P2-L5+Intro+to+Cryptography+-+Script.pptx

Editor's Notes

• #1: Cryptography is the foundation of security. In this lesson, we will discuss the basics of encryption as well as attacks on encryption schemes. We will review several historical and simple encryption schemes. We then introduce three main types of modern cryptography and how they are used in security.
• #2: Encryption/decryption is the most often used cryptographic operation. It is a process converting data into a form that is unintelligible to the unintended or unauthorized party. The authorized party can reverse the process, that is, converting the data to intelligible form. We call the readable data the plaintext and the unintelligible data the ciphertext. Encryption is then the process of converting plaintext to ciphertext and decryption is the reversed operation, that is, converting ciphertext to plaintext. ---- There is a one-to-one mapping between plaintext and ciphertext so that decryption always gets back the original plaintext. Encryption protects data confidentiality because only the authorized party with the proper secret, we call it a key, can decrypt and read the data.
• #3: It also provides services such as integrity and authenticity of data, and user authentication. We will discuss these in later lectures.
• #4: We often call an encryption scheme a cipher. You may not have realized but encryption has been used for thousands of years. For example, there is evidence that ancient Egyptians used some sort of ciphers. And then there is the famous Caesar’s cipher and similar schemes.
• #5: There are several types of ciphers. Symmetric ciphers range from ancient schemes to present-day algorithms. Asymmetric ciphers are relatively new, only invented in late 70’s
• #6: Most security protocols now use both types of schemes: first use asymmetric ciphers to authenticate both the parties involved, exchange encryption keys, and then use symmetric ciphers to encrypt data and traffic; asymmetric ciphers can also be used to digitally sign the data.
• #7: or, the attacker may try to discover the encryption key so that he can then decrypt all data encrypted using that key.
• #8: There are several attack methods. The first, simplest, and yet most inefficient way is to use brute-force, or, search blindly, for example, an attacker can try all possible keys one by one until one that can decrypt ciphertext properly to plaintext. How does the attacker know that the decryption with a key has worked properly? The attacker typically knows what the plaintext should look like. For example, if the plaintext is English sentence, then only the correct key can decrypt the ciphertext to data that can be read as English. Since the number of possible of keys can be huge, brute-force can take a long time to succeed. ----- Another approach is to use cryptanalysis. Here, an attacker has some knowledge of the encryption algorithm and the characteristics of the data such as distribution of certain letters or words. With such knowledge, the attacker can do a lot better than using brute-force to search the entire key space. ----- Attackers can also exploit implementation or systems issues. For example, it was shown that by by using side-channel analysis, e.g., by observing the power consumption used by a crypto system, an attacker can deduce values of certain bits of a key, and therefore significantly decrease the key space that he needs to search. ----- The weakest link in security, the naïve users, can be exploited using social-engineering tricks. For example, an attacker can pretend to be a sysadmin who has forgotten the key and call an unsuspected user for the encryption key to a system.
• #9: QUIZ: Discuss SOLUTION: Discuss
• #10: QUIZ: Let’s review some simple ciphers; these are symmetric encryption schemes. The first is the famous Caesar’s cipher. It works by mapping a letter to another letter by always the same amount of shift, e.g., if A is mapped to D, that means the shift is 3, and so B is mapped to E. The shift amount is the secret, or, key, of this scheme. An attacker only needs to try 26 possible keys. Decipher the message using Caesar’s cipher. SOLUTION: Caesar shifted the letters by three, so this code is not difficult to solve: Information Security This code was secure for Caesar because most of his enemies were either illiterate or would make the assumption it was in a language they did not understand. In this case social engineering worked to the advantage of information security.
• #11: A generalization of this scheme is to allow arbitrary mapping of one letter to another (of course, we need to avoid two letters being mapped to the same letter). The mapping, i.e., how each letter is mapped to another, is the key. But there are 26 factorial possible keys. This is a very huge key space. Instead of trying all possible keys, an attacker can analyze the statistical frequencies of letters to break the schemes. For example, in English, the most frequently used letter is E, and if in the ciphertext, the letter X is the most frequent, then there is a high probability that E is mapped to X.
• #12: For substitution ciphers, rather than trying all possible keys, we can use the frequencies of letters. Here is the frequency distribution of English letters.
