Download Cryptography: Encryption Principles and Public Key Algorithms and more Study notes Computer Security in PDF only on Docsity!
ENCRYPTION
Today
-^ The last class described a number of problems in ensuring yoursecurity and privacy when using a computer on-line. •^ This lecture discusses one of the main technological solutions. •^ The use of cryptography. •^ How a book could be classified as an armament. cis1.0-fall2006-parsons-lectF
Basic principles of cryptography
•^
Messages are put into code (encrypted) by the sender anddecoded (decrypted) by the receiver.
-^ Basic ingredients of conventional cryptography:^ –
Plain text input – Encryption algorithm – Secret key shared by sender and recipient – Cipher text (coded input text) – Decryption algorithm
cis1.0-fall2006-parsons-lectF
3
Cryptography example
-^ Suppose input text isTHE SKY IS BLUE •^ Algorithm:Replace each letter by the letter in the alphabet 1 step along. •^ Output:UIF TLZ JT CMVF •^ The process used here is called
substitution
— substituting one
element (in this case a letter) by another. • Another process is
transposition
— Moving parts of the message
around, e.g.TLZ UIF JT CMVF cis1.0-fall2006-parsons-lectF
Requirements
•^
An encryption algorithm and a decryption algorithm arerequired.
-^ Ideally, we would like a strong encryption algorithm, secureagainst attack.
An opponent should be unable to decrypt the ciphertext ordiscover the key even if s/he is in possession of a numberof ciphertexts together with the plain text which producedthem.
-^ Both sender and receiver must have the secret key(s) for theprocess to work. -^ Note: the security of conventional encryption depends on thesecrecy of the key, not secrecy of the algorithm.
5
Classification of cryptographic systems
-^ The type of operations used to transform plaintext to ciphertext:
–^
substitution
-^ transposition -^ Usually some complex combination of these is used. -^ In any case, no information can be lost in the process. -^ Whether sender and receiver use the same keys
–^
symmetric
: sender and receiver use the same keys
–^
asymmetric
: sender and receiver use different keys
cis1.0-fall2006-parsons-lectF
Classification of cryptographic systems (2)
•^
The number of keys used
-^ How the plaintext is processed.^ –
A
block cipher
processes the input one block of elements at a
time, producing an output block for each input block. – A^
stream cipher
processes the input elements continuously,
producing one element at a time as it goes along.
7
Cryptanalysis
-^ The process of attempting to discover the plaintext or the key. •^ Known plain text attack:
–^
The opponent has a sample of plaintext and ciphertext, andfrom this infers the keys; e.g., he may use brute force to trylots of different keys until successful.
-^ Note that plain text may be compressed and may benumerical in origin, so brute force methods usually requiresome knowledge of the type of plain text used. -^ For a key of length 128 bits, it would take an opponent about 10 18
years to crack!
cis1.0-fall2006-parsons-lectF
Asymmetric (or public) key algorithms
•^
Similar to symmetric key encryption, but we use at least 2 keys:One for encryption (the public key), and one for decryption (theprivate key).
-^ The steps involved are:^ –
Keys are generated in pairs, a public key and a private key, byeach person or computer (say Bob). – The public key is made public (e.g., on a web-site) by Bob. – a message to Bob uses his public key. – Bob decodes the message using his private key.
-^ This approach dates from 1976.
13
Trapdoor functions
cis1.0-fall2006-parsons-lectF
Public key algorithms
•^
RSA algorithm^ –
Developed by Rivest, Shamir & Adleman at MIT in 1977 – RSA is a block cipher in which the plaintext and cipher textare integers between 0 and
( n
for some
n.
n^ =
pq
where
p^
and
q^
are large prime numbers
If M is the plaintext number, and C is the cipher text number,the algorithm works as follows:
Encryption algorithm:
C
M
e^ modulo n
Decryption algorithm:
M
C
d^ modulo n
15
Public key algorithms (2)
-^ RSA algorithm (cont)
–^
Both sender and receiver must know the values of
n^
and
e.
The public key is a pair of numbers
( e
,^ n
–^
Only the receiver knows the value of
d. The private key is the
pair of numbers
( d
,^ n
–^
Secure because
d^
is determined from
p^
and
q , and it is hard to
compute these from
n.
-^ Digital Signature Standard (DSS)
–^
A standard agreed in 1993 for digital signatures in theAmerican National Institute of Standards.
-^ Only used for digital signatures (not for encryption or keyexchange).
cis1.0-fall2006-parsons-lectF
Requirements for public key algorithms
•^
It is computationally easy for party B to generate a pair of keys.
-^ It is computationally easy for sender A to generate the ciphertext on the basis of the plain text and the public key. -^ It is computationally easy for party B to decrypt the resultingciphertext using his private key and so generate the plain text. -^ It is computationally infeasible for an opponent to determine theprivate key from the public key. -^ It is computationally infeasible for an opponent to recover theoriginal plain text from the public key and the ciphertext. -^ In addition, we may require (not necessary but nice to have):Either of the two related keys may be used for encryption withthe other used for decryption.
17
Applications of public key methods
-^ Encryption —sending coded messages. •^ Authentication —when we want to be certain that the sender of a message isactually the person (or computer) they say they are. The senderof the message uses his private key to encrypt the message. Onlyhis public key will be able to decode the message. •^ Digital Signature —The sender “signs” a message using his private key. Thisapplication is similar to authentication. •^ Key Exchange —Two parties co-operate to exchange a session key, using theprivate key of one or both parties. cis1.0-fall2006-parsons-lectF
How to distribute public keys?
19
How to distribute public keys?
-^ Answer is simple: put on your web-site, email your friends,shout it from the roof-tops! •^ But if Alice gets an email from Bob telling her that 1023 is hispublic key, how does she know it really is his? Maybe someoneis impersonating him and sending out a false key in his name! •^ Digital Certificates seek to get around this. A user (e.g., Bob)presents his public key to a trusted third party and receives adigital certificate. The certificate contains a public key togetherwith a a user ID for the key owner (Bob), all signed by the thirdparty. •^ Examples of third parties: Government agencies or a bank. Theuser (Bob) can then give the digital certificate to anyone else(e.g., Alice). cis1.0-fall2006-parsons-lectF
Summary
•^
This lecture discussed some basic aspects of the use ofencryption.
-^ We talked about:^ –
Private key encryption – Public key encryption
cis1.0-fall2006-parsons-lectF
