CH02-CompSec3e
-
Upload
wissem-dhaouadi -
Category
Documents
-
view
221 -
download
0
Transcript of CH02-CompSec3e
-
8/19/2019 CH02-CompSec3e
1/8
1/19/2016
Chapter 2Cryptographic Tools
1
Symmetric Encryption• The universal technique for providing confidentiality
for transmitted or stored data• Also referred to as conventional encryption or
single-key encryption
• Two requirements for secure use:• Need a strong encryption algorithm *• Sender and receiver must have obtained copies
of the secret key in a secure fashion and mustkeep the key secure
2
Plaintextinput
Y = E[ K , X ] X = D[ K , Y ]
X
K K
Transmittedciphertext
Plaintextoutput
Secret key shared bysender and recipient
Secret key shared bysender and recipient
Encryption algorithm(e.g., DES)
Decryption algorithm(reverse of encryption
algorithm)
Figure 2.1 Simplified Model of Symmetric Encryption
3
Attacking SymmetricEncryption
Cryptanalytic Attacks Brute-Force Attack
Rely on:Nature of the algorithm
Some knowledge of thegeneral characteristics of theplaintextSome sample plaintext-
ciphertextpairsExploits the characteristics ofthe algorithm to attempt todeduce a specific plaintext orthe key being used
If successful all future and pastmessages encrypted with thatkey are compromised
Try all possible keys on someciphertext until an intelligibletranslation into plaintext isobtained
On average half of all possiblekeys must be tried to achievesuccess
4
-
8/19/2019 CH02-CompSec3e
2/8
-
8/19/2019 CH02-CompSec3e
3/8
1/19/2016
Advanced EncryptionStandard (AES)Needed a
replacement for3DES
3DES was notreasonable forlong term use
NIST called forproposals for a
new AES in 1997Should have a security
strength equal to orbetter than 3DES
Significantly improvedefficiency
Symmetric block cipher
128 bit data and128/192/256 bit keys
SelectedRijndael in
November 2001
Published asFIPS 197
9
Typically symmetric encryption is applied to a unit ofdata larger than a single 64-bit or 128-bit block Electronic codebook (ECB) mode is the simplestapproach to multiple-block encryption
Each block of plaintext is encrypted using the same keyCryptanalysts may be able to exploit regularities in theplaintext
Modes of operationAlternative techniques developed to increase the securityof symmetric block encryption for large sequencesOvercomes the weaknesses of ECB
10
Encrypt
E n c r y p t i o n
K
Figure 2.2 Types of Symmetric Encryption
b
b
b
b
P 1
C 1
P 2
C 2
b
b
P n
C n
Encrypt K Encrypt K
Decrypt
D e c r y p t i o n
K
b
b
b
b
C 1
P 1
C 2
P 2
b
b
C n
P n
Decrypt
(a)Blockc ipher encryption(electronic codebookmode)
(b)Stream encryption
K Decrypt K
Pseudorandombytegenerator
(keystream generator)
Plaintextbyte stream
M
Key K
Key K
k k Plaintext
byte stream M
Ciphertextbyte stream
C ENCRYPTION
Pseudorandombytegenerator
(keystream generator)
DECRYPTION
k
11
Block & Stream Ciphers
• Processes the input one block of elements at a time• Produces an output block for each input block • Can reuse keys• More common
Block Cipher
• Processes the input elements continuously• Produces output one element at a time• Encrypts plaintext one byte at a time• Pseudorandom stream is one that is unpredictable without
knowledge of the input key• Primary advantage is that they are almost always faster
and use far less code
Stream Cipher
12
-
8/19/2019 CH02-CompSec3e
4/8
1/19/2016
Message Authentication
Protects againstactive attacks
Verifies receivedmessage isauthentic
Can useconventional
encryption
• Contents have not beenaltered
• From authentic source• Timely and in correct
sequence
• Only sender & receivershare a key
13
Message
MAC
K
K
Transmit
MACalgorithm
MACalgorithm
Compare
Figure 2.3 Messag e Authentication Using a MessageAuthentication Code (MAC).
14
15
M e s s a g e
M e s s a g e
M e s s a g e
K
E
K
(a) Using symmetric encryption
Compare
D
H
H
H
H
H
M e s s a g e
M e s s a g e
M e s s a g e
PR a
E
PU a
(b) Using public-key encryption
Compare
D
M e s s a g e
M e s s a g e
M e s s a g e
(c) Using secret value
Compare
K
K
K
K
Source A Destination B
Figure 2.5 Message Authentication Using a One-Way Hash Function.