• #13: We can use the frequency distribution to analyze ciphertext and find the letter mapping, or, the key, and decrypt the ciphertext. So let’s try this … WE WILL MEET IN THE MIDDLE OF THE LIBRARY AT NOON ALL ARRANGEMENTS ARE MADE
• #14: QUIZ: Try your hand at deciphering this message. Use the link in the instructor’s notes to see a list of the most common words in the English language. SOLUTION: Rather than trying 26 factorial keys, we can leverage our knowledge of the english language. The most common word in english is ‘the’. There are two three letter words, but the odds are good ‘the’ is not at the end sentence. Substituting the letters throughout the phrase we get : TH_ _ _ _ THE E_ _ Using logic and english we can get:: THIN IN THE E_ _ or THIS IS THE E_ _ Both could be a legitimate message. Without more information (or a longer message) we would probably have to guess the answer. (The answer is … THIS IS THE END)
• #15: Here is a real example of a polyalphabetic substitution cipher. It has a clever way of representing possible mappings from one letter to another as a matrix. Here, we process a plaintext by processing one letter at a time across the columns. We use the letters in key, which are the rows, to look up the mapping of a plaintext letter to a ciphertext letter. Suppose we have plaintext where the first three letters are ATT, and the keystream with first three letters LEM. For column A, we look at row L, and the corresponding letter is L. For column T, row E, the corresponding letter is X, and for column T and row M, the letter is F. Therefore, the ciphtertext for ATT is LXF.
• #16: QUIZ: For a long time the Vigenere cipher was thought to be unbreakable. Can you see any exploitable weaknesses in the cipher? SOLUTION: While monoalphabetic codes can be broken by analyzing the message, polyalphabetic codes can be broken by analyzing the key. Use of a repeating key can be exploited. The longer the message the easier it is to break. Security of the key, rather than the message is a positive of the cipher. You can read the details by going to the link posted in the instructor’s notes.
• #17: We have discussed that an encryption key should be a secret. What about the encryption algorithm itself? In general, we should keep the algorithm open so that it can be reviewed and improved by the broad community. More importantly, we don’t have to rely on the secrecy of the algorithm for security. Therefore, in practice, we should always used the widely known and deployed algorithms and standards.
• #18: There are several types of cryptographic algorithms …
• #19: To be useful for message Authentication and integrity protection, a hash function H must have the following properties: 1. H can be applied to a block of data of any size. 2. H produces a fixed-length output. 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given code h, it is computationally infeasible to find x such that H(x) h. A hash function with this property is referred to as one-way or preimage resistant. 5. For any given block x, it is computationally infeasible to find y ≠ x with H(y) H(x). A hash function with this property is referred to as second preimage resistant. This is sometimes referred to as weak collision resistant. 6. It is computationally infeasible to find any pair (x, y) such that H(x) H(y). A hash function with this property is referred to as collision resistant. This is sometimes referred to as strong collision resistant. The first three properties are requirements for the practical application of a hash function to message authentication. The fourth property is the one-way property: It is easy to generate a code given a message, but virtually impossible to generate a message given a code. This property is important if the authentication technique involves the use of a secret value, that is, by hashing the message and a secret together. The secret value itself is not sent; however, if the hash function is not one way, an attacker can easily discover the secret value. The fifth property guarantees that it is impossible to find an alternative message with the same hash value as a given message. This prevents forgery when an encrypted hash code is used. If this property were not true, an attacker would be capable of the following sequence: First, observe or intercept a message plus its encrypted hash code; second, generate an unencrypted hash code from the message; third, generate an alternate message with the same hash code. A hash function that satisfies the first five properties in the preceding list is referred to as a weak hash function. If the sixth property is also satisfied, then it is referred to as a strong hash function. A strong hash function protects against an attack in which one party generates a message for another party to sign. For example, suppose Bob can write an IOU message, send it to Alice, and she’d sign it by encrypting the hash of the message using her private key. Bob finds two messages with the same hash, one of which requires Alice to pay a small amount and one that requires a large payment, and the two messages have the same hash. Alice signs the first message and Bob is then able to claim that the second message is authentic because the digital signature, which is an encryption of the hash of a message, would be same for both messages if they have the same hash Of course, a hash function that is strong collision resistant is automatically weak collision resistant.
