Download - Cryptography
-
Cryptographic
Algorithms
14th May 2012
P.R.Lakshmi Eswari
e-Security Team
C-DAC Hyderabad
-
Network Security
What is it ?
Why do we need it ?
How is it provided ?
-
Normal Flow
Network Security Issues
-
Normal Flow
Interruption
Network Security Issues
-
Normal Flow
Modification
Interruption
Network Security Issues
-
Normal Flow
Modification Interception
Interruption
Network Security Issues
-
Normal Flow
Fabrication
Modification Interception
Interruption
Network Security Issues
-
Normal Flow
Fabrication
Modification Interception
Interruption
Get it?
Repudiation
No!
No!
Sent it?
Network Security Issues
-
Requirement
Fabrication
Modification Interception
Get it?
Repudiation
No!
No!
Sent it?
Availability
Network Security Services
-
Requirement
Fabrication
Interception
Get it?
Repudiation
No!
No!
Sent it?
Availability
Integrity
Network Security Services
-
Requirement
Fabrication
Get it?
Repudiation
No!
No!
Sent it?
Availability
Integrity Confidentiality
Network Security Services
-
Requirement
Get it?
Repudiation
No!
No!
Sent it?
Availability
Integrity Confidentiality
Authenticity
Network Security Services
-
Requirement
Availability
Integrity Confidentiality
Authenticity Non Repudiation
Network Security Services
-
Security Mechanisms
Confidentiality - Encryption
Integrity - Hashing
Authentication - Digital Certificates
Non-Repudiation - Digital Signatures
-
Cryptographic Algorithms
Types of Cryptographic algorithms
Secret key cryptography or Symmetric Key
Public key cryptography or Asymmetric Key
Hash functions
-
Symmetric Cryptography
-
Asymmetric Cryptography
-
Types of Cryptosystems
Secret Key or Symmetric Cryptography
DES, IDEA, AES etc
Advantages: fast, cipher text secure
Disadvantages: must distribute key in advance, key must not be divulged
Public-key or Asymmetric Cryptography
RSA, Diffie-Hellman key agreement protocol etc Advantages: public key widely distributable, does digital
signatures
Disadvantages: slow
-
Secret Key Algorithms
Encryption
algorithm
Decryption
algorithm
Shared Secret Key
Plain text
input
Plain text
output Transmitted
Cipher text
Confidentiality
-
Secret Key Encryption
Block Cipher: Operates on a block of
message or plaintext at a time
Ex: DES, IDEA)
Types
-
Data Encryption Standard (DES)
Permutation
Permutation
Swap
Round 1
Round 2
Round 16
Generate keys
Initial Permutation
48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
64-bit Output
48-bit K1 64-bit Input 56-bit Key
-
Triple DES
Uses 3 keys and 3 executions of DES algorithm.
Encrypt
Encryption
Decryption
Decrypt Encrypt
Decrypt Encrypt Decrypt
Plain
text
Cipher
text
Cipher
text Plain
text
Key1 Key2 Key3
Key3 Key2 Key1
Secret Key Encryption
-
Other Secret key algorithms
IDEA (International Data Encryption Algorithm)
128 bit key, 8 rounds
Blowfish
Variable key length. (up to 448 bits). Generally 128 bit key used. 16 rounds.
Easy to implement and high execution speed.
Secret Key Encryption
-
Other Secret key algorithms
CAST 128
Key size between 40 and 128 bits.
F varies from round to round.
AES (Advanced Encryption Standard)
Variable block length (128, 192, 256 bits)
Variable key length (128, 192, 256 bits)
Ease of implementation in software and hardware.
Secret Key Encryption
-
Stream Cipher
A pseudo random no. generator
continuously generates bits known as
running key or keystream.
xoring the keystream to the plain text
produces the cipher text.
e.g. RC4, SEAL, A5/1 (used in GSM)
Secret Key Encryption
-
Stream Cipher
Keystream
generator +
+ Keystream generator
key
key
plaintext
ciphertext
plaintext
ciphertext
Encryption
Decryption
Keystream Generator is a pseudo random generator like linear feedback shift register
Secret Key Encryption
-
Key Distribution
Symmetric schemes require both parties to
share a common secret key
Issue is how to securely distribute this key
Often secure system failure due to a break in
the key distribution scheme
-
Public Key Cryptography
Uses two keys: private & public
Used for
Confidentiality
Authentication
Key distribution
-
The sender encrypts using public key of
receiver
Only the receiver can decrypt the cipher
message with his private key
Public Key Cryptography
Confidentiality
-
Public Key Algorithms
Encryption
algorithm
Decryption
algorithm
Plain text
input
Plain text
output
Transmitted
Cipher text
Private Key
Public key ring
Confidentiality
-
RSA
Key Generation
Calculate n = p x q
Calculate (n) = (p-1)(q-1)
Select integer e such that e is relatively
prime to (n)
Calculate d = e-1mod (n)
(d = multiplicative inverse of e)
Public Key = {e, n} Private Key = {d, n}
Public Key Cryptography
-
Encryption
Plaintext M < n
Cipher text C = Me(mod n)
Decryption
Cipher text C
Plaintext M = Cd(mod n)
Public Key Cryptography
RSA
-
Strength of Cryptographic Algorithms
Identify the weakest links
Key length: key can be broken by brute force attack.
For a 32 bit key max. possible combinations is 232.
Hence size of key is crucial.
Symmetric algorithms: key sizes currently used is 128 bits
Public key algorithms: require much larger key sizes since
an extra structure i.e. public key is available to
cryptanalyst. Hence keys with 1024 bits and more are
safer.
Cryptography
-
Public Key Algorithms
Encryption
algorithm
Decryption
algorithm
Plain text
input
Plain text
output
Transmitted
Cipher text
Private Key
Public key ring
Authentication
-
Public Key Algorithms
Encryption
algorithm
Decryption
algorithm
encrypted
key
Private Key
Session
key
Shared
session
key
Public key ring
Key Exchange
-
Enables 2 users to exchange a secret key
securely that can be used for subsequent
encryption of messages.
If p is prime no., its primitive root a is such
that a mod p, a2 p-1 mod p are
distinct integers from 1 to p-1 in some
permutation.
Key Management
Diffie-Hellman Key Exchange
-
Diffie Hellman key exchange
User A User B
prime p
Public key
pk1 = xmod p
Public key
pk2 = ymod p
pk1 pk2
Public Key Cryptography
random no. x random no. y
Secret Key
K = pk2xmod p
= xymod p
Secret Key
K = pk1ymod p
= xymod p
primitive root
prime p
primitive root
