Applied Cryptography 6COSC019W- Cyber Security PDF

Document Details

InsightfulNiobium

Uploaded by InsightfulNiobium

University of Westminster

2024

University of Westminster

Dr Ayman El Hajjar

Tags

Applied Cryptography Cyber Security Computer Science Information Security

Summary

Lecture notes on Applied Cryptography, covering topics such as Modern Cryptosystems Algorithms, Key Management and Distribution, Digital Signature and Certifcates, and Cryptanalysis. The document includes information about DES, 3DES, and AES algorithms, and block cipher modes. It's intended for an undergraduate computer science course.

Full Transcript

Applied Cryptography 6COSC019W- Cyber Security Dr Ayman El Hajjar February 22, 2024 School of Computer Science and Engineering University of Westminster Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis O UTLINE 1....

Applied Cryptography 6COSC019W- Cyber Security Dr Ayman El Hajjar February 22, 2024 School of Computer Science and Engineering University of Westminster Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis O UTLINE 1. Modern Cryptosystems Algorithms 2. Key Management and Distribution 3. Digital Signature and Certifcates 4. Cryptanalysis 1 Modern Cryptosystems Algorithms Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis DATA E NCRYPTION S TANDARD (DES) AND 3DES ❏ Data Encryption Standard (DES) ❐ Developed by IBM and adopted by NIST in 1977 ❐ 64-bit blocks and 56-bit keys ❐ Small key space makes exhaustive search attack feasible since late 90s ❐ Is a symmetric encryption Algorithm ❏ Triple DES (3DES) ❐ Nested application of DES with three different keys KA , KB , and KC ❐ Effective key length is 168 bits, making exhaustive search attacks unfeasible ❐ C = EKC (DKB (EK A(P))); P = DKA (EK B(DK C(C))) ❑ Note the Encrypt and Decrypt combination ❐ Equivalent to DES when KA=KB=KC (backward compatible) 2 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis A DVANCED E NCRYPTION S TANDARD (AES) ❏ Advanced Encryption Standard (AES) ❐ Selected by NIST in 2001 through open international competition and public discussion ❐ 128-bit blocks and several possible key lengths: 128, 192 and 256 bits ❐ Exhaustive search attack not currently possible ❐ AES-256 is the symmetric encryption algorithm of choice Figure 1: The Advanced Encryption Standard (AES) 3 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis A DVANCED E NCRYPTION S TANDARD (AES) (C ONT.) ❏ The 128-bit version of the AES encryption algorithm proceeds in ten rounds. ❏ Each round performs an invertible transformation on a 128-bit array, called state. ❏ The initial state X0 is the XOR of the plaintext P with the key K: ❐ X0 = PXORK ❏ Round i(i = 1,... , 10) receives state Xi-1 as input and produces state Xi. ❏ The ciphertext C is the output of the fnal round: C = X1 0. Figure 2: AES Round Structure 4 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis B LOCK C IPHER M ODES ❏ A block cipher mode describes the way a block cipher encrypts and decrypts a sequence of message blocks. ❏ Electronic Code Book (ECB) Mode (is the simplest): ❐Block P[i] encrypted into ciphertext block C[i] = EK(P[i]) ❐ Block C[i] decrypted into plaintext block M[i] = DK(C[i]) 5 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis B LOCK C IPHER M ODES ❏ Weakness: ❏ Strengths: ❐ Documents and images ❐ Is very simple are not suitable for ECB ❐ Can tolerate the loss or encryption since patterns in damage of a block the plaintext are repeated in the ciphertext 6 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis C IPHER B LOCK C HAINING (CBC) M ODE ❏ In Cipher Block Chaining (CBC) Mode ❐ The previous ciphertext block is combined with the current plaintext block C[i] = EK(C[i − 1] ⊕ P[i]) ❐ C[−1] = V, a random block separately transmitted encrypted (known as the initialization vector) ❐ Decryption: P[i] = C[i − 1] ⊕ DK(C[i]) ❐ Is a symmetric encryption Algorithm Figure 3: CBC Encryption Figure 4: CBC Decryption 7 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis R IVEST C IPHER 4 (RC4) ❏ Designed in 1987 by Ron Rivest for RSA Security ❏ Trade secret until 1994 ❏ Is a Symmetric encryption algorithm with up to 2,048 bits keys ❏ Simple algorithm and remarkable speed Figure 5: Rivest Cipher 4 (RC4) 8 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis A SYMMETRIC C IPHERS : RSA ❏ RSA (Rivest–Shamir–Adleman) is a Public key Cryptosystem that uses Block Cipher. have a look at this example online - RSA Visual 9 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis O NE TIME PAD (OTP) ❏ A one-time pad is an extremely powerful type of substitution cipher. ❏ For a one-time pad encryption scheme to be considered unbreakable, each pad in the scheme must be ❐ Made up of truly random values ❐ Used only one time ❐ Securely distributed/generated for both sides ❐ Secured at sender’s and receiver’s sites ❐ At least as long as the message One time Pad is a form of Stream Cipher. 