H
16
-
8/19/2019 CH02-CompSec3e
5/8
1/19/2016
Hash Function RequirementsCan be applied to a block o f data of any size
Produces a fixed-length output
H(x) is relatively easy to compute for any given x
One-way or pre-image resistant• Computationally infeasible to find x such that H(x) = h
Computationally infeasible to find y ≠ x such that H(y) = H(x)
Collision resistant or strong collision resistance
• Computationally infeasible to find any pair (x,y) such that H(x) = H(y)
17
Security of Hash Functions
There are twoapproaches to
attacking a secure hashfunction:
Cryptanalysis• Exploit logicalweaknesses in thealgorithm
Brute-force attack • Strength of hash functiondepends solely on thelength of the hash codeproduced by thealgorithm
SHA most widely usedhash algorithm
Additional secure hashfunction applications:
Passwords• Hash of a password isstored by an operatingsystem
Intrusion detection• Store H(F) for each fileon a system and securethe hash values
18
Publiclyproposed byDiffie andHellman in
1976
Based onmathematical
functions
Asymmetric• Uses two
separate keys• Public key
and private
key• Public key ismade publicfor others touse
Some form ofprotocol isneeded for
distribution
19
PlaintextReadable message or data that is fed into the algorithm as inputEncryption algorithmPerforms transformations on the plaintext
Public and private keyPair of keys, one for encryption, one for decryption
CiphertextScrambled message produced as output
Decryption keyProduces the original plaintext 20
-
8/19/2019 CH02-CompSec3e
6/8
1/19/2016
User encrypts data using his or her ownprivate key
Anyone who knows the correspondingpublic key will be able to decrypt themessage
Mike Bob
Plaintextinput
Transmittedciphertext
PlaintextoutputEncryption algorithm
(e.g., RSA)Decryption algorithm
Bob's privatekey
Bob's publickey
Alice'spublic key
ring
JoyTed
(b) Encryption with private key
X
PU b PR b
[
Y = E[ PR b , X ]
[
X =D[ PU b , Y ]
Figure 2.6 Public-Key Cryptography
Bob Alice
21
Algorithm Digital Signature Symmetric KeyDistribution
Encryption ofSecret Keys
RSA Yes Yes Yes
Diffie-Hellman No Yes No
DSS Yes No No
Elliptic Curve Yes Yes Yes
Table 2.3
Applications for Public-Key Cryptosystems
22
Computationally easyto create key pairs
Computationallyeasy for sender
knowing public keyto encrypt messages
Computationallyeasy for receiver
knowing private keyto decryptciphertext
Computationallyinfeasible foropponent to
determine private keyfrom public key
Computationallyinfeasible foropponent to
otherwise recoveroriginal message
Useful if either keycan be used for
each role
23
RSA (Rivest,Shamir,
Adleman)Developed in 1977
Most widely accepted andimplemented approach to
public-key encryption
Block cipher in which theplaintext and ciphertext
are integers between 0 andn -1 for some n .
Diffie-Hellmankey exchange
algorithm
Enables two users tosecurely reach agreementabout a shared secret that
can be used as a secretkey for subsequent
symmetric encryption ofmessages
Limited to the exchange ofthe keys
DigitalSignature
Standard (DSS)
Provides only a digitalsignature function with
SHA-1
Cannot be used forencryption or key
exchange
Elliptic curvecryptography
(ECC)
Security like RSA, but withmuch smaller keys
24
-
8/19/2019 CH02-CompSec3e
7/8
1/19/2016
Digital SignaturesUsed for authenticating both source and dataintegrity
Created by encrypting hash code with private key
Does not provide confidentiality
Even in the case of complete encryption
Message is safe from alteration but not eavesdropping
25
Unsigned certificate:contains user ID,user's public key,as well as informationconcerning the CA
Signed certificate
Recipient can verifysignature by comparinghash code values
Figure 2.7 Public-Key Certificate Use
Generate hashcode of unsignedcertificate
Encrypt hash codewith CA's private keyto form signature
H
H
Bob's IDinformation
CAinformation
Bob's public key
E D
Decrypt signaturewith CA's public keyto recover hash code
Use certificate toverify Bob's public key
Create signeddigital certificate
26
Protects a messagewithout needing tofirst arrange for sender
and receiver to havethe same secret key
Equates to the samething as a sealedenvelope containingan unsigned letter
Randomsymmetrickey
Receiver's publickey
Encryptedsymmetrickey
Encryptedmessage
Encryptedmessage
Digitalenvelope
Figure 2.8 Digital Envelopes
(a) Creation of a digital envelope
E
E
Message
Randomsymmetrickey
Receiver's privatekey
Encryptedsymmetrickey
(b) Opening a digital envelope
D
DDigitalenvelope
Message
27
RandomNumbers
Keys for public-keyalgorithms
Stream key for symmetricstream cipher
Symmetric key for use asa temporary session keyor in creating a digital
envelopeHandshaking to preventreplay attacks
Session key
Uses includegeneration of:
28
-
8/19/2019 CH02-CompSec3e
8/8
1/19/2016
Random NumberRequirementsRandomness Unpredictability
Criteria:Uniform distribution
Frequency of occurrenceof each of the numbersshould be approximatelythe same
IndependenceNo one value in thesequence can be inferredfrom the others
Each number isstatistically independentof other numbers in thesequence
Opponent should not beable to predict futureelements of thesequence on the basis ofearlier elements
29
Random versusPseudorandomCryptographic applications typically make use ofalgorithmic techniques for random number generation• Algorithms are deterministic and t herefore produce sequences of numbers
that are not statistically random
Pseudorandom numbers are:• Sequences produced that satisfy statistical randomness tests• Likely to be predictable
True random number generator (TRNG):• Uses a nondeterministic source to produce randomness• Most operate by measuring unpredictable natural processes
• e.g. radiation, gas discharge, leaky capacitors• Increasingly provided on modern processors
30
Practical Application:Encryption of Stored DataCommon to encrypt transmitted data
Much less common for stored data
There is often little protectionbeyond domain
authentication and operatingsystem access controls
Data are archived forindefinite periods
Even though erased, until disksectors are reused data are
recoverable
Approaches to encrypt stored data:
Use a commerciallyavailable encryption
packageBack-end appliance Library based tapeencryption
Background laptop/PCdata encryption
31
Summary• Public-key
encryptionStructureApplications for public-key cryptosystemsRequirements for public-key cryptographyAsymmetric encryptionalgorithms
• Digital signatures
and keymanagementDigital signaturePublic-key certificatesSymmetric key exchangeusing public-keyencryptionDigital envelopes
• Confidentiality withsymmetric encryption
Symmetric encryptionSymmetric block encryptionalgorithmsStream ciphers
• Messageauthentication andhash functions
Authentication usingsymmetric encryptionMessage authenticationwithout message encryption
Secure hash functionsOther applications of hashfunctions
• Random andpseudorandomnumbers
The use of random numbersRandom versuspseudorandom
32