Introduction to Cryptography - Jayhawk SFS

Introduction to Cryptography- 2017 GenCyber Camp

Bo LuoAssociate Professor

Director, Information Assurance Lab, ITTCThe University of Kansas, Lawrence, KS, USA

[email protected]; http://www.ittc.ku.edu/~bluo

Security Goals

Confidentiality: only sender, intended receiver

“understand” message contents

sender encrypts message

receiver decrypts message

Message integrity: sender, receiver want to ensure

message not altered (in transit, or afterwards)

without detection

End-point authentication: sender, receiver want to

confirm identity of each other

2

Terminology

Cryptography: encipherment, digital signature,

authentication exchange, …

S: sender (Alice)

R: recipient (Bob)

O: outsider or intruder

Chuck; Eve: eavesdropper; Mallory: malicious attacker

O might try to: block intercept modify fabricate

3

plaintextciphertextencryption

algorithm

decryption

algorithm

plaintext

Alice’s encryptionkey

KA

Bob’s decryptionkey

KB

Terminology

Cryptosystem

Cryptographic algorithm (a.k.a. cipher): algorithm(s) that

take a key and convert plaintext to ciphertext and back.

The algorithm(s) used for encryption and decryption.

Cryptosystem:

cryptographic algorithm

set of all possible plaintexts

set of all possible ciphertexts

set of all possible keys

4

Terminology

Cryptology: Cryptography + Cryptanalysis

Cryptanalysis is the study of methods for obtaining

the meaning of encrypted information without

accessing the secret information

“hacking”

5

Cryptography and Cryptanalysis

A good cryptosystem should be infeasible to

enumerate all possible keys

find the key from any reasonable amount of ciphertext and

plaintext by enumerating possible keys

produce plaintext from ciphertext without the key

distinguish ciphertext from true random values

6


Kerckhoffs’ Law

“The system must not be required to be secret, and it must

be able to fall into the hands of the enemy without

inconvenience.”

Secrecy must reside entirely with the key

must assume that the enemy has complete details of the

cryptographic algorithm

enemy will reverse engineer your algorithm

7


Cryptanalysis is the study of methods for obtaining

the meaning of encrypted information without

accessing the secret information

Need knowledge of the general characteristics of plaintext or

knowledge of some sample plaintext-ciphertext pairs

Ciphertext only

Search over keys, recognizable plaintext, enough ciphertext

Known plaintext

Chosen plaintext

8


Definition of Security

Unconditional secure

If the ciphertext does not contain enough

information to uniquely determine the plaintext

No matter how hard the opponent tries

One-time pad

Computational secure

If the cost of breaking the cipher exceeds the

value of encrypted data

If the time needed to break the cipher exceeds

the lifetime of data

9

Cryptosystems

Secret key cryptography

Involves the use one key

Public key cryptography

Involves the use of two (a pair of) keys

Hash functions

Involves the use of no key

Nothing secret: How can this be useful?

Cryptosystems

Secret Key Cryptography

Bob and Alice share a same (symmetric) key

a.k.a. private encryption, single-key encryption, symmetric-

key encryption ; or conventional encryption

11

plaintextciphertext

KS

encryption

algorithm

decryption

algorithm

KS

plaintext

message, m E(K, m) m=D(K, E(K, m))

Cryptosystems

Requirements for secret key cryptography

Encryption algorithm is publicly known

Secure use of symmetric encryption implies:

a strong encryption algorithm

a secret key known only to sender/receiver

Need a secure channel to distribute keys!

12

Cryptosystems

Public Key Cryptography

a.k.a. asymmetric encryption

Bob has a pair of public and private keys

Bob's public key is known by Alice

Alice uses Bob’s public key to encrypt the message

Bob decrypts the message with his private key

13

plaintextciphertext

Kpub

encryption

algorithm

decryption

algorithm

Kpri

plaintext

message, m E(Kpub,m) D(Kpri,E(Kpub,m))

Cryptosystems

Cryptographic hash

Hash algorithms are known as message digests or one-way

transformations

Fixed-length, condense and one-wayness

Password hashing: secure password storage

Message integrity: keyed hash

Message fingerprint: digest

Digital signature efficiency

14

Caesar Cipher

One of the oldest cryptosystems

Caesar Cipher: Every character is replaced with the

character three slots to the right.

