Robert oatesnottinghamacuk Concepts of Cryptology Robert Oates 1 An Introduction to Cryptology An Introduction to Cryptology Topics Covered Concepts of Cryptology Robert Oates 2 Concepts of Cryptology ID: 469861
Download Presentation The PPT/PDF document "Robert Oates" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Robert OatesRobert .oates@nottingham.ac.uk
Concepts of Cryptology
Robert Oates
1
An Introduction to Cryptology
An Introduction to CryptologySlide2
Topics Covered
Concepts of Cryptology
Robert Oates
2
Concepts of Cryptology
The Mathematics of Cryptology
Algorithms and Mechanisms
Integrity Checking
Digital Signatures
Encryption
Assessment of Algorithms and MechanismsSlide3
Definitions
Concepts of Cryptology
Robert Oates
3
CryptographyThe sending and receiving of secret messages
Cryptanalysis
The interception and analysis of secret messages
Cryptology
All of the aboveSlide4
The Important Message
Concepts of Cryptology
Robert Oates
4
CRYPTOLOGY
IS
NOT
SECURITYSlide5
The Communication Model
Concepts of Cryptology
Robert Oates
5
Alice
Bob
EveSlide6
All About Eve
Concepts of Cryptology
Robert Oates
6
Objectives
Read messages
Edit Messages
Write messages
Countermeasures
Encryption
Integrity Checking
Origin CheckingSlide7
The Computer Security Model
Concepts of Cryptology
Robert Oates
7
Customer
Merchant
TTP
LEASlide8
Cryptography Paradigms
Concepts of Cryptology
Robert Oates
8
SECRET
PROCESSSlide9
The Failure of the Secret
Concepts of Cryptology
Robert Oates
9
Who verifies that your technique is strong enough?
What happens if someone reverse engineers/sells your process?Slide10
The New Paradigm
Concepts of Cryptology
Robert Oates
10
Known
processSlide11
Keys and Strength
Concepts of Cryptology
Robert Oates
11
“Security is as strong as its weakest link” – Bruce
Schneier
Keys vary in strength
Algorithms vary in strength
“Brute Force” attacksSlide12
Key Management
Concepts of Cryptology
Robert Oates
12
Where do we generate keys?How do we generate keys?
Where are keys stored?
How do we transport keys?
Where are keys used?
How are keys revoked and replaced?Slide13
Modulus Mathematics
0
C-1
1
C = 7
3
4
5
2
6
A = 0
B
A = 1A = 7A = 10Slide14
Modulus
The Mathematics of Cryptology
Robert Oates
14
The modulus of a number
A
≡
B mod C
A % C = BSlide15
Properties of the Modulus
The Mathematics of Cryptology
Robert Oates
15
Let
a
1
≡ b
1
mod C
a2 ≡ b2 mod CThen
a1 + a
2 ≡ b1 + b2 (mod C)a1a2 ≡ b1b2 (mod C)Slide16
Properties of Modulus
Constrained to integers so division is complexLet’s define division as the opposite of multiplication
If f = 1/e (mod C) then e*f (mod C) = 1
If multiple solutions exist for 1/e the division is undefined like X/0 in regular mathematicsSlide17
Modular Division Example
f = 1/3 (Mod 7)So 3f(Mod 7) = 1
Possible values of f:0, 0(Mod 7) = 0
1, 3(Mod 7) = 32, 6(Mod 7) = 63, 9(Mod 7) = 24, 12(Mod 7) = 5
5, 15(Mod 7) = 16, 18(Mod 7) = 4
So f = 1/3 (Mod 7) = 5Slide18
Undefined Modular Division
What aboutf=5/5 (Mod 10)
5f (Mod 10) = 50, 0 (Mod 10) = 0
1, 5 (Mod 10) = 52, 10(Mod 10) = 03, 15 (Mod 10) = 54, 20 (Mod 10) = 0
EtcUndefined – too many answers!