10 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis O NE TIME PAD (OTP) E XAMPLE Example ❐ Message stream 1001010111 ❐ Keystream 0011101010 ❐ Ciphertext stream 1010111101 To encrypt: ❐ The frst bit of the message is XORed to the frst bit of the onetime pad and so on. The result in the ciphertext value. To decrypt: ❐ The receiver takes the frst bit of the encrypted message and XORs it with the frst bit of the pad. The receiver continues this process for the whole encrypted message, until the entire message is decrypted. 11 Key Management and Distribution Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis K EYS , K EYSPACE , AND K EY M ANAGEMENT Key ❏ Uses a message digest Keyspace ❏ The set of all possible keys Key management ❏ One of the most diffcult and critical parts of a cryptosystem ❏ The best key management system in the world does not protect against a brilliant cryptanalyst if the encryption algorithm itself has any weaknesses 12 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis K EY D ISTRIBUTION T ECHNIQUES ❏ Paper distribution ❐ It requires no technology to use. ❐ However, it does require a person to do something to install the key. ❐ Digital distribution ❐ can be in the form of CDs or email but must be protected during transmission. ❐For electronic distribution, a higher-level key, must protect the keys in transit and storage. ❐ The Internet Security relies on this form of Keys distribution called public key infrastructure (PKI). ❐ Hardware distribution ❐ Keys Distributed via hardware such as a smart card, or a plug-in module. ❐ The advantage is that no copies exist outside of these components. 13 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis P URPOSE OF P UBLIC K EY I NFRASTRUCTURE (PKI) ❏ Provides a mechanism through which two parties can establish a trusted relationship even if the parties have no prior knowledge of one another ❏ PKI brings trust, integrity, and security to electronic transactions ❏ PKI framework used to manage, create, store, and distribute keys and digital certifcates 14 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis D IFFIE -H ELLMAN K EY E XCHANGE ❏ The purpose of the algorithm is to enable two users to exchange a secret key securely that can then be used for subsequent encryption of messages. ❏ The algorithm itself is limited to the exchange of the keys. 1 Alice and Bob agree on a public prime number and a base. 2 Alice chooses a secret number and calculates her public value. 3 Bob chooses his secret number and calculates his public value. 4 Alice and Bob exchange their public values. 5 Each of them calculates the shared secret key using their private number and the other’s public value. 6 Alice and Bob can now use this shared secret 15 key for secure communication. Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis D IFFIE -H ELLMAN K EY E XCHANGE EXAMPLE 1 Common Paint: both Alice and Bob 6 Alice bob now have a agree on using a large prime number and common secret colour a base which are public and known to (key) that no one knows. everyone. They can use it to 2 Secret Colours: Alice and Bob each exchange data securely. choose a secret number (a private key) that they don’t share with anyone. 3 Mixing Colours: Alice and Bob mix their secret colours with the publicly agreed colours. 4 Creating the Shared Secret: Using the Public Transport, Alice and Bob mix exchange their mixed colours. 5 The common secret: Using their previously obtained secret colours, each respectively use it with the shared secret 16 to create the common secret. Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis K EY D ISTRIBUTION C ENTRES /C ERTIFICATE DISTRIBUTION SYS - TEM ❏ Rather than each organization creating the infrastructure to manage its own keys, a number of hosts could agree to trust a common key-distribution center (KDC) ❏ All parties must trust the KDC ❏ With a KDC, each entity requires only one secret key pair—between itself and the KDC ❏ Kerberos use the concept of a KDC. ❐ We will look at Kerberos in Week 10- AAA and Access Control lecture 17 Digital Signature and Certifcates Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis H ASH AND D IGITAL S IGNATURE ❏ Digital signatures combine public key cryptography and hashing. ❏ Digital signatures (certifcates) are stored in a public Key Infrastructure domain ❏ Creating a digital signature of existing data requires two main steps: 1 The message or information to be sent is passed through a hashing algorithm that creates a hash to verify the integrity of the message. 2 The hash is passed through the encryption process using the sender’s private key as the key in the encryption process. ❏ The sender then sends the signature along with the original unencrypted message to a recipient who can reverse the process. 