Cs166 mynote
Download as PPTX, PDF1 like302 views
This document provides definitions and explanations of key concepts in information security and cryptography. It discusses symmetric and asymmetric cryptographic techniques such as stream ciphers, block ciphers, digital signatures, hash functions, and the use of random numbers for security applications. It also covers concepts like confidentiality, integrity, availability, cryptanalysis, plain text, cipher text, and the differences between symmetric and public key cryptography.
![PUBLIC KEY CRYPTOSYSTEM
• Encrypt Message M with Alice’s public key: C = {M}alice
• Decrypt the ciphertext C with Alice’s PRIVATE key: M = [C]alice
• The notation for Alice signing message M is S = [M]alice
27
𝑀 𝑎𝑙𝑖𝑐𝑒 𝑎𝑙𝑖𝑐𝑒 = 𝑀 𝑎𝑙𝑖𝑐𝑒 𝑎𝑙𝑖𝑐𝑒 = 𝑀](https://image.slidesharecdn.com/cs166mynote-170309042537/85/Cs166-mynote-27-320.jpg)
Cs166 mynote
- 1. CS166 INFORMATION SECURITY 1 San Jose State University Computer Science Department Spring 2017 Kaya Ota
- 2. TEXT BOOK 2 • This note depends on this text book (required in the class)
- 4. DEFINITIONS 1 CONFIDENTIALITY, INTEGRITY, DATA AVAILABILITY • Confidentiality • Preventing unauthorized reading of information. • Integrity • At least detecting unauthorized writing** of information. • Data Availability • Hidden the information is not a solution. We need data. 4 Need different methods to support these properties. **Writing can mean to write, to update, or to delete
- 5. DEFINITION 2 TERMS • Cryptology – the art of science of making and breaking “secret codes” • Cryptography – the making of “secret codes” • Cryptanalysis – the breaking of “secret codes” • Plain text -- the original text • Cipher text – encrypted text 5
- 6. DEFINITION 3 SECURITY • Cryptosystem is secure if the best known attack requires as much work as exhaustive key search. • Per se, ∄ a Shourt Cut Key Search • We do Never guarantee that a cryptosystem NEVER lets attackers find a key 6
- 7. DEFINITION 4 Confusion And Diffusion • Claude Shannon offers the fundamental cipher deign principle • Confusion – obscuring relationship between the plaintext and the cipher-text • i.e. changing the plaintext to something else. • Example: Simple Substitution and One-Time-Pad • Diffusion – spreading the plaintext statistically through the cipher text • i.e. rearranging the plaintext to generate the cipher-text • Example: double transposition 7
- 9. SIMPLE SUBSTITUTION ROT 13 9 From Wikipedia The original set of letters “hello” does not appear in the cipher text Confusion is satisfied.
- 10. SIMPLE SUBSTITUTION Caesar Cipher • General version of rot 13 cipher • Simple substitution is confusion cipher • Although using E in the plain, E does not necessary appears in the chiphertxt 10 How (many) to shift / substitute is a key In this case key = 3 or 23 Gaius Iulius Caesar https://upload.wikimedia.org/wikipedia/commons/4/4a/C aesar_cipher_left_shift_of_3.svg
- 11. SIMPLE SUBSTITUTION11 • Simple substation is weak at letter analysis. • The attacker can determine the most frequently appeared letter is “E” • The next most is then “T” …..and so on. • So, the cipher is not SECURE. • There exist short cut key search Winner!!!
