/3/2019 Cryptography Ver 1.0
32/86
Common Information Security Objectives
Confidentiality Keep information secret from those who are
unauthorized to see it
Data Integrity Ensuring information has nit been altered in
unexpected ways
Availability Ensuring information is available to those
authorized at all times
-
8/3/2019 Cryptography Ver 1.0
33/86
Common Information Security Objectives
Entity Authentication Being able to prove the identity of an entity
e.g., Person, process etc.,
Data Origin Authentication Being able to prove the source of information
Signature
Binding information to specific entityAccess Control
Restricting access to resources
-
8/3/2019 Cryptography Ver 1.0
34/86
Common Information Security Objectives
ReceiptAcknowledging that information has been
received
ConfirmationAcknowledge that services have been provided
Authorization
Giving an entity the authorization to perform orbe something
Timestamping
Recording the time of creation of information
-
8/3/2019 Cryptography Ver 1.0
35/86
Common Information Security Objectives
Non-repudiation Preventing the denial of previous actions
Certification
Endorsing information by a trusted entity Revocation
Retracting a certification or authorization
Anonymity Concealing the identity of an entity involved in
some process
-
8/3/2019 Cryptography Ver 1.0
36/86
Common Information Security Objectives
Validation Providing timelininess of authorization to use or
change information
-
8/3/2019 Cryptography Ver 1.0
37/86
Framework
Confidentiality Is a service that ensures keeping information
secret from those who are not authorized tohave it. Secrecy is a term often used to meanconfidentiality
Data Integrity
Is a service that prevents data from being altered in
unexpected ways. To ensure this, one must have theability to detect manipulation by unauthorized partiesor prevent unauthorized parties from gaining accessto make unauthorized changes
-
8/3/2019 Cryptography Ver 1.0
38/86
Framework
Authentication Is a service that allows entities wanting to
communicate with each other to positivelyidentify each other. Information delivered over
a channel should be authenticated as to origin,date of origin, data content, time sent, etc.,
Non-repudiation
Is a service that prevents an entity fromdenying having participated in a previous action
-
8/3/2019 Cryptography Ver 1.0
39/86
Framework
ConfidentialityAchieved by encrypting the message content
Data Integrity
Achieved through cryptographic hash functionsAuthentication
Achieved through the use of asymmetric
cryptography Non-repudiation
Achieved through the use of cryptographicdigital signatures
-
8/3/2019 Cryptography Ver 1.0
40/86
CLASSICAL ENCRYPTION
-
8/3/2019 Cryptography Ver 1.0
41/86
Classical Encryption
Substitution Techniques Transposition Techniques
Steaganography
Permutation Methods
-
8/3/2019 Cryptography Ver 1.0
42/86
Substitution Techniques
Involves replacing each letter of theplaintext with another farther down thealphabet
Most encryption systems will combine amethod, usually called the algorithm and akey
With substitution ciphers, the method isadd the key how many times to do it
Caesars case the key was 3
-
8/3/2019 Cryptography Ver 1.0
43/86
Substitution Techniques
Caesars case the key was 3 Plaintext : A B C D E F G H I J
Ciphertext : D E F G H I J K L M
-
8/3/2019 Cryptography Ver 1.0
44/86
Transposition Techniques
Transposition is also called permutation Involves changing the position of plaintext
letters
e.g., JumbleATTACT AT ELEVEN PM
-
8/3/2019 Cryptography Ver 1.0
45/86
Steaganography
-
8/3/2019 Cryptography Ver 1.0
46/86
PROBLEMS WITHSUBSTITUTION AND
TRANSPOSITION CIPHERS
-
8/3/2019 Cryptography Ver 1.0
47/86
Frequency Analysis
E is the letter most often used, followed byT, O, A and N
T is the most common letter at the
beginning of a word E is the most common letter at the end of a
word
-
8/3/2019 Cryptography Ver 1.0
48/86
Frequency Analysis
A and I are the only single-letter words inEnglish. The words OF, TO and IN are themost frequent two-letter words. THE and
AND are the most frequent three-letterwords; THAT is the most common four-letter word
The most common double letters are II, EE,OO, TT, FF, RR, NN, PP and CC
TH, HE, AN, RE and IN are the mostfrequent two-letter combinations
-
8/3/2019 Cryptography Ver 1.0
49/86
Frequency Analysis
N is the consonant that most often follows avowel
U always follows Q
k h
-
8/3/2019 Cryptography Ver 1.0
50/86
Symmetric key cryptography
DES & Rijndael use multiple combinations oftranspositions and substitutions. Thesetypes of ciphers, coupled with frequentlychanged keys, can be very difficult crack
-
8/3/2019 Cryptography Ver 1.0
51/86
ADVANCED ENCRYPTIONTECHNIQUES & SECURITY
ISSUES
RC4
-
8/3/2019 Cryptography Ver 1.0
52/86
RC4
Home work R5 & R6
O Ti P d
-
8/3/2019 Cryptography Ver 1.0
53/86
One-Time Pad
Stream ciphers are most commonly equatedto what is referred to as One-Time Pad
Uses a keystream string of bits that is
generated completely at random Keystream length = plaintext message
length; both are combined using XOR
operation Entire keystream is totally random and used
only once
O Ti P d
-
8/3/2019 Cryptography Ver 1.0
54/86
One-Time Pad
A one-Time Pad is said to have perfectsecrecy
Unable to be defeated by a brute-force attack
Stream ciphers were developed to try andapply the action of a One-Time Pad. Whilecurrent stream ciphers are unable toprovide the true theoretical security of aOne-Time Pad, they at least very practical
RSA
-
8/3/2019 Cryptography Ver 1.0
55/86
RSA
Ron Rivest, Adi Shamir and LeonardAdleman (1977)
Public key cryptosystems offers both
encryption and digital signatures(authentication)
Asymmetric key
DES
-
8/3/2019 Cryptography Ver 1.0
56/86
DES
National Institute of Standards andTechnology (NIST) assisted in thedevelopment of a secure cryptographicalgorithm for sensitive, not governmentclassified, information
NIST to settled on DES, a method submittedby IBM
DES
-
8/3/2019 Cryptography Ver 1.0
57/86
DES
NIST made DES design public and theproliferation of computer technologypermitted faster processing makingsoftware implementations of DES feasible
The 1977 DES mandated a review every fiveyears
1997 NIST Solicited candidates for a newsymmetric key cryptography standard whichthey called the Advanced EncryptionStandard (AES)
DES
-
8/3/2019 Cryptography Ver 1.0
58/86
DES
Uses a key of 56 bits and 16 rounds oftransposition and substitution to encrypteach group of eight (64 bit) plaintext letters
T i l DES
-
8/3/2019 Cryptography Ver 1.0
59/86
Triple DES
DES-EEE3: three DES encryptions with threedifferent keys
DES-EDE3: three DES operations in the
sequence encrypt-decrypt-encrypt withthree different keys
DES-EEE2 and DES-EDE2: same as the
previous formats except that the first andthird operations use the same key
AES
-
8/3/2019 Cryptography Ver 1.0
60/86
AES
Key length is variable 128, 192, or 256
It must be one of these three
Variable block size 128, 192, or 256
All nine combinations of key length and block sizesare possible
Official Block size is 128
AES
-
8/3/2019 Cryptography Ver 1.0
61/86
AES
The number of rounds or iteration of thealgorithm can vary from 10 to 14 anddepends on block size and key length
Implemented efficiently on a wide variety ofprocessors and in hardware or software
Considered very secure and has no know
weakness
Diffi H ll
-
8/3/2019 Cryptography Ver 1.0
62/86
Diffie Hellman
Key agreement protocol and not anencryption algorithm
Developed by Whitefield Diffie and Martin
Hellman in 1976Allows two users to exchange a secret key
over an insecure medium without having to
exchange prior secrets Both sender and recipient have key-pairs
Vulnerable to man-in-the-middle attack
-
8/3/2019 Cryptography Ver 1.0
63/86
-
8/3/2019 Cryptography Ver 1.0
64/86
UNIT 3
C fid ti lit i ti l E ti
-
8/3/2019 Cryptography Ver 1.0
65/86
Confidentiality using conventional Encryption
Placement of Encryption Traffic Confidentiality
Key Distribution
Random Number Generation
Key Management
-
8/3/2019 Cryptography Ver 1.0
66/86
Key Management
Key management can be defined as thegeneration, recording, transcription,distribution, installation, storage, change,disposition and control of cryptographickeys
Attacks against keys and key managementare far more likely and efficient than attacksagainst algorithms
Generating Keys
-
8/3/2019 Cryptography Ver 1.0
67/86
Generating Keys
Key generation is the selection of charactersthat are going to be used to tailor anencryption mechanism to a particular use
The use may be a sender and receiver pair,a domain, an application, a device or dataobject
The key must be chosen in such a way thatit is not predictable and that knowledge of itis not leaked by the process
Generating Keys
-
8/3/2019 Cryptography Ver 1.0
68/86
Generating Keys
It is necessary, but not sufficient , that thekey be randomly chosen
Chosen key not be disclosed at the time of
selection While a key may be stored securely after its
generation, it may be vulnerable to
disclosure at the time of its generationwhen it may appear in the clear
Generating Keys
-
8/3/2019 Cryptography Ver 1.0
69/86
Generating Keys
Alternatively, information used in thegeneration of the key may be recorded atthe time it is collected, thus making the keymore predictable than might otherwise beexpected by the key size of the keyspace
Distribution or Transferring Keys
-
8/3/2019 Cryptography Ver 1.0
70/86
Distribution or Transferring Keys
Key distribution is the process of getting akey from the point of its generation to thepoint of its intended use
Symmetric key protect key from disclosurein the process
Channel separate from the one in which thetraffic moves
Installation
-
8/3/2019 Cryptography Ver 1.0
71/86
Installation
Process of getting the key into the storageof the device or process that is going to useit
Traditionally, this step has involved somemanual operations might result is leakageof information about the key , error in itstranscription or might be so cumbersome as
to discourage its use
Storing Keys
-
8/3/2019 Cryptography Ver 1.0
72/86
Storing Keys
Keys may be protected by the integrity ofthe storage mechanism itself
Mechanism can be designed so that once
the key is installed, it cannot be observedfrom outside the encryption machine itself
Key can be stored in an encrypted form, sothat the stored key does not discloseinformation about the behavior of thedevice under the key
Change or Updating Keys
-
8/3/2019 Cryptography Ver 1.0
73/86
Change or Updating Keys
Key change is ending the use of one keyand beginning that of another
Key was most likely to leak was at key
change time Longer the key is in use, the more traffic is
encrypted under it higher the probabilityof key being discovered
Nonlinear Keyspaces
-
8/3/2019 Cryptography Ver 1.0
74/86
Nonlinear Keyspaces
When an algorithm has keys that are all ofequal strength, it is said to have a liner orflat space
Conversely if an algorithm has keys that arenot all of equal strength, it has a nonlinearkeyspace
Verifying Keys
-
8/3/2019 Cryptography Ver 1.0
75/86
Verifying Keys
Using Keys
-
8/3/2019 Cryptography Ver 1.0
76/86
Using Keys
Backup Keys
-
8/3/2019 Cryptography Ver 1.0
77/86
Backup Keys
-
8/3/2019 Cryptography Ver 1.0
78/86
Principles of Key Management
-
8/3/2019 Cryptography Ver 1.0
79/86
Principles of Key Management
Key Management must be fully automated No key may appear in the clear outside a
cryptographic device
Keys must be randomly chosen from theentire keyspace
Key-encrypting keys must be separate from
data encrypting keys
Principles of Key Management
-
8/3/2019 Cryptography Ver 1.0
80/86
Principles of Key Management
Brute-force attacks Corresponding cleartext amd ciphertext attacks
trying to find the key
Ciphertext only attacks trying to the cleartext
At a minimum the attacker should have a copyof the algorithm and a copy of thecryptoprogram
-
8/3/2019 Cryptography Ver 1.0
81/86
UNIT 4
-
8/3/2019 Cryptography Ver 1.0
82/86
Key Management
-
8/3/2019 Cryptography Ver 1.0
83/86
Key Management
Lifetime of Keys Destroying Keys
Public-Key Key Management
-
8/3/2019 Cryptography Ver 1.0
84/86
UNIT 5
-
8/3/2019 Cryptography Ver 1.0
85/86
Cipher System Analysis Simple Substitution Ciphers
Keyword Number Ciphers
Telephone Keypad Cipher
Masonic Cipher
RC4 Attack and Prevention
MD4 Attack and Prevention
RSA implementation attacks
-
8/3/2019 Cryptography Ver 1.0
86/86
Criminal Code Systems Analysis Sports Bookmaking Codes
Horse Race Bookmaking Codes
Number Bookmaking Codes
Drug Codes
Pager Codes