A very simple shift cipher or substitution cipher

Caesar: ATTACK AT FIVE

Ciphertext: DWWDFN DW ILYH

15

Shift Cipher

Caesar cipher is a special case of shift cipher

Shift cipher

Encryption:

EK(m) = m + K mod 26

Decryption:

DK(c) = c – K mod 26

16

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: pqrstuvwxyzabcdefghijklmno

Substitution cipher

Shift cipher is a special case of substitution cipher

Substitution cipher is to substitute one thing for

another

Monoalphabetic cipher: substitute one letter for another

Key: the mapping from the set of 26 letters to the set of 26

letters

17

Substitution cipher

Monoalphabetic cipher: substitute one letter for

another

Alice: Hello Bob

Ciphertext: ACGGK NKN

18

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

Vigenere Cipher

The Vigenere Cipher

Construct a table (the Vigenere tableau)

Each row in table is a different shift (alphabet)

Why shift cipher instead of monoalphabetic

substitution?

Sender and receiver agree on sequence of rows

Helps to disguise patterns

19

Vigenere Cipher0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z1 B C D E F G H I J K L M N O P Q R S T U V W X Y Z A2 C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

3 D E F G H I J K L M N O P Q R S T U V W X Y Z A B C4 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D5 F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

6 G H I J K L M N O P Q R S T U V W X Y Z A B C D E F7 H I J K L M N O P Q R S T U V W X Y Z A B C D E F G8 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

9 J K L M N O P Q R S T U V W X Y Z A B C D E F G H I10 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J11 L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

12 M N O P Q R S T U V W X Y Z A B C D E F G H I J K L13 N O P Q R S T U V W X Y Z A B C D E F G H I J K L M14 O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

15 P Q R S T U V W X Y Z A B C D E F G H I J K L M N O16 Q R S T U V W X Y Z A B C D E F G H I J K L M N O P17 R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

18 S T U V W X Y Z A B C D E F G H I J K L M N O P Q R19 T U V W X Y Z A B C D E F G H I J K L M N O P Q R S20 U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

21 V W X Y Z A B C D E F G H I J K L M N O P Q R S T U22 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V23 X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

24 Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

25 Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

20

Vigenere Cipher

The Vigenere Cipher

Alice and Bob agree on {5, 19, 7, 11, 21} as key

In encryption:

Encrypt letter 1 with row 5








21

Vigenere Cipher

Encrypt “superbowl” with K={5, 19, 7, 11, 21}

Letter 1: S X

22

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

2 C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

3 D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

4 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

5 F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

6 G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

7 H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

8 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

9 J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

10 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

11 L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

12 M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

13 N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

14 O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

15 P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

16 Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

17 R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

18 S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

19 T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

20 U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

21 V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

22 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

23 X Y Z A B C D E F G H I J K L M N O P Q R S T U V W



Vigenere Cipher


X

Letter 2: U N

23



























Vigenere Cipher


XN

Letter 3: P W

24



























Vigenere Cipher


XNW

Letter 4: E P

25



























Vigenere Cipher


XNWP

Letter 5: R M

26



























Vigenere Cipher

Rows: letters, not numbers

Key: a phrase

27

a A B C D E F G H I J K L M N O P Q R S T U V W X Y Zb B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ac C D E F G H I J K L M N O P Q R S T U V W X Y Z A Bd D E F G H I J K L M N O P Q R S T U V W X Y Z A B Ce E F G H I J K L M N O P Q R S T U V W X Y Z A B C Df F G H I J K L M N O P Q R S T U V W X Y Z A B C D Eg G H I J K L M N O P Q R S T U V W X Y Z A B C D E Fh H I J K L M N O P Q R S T U V W X Y Z A B C D E F Gi I J K L M N O P Q R S T U V W X Y Z A B C D E F G Hj J K L M N O P Q R S T U V W X Y Z A B C D E F G H Ik K L M N O P Q R S T U V W X Y Z A B C D E F G H I Jl L M N O P Q R S T U V W X Y Z A B C D E F G H I J Km M N O P Q R S T U V W X Y Z A B C D E F G H I J K Ln N O P Q R S T U V W X Y Z A B C D E F G H I J K L Mo O P Q R S T U V W X Y Z A B C D E F G H I J K L M Np P Q R S T U V W X Y Z A B C D E F G H I J K L M N Oq Q R S T U V W X Y Z A B C D E F G H I J K L M N O Pr R S T U V W X Y Z A B C D E F G H I J K L M N O P Qs S T U V W X Y Z A B C D E F G H I J K L M N O P Q Rt T U V W X Y Z A B C D E F G H I J K L M N O P Q R Su U V W X Y Z A B C D E F G H I J K L M N O P Q R S Tv V W X Y Z A B C D E F G H I J K L M N O P Q R S T Uw W X Y Z A B C D E F G H I J K L M N O P Q R S T U Vx X Y Z A B C D E F G H I J K L M N O P Q R S T U V Wy Y Z A B C D E F G H I J K L M N O P Q R S T U V W Xz Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Vigenere Cipher

Encrypt “JAYHAWK” with “EECS”

N

28


Vigenere Cipher


NE

29


Vigenere Cipher


NEA

30


Vigenere Cipher


NEAZ

31


Vigenere Cipher


NEAZE

32


Vigenere Cipher


NEAZEA

33


Vigenere Cipher


NEAZEAM

34


Transposition Ciphers

We have covered substitution ciphers

Another major topic in classical cryptography

Rearrange the plaintext to get ciphertext

Example:

P = BOREDOM

C = MOODERB

35

Combinations of Approaches

It is not too difficult to break basic substitutions and

basic permutations

Use a combination of the two → product cipher

Substitution adds confusion

Transposition adds diffusion

36


Confusion and Diffusion

Claude Shannon (“father of information theory”):

Communication Theory of Secrecy Systems, 1949.

Shannon Secrecy

P (M = m | E(K, m) = c) = P (M = m)

Probability of guessing the plaintext knowing the ciphertext =

probability of guessing plaintext without knowing ciphertext.

P ( E(K, m) = c) = P ( E(K, m’) = c)

Probability of any message giving a ciphertext is the same

37


Confusion and Diffusion

Confusion: make the relationship between the plaintext and

the ciphertext (or the ciphertext and the key) as complex as

possible.

Use the key in a very complex way.

Diffusion: dissipate the statistical structure of the plaintext in

the long range statistics of the ciphertext.

Have many plaintext characters (bits) affect each ciphertext

character (bit)

38

Stream and Block Ciphers

Stream ciphers

encrypt one symbol (bit, letter) at a time

encrypt the ith symbol with the ith part of the keystream

Block ciphers

Encrypt larger blocks of plaintext

Encrypt all blocks with the same key

E.g. the transposition cipher example:

Encrypt 4 letters at once

Cannot just encrypt letter 1 – need to wait for

the other letters in the block.

39

Stream and Block Ciphers

Stream ciphers

Advantages: fast; low error propagation

Disadvantages: low diffusion; vulnerable to insertions and

modifications

Block ciphers

Advantages: high diffusion; more immunity to insertion

Disadvantages: slower; error propagation

40

Introduction to DES

Early 70s: non-military crypto research was very

unfocused

1972: National Bureau of Standards (now NIST)

wanted a crypto algorithm which is:

secure

open

efficient

useful in diverse applications

First open solicitation: May 1973

Second solicitation: August 1974

41

Introduction to DES

In response to NBS’s second solicitation, IBM

submitted Lucifer

DES based on Lucifer

DES first published in 1975, seeking public

comments.

DES became a federal standard in 1976

…

26 years!

