Documente Academic
Documente Profesional
Documente Cultură
Lecture 3
Cryptography
Syed Naqvi
snaqvi@ieee.org
A Secrecy Scenario …
♦ Alice wants to send a message (plaintext p) to Bob.
♦ The communication channel is insecure and can be
eavesdropped by Trudy.
♦ If Alice and Bob have previously agreed on an encryption
scheme (cipher), the message can be sent encrypted
(ciphertext c)
Alice Bob
p encrypt c c decrypt p
Trudy
1
A Secrecy Scenario …
♦ Issues:
– What is a good cipher?
– What is the complexity of encrypting/decrypting?
– What is the size of the cipher-text, relative to the
plaintext?
– If Alice and Bob have never interacted before,
how can they agree on a cipher?
Need of Encryption
Sender Receiver
Plaintext
Defence from:
Active Active Plaintext, P
Plaintext, P
Passive Intruder, Intruder,
Intruder, Can change Can insert
Encryption only listens message message Decryption
Key Key
Method Method
K K
Ek(P)
(P) Dk(C)
(C)
Ciphertext,
Ciphertext, C Ciphertext,
Ciphertext, C
Network
2
Traditional Cryptography
♦ Ciphers were already studied in ancient times
♦ Caesar’s cipher:
replace a with d
replace b with e
...
replace z with c
♦ A more general monoalphabetic substitution
cipher maps each letter to some other letter.
Secret-Key Ciphers
♦ A secret-key cipher uses a key to encrypt and decrypt
♦ Caesar’s generalized cipher uses modular addition of
each character (viewed as an integer) with the key:
ci = pi + k mod m
pi = ci - k mod m
♦ A more secure scheme is to use modular
exponentiation to encrypt blocks of characters
(viewed as integers):
c [i,j] = p [i,j]k mod m
where m is a large prime.
3
Secret-Key Ciphers
♦ Unlike modular addition, modular exponentiation is
considered computationally infeasible (exponential) to
invert. Thus, even if Trudy guesses a pair:(c [i,j] ,p [i,j]), (for
example, she knows the plaintext starts with the words
“Dear Bob”) she still cannot compute the key k.
♦ The Diffie-
Diffie-Hellman key exchange protocol (1976) allows
strangers to establish a secret shared key while
communicating over an insecure channel
4
Types of Encryption
Text is converted to ciphertext by use of an algorithm and key
• Algorithm is publicly known
• Key is held private
Symmetric Encryption
♦ Sender and receiver have same secret key that will encrypt
and decrypt plain text
– Strength of encryption technique depends on key length
– Known symmetrical algorithms
• Data Encryption Standard (DES) - 56 bit key
• Triple DES, DESX, GDES, RDES - 168 bit key
• RC2, RC4, RC5 - variable length up to 2048 bits
• IDEA - basis of PGP - 128 bit key
• Blowfish - variable length up to 448 bits
5
Data Encryption Standard (DES)
♦ Widely-used
♦ Private (secret) key - judged so difficult to break it was
restricted for export by US Government.
♦ 72,000,000,000,000,000 (72 quadrillion) or more possible
encryption keys
♦ Key chosen at random – both sender and receiver must
know and use the same private key
♦ Can run in several modes and involves 16 rounds or
operations
♦ Many companies use "triple DES“ - applies three keys in
succession
Asymmetric Encryption
♦ Better Known as Public/Private Key
– user X has a pair of keys one public and one private
– To encrypt a message to X use X’s public key
– X will decrypt encrypted message using X’s private key that
“matches” X’s public key
♦ Most common algorithm is the RSA (Rivest Shamir
Adelman) algorithm with key lengths from 512 to 1024
bits
♦ Uses modular arithmetic & elementary number theory
♦ based on the fact that it is extremely difficult to find the
prime factors of large numbers.
6
Digital Signature
♦ Alice can provide a digital signature for the message:
s = xd mod e
♦ If Bob receives both x and s, he computes:
– y = s3 mod e = xd3 mod e = x
♦ Thus, if y = x, Bob knows that Alice indeed sent x, since
she is the only person who can compute s from x.
♦ Also, Alice cannot cheat and deny to have sent message x
(nonrepudiation).
♦ Using digital signatures, Alice and Bob can authenticate
each other and prevent Trudy’s woman-in-the-middle
attacks
♦ Validating a signed message requires knowledge of the
other party’s public key.
7
PKI Services
♦ Confidentiality (Encryption)
– Ensures that data is viewed ONLY by authorized participants
– How? = Encryption scrambles data which only the intended
recipient may unscramble
♦ Integrity
– Ensures data is not altered without authorization
– How? = Digital Signature includes one-way hash (fingerprint) of
content
♦ Identification and Authentication
– Ensures that an entity is whom he/she/it claims to be
– How? = Digital Certificate binds the identity with a unique key
♦ Non-Repudiation
– Ensures that an individual can not deny participating in a transaction
– How? = Digital Signature identifies sender of information
11 November, 2010 Lecture 3: Cryptography 15
Hash Function
♦ A hash function takes data of arbitrary size and returns a
value in a fixed range.