18 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis H ASH AND D IGITAL S IGNATURE (C ONT.) ❏ When the receiver receives the message with the signature, that receiver will frst validate the identity of the sender and then retrieve the public key to decrypt the signature. ❏ Once the signature is decrypted, the resulting cleartext is actually the message hash from the sender. ❏ Then, the receiver will run the same hashing algorithm to generate a local hash of the received message. ❏ Then, the hashes, both the original and the one newly created, should match. ❐ If they do not, the message has been altered because the sender calculated the hash. ❐ If the hash values do match, the message has been proven to come from the stated sender and has not been altered. 19 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis H ASH AND D IGITAL S IGNATURE 20 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis D IGITAL C ERTIFICATES ❏ To ensure compatibility between CAs, digital certifcates are commonly built and formatted using the X.509 certifcate standard. ❏ X.509 certifcate is used to bind the identity of owner of a public key containing information such as the public key, the hostname, the issuer, etc.. 21 Cryptanalysis Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis C RYPTANALYSIS ❏ Cryptanalysis involves a variety of methods used by hackers and cybersecurity experts to decipher encrypted data. ❏The objective is to break cryptographic security systems and gain access to the contents of encrypted messages, without necessarily having access to the secret key used to encrypt the messages. 22 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis C RYPTANALYSIS METHODS ❏ Brute Force Attack: This method involves trying every possible key until the correct one is found. It is often time-consuming and requires signifcant computational power, especially against systems with long and complex keys. ❏ Dictionary Attack: This method involves the attacker using a list of common words, phrases, and previously leaked passwords to attempt to guess a password. ❏ Frequency Analysis: This technique is particularly effective against simple substitution ciphers. It involves analysing the frequency of characters or groups of characters in the ciphertext and comparing them to the expected frequencies in the language of the plaintext. ❏ Known Plaintext Attack: If the attacker has access to both the plaintext and its corresponding ciphertext, they might be able to deduce the key or identify a weakness in the encryption algorithm. 23 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis C RYPTANALYSIS METHODS ❏ Differential Cryptanalysis: This method involves analysing the differences in the input that lead to differences in the output. It’s often used against block ciphers to fnd a correlation that can help in deducing the key. ❏ Rainbow Table Attack: This method is used against hash functions and involves using precomputed tables of hash values to fnd plaintexts that produce certain hash values. ❏ Quantum Computing: Though still in its infancy, quantum computing poses a potential future threat to traditional cryptographic algorithms, as it could theoretically break many of the current encryption methods. 24 Modern Cryptosystems Algorithms Key Management and Distribution Digital Signature and Certifcates Cryptanalysis R EFERENCES ❏ The lecture notes and contents were compiled from my own notes and from various sources. ❏ Figures and tables are from the recommended books ❏ The lecture notes are very detailed. If you attend the lecture, you should be able to understand the topics. ❏ You can use any of the recommended readings! You do not need to read all the chapters! ❏ Recommended Readings note: Focus on what was covered in the class. ❐ Chapter 13- Cryptography, CEH v11 Certifed Ethical Hacker Study Guide ❐ Chapter 7, Cryptography, Fundamentals of Information Systems Security ❐ Chapter 10 Cryptography & Chapter 18 Applied Cryptography, CyBOK, The Cyber Security Body of Knowledge 25 Cryptography 6COSC019W- Cyber Security Dr Ayman El Hajjar February 13, 2024 School of Computer Science and Engineering University of Westminster Cryptography- The Math Cryptography- An overview Cryptographic Systems O UTLINE 1. Cryptography- The Math 2. Cryptography- An overview 3. Cryptographic Systems 1 Cryptography- The Math Cryptography- The Math Cryptography- An overview Cryptographic Systems W HY THE M ATH ? ❏ Cryptography is no different from most computer science disciplines in that it fnds its foundations in the science of mathematics. ❏ To fully understand cryptography, you must frst understand the basics of binary mathematics, and the logical operations used to manipulate binary values. ❏ We also need to understand some arithmetic concepts and prime numbers. 