…

DES was superseded by AES in 2002

42

Introduction to DES

DES: Data Encryption Standard

Block cipher. 64-bit blocks

same algorithm used for encryption and decryption

56-bit keys (effective key length: 56!!)

represented as 64-bit

but every 8th bit is for parity only

symmetric: receiver uses same key to decrypt

43

Introduction to DES

DES: Data Encryption Standard

Uses basic techniques of encryption. Provides

confusion (substitutions)

diffusion (permutations)

Same process 16 times/block

Uses standard arithmetic and logical operators

efficient hardware implementations

44

DES

Strength of DES

Key length: 56-bits.

Brute force attacks!!

DES Challenge: 56-bit-key-encrypted phrase decrypted

July 17, 1998, the EFF DES Cracker, which was built for less

than $250,000 < 3 days

January 19, 1999, Distributed.Net (w/EFF), 22 hours and 15

minutes (over many machines)

Now: with commercially available devices: < 1 day

We all assume that NSA and agencies like it around the

world can crack (recover key) DES in milliseconds

45

DES

Multiple Encryption with DES

Triple DES

Encrypt the plaintext three times

With two (or three) different DES keys

Key length increases to 112 bits (or 168 bits)

for each block:

encrypt with key 1

decrypt with key 2 (this doesn’t really decrypt the message!)

encrypt with key 1

If one key is used, it’s equivalent to doing DES once.

46

AES: Advanced Encryption Standard

DES cracked, replacement needed

Triple-DES – slow, has small blocks

NIST issued call for ciphers in 1997

private key symmetric block cipher

128-bit data, 128/192/256-bit keys

stronger & faster than Triple-DES

provide full specification & design details

Secure for next 50-100 years

Advanced Encryption Standard

NIST have released all submissions & unclassified

analyses

15 candidates: 1998

5 finalists: 1999

MARS (IBM) - complex, fast, high security margin

RC6 (USA) - v. simple, v. fast, low security margin

Rijndael (Belgium) - clean, fast, good security margin

Serpent (Euro) - slow, clean, v. high security margin

Twofish (USA) - complex, v. fast, high security margin

Advanced Encryption Standard

Winner: Rijndael

Vincent Rijmen and Joan Daemen

Rijndael. A variant of Square, the chief drawback

to this cipher is the difficulty Americans have

pronouncing it.

Bruce Schneier

NIST estimated that a machine that could

break a 56-bit DES key in 1 second would

take 149 trillion years to crack a 128-bit AES

key

AES (Rijndael) Overview

AES (Rijndael) Overview

Block size: 128 bits

In each round

SubBytes: non-linear byte substitution

ShiftRows: circular byte shift in each row

MixColumns: add diffusion

AddRoundKey

State array

“State” of machine given by 4x4 array of bytes.

Block size: 128 bits = 16 bytes.

AES: SubBytes

Change each byte of state with corresponding byte from

SBOX matrix: SBOX [X,Y]

Non-linear, based on polynomial arithmetic

AES: SubBytes

Example:

S1,1 = 9A

S’1,1 = value at row 9 and column A (10)

AES: ShiftRows

1st row is unchanged

2nd row does 1 byte circular shift to left

3rd row does 2 byte circular shift to left

4th row does 3 byte circular shift to left

AES: MixColumns

each column is processed separately

each byte is replaced by a value dependent on all 4

bytes in the column

S’0,0=2S0,0+3S1,0+1S2,0+1S3,0

AES: AddRoundKey

XOR state with 128-bits of the round key

again processed by column (though effectively a

series of byte operations)


DES

AES

Secure (at least for now)

Efficient

Applicable in a wide range of applications

58


Two difficult problems associated with the secret-key

cryptosystem:

How to provide non-repudiation?

Need to uniquely identify an entity

59


Two difficult problems associated with the secret-key

cryptosystem:

How to securely distribute secret keys?

Which key to use? How to obtain the key securely?

Pre-load keys are used in many applications, e.g., at sensor

nodes

However, risk exists if keys are stolen

We need to pre-load many keys…

60

Key Distribution/Agreement

Key Distribution

The process to assign and transfer keys to a participant

Key Agreement

The process whereby two (or more) parties negotiate a key

As part of communication: SKIP

Typically, key distribution/agreement occurs in

conjunction with or after authentications.