There are cases where there are no answers!Slide19
Primes and Modulus
The Mathematics of Cryptology
Robert Oates
19
Let p be a prime numberLet a be an integer
iff
a
≢
0 mod p
There is always another integer
d such that:
a.d
= 1 mod pWhich means that modular division is always defined for primesSlide20
Modulus Mathematics
0
1
C = 7
3
4
5
2
6
B
a = 3
d
= 1d = 2d = 3d = 4d = 5Slide21
Fermat’s Little Theorem
The Mathematics of Cryptology
Robert Oates
21
iff a
≢
0 mod p
a
p-1
= 1 mod p
This yields a good way of testing if a number is prime
If you calculate a
p-1 (mod p) for a series of numbers if there are no 1’s it probably isn’t prime!Slide22
Hash Functions
The Mathematics of Cryptology
Robert Oates
22
x
Any number of bits
h(x)
Set length of N bits
HASH
FUNCTIONSlide23
Properties of Hash Functions
The Mathematics of Cryptology
Robert Oates
23
CompressionNo matter how long the input is, the output has the same lengthEase of computability
Given x, it should be easy to find h(x)
Collisions
It should be “computationally infeasible” to find collisionsSlide24
The Birthday Paradox
The Mathematics of Cryptology
Robert Oates
24Slide25
Properties of Hash Functions
The Mathematics of Cryptology
Robert Oates
25
Given a hash function that produces N bit hashesIf you generate around 2N/2
random inputs, you are likely to find a collisionSlide26
Properties of Hash Functions
The Mathematics of Cryptology
Robert Oates
26
Preimage ResistanceGiven y, it should be “computationally infeasible” to find x to satisfy:
h(x) = y
Second
Preimage
Resistance
Given x and h(x) it should be “computationally infeasible” to find x’ to satisfy
h(x) = h(x’)Slide27
Properties of Hash Functions
The Mathematics of Cryptology
Robert Oates
27
Collision ResistanceIt should be “computationally infeasible” to find any x and x’ that satisfy:h(x) = h(x’)Slide28
Integrity CheckingAlgorithms and Mechanisms
Robert Oates
28
MDCs
Manipulation Detection CodesModification Detection CodesMessage Integrity Codes
Clean Environment
h(x
1
)
h(x
2
)
h(x3)…h(xn)Slide29
MDCsAlgorithms and Mechanisms
Robert Oates
29
The MDC is often referred to as:
Hash valueMessage DigestChecksum
Not a CRCSlide30
The Story So Far…
Concepts of Cryptology
Robert Oates
30
Cryptology paradigmsThe SecretThe KeyCryptology as a tool – not a guarantee
Modulus Mathematics
Fermat’s Little Theorem
Hash functions and their properties
Message DigestsSlide31
A Naïve Hash Function
Algorithms and Mechanisms
Robert Oates
31
h(x) = gx mod p
Where p is a random prime and g is a random non-factor of pSlide32
Algorithms and Mechanisms
Robert Oates
32
An Advanced Hash Function
X
1
X
2
X
3
X
n
Xh(0)ffff
h
mSlide33
Hash Algorithms
Algorithms and Mechanisms
Robert Oates
33
SHA-1MD4MD5RIPE-MD
Consult the course text for details of SHA-1
512bit Blocks
160bit hash valuesSlide34
Message Authentication
Algorithms and Mechanisms
Robert Oates
34
MACMessage Authentication CodesRelated to MDCs but require an input message AND a key, k
HMAC(x) = h(k||h(k||x))
Where k is padded out to ensure that it is the
length required by the hash functionSlide35
Message Authentication
Algorithms and Mechanisms
Robert Oates
35
Alice
Bob
Eve
HMAC
h(message)Slide36
Message Authentication
Algorithms and Mechanisms
Robert Oates
36
Alice
Bob
Eve
h(message)Slide37
Digital Signatures
Algorithms and Mechanisms
Robert Oates
37
MACs verify:A message has not been tampered withA message has been written by ONE of the key holders
THIS IS NOT ENOUGH!Slide38
Digital Signatures
Algorithms and Mechanisms
Robert Oates
38
Merchants forging ordersCustomers forging receiptsWe need to verify EXACTLY who wrote whatSlide39
Digital Signatures
Algorithms and Mechanisms
Robert Oates
39
Signer
Verifier
Document
Document
Private
Signature key
Public
verification key
HashSignHashVerify
Document
SignatureSlide40
One-time Signatures
Algorithms and Mechanisms
Robert Oates
40
These are “disposable signatures” that are used once and thrown out
Document
Private Key
x
0
x
1
x
2x3x4x5x6x7
x8
x9
x
10
x11
1
0
1
1
0
1
N bits
2N Values
Public Key
h(x
0
)
h(x
1
)
h(x
2
)
h(x
3
)
h(x
4
)
h(x
5
)
h(x
6
)
h(x
7
)
h(x
8
)
h(x
9
)
h(x
10
)
h(x
11
)Slide41
One-time Signatures
Algorithms and Mechanisms
Robert Oates
41
These are “disposable signatures” that are used once and thrown out
Document
1
0
1
1
0
1
Private Keyx0x1x
2
x3
x
4
x
5
x6
x
7
x
8
x
9
x
10
x
11Slide42
One-time Signatures
Algorithms and Mechanisms
Robert Oates
42
These are “disposable signatures” that are used once and thrown out
Document
1
0
1
1
0
1
Private Keyx0x1x2
x
3
x
4
x
5
x6
x
7
x
8
x
9
x
10
x
11Slide43
One-time Signatures
Algorithms and Mechanisms
Robert Oates
43
These are “disposable signatures” that are used once and thrown out
Document
1
0
1
1
0
1
Private Keyx0h(x1)h(x
2)
x3
x
4
h(x
5)
x
6
h(x
7)
h(x
8)
x9
x
10
h(x
11
)
x
1
x
2
x
5
x
7
x
8
x
11
x
1
, x
2
, x
5
, x
7
, x
8
, x
11
Document SignatureSlide44
One-time Signatures
Algorithms and Mechanisms
Robert Oates
44
These are “disposable signatures” that are used once and thrown out
Document
1
0
1
1
0
1
Signatureh(x11)x1x2
x5
x7
x
8
x11
Public Key
h(x
0)
h(x
1)
h(x
2)
h(x3)
h(x
4)
h(x
5
)
h(x
6
)
h(x
7
)
h(x
8
)
h(x
9
)
h(x
10
)
h(x
11
)Slide45
EncryptionAlgorithms and Mechanisms
Robert Oates
45
Protecting the confidentiality of data
X is the plaintexteK(X) is the encrypted text, using key KdK(Y) is the decryption of ciphertext Y using key KSlide46
Public Key Encryption
There are a huge number of encryption algorithmsMost public key encryption relies on a similar core principal
This is a simplified version of RSA which communicates the core ideasSlide47
Public Key Encryption
How can we make our key and algorithm public without others intercepting all our messages?Two magic equations from Number TheorySlide48
Public Key Encryption Example
Let’s send and receive a secret messageGenerate the receiver’s private keys, p & q
11, 17
Generate a public key N 11 x 17 = 187
The sender then encrypts the message, using the public key and the first equation.
We’ll send the letter ‘X’ (ASCII 88)Slide49
Public Key Decryption
We can now use the second equation to decrypt the messageSlide50
Feistal NetworksAlgorithms and Mechanisms
Robert Oates
50
Many cryptography schemes are based on Feistal NetworksSlide51
Feistal NetworksAlgorithms and Mechanisms
Robert Oates
51
*taken from Wikipedia!Slide52
Feistal NetworksAlgorithms and Mechanisms
Robert Oates
52
F
EXOR – Mixes the input
signals
Substitution – Replaces some bits with new values
Permutation
– Swaps some of the values around
DESSlide53
Assessment of Mechanisms
Assessment of Mechanisms
Robert Oates
53
There are no hard and fast rules for determining the security of an algorithmSlide54
EncryptionAlgorithms and Mechanisms
Robert Oates
54
There are different ways of describing encryption algorithms
Symmetry
Determinism
Fixed Length
Asymmetrical
Symmetrical
Block Ciphers
Stream Cipher
Deterministic
ProbabalisticSlide55
Assessment of Mechanisms
Assessment of Mechanisms
Robert Oates
55
RC4
MD5
SHA-1
SHA2-512
AES
DES
7-8
7-8
158325-3060AlgorithmCycles/byteSlide56
Assessment of Mechanisms
Assessment of Mechanisms
Robert Oates
56
In general algorithms are:Empirically
Secure
An algorithm that has been out in the wild for a long time without failure. Theoretical weaknesses exist – but no attacks have been successfully executedSlide57
Assessment of Mechanisms
Assessment of Mechanisms
Robert Oates
57
In general algorithms are:Provably Secure
Breaking the algorithm has been shown to be equivalent to another problem that we already know is hard! Examples include some games and many optimisation problems.
These are generally breakable – given enough time and resourcesSlide58
Assessment of Mechanisms
Assessment of Mechanisms
Robert Oates
58
In general algorithms are:Unconditionally Secure
Algorithms that are totally secure – if used properly!Slide59
Assessment of Mechanisms
Assessment of Mechanisms
Robert Oates
59
Mechanisms are only as strong as their users!Insider Attacks
Statistical Analysis
Stupidity!