2 Cryptography- The Math Cryptography- An overview Cryptographic Systems B OOLEAN M ATHEMATICS M ATHEMATICS ❏ Boolean mathematics defnes the rules used for the bits and bytes that form the nervous system of any computer. You’re most likely familiar with the decimal system. ❏ It is a base 10 system in which an integer from 0 to 9 is used in each place and each place value is a multiple of 10. ❏ It’s likely that our reliance on the decimal system has biological origins—human beings have 10 fngers that can be used to count. ❏ The Boolean mathematics of cryptography uses a variety of logical functions to manipulate data. 3 Cryptography- The Math Cryptography- An overview Cryptographic Systems AND OPERATION ❏ The AND operation (represented by the ∧ symbol) checks to see whether two values are both true. ❏ The truth table that follows illustrates all four possible outputs for the AND function. 4 Cryptography- The Math Cryptography- An overview Cryptographic Systems OR OPERATION ❏ The OR operation (represented by the ∨ symbol) checks to see whether at least one of the input values is true. ❏ The following truth table for all possible values of the OR function 5 Cryptography- The Math Cryptography- An overview Cryptographic Systems NOT OPERATION ❏ The NOT operation (represented by the ∼ or ! symbol) simply reverses the value of an input variable. ❏ This function operates on only one variable at a time. ❏ Here’s the truth table for the NOT function: 6 Cryptography- The Math Cryptography- An overview Cryptographic Systems XOR OPERATION ❏ The fnal logical function we’ll examine is perhaps the most important and most commonly used in cryptographic applications—the exclusive OR (XOR) function. ❏ It’s referred to in mathematical literature as the XOR function and is commonly represented by the ⊕ symbol. ❏ The XOR function returns a true value when only one of the input values is true. ❏ If both values are false or both values are true, the output of the XOR function is false. Here is the truth table for the XOR operation: 7 Cryptography- The Math Cryptography- An overview Cryptographic Systems XOR OPERATION 8 Cryptography- The Math Cryptography- An overview Cryptographic Systems P RIME NUMBER ❏ Prime numbers only have divisors of 1 and itself ❐ They cannot be written as a product of other numbers ❏ Prime numbers are central to number theory First few prime numbers The frst few prime numbers are 2, 3, 5, 7, 11, 13, 17, 19, 23 and 29. 9 Cryptography- The Math Cryptography- An overview Cryptographic Systems M ODULUS F UNCTION Modulus If a is an integer and n is a positive integer, we defne amodn to be the remainder when a is divided by n; the integer n is called the modulus ❏ The modulo function is extremely important in the feld of cryptography. ❏ Computers don’t naturally understand the decimal system, and these remainder values play a critical role when computers perform many mathematical functions. ❏ The Modulus function is, quite simply, the remainder value left over after a division operation is performed. 10 Cryptography- The Math Cryptography- An overview Cryptographic Systems M ODULUS F UNCTION ❏ The modulo function is usually represented in equations by the abbreviation mod although it’s also sometimes represented by the % operator. ❏ Thus, for any integer a: a = qn + r0 ≤ r ≤ n; q = [ na ] ❐ a = [ na ] ∗ n + (a%n) Modulus Examples ❐ 11 mod(7) = 4 , or 11%7 = 4 ❐ 11 mod(7) = 3 , or 11%7 = 3 11 Cryptography- The Math Cryptography- An overview Cryptographic Systems N ONCE ❏ Cryptography often gains strength by adding randomness to the encryption process. ❏ One method by which this is accomplished is through the use of a nonce. ❏ A nonce is a random number generator. It acts as a placeholder variable in mathematical functions. ❏ When the function is executed, the nonce is replaced with a random number generated at the moment of processing. ❏ The nonce produces a unique number each time it is used. 12 Cryptography- The Math Cryptography- An overview Cryptographic Systems N ONCES : I NITIALIZATION V ECTORS ❏ Initialization vectors (IVs) are random values that are used with algorithms to ensure patterns are not created during the encryption process. ❏ They are used with keys and do not need to be encrypted when being sent to the destination. ❏ If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext. ❏ Providing attackers with these types of patterns can make their job easier in breaking the encryption method and uncovering the key. 13 Cryptography- An overview Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOGRAPHY TERMS ❏ Cryptography- The area of study of the many schemes used for encryption ❏ Cryptanalysis- Techniques used for deciphering a message without any knowledge of the enciphering details ❏ Unencrypted information—Information in understandable form (plaintext or cleartext) ❏ Encrypted information—Information in scrambled form (ciphertext) ❏ Encryption—The process of scrambling plaintext into ciphertext (or Enciphering) ❏ Decryption—The process of unscrambling ciphertext into plaintext (or Deciphering) ❏ Cryptographic algorithm/cipher - A scheme 14 Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOGRAPHY C ONCEPT Cryptography ❏ Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. ❏ It is considered a science of protecting information by encoding it into an unreadable format. ❏ Cryptography is an effective way of protecting sensitive information as it is stored on media or transmitted through untrusted network communication paths. 