- 12. ONE TIME PAD12 • One time pad is made on the beauty of Xor • repeat within the “one-time” pad made cryptanalysis possible
- 13. CHAPTER 3 Symmetric key Crypto 13
- 14. STREAM CIPHER14 Key stream bit (K) Plaintext bit (P) Key generator Key see d Encrypt Ciphe rtext bit (C) Ciphe rtext bit (C) Plaintext bit (P) decrypt Key stream bit (K) Key generator Key see d
- 15. STREAM CIPHERS • A stream cipher takes a key K of n bits in length and stretches it into a long keystream • A keystream is XORed with the plaintext P to get a ciphertext • Ciphertext = Keystream Xor Plaintext • The function of streamcipher: StreamCipher(K) = S • Where K is the key and S is the keystream • A keystream is NOT a cipher text 15
- 16. STREAM CIPHERS • Encrypt • C0 = p0 xor s0 • C1 = p1 xor s1 • C2 = p2 xor s2 16 Given a keystream S= s0, s1, s2 …. Given a plaintext P = p0, p1, p2….. Given a ciphertext C=c0, c1, c2… Decrypt p0 = c0 xor s0 p1 = c1 xor s1 p2 = c2 xor s2
- 17. LIST OF STREAM CIPHERS • One time pad • A5/1 • RC4 17
- 18. A5/1 - STREAM CIPHER • A5/1 is used for confidentiality in GSM cell phone • A5/1 uses 3 liner feedback shift registers (LFSR) • LFSR X holds 19 bits • LFSR Y holds 22 bits • LFSR Z holds 23 bits • So, LFSR hold total of 64 bits • Key of A5/1, K holds 64 bits • The key is used as the initial fill of the 3 registers • Key = initial value of 3 registers 18
- 19. STREAM CIPHER – REGISTERS IN DETAIL • When register X steps, the following series of operation occurs: • t = x13 xor x16 xor x17 xor x18 • xi = x(i-1) • x0 = t 19
- 20. BLOCK CIPHER • Deterministic algorithm operating on fix-length groups of bits, called blocks, with unvarying transformation that is specified by a symmetric key. 20
- 21. FEISTEL CIPHER • Plaintext P = (L0, R0) for I = 1,2,,,,n • Next round represented by: • Li = R(i-1) • Ri = Li 21
- 22. MAC – Message Authentication Code -- • MAC uses a block cipher to ensure data integrity. • Encrypt the data in CBC mode, 22
- 23. FUNDAMENTAL PROBLEM SYMMETRIC KEY CRYPT • How to exchange the key? 23
- 24. CHAPTER 4 Public key Crypt 24
- 25. Difference Between Symmetric And Public Key Crypt Symmetric Key Crypt • Use one key to encrypt and decrypt • Efficient • Easy to compute encrypt and decrypt • Problem • How do we share the key? • i.e. Key exchange problem Public Key Crypt • Use two keys • Encrypt with public key • Decrypt with private / secret key • Inefficient • Require computational effort • Problem • Reliability • Can we trust who made the public key? • i.e. key exchange problem 25
- 26. PUBLIC KEY CRYPTOSYSTEM • Public key crypto-sys is based on a trap-door one-way function. • Trap-door features • an attacker can not use the public information to recover private information • One-way features • Easy to compute 𝑝𝑞 get 𝑁 , but difficult to find out 𝑝𝑞 from 𝑁 • Hash function 26
- 27. PUBLIC KEY CRYPTOSYSTEM • Encrypt Message M with Alice’s public key: C = {M}alice • Decrypt the ciphertext C with Alice’s PRIVATE key: M = [C]alice • The notation for Alice signing message M is S = [M]alice 27 𝑀 𝑎𝑙𝑖𝑐𝑒 𝑎𝑙𝑖𝑐𝑒 = 𝑀 𝑎𝑙𝑖𝑐𝑒 𝑎𝑙𝑖𝑐𝑒 = 𝑀
- 28. USES OF PUBLIC KEY CRYPTO • What a symmetric key can do is doable with public key: but slower. • include Confidentiality • include Integrity : digital signature. 28 Integrity is provided by Symmetric: MAC Public: digital signature
- 29. NON-REPUDIATION • Non-repudiation is not a TECHNICAL problem, rather human error (maliciously). • The concept of non-repudiation is essentially important for financial / e- commerse apps • “Technically” required to prove that a unique user has made a transaction request. 29 http://world.std.com/~cme/non-repudiation.htm Want to buy: order I have never ordered! Money Back! deriver b How do we prove she did buy?
