Sei sulla pagina 1di 21
Cryptographic Tools Demetrios Glinos University of Central Florida CIS3360 - Security in Computing

Cryptographic Tools

Demetrios Glinos University of Central Florida

CIS3360 - Security in Computing

Readings • "Computer Security: Principles and Practice", (3 r d Edition), by William Stallings and

Readings

"Computer Security: Principles and Practice", (3 rd Edition), by William Stallings and Lawrie Brown

Chapter 2

Outline • Confidentiality with Symmetric Encryption • Message Authentication and Hash Functions • Public -Key

Outline

Confidentiality with Symmetric Encryption

Message Authentication and Hash Functions

Public -Key Encryption

Digital Signatures and Key Management

Random and Pseudorandom Numbers

Encryption • Encryption : a means to allow two parties, customarily called Alice and Bob,

Encryption

Encryption: a means to allow two parties, customarily called Alice and Bob, to establish confidential communication over an insecure channel that is subject to eavesdropping.

over an insecure channel that is subject to eavesdropping. Alice Bob Eve D. Glinos CIS3360 Security

Alice

over an insecure channel that is subject to eavesdropping. Alice Bob Eve D. Glinos CIS3360 Security

Bob

over an insecure channel that is subject to eavesdropping. Alice Bob Eve D. Glinos CIS3360 Security

Eve

Symmetric Encryption • Symmetric encryption • Also called: single -key encryption • Historically, the only

Symmetric Encryption

Symmetric encryption

Also called: single -key encryption

Historically, the only type of encryption until public-key methods introduced in late 1970s

Still, universally used for providing confidentiality for transmitted or stored data

Basic idea: the same key is used by sender and receiver

Components

plaintext

encryption algorithm

secret key

ciphertext

decryption algorithm

Symmetric Encryption Model source: Fig. 2.1, p. 42 Requirements for secure use of symmetric encryption

Symmetric Encryption Model

source: Fig. 2.1, p. 42
source: Fig. 2.1, p. 42

Requirements for secure use of symmetric encryption

1. Strong encryption algorithm, where "strong" means that even if an opponent knows the algorithm and has the ciphertext, he/she cannot decipher the ciphertext or figure out the key.

2. Sender and receiver have obtained copies of the same secret key in a secure manner

Attacking Symmetric Encryption • Cryptanalysis • Attacker knows the algorithm • Attacker has some knowledge

Attacking Symmetric Encryption

Cryptanalysis

Attacker knows the algorithm

Attacker has some knowledge of the general characteristics of the plaintext, or even some plaintest-ciphertext pairs

Exploits the characteristics of the algorithm to attempt to recover the plaintext or deduce the key that was used

If key deduced, effect is catastrophic: all past and future messages encrypted with that key are compromised

Brute -force attack

Attacker tries all possible keys on some ciphertext until an intelligible translation into plaintext is obtained

On average, half of all possible keys must be tried to achieve success

Symmetric Block Ciphers • Block cipher • processes plaintext input in fixed -size blocks •

Symmetric Block Ciphers

Block cipher

processes plaintext input in fixed -size blocks

a long plaintext message is processed as a series of plaintext blocks

for each plaintext block, produces a ciphertext block of the same size

most important algorithms: DES, Triple DES, and AES

• most important algorithms: DES, Triple DES, and AES D. Glinos CIS3360 Security in Computing s

D. Glinos

CIS3360 Security in Computing

source: Table 2.2, p. 44

8

Modes of Operation • Typically, symmetric encryption is applied to messages/files of many blocks •

Modes of Operation

Typically, symmetric encryption is applied to messages/files of many blocks

Simplest approach

use the same key to encrypt each block

this is called the "electronic codebook (ECB) " mode of operation

weakness: cryptanalysis may be able to exploit regularities in the plaintext

More complex modes of operation mix results of earlier encryptions into later encryptions or modify the key used in various ways to overcome this weakness

we will cover modes of operation in a later lecture

Symmetric Stream Ciphers • Stream cipher • processes the input elements continuously • produces output

Symmetric Stream Ciphers

Stream cipher

processes the input elements continuously

produces output one element at a time

element is typically a byte, but can be just a bit or larger than a byte

uses a key stream generated pseudorandomly from an input key

advantage: generally runs faster than a block cipher

good for streaming data over a communications channel or browser/Web link

block ciphers (far more common) are better for file transfer, email, databases

more common) are better for file transfer, email, databases D. Glinos CIS3360 Security in Computing s

D. Glinos

CIS3360 Security in Computing

source: Fig. 2.2(b), p. 46

10

Message Authentication • Encryption assures confidentiality • Message/data authentication assures data integrity

Message Authentication

Encryption assures confidentiality

Message/data authentication assures data integrity

contents have not been altered

from authentic source

timely and in correct sequence

Message/data authentication can be performed either with or without encryption

Message authentication code (MAC)

one authentication technique

uses a shared secret key and a MAC algorithm

MAC is appended to message before transmission

MAC is computed separately by recipient and compared with received MAC

FIPS PUB 113 recommends use DES to compute MAC

MAC is last 16 or 32 bits of DES-encrypted message

Message Authentication using a MAC source: Fig. 2.3, p. 49 If received and computed MACs