15 Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOGRAPHY G OALS Cryptography Goals ❏ The most important goal is to hide information from unauthorized individuals. ❏ With enough time, resources, and motivation, hackers can break most algorithms and reveal the encoded information. ❏ A more realistic goal of cryptography is to make obtaining the information too work-intensive or time-consuming to be worthwhile to the attacker. 16 Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOSYSTEMS BASICS Goals of cryptography Security practitioners use cryptographic systems to meet four fundamental goals: ❏ confdentiality, integrity, authentication, and non-repudiation. Achieving each of these goals requires the satisfaction of a number of design requirements, and not all cryptosystems are intended to achieve all four goals. 17 Cryptography- The Math Cryptography- An overview Cryptographic Systems C ONFIDENTIALITY IN CRYPTOSYSTEMS ❏ Two main types of cryptosystems enforce confdentiality. ❐ Symmetric key cryptosystems use a shared secret key available to all users of the cryptosystem. ❐ Asymmetric cryptosystems use individual combinations of public and private keys for each user of the system. ❏ When developing a cryptographic system for the purpose of providing confdentiality, we must think about two different types of data: ❐ Data at rest is that which resides in a permanent location awaiting access. ❐ Data in transit, or data (in motion or on the wire), is data being transmitted across a network between two systems. 18 Cryptography- The Math Cryptography- An overview Cryptographic Systems I NTEGRITY IN CRYPTOSYSTEMS ❏ Integrity ensures that data is not altered without authorization. ❏ It allows to: ❏ Check if message received is identical to the sent message. ❏ Ensure that stored data was not altered between the time it was created and the time it was accessed. ❏ Protect against all forms of alteration. ❏ Message integrity is enforced through the use of encrypted message digests, known as digital signatures created upon transmission of a message ❏ Integrity can be enforced by both public and secret key cryptosystems. 19 Cryptography- The Math Cryptography- An overview Cryptographic Systems AUTHENTICATION IN CRYPTOSYSTEMS ❏ Authentication verifes the claimed identity of system users and is a major function of cryptosystems 20 Cryptography- The Math Cryptography- An overview Cryptographic Systems N ON -R EPUDIATION IN CRYPTOSYSTEMS ❏ Nonrepudiation provides assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender. ❏ It also prevents the sender from claiming that they never sent the message in the frst place (also known as repudiating the message). 21 Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOSYSTEMS Cryptosystems A cryptosystem encompasses all of the necessary components for encryption and decryption to take place. Pretty Good Privacy (PGP) is just one example of a cryptosystem. A cryptosystem is made up of at least the following: ❐ Software ❐ Algorithms ❐ Protocols ❐ Keys 22 Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOGRAPHY C APABILITIES ❐ Privacy or confdentiality ❐ Certifcation ❐ Integrity ❐ Timestamping ❐ Entity authentication or ❐ Witnessing identifcation ❐ Ownership ❐ Message authentication ❐ Anonymity ❐ Signature ❐ Non-repudiation ❐ Access control 23 Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOGRAPHIC F UNCTIONS AND C IPHERS ❏ Each cipher has specifc characteristics that make it desirable or undesirable ❏ When evaluating a cipher, consider its intended use ❏ Are you trying to secure data in transit or data at rest? ❏ Different ciphers solve different problems better than others ❏ After selecting a cipher, you must make additional decisions about key size, operational mode, etc. ❏ Many symmetric ciphers operate as either a stream cipher or a block cipher 24 Cryptography- The Math Cryptography- An overview Cryptographic Systems C ONFUSION AND D IFFUSION ❏ Cryptographic algorithms rely upon two basic operations to obscure plain-text messages—confusion and diffusion. ❏ Confusion occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting cipher text to determine the key. ❏ Diffusion occurs when a change in the plain text results in multiple changes spread throughout the cipher text. 25 Cryptography- The Math Cryptography- An overview Cryptographic Systems S TEGANOGRAPHY ❏ Steganography is a method of hiding data in another media type so the very existence of the data is concealed. ❏ Only the sender and receiver are supposed to be able to see the message because it is secretly hidden in a graphic, wave fle, document, or other type of media. ❏ The message is not encrypted, just hidden. ❏ Encrypted messages can draw attention because it tells the bad guy, “This is something sensitive.” ❏ A message hidden in a picture of your dog would not attract this type of attention, even though the same secret message can be embedded into this image. ❏ Steganography is a type of security through obscurity. ❏ Media fles are ideal for steganographic transmission because of their large size. 26 Cryptography- The Math Cryptography- An overview Cryptographic Systems T HE STRENGTH OF THE CRYPTOSYSTEM ❏ The strength of an encryption method comes from ❏ The algorithm ❏ The secrecy of the key ❏ The length of the key ❏ The initialization vectors ❏ How they all work together within the cryptosystem. ❏ The strength of an encryption method correlates to: ❏ The amount of necessary processing power ❏ Resources ❏ and time required to break the cryptosystem or to fgure out the value of the key. 27 Cryptography- The Math Cryptography- An overview Cryptographic Systems T HE STRENGTH OF THE CRYPTOSYSTEM ❏ Breaking a cryptosystem can be accomplished by a brute force attack ❏ If a key can be broken with a Pentium Core i7 processor in three hours, the cipher is not strong at all. ❏ If the key can only be broken with the use of a thousand multiprocessing systems over 1.2 million years, then it is pretty darn strong. ❏ The introduction of mutli-core processors has really increased the threat of brute force attacks. 28 Cryptographic Systems Cryptography- The Math Cryptography- An overview Cryptographic Systems C RYPTOGRAPHIC S YSTEMS ❏ A cryptographic System is characterized along three independent dimensions: ❏ The type of operations used for transforming plaintext to ciphertext ❐ Substitution ❐ Transposition ❏ The number of keys used ❐ Symmetric ❐ Asymmetric ❏ The way in which the plaintext is processed ❐ Block Cipher ❐ Stream Cipher 29 Cryptography- The Math Cryptography- An overview Cryptographic Systems S UBSTITUTION C IPHERS ❏ A substitution cipher is one in which the letters of plaintext are replaced by other letters or by numbers or symbols ❏ If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns ❏ uses a key to dictate how the substitution should be carried out. ❏ Keyword mixed alphabet cipher—Uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet ❏ Simple substitution cipher —Allows any letter to uniquely map to any other letter 30 Cryptography- The Math Cryptography- An overview Cryptographic Systems C AESAR C IPHERS ❏ Simplest and earliest known use of a substitution cipher ❏ Involves replacing each letter of the alphabet with the letter standing three places further down the alphabet ❏ Alphabet is wrapped around so that the letter following Z is A ❏ We simply shift each letter to the right by a specifc number in the message to generate the cipher text. ❏ For example, you can rotation by 3 (ROT3) cipher in mathematical terms where A is 0 and Z is 25 ❐ The encryption function for the Caesar cipher is: C = (P + 3) mod 26 ❐ The decryption function is P = (C - 3) mod 26 ❏ A stronger cipher algorithm called Vigenère Cipher was adopted from Caesar. ❐ The strength of this cipher is that there are multiple ciphertext letters for each plaintext letter 31 Cryptography- The Math Cryptography- An overview Cryptographic Systems T RANSPOSITION C IPHERS ❏ Transposition ciphers use an encryption algorithm to rearrange the letters of a plain-text message, forming the cipher-text message. ❏ The decryption algorithm simply reverses the encryption transformation to retrieve the original message. ❏ We can use a keyword to perform a columnar transposition. 32 Cryptography- The Math Cryptography- An overview Cryptographic Systems T RANSPOSITION C IPHERS ❏ Message—ATTACK AT DAWN ❏ Ciphertext—ACDTKATAWATN ❏ Key— 1,2,3,4 33 Cryptography- The Math Cryptography- An overview Cryptographic Systems T RANSPOSITION C IPHERS E XAMPLE Example We’re attempting to encrypt the message ”The fghters will strike the enemy bases at noon” using the secret key attacker. 1- take the letters of the keyword and number them in alphabetical order. The frst appearance of the letter A receives the value 1; the second appearance is numbered 2. The next letter in sequence, C, is numbered 3, and so on. 34 Cryptography- The Math Cryptography- An overview Cryptographic Systems T RANSPOSITION C IPHERS E XAMPLE Example We’re attempting to encrypt the message ”The fghters will strike the enemy bases at noon” using the secret key attacker. 