8
Hash Function
♦ A hash function h acts on data x and returns a value h(x).
♦ The hash function should have these 4 essential
properties:
– Given x it should be easy to compute h(x).
– The input x can be of arbitrary length.
– Given a value y, it should be hard to find an x such that h(x) = y.
– It is hard to find two different inputs x1 and x2 such that h(x1) =
h(x2).
Hash Function
9
Timestamps
♦ Inclusion of date/time-stamp in message allows recipient to
check it for freshness (as long as time-stamp protected by
cryptographic means).
♦ Requires securely synchronised clocks to prevent replay
– non-trivial!
♦ Typical clock drift is 1s per day on work station.
♦ So need a window of acceptance for Alice’s messages
either side of Bob’s current clock time (drift + variable
propagation time).
♦ Also need a log of recently received messages to prevent
replay attack.
‘Logical’ Timestamps
♦ Alternative to clocks: Alice and Bob could use pair of
sequence numbers NAB and NBA in their communications.
♦ Every time A sends B a message she includes value NAB,
and increments it. Likewise for B.
♦ Needs pair of (secret) sequence numbers for every pair of
communicating parties.
10
Key Establishment Protocols
♦ The Diffie-Hellman protocol allows 2 people to use
random values and yet each generate the same symmetric
key without transmitting the value of the key.
♦ The security of the protocol lies in the discrete log
problem (DLP):
given y, g and p find x such that
y = gx mod p
Alice Bob
1. Generates random 1. Generates random
number a, number b,
2. Computes x=ga mod p 2. Computes y=gb mod p
3. Sends x to Bob 3. Sends y to Alice
4. Receives y from Bob 4. Receives x from Alice
5. Computes k=ya mod p 5. Computes k=xb mod p
11
Diffie-Hellman Key Exchange
Alice has computed Bob has computed
k = ya mod p k = xb mod p
= (gb)a mod p = (ga)b mod p
= gba mod p = gab mod p
= gab mod p
12
Needham-Schroeder Protocol
♦ This is another protocol for exchanging keys between
Alice and Bob.
♦ This time they use only symmetric key cryptography but
they need a trusted third party (TTP) or Server (S).
♦ Alice and the server have a key KAS
♦ Bob and the server have a key KBS
♦ Alice and Bob want to establish a shared key KAB so that
Alice can send Bob a message.
♦ They communicate with each other and the server as
follows:
Needham-Schroeder Protocol
1. Alice sends the server S the names of Alice and Bob to
request that a session key be generated.
13
Needham-Schroeder Protocol
3. Alice uses key KAS to decrypt the items sent to her
in step 2. Alice now knows the session key KAB.
Certificates
A certificate consists of a public key together with an
identification of the key user. The certificate is issued
by a Trusted Third Party(TTP) called a
Certification Authority (CA)
The certification agency might be a government agency
or financial institution.
14
Certification Authority (CA)
The CA guarantees the link between the user and the
public key by digitally signing a document which contains
the user name, the public key, the name of the CA, the
expiry date of the certificate and perhaps other information
such as access rights.
X.509 Standard
♦ Bob generates a document containing his relevant
information and presents himself with this document to the
CA.
♦ The CA confirm Bob’s identity.
15
X.509 Standard
♦ If Alice wants to communicate with Bob she looks up his
public key document and certificate.
♦ She will use the public key of the CA to decrypt the
certificate.
♦ She will hash the document
♦ If these two items are the same then she knows that she can
safely communicate with Bob using the public key since
the CA has verified his identity.
X.509 Standard
Version
Serial Number
Signature Algorithm
Issuer Name
x509 v3 Bodypart
Validity
X.509
version 3
Certificate Subject Name
Signature Algorithm
Subject Public Key
Extensions (v3)
16
X.509 Standard
X.509 Standard
Certification Registration
2. Init Request Authority
Authority
(CA) (RA)
3. Init Response
1. R
equ
est
ID
6. C 4. K
erti ey I
fica nfo
te R
equ
est
7. Generate X.509 8. C
Certificate ertif
icat
e
X.509
Smart
Card
X.5
00
Generate
RSA-
RSA-Keys
17
Exercise …
♦ Vigenere Cipher
– First try manually
• Ciphering
• Deciphering
18
Plain text Forename Surname Key C L U J
Cipher text ?
19
Now decipher your name Key C L U J
Exercise …
♦ Vigenere Cipher
– First try manually
• Ciphering
• Deciphering
– Now program it
• For ciphering
– Input: Plain text & Key
– Output: Cipher text
• For deciphering
– Input: Cