its 451 – crypto basics1 cryptography. its 451 – crypto basics2 a simple example… text: u-m...

ITS 451 – Crypto Basics

1

Cryptography


2

A simple example…• Text: U-M• ASCII Encoded:

01010101 00101101 01001101

• “Encoding” refers to convenient reformatting.

• No secrecy here. Call it plaintext.• Let’s “Encrypt” it, i.e. hide its

meaning from nosy 3rd parties.


3

A simple example…• Let’s generate 24 random bits, call it a

key.– Say, by coin flips. – Tails 1. Heads 0

-------- -------- --------

01010101 00101101 01001101

• For each bit, if the same, result is 0. If they’re different, result is 1. This is the XOR (exclusive OR) function.


4

A simple example…_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

• The result is an encrypted string. Call it ciphertext.

• This simple XOR method is unbreakable.– Even by the CIA or NSA or Microsoft.– Even by the most hard working

hacker.

•IF…


5

Simple XOR• To decrypt, need to know:

– That simple XOR is in use.– The key pattern.

• Strength of the system depends on:– Secrecy of the key


6

Encryption

• Generally, you need to understand the process and have the key.

• In the Practical Cryptography’s notation:c := E(Ke, m)

Plaintext EncryptionProcess

Ciphertext

Key


7

Decrypting• Undoing the encryption is easy for

this simple example.-------- -------- --------

-------- -------- --------

Once more: For each bit, if the same, result is 0. If they’re different, result is 1. This is the XOR (exclusive OR) function.


8

Decryption

PlaintextDecryptionProcess

Ciphertext

Key

• Generally, you need to understand the encryption method and have the key.

• In the Practical Cryptography’s notation:m := D(Ke, c)

• We have assumed the same key is used for encryption and decryption.


9

Secrecy of XOR Example?

• Unbreakable, if:– Key remains secret– Key never reused


10

SKE

• Using the same key for both encryption and decryption is called SKE:– Symmetric Key Encryption– Secret Key Encryption


11

SKE – The Whole Thing


Ciphertext

Plaintext DecryptionProcess

Ciphertext

Transmission

Key

Key


12

PCs Changed The World• Evolution of encryption methods:

– Pencil & paper– Machines, e.g. German Enigma– Computers, e.g. PC

• Computers allow much more sophisticated methods.

• Internet allows rapid dissemination of information, including computer code, algorithms, commentary, and analysis.


13

Kerckhoffs’ Principle

•Genuine security lies in keeping the key secret, not in keeping the process secret.

• Why?– Public algorithms have public

analysis.– Weaknesses are publicly exposed.

• Analogous to open source software.• This is a machine era notion.


14

How can I attack SKE?•For any encryption scheme there are

two strategies: Brute Force and Analytic Attacks.

•Brute Force– I know the algorithm, so I just try

different keys until I get lucky.–Highly dependent on machine

power.»The bigger the “key space” the

more tries it takes to get lucky.


15

Moore’s Law• Often quoted as “Computers double in

speed every two years.”– Gordon Moore noted exponential

growth in the # of transistors per integrated circuit.

– 1965• A brute force attack that takes 8 days

with current technology will take 4 days in two years…?!?– Practical Cryptography suggests 50-

year horizon…


16

“Computationally Impractical”

• You know what to do and can write a program to do it, but the program takes so long to run that it’s effectively useless.


17

Analytic Attack

• Instead of systematically trying all the keys, we attempt to determine the key based on:– The ciphertext– What we know about the

plaintext– What we know about the

algorithm


18

Symmetric Key Encryption


Ciphertext


Ciphertext

Transmission

Key

Key


19

The Problem with SKE• The intended recipient must know

the process and have the key.• A cracker seeks these, too.• The problem, then, is to get the

key to the recipient.– Worse if you communicate with

many people!

•The Key Distribution Problem


20

Some Key Distribution Solutions

• “One time pads.”– Run out eventually.

• Keep using the same key.– Every transmission provides

data for crackers.• Transmit new keys using old keys.

– Or have a special key used only for transmission of new keys.


21

Some Key Distribution Solutions

• Couriers– Can be intercepted/bribed.

• Algorithmic key construction– Key based on day of month– Key based on readily available data

»from newspapers? radio broadcast?

• Special hardware for key construction


22

Gotcha• If the key is secret, SKE can be

made very secure.– long keys– complex processes

• Weakness is the necessity to distribute the key.


23

SKE & Big Five Attributes of Security

• Availability – Need to make sure algorithm isn’t too computationally onerous.

• Integrity – Will mostly handle separately.

• If key uncompromised & algorithm chosen well:– Confidential – Sure.– Authenticated – Sure. – Non-repudiated – Sure.


24

PKE - Public Key Encryption• Suppose we could encrypt and decrypt

with different, but uniquely corresponding keys.

• The public key is public – – Hand it out freely– Post it on web– Email it to your friends

• The private key is private –– Guard it closely.

• aka Asymmetric Key Encryption


25

PKE, More Formally• The ciphertext is based on the

recipient’s public key:

– c := E(PBob, m)

• The decryption process uses the recipient’s private key:

– m := D(SBob, c)

• This means:

– m = D(SBob, E(PBob, m)) Always.


26

PKE, Graphically


Ciphertext


Ciphertext

Transmission

PublicKey

PrivateKey


27

The Secrecy Here . . .• . . . is in the keys.• Usually the processes themselves

are publicly available.• Most commonly used:

– RSA»Rivest, Shamir and Adleman


28

Message Authentication• You can encrypt using either key

of the pair. You then decrypt with its partner.

• If you can decrypt using my public key, the encryption must have been done with my private key.

• If I can decrypt using my private key, the encryption must have been done with my public key.


29

Hash Functions

• Consider this text: “John went to OSU.”

• Count the occurrences of the letters.

• a b c d e f g h i j k l m n


30

Another simple example…• Text: U-M• ASCII Encoded:

01010101 00101101 01001101


31

Another simple example…• Let’s XOR them sequentially:

01010101

00101101

01111000

01001101

00110101

• What’s the connection between “U-M” and 00110101?

• Let’s call this function H for hash.– 00110101 = H(“U-M”)


32

Another simple example…• It’s not unique.

– Other strings give 00110101 as their H value.»Easy to find others.»Note:

There are 28 (= 256) 8-bit strings.

There are an infinite number of possible text strings.


33

Another simple example…• It’s not reversible.

– Given 00110101, it’s not possible to say “this came from ‘U-M’”.»Easy to find others.


34

Suppose• H(“U-M”) = MD5(“U-M”) =

c57b94ee2455d6932eae85efa2bfc091• This is the MD5 function.

– All input strings produce 16-byte output, usually written as hex string.»MD5(451 syllabus) =

86721e0212256155e170a413a899a76a

– Not unique, but ‘computationally impractical’ to find others.

– Not reversible except by trial & error.


35

What Good Is It?

• Error Detection– Transmit block of data, append

MD5.– Recipient calculates MD5,

compares.


36

Suppose

• We have a document: important, but not necessarily confidential.

• I do this:– Compute the MD5 digest.– Encrypt the digest with my

private PKE key.– Call the result a signature.


37

Then you…

• You get the document & signature.• You can…

– Compute the MD5 digest of the file.

– Decrypt the signature file using my public PKE key, yielding a message digest.

– Compare the two.• This means… what?


38

ITS 453 – Encrypted Communication

• How, when, where to use encryption methods.– What protocol layer?– What specific encryption

techniques?– Solving key distribution

problems.


39

ITS 453 – Encrypted Communication

• Basics of encryption, hash functions.– NSA, RSA, etc.

• PGP: encrypted files / digital signatures

• Public Key Infrastructure– Trust arrangements– Digital certificates, etc.

• Authentication– Kerberos

• WEP / WPA wireless encryption

its 451 – crypto basics1 cryptography. its 451 – crypto basics2 a simple example… text: u-m...

Documents