2- Next, the letters of the message are written in order underneath the letters of the keyword 34 Cryptography- The Math Cryptography- An overview Cryptographic Systems T RANSPOSITION C IPHERS E XAMPLE Example We’re attempting to encrypt the message ”The fghters will strike the enemy bases at noon” using the secret key attacker. 3- Finally, the sender enciphers the message by reading down each column; the order in which the columns are read corresponds to the numbers assigned in the frst step. 34 Cryptography- The Math Cryptography- An overview Cryptographic Systems A C RYPTOSYSTEM AT W ORK ❏ Those that use the same key to encrypt and decrypt are considered a Symmetric encryption ❏ Those that use different keys to encrypt and decrypt are considered an Asymmetric encryption 35 Cryptography- The Math Cryptography- An overview Cryptographic Systems S YMMETRIC ENCRYPTIONS ❏ In symmetric cryptography the sender and receiver use two instances of the same key for encryption and decryption ❏ The key has dual functionality, in that it can carry out both encryption and decryption processes. ❏ Symmetric keys are also called secret keys ❏ This type of encryption relies on each user to keep the key a secret and properly protected. ❏ If an intruder were to get this key, they could decrypt any intercepted message encrypted with it. ❏ Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key. ❏ If 100 people were going to communicate, then 4950 pair of keys would be involved. ❏ The equation used to calculate the number of symmetric keys needed is N ∗ (N − 1)/2 = number of keys 36 Cryptography- The Math Cryptography- An overview Cryptographic Systems S YMMETRIC ENCRYPTIONS ❏ The security of the symmetric encryption method is completely dependent on how well users protect the key. ❏ This should raise red fags for you if you have ever had to depend on a whole staff of people to keep a secret. ❏ If a key is compromised, then all messages encrypted with that key can be decrypted and read by an intruder. ❏ Because both users employ the same key to encrypt and decrypt messages, symmetric cryptosystems can provide ❐ Confdentiality, but they cannot provide authentication or nonrepudiation. ❐ There is no way to prove through cryptography who actually sent a message if two people are using the same key. 37 Cryptography- The Math Cryptography- An overview Cryptographic Systems S YMMETRIC ENCRYPTION When using symmetric algorithms, the sender and receiver use the same key for encryption and decryption functions 38 Cryptography- The Math Cryptography- An overview Cryptographic Systems S YMMETRIC ENCRYPTION S TRENGTHS AND W EAKNESSES ❏ Strengths ❐ The major strength of symmetric key cryptography is the great speed at which it can operate. ❐ Symmetric keying is very fast, often 1,000 to 10,000 times faster than asymmetric. ❐ Symmetric encryption algorithms are also hard to break if a large key size is used. ❏ Weaknesses ❐ Requires a secure mechanism to deliver keys properly. ❐ Each pair of users needs a unique key, so as the number of individuals increases, so does the number of keys, possibly making key management overwhelming. ❐ Provides confdentiality but not authenticity or non-repudiation. 39 Cryptography- The Math Cryptography- An overview Cryptographic Systems A SYMMETRIC ENCRYPTIONS ❏ In Asymmetric encryptions sometimes called public key systems each user has two keys: ❐ The public key can be known to everyone, and the private key must be known and used only by the owner. ❐ The two different asymmetric keys are mathematically related. ❐ If a message is encrypted by one key, the other key is required in order to decrypt the message. ❏ In other words, if the public key encrypts a message, then only the private key can decrypt it, and vice versa. ❏ Each user using an asymmetric encryption algorithm needs two keys, one public key and one private key. ❏ If 100 people were going to communicate, then 200 keys would be involved. ❏ The equation used to calculate the number of asymmetric keys needed is N ∗ 2 = number of keys 40 Cryptography- The Math Cryptography- An overview Cryptographic Systems A SYMMETRIC ENCRYPTION FUNCTIONS ❏ Asymmetric algorithms can provide authentication and nonrepudiation, depending on the type of algorithm being used. ❏ Asymmetric systems also provide for easier and more manageable key distribution than symmetric systems and do not have the scalability issues of symmetric systems ❏ How is Authentication provided ❐ A message can be decrypted with a public key only if the message was encrypted with the corresponding private key. ❐ Bob is the only one who is supposed to have his private key. ❐ This provides Authentication 41 Cryptography- The Math Cryptography- An overview Cryptographic Systems A SYMMETRIC ENCRYPTIONS FUNCTIONS ❏ How is Confdentiality provided ❐ If confdentiality is needed Alice would encrypt the fle with the receiver’s public key. ❐ This is called a secure message format because it can only be decrypted by the person who has the corresponding private key. ❏ How is Non-repudiation provided ❐ If Alice encrypt the message with her private key. ❐ Only her public key can decrypt it. ❐ Alice cannot deny sending this message if her public key can decrypt it. This is non repudiation 42 Cryptography- The Math Cryptography- An overview Cryptographic Systems A SYMMETRIC ENCRYPTIONS An asymmetric cryptosystem 43 Cryptography- The Math Cryptography- An overview Cryptographic Systems A SYMMETRIC ENCRYPTION S TRENGTHS AND WEAKNESSES ❏ Strengths ❐ Better key distribution than symmetric systems. ❐ Better scalability than symmetric systems ❐ Can provide authentication and non-repudiation ❏ weaknesses ❐ Works much more slowly than symmetric systems ❐ Mathematically intensive tasks 44 Cryptography- The Math Cryptography- An overview Cryptographic Systems S YMMETRIC AND A SYMMETRIC K EY C RYPTOGRAPHY Differences Between Symmetric and Asymmetric Systems 45 Cryptography- The Math Cryptography- An overview Cryptographic Systems C IPHERS ❏ Cipher systems have long been used by individuals and governments interested in preserving the confdentiality of their communications. ❏ It’s important to remember that these concepts seem somewhat basic, but when used in combination, they can be formidable opponents and cause cryptanalysts many hours of frustration. The scytale was used by the Spartans to decipher encrypted messages. 46 Cryptography- The Math Cryptography- An overview Cryptographic Systems B LOCK C IPHER ❏ Encrypt a block of input to a block of output ❏ Typically, the two blocks are of the same length ❏ Most symmetric key systems block size is 64 ❏ In AES block size is 128 ❏ Different modes for encrypting plaintext longer than a block 47 Cryptography- The Math Cryptography- An overview Cryptographic Systems S TREAM C IPHER ❏ A stream cipher does not divide a message into blocks. ❏ A stream cipher treats the message as a stream of bits and performs mathematical functions on each bit individually. ❏ Stream ciphers use keystream generators, which produce a stream of bits that is XORed with the plaintext bits to produce ciphertext ❏ Stream cipher is very similar to the one-time pad substitution cipher. 48 Cryptography- The Math Cryptography- An overview Cryptographic Systems S TREAM C IPHER 49 Cryptography- The Math Cryptography- An overview Cryptographic Systems H ASHING A LGORITHMS ❏ The most common hashing functions create the message digest for digitally signed messages ❏ Hashing is also used to protect user passwords ❏ Hashing-type functions can also be used with symmetric key cryptography, and the result of the operation is called a message authentication code (MAC) 50 Cryptography- The Math Cryptography- An overview Cryptographic Systems H ASH F UNCTION AND I NTEGRITY ❏ Hash functions: ❐ Help detect forgeries ❐ Compute a checksum of a message ❐ Combine the checksum with a cryptographic function so that the result is tamperproof ❏ A hash is: ❐ A checksum designed so that no one can forge a message in a way that will result in the same hash as a legitimate message ❐ Usually a fxed size, resulting in a hash value, which is larger than checksum values 51 Cryptography- The Math Cryptography- An overview Cryptographic Systems C OMMON HASHING ALGORITHMS ❏ MD5 message digest algorithm—Takes an input of any arbitrary length and generates a 128-bit message digest that is computationally infeasible to match by fnding another input ❏ Secure Hashing Algorithm (SHA) variants are the most common variants of hashing functions found in commercial software ❐ Secure Hash Algorithm (SHA-1)—Produces a 160-bit hash from a message of any arbitrary length. ❐ SHA256 with a digest size of 256 bits is one the most widely used hash algorithms. ❏ Hash message authentication code (HMAC)—A hash function that uses a key to create the hash, or message digest 52 Cryptography- The Math Cryptography- An overview Cryptographic Systems R EFERENCES ❏ The lecture notes and contents were compiled from my own notes and from various sources. ❏ Figures and tables are from the recommended books ❏ The lecture notes are very detailed. If you attend the lecture, you should be able to understand the topics. ❏ You can use any of the recommended readings! You do not need to read all the chapters! ❏ Recommended Readings note: Focus on what was covered in the class. ❐ Chapter 13- Cryptography, CEH v11 Certifed Ethical Hacker Study Guide ❐ Chapter 7, Cryptography, Fundamentals of Information Systems Security ❐ Chapter 10 Cryptography & Chapter 18 Applied Cryptography, CyBOK, The Cyber Security Body of Knowledge 53

Use Quizgecko on...
Browser
Browser