• #20: Recall, hash functions are one direction. Think of it this way: You can make a cow into hamburger, but you can’t make hamburger into a cow. Let’s look at this example for using hashes to verify passwords. Hashes are particularly good for password verification. The password is not stored, so if hackers gain access to the system, the passwords are still protected. Layer1:In this example someone wishing to gain access to the system enters the password “Candy”. Layer2 and layer3: A hash is generated using the hash function. Layer4 and 5: the stored hash is retrieved Layer6: The generated hashtag is compared to the stored hash for the password. Layer7: If the two hash values are identical, then access is allowed. If the two hashtags are different, access is denied.
• #21: QUIZ: Hash functions are used for storing passwords, but they are susceptible to attack. Which of the following characteristics would improve password security? SOLUTION: Hash functions should be one-way. There should never be a way to get data from a hash. If there were a way, it would not be a hash table it would be encryption. Hash functions should use the avalanche effect. Each change in the data should lead to large changes in the hash function output. Password authentication should only check that the hash function output is identical to the stored value.
• #22: A symmetric encryption scheme has five ingredients: • Plaintext: This is the original message or data that is fed into the algorithm as input. • Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. • Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key. • Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: It takes the ciphertext and the secret key and produces the original plaintext.
• #23: The most commonly used symmetric encryption algorithms are block ciphers. A block cipher processes the plaintext input in fixed-size blocks and produces a block of ciphertext of equal size for each plaintext block. The algorithm processes longer plaintext amounts as a series of fixed-size blocks. The most important symmetric algorithms, all of which are block ciphers, are the Data Encryption Standard (DES), triple DES, and the Advanced Encryption Standard (AES) We will present more technical details of these algorithms in a later lecture
• #24: This table shows how much time is required for a brute-force attack for various key sizes. As can be seen, a single PC can break DES in about a year if multiple PCs work in parallel, the time is drastically shortened. And today’s supercomputers should be able to find a key in about an hour. Key sizes of 128 bits or greater are effectively unbreakable using simply a brute-force approach. Even if we managed to speed up the attacking system by a factor of 1 trillion (1012 ), it would still take over 100,000 years to break a code using a 128-bit key.
• #25: QUIZ: Symmetric ciphers can be breached using various attacks. Given the following attack methods, select the correct definition for each one. SOLUTION: There are subtle differences between each of these methods. There are also differences in their purpose. Known-plaintext attacks can reveal information about keys and codes. Chosen-plaintexts are designed to reduce the security of the encryption scheme. Differential cryptanalysis is used to recover the encryption key. Linear Cryptanalysis is used to derive encryption keys.
• #26: An asymmetric, or, public-key, encryption scheme has six ingredients • Plaintext: This is the readable message or data that is fed into the algorithm as input. • Encryption algorithm: The encryption algorithm performs various transformations on the plaintext. • Public and private key: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the encryption algorithm depend on the public or private key that is provided as input. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext. As the names suggest, the public key of the pair is made public for others to use, while the private key is known only to its owner. A general-purpose public-key cryptographic algorithm relies on one key for encryption and a different but related key for decryption.
• #27: The essential steps are the following: layer 1: 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. As Figure 2.6a suggests, each user maintains a collection of public keys obtained from others. Layer2: 3. If Bob wishes to send a private message to Alice, Bob encrypts the message using Alice’s public key. Layer3: 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key. With this approach, all participants have access to public keys, and private keys are generated locally by each participant and therefore need never be distributed. As long as a user protects his or her private key, incoming communication is secure. At any time, a user can change the private key and publish the companion public key to replace the old public key. Note that the scheme of this figure is directed toward providing confidentiality: Only the intended recipient should be able to decrypt the ciphertext because only the intended recipient is in possession of the required private key. Whether in fact confidentiality is provided depends on a number of factors, including the security of the algorithm, whether the private key is kept secure, and the security of any protocol of which the encryption function is a part.
• #28: QUIZ: Which of the following tasks are better suited for asymmetric encryption? SOLUTION: Asymmetric encryption is much slower than symmetric encryption and should only be used for securely distributing keys. Securely distributing a session key is better performed by asymmetric encryption. Everyone will have access to the public key, but only the private key can be used to decipher the message. Asymmetric encryption scales to a large number of users, with each user needing only one private and one public key.