61

Diffie-Hellman Key Agreement

Diffie and Hellman: important breakthrough in 1976,

Started the modern age of cryptography

Enable negotiation of a secret over an insecure media

Idea: participants exchange intractable puzzles that can

be solved easily with additional information.

Mathematics are very deep

Asymmetric Encryption

Public Key Cryptography

Public key: anyone can know

Private key: only known to the owner

The keys are inverses of each other:

Anything encrypted with your public key can only be decrypted with

your private key; it cannot be decrypted by your public key!

Anything encrypted with your private key can only be decrypted

with your public key; it cannot be decrypted with your private key!!

plaintextciphertext

Kpub

encryption

algorithm

decryption

algorithm

Kpri

plaintext

message, m E(Kpub,m) D(Kpri,E(Kpub,m))

RSA

Diffie-Hellman key exchange (1976)

2015 Turing Award

Rivest (MIT), Shamir (Weizmann Institute), and

Adleman (USC) published RSA

asymmetric encryption

scheme in 1978

2002 Turing Award

64

RSA

RSA Key generation

Select two large primes p and q; (p != q)

Calculate n = pq

Calculate φ(n) = (p-1)(q-1)

Euler's totient function.

Select a random integer e, 1<e<φ(n), and e is relatively

prime to φ(n): gcd(e, φ(n))=1

Compute d, 1<d<φ(n), and d ≡ e-1 mod φ(n)

de≡ 1 mod φ(n)

Public key: <e, n>

Private key: <d, n>

Note: p, q, and φ(n) should be thrown away!

65

RSA

RSA Key generation

Calculate φ(n) = (p - 1)(q - 1)

Euler's totient function.

φ(n): number of positive integers less than or equal to n that

are relatively prime to n.

When n=pq, and both p and q are prime numbers: φ(n)=(p-

1)(q-1)

When n is large, it’s hard to compute φ(n) for an arbitrary n.

No easier than factoring n

66

RSA

RSA Encryption

Given: message m, 0<m<n, public key <e, n>

Compute c = me mod n

RSA Decryption

Given: ciphertext c, and private key <d, n>

Compute m = cd mod n

Actually: cd mod n = m mod n

67

RSA

Cryptanalysis

RSA is thought to be secure because:

to find d (inverse of e mod φ(n))

need to know φ(n)

given n it's very difficult to find φ(n)

thought to be no easier than factoring n

Quantum computers and Shor’s algorithm?

Note: when p and q are 100 decimal digits

n is about 200 decimal digits

millions of years of computer time needed to factor

68

RSA

Cryptanalysis

Textbook RSA vs. Public-Key Cryptography Standards

(PKCS)

2003: Timing attack on OpenSSL

Problem with protocol, not really RSA itself.

2012: “Ron is wrong, Whit is right”

A paper by Arjen Lenstra, James Hughes, et al

“Public keys are shared among unrelated parties”

12,720 out of 6.4 million certificates “offer no security”.

Again, problem with RSA implementation.

69

RSA

Problems with RSA

Key distribution still a problem

Proving to whom a key belongs

How does Bob know if the public key really

belongs to Alice?

How do you know if you are using the public

key of Chase Bank, not “Cheat Bank”?

Mallory could hand you a public key and claim it

Alice’s…

70

RSA

Problems with RSA

Key distribution still a problem

Slow

Look at the operations!

keys must be much longer than symmetric keys

to provide the same degree of security

RSA – size of message to be encrypted is

limited by n.

71

RSA

Hybrid scheme (public + session key)

Public key crypto is slow

Symmetric key is fast but key distribution problem

solution:

Create a symmetric key called session key

Encrypt the data with the session key

Encrypt the session key with the receiver’s

public key

72

Introduction to Cryptography - Jayhawk SFS

Documents

Transcript of Introduction to Cryptography - Jayhawk SFS