Message Authentication using a MAC

Message Authentication using a MAC source: Fig. 2.3, p. 49 If received and computed MACs match,

source: Fig. 2.3, p. 49

If received and computed MACs match, the recipient is assured

1. the message has not been altered

2. the message came from the alleged sender (since used the shared key K)

3. if the message includes a sequence number, then sequence assured since attacker couldn't modify it without affecting the MAC calculation

Secure Hash Function • Another method for message authentication • also called "one -way hash

Secure Hash Function

Another method for message authentication

also called "one-way hash function"

Uses an algorithm that sender and receiver both know (and maybe attacker, too)

Result is a fixed -length "hash value" or "hash code"

Hash code can be encrypted by symmetric or public -key encryption

Also possible to append a shared secret key to message and hash the combination

no encryption is needed in this case (since only sender and recipient know the secret key)

case (since only sender and recipient know the secret key) source: Fig. 2.4, p. 51 D.

source: Fig. 2.4, p. 51

Requirements for Hash Functions • For any hash function • can be applied to an

Requirements for Hash Functions

For any hash function

can be applied to an entire message or file of any size

produces a fixed -length output

computationally easy to compute

For a secure hash function, all above, plus

must be one -way

infeasible to find x from H( x ), i.e., to find message given hash value

must be collision resistent

for a given message, infeasible to find another message that generates the same hash value

also, infeasible to find 2 messages that generate the same hash value

Uses for secure hash functions

MACs, digital signatures, and integrity checking

Public-Key Encryption • Proposed publicly by Diffie and Hellman in 1976 • Basic idea •

Public-Key Encryption

Proposed publicly by Diffie and Hellman in 1976

Basic idea

use a different key for decryption than for encryption

the keys are related mathematically to make this possible

Each person has two keys: a private key that only he/she knows, and a public key that is broadcast widely; other components are the same as for symmetric systems

To send a message, the sender encrypts the message using the recipient's public key

On receipt, the recipient uses his private key to decrypt the message.

Solves key distribution and digital signature issues, but algorithms run much slower than symmetric algorithms.

Still need some form of protocol for distributing keys

Computationally expensive: as a result, symmetric encryption still the method most used for data encryption

Public-Key Encryption Model source: Fig. 2.6(a), p. 57 D. Glinos CIS3360 Security in Computing 16

Public-Key Encryption Model

Public-Key Encryption Model source: Fig. 2.6(a), p. 57 D. Glinos CIS3360 Security in Computing 16

source: Fig. 2.6(a), p. 57

Applications of Public -Key Algorithms • Encryption , but computationally expensive, so not often done

Applications of Public-Key Algorithms

Encryption , but computationally expensive, so not often done

Diffie -Hellman key exchange

uses public -key encryption to compute a shared secret key

the shared secred key is thereafter used for symmetric data encryption

Authentication

Sender encrypts using his private key

Recipients can decrypt using sender's public key, which they all know

Since only sender has the corresponding private key, authenticity is assured

Digital signature

use authentication scenario, but encrypt a hash value, not the message

Key management and distribution

used with certificate authorities (CAs) to assure recipients that alleged public key is genuine

Digital Certificates • Digital certificates (DCs) address the question: How can Alice know that the

Digital Certificates

Digital certificates (DCs) address the question: How can Alice know that the public key she is using for Bob is really his public key?

Issued by trusted entities called certificate authorities (CA)

A digital certificate vouches for an entity (e.g., Bob) and contains Bob’s public key

The DC is digitally signed by the CA using its private key; Alice uses the CA’s public key to verify the CA’s signature

Entities (e.g., Alice) wishing to communicate with Bob can now trust that they have a valid public key for Bob, since they trust the CA.

This is not fool-proof. It is merely “strong evidence” of Bob’s public key

• Another way to use public -key encryption to protect a symmetric key • Does

Another way to use public -key encryption to protect a symmetric key

Does not need for sender and recipient to negotiate a shared secret key

Uses a one -time symmetric key

Key is encrypted using recipient's public key and sent to recipient

Digital Envelopes

public key and sent to recipient Digital Envelopes source: Fig. 2.8, p. 63 D. Glinos CIS3360

source: Fig. 2.8, p. 63

Random Numbers • Random numbers are used extensively in cryptographic applications, for • generation of

Random Numbers

Random numbers are used extensively in cryptographic applications, for

generation of keys for public-key algorithms

generation of stream keys for symmetric stream ciphers

generation of one-time symmetric keys for use in digital envelopes

session key generation by key distribution centers or parties to communication

also used in handshake protocols to prevent replay attacks

Requirements

Randomness

uniform distribution – each value is equally likely

independence – cannot infer any value from other values

Unpredictability

opponent should not be able to predict future element of sequence on basis of earlier elements (similar to statistical independence, above)

Pseudorandom Numbers • Cryptographic applications (and programming languages) typically use algorithms to generate

Pseudorandom Numbers

Cryptographic applications (and programming languages) typically use algorithms to generate "random" numbers

algorithms are deterministic

therefore, sequences produced are not truly random

such sequences are called " pseudorandom"

Pseudorandom number generators (PRNGs)

use algorithms that produce sequences that satisfy statistical randomness tests (uniformity, independence)

neveretheless, can be predictable

True random number generators (TRNGs)

typically measure unpredictable natural processes

e.g., radiation events, gas discharge, leaky capacitors

increasingly provided on modern processors

e.g., Intel chip that samples thermal noise across undriven resistors