• #29: Public-key encryption can be used for authentication. Suppose that Bob wants to send a message to Alice. Although it is not important that the message be kept secret, he wants Alice to be certain that the message is indeed from him. 1. For this purpose, Bob uses a secure hash function, such as SHA-512, to generate a hash value for the message and then encrypts the hash code with his private key, creating a digital signature. 2. Bob sends the message with the signature attached. 3.When Alice receives the message plus signature, she 4.(1) calculates a hash value for the message; 5.(2) decrypts the signature using Bob’s public key; and 6.(3) compares the calculated hash value to the decrypted hash value. If the two hash values match, Alice is assured that the message must have been signed by Bob. No one else has Bob’s private key and therefore no one else could have created a ciphertext that could be decrypted with Bob’s public key. In addition, it is impossible to alter the message without access to Bob’s private key, so the message is authenticated both in terms of source and in terms of data integrity. It is important to emphasize that the digital signature does not provide confidentiality. That is, the message being sent is safe from alteration but not safe from eavesdropping. This is obvious in the case of a signature based on a portion of the message, because the rest of the message is transmitted in the clear. Even in the case of complete encryption, there is no protection of confidentiality because any observer can decrypt the message by using the sender’s public key.
• #30: On the face of it, the point of public-key encryption is that the public key is public. Thus, if there is some broadly accepted public-key algorithm, such as RSA, any participant can send his or her public key to any other participant or broadcast the key to the community at large. Although this approach is convenient, it has a major weakness. Anyone can forge such a public announcement. That is, some user could pretend to be Bob and send a public key to another participant or broadcast such a public key. Until such time as Bob discovers the forgery and alerts other participants, the forger is able to read all encrypted messages intended for Bob and can use the forged keys for authentication. The solution to this problem is the public-key certificate. In essence, a certificate consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party. The certificate also includes some information about the third party plus an indication of the period of validity of the certificate. Typically, the third party is a certificate authority (CA) that is trusted by the user community, such as a government agency or a financial institution. A user can present his or her public key to the authority in a secure manner and obtain a signed certificate. The user can then publish the certificate. Anyone needing this user’s public key can obtain the certificate and verify that it is valid by means of the attached trusted signature.
• #31: Another application in which public-key encryption is used to protect a symmetric key is the digital envelope, which can be used to protect a message without needing to first arrange for sender and receiver to have the same secret key. The technique is referred to as a digital envelope, which is the equivalent of a sealed envelope containing an unsigned letter.
• #32: Suppose Bob wishes to send a confidential message to Alice, but they do not share a symmetric secret key. Bob does the following: 1. Prepares a message. 2. Generates a random symmetric key that will be used this one time only. 3. Encrypts that message using symmetric encryption the one-time key. 4. Encrypts the one-time key using public-key encryption with Alice’s public key. 5. Attaches the encrypted one-time key to the encrypted message and sends it to Alice. Only Alice is capable of decrypting the one-time key and therefore of recovering the original message. If Bob obtains Alice’s public key by means of Alice’s public-key certificate, then Bob is assured that it is a valid key.
• #33: Suppose Bob wishes to send a confidential message to Alice, but they do not share a symmetric secret key. Bob does the following: 1. Prepares a message. 2. Generates a random symmetric key that will be used this one time only. 3. Encrypts that message using symmetric encryption the one-time key. 4. Encrypts the one-time key using public-key encryption with Alice’s public key. 5. Attaches the encrypted one-time key to the encrypted message and sends it to Alice. Only Alice is capable of decrypting the one-time key and therefore of recovering the original message. If Bob obtains Alice’s public key by means of Alice’s public-key certificate, then Bob is assured that it is a valid key.
• #34: QUIZ: Discuss SOLUTION: Discuss
• #35: Encryption schemes have been around for thousands of years, e.g., Caesar’s cipher, and attacks have been around for just as long. The main attack approaches are brute-force and cryptanalysis. Modern day use of cryptography include some combination of hash, secret key cryptography, and public-key cryptography. Hash … secret key cryptography … public key cryptography ... v