- 30. Digital Signature • Digital signature is used for integrity (detecting unAuth writing) • Technological solution for non-repudiation • The signature is written and locked(encrypted) by only the sender and her PRIVATE key. • The receiver will only unlocked(decrypt) by the sender’s public key 30 Public key crypt does not face to key exchange problem because the receiver do not need private key! OPEN! Public key IS accessible by anyone
- 31. DIGITAL SIGNATURE • 31 Signature is signed only by The sender Much: Verify the signature Miss-Much: not verify the signature
- 32. ANALOGY OF PUBLIC KEY • Every body can try with their public key • But, only the expected person can open it. 32 http://yaplog.jp/tkgenmu/image/132 Every one can try to pull out the sword. But, only certain person can actually pull out the sword
- 33. CHAPTER 5 Hash Function ++ 33
- 34. CRYPTOGRAPHIC HASH FUNCTION • Compression • For any size input x, the output length of y = h(x) is small. • Efficiency • Easy to compute h(x) for any input x • O(h(x)) should not grow too fast. • One-way • Given any value y, it computationally infeasible to find a value x such that h(x) = y • Weak Collision Resistance • Strong Collision Resistance • It’s infeasible to find any x and y, such that x != y and h(x) == h(y) 34 Compression v.s. Strong Collison Resistance Theoretically: contradict Practically: infeasible enough So, OK!
- 35. • Given hash function h, Alice will sign M by the first hashing M then signing the hash • Alice computes S = h M Alice 35 M, S = h M Alice S = h M Alice Alice Verify h M = 𝑆 𝐴𝑙𝑖𝑐𝑒 Bob More Secure > less Secure Signing(h( M )) >> signing(M) 要確認
- 36. BIRTHDAY PROBLEM 1 Who has the same birthday with me in n-people? • How large must N be before the probability that someone has the same birthday as you is greater then ½? • total − prob not same Bday = 1 − 364 365 𝑁 • Solve for N: 1 − 364 365 N = 1 2 • N = 253 36 My birthday is: 1/1 How many people do I need to ask to find one sharing birthday ?
- 37. BIRTHDAY PROBLEM 2 WHO SHARES BIRTHDAY? • How large must N b e before we expect two or more people will have the same birthday? • 1 − 365 365 364 365 363 365 … (365 − N+1 365 ) • 1 − 365 365 364 365 363 365 … 365 − N+1 365 = 1 2 • Solve for N: N = 23 37 Does anyone share Birthday ?
- 38. Correlation Between Hash And Birthday Problem • Suppose h(x) generate an output with N bits long • Then there are 2 𝑁 possible hash values • Since 2 𝑁 = 2 𝑁 2 , birthday problem implies that • if we hash about 2 𝑁 2 different input, we can expect to find a collision. 38 Yes, repetition. choose value independent from Previous event Birthday problem tells how many inputs will be enough to find a collision.
- 39. RANDOM NUMBERS non-security app • Random number is often used for non-security application as well. • Purpose: simulation, various statistical applications. • In non-security applications, random numbers only need to be statistically random • i.e. they must be indistinguishable from random • Actually, there is repetitions in generating random. • Persuade-random number commonly predictable • See mathematical modeling note 39 Random だけど Random じゃなかった! 出典: となりのトトロ (さつきとメイ)
- 40. RANDOM NUMBERS security applications • Random has to be statistically unpredictable • Let Alice’s key Ka, Bob’s key Kb, Charlie’s key Kc, and Dave has Kd • Assume Alice, Bob, Charlie do not like Dave. • They share(pool) their keys information • Persuade-random is statically predictable, so pooling key-info might help them to figure out Dave’s key • It is not secure if knowing Ka, Kb, Kc lets Alice, Bob, Charlie determines Kd (Dave’s key) 40
- 41. 41
- 42. 42
- 43. ADDITIONAL INFORMATION Reference and Credit 43
- 44. REFERENCE • https://www.owasp.org/index.php/Guide_to_Cryptography#Non-Repudiation 44
- 45. CREDIT • https://www.supinfo.com/articles/single/3654-modern-type-of-cryptography • http://www.stealthcopter.com/blog/2010/01/python-cryptography-decoding-a- caesar-shift-frequency-analysis/ • https://clipartfest.com/categories/view/9acd078310c7d1d137c81e8cac2bb3ce563 1a97b/signing-paper-clipart.html • By Matt_Crypto - http://en.wikipedia.org/wiki/File:Caesar3.png, パブリック・ドメ イン, https://commons.wikimedia.org/w/index.php?curid=30693472 • Gif anime http://popkey.co/m/AoZ7p-evil-witch-trapdoor • One time Pad image: https://pt.slideshare.net/fadwa_stuka/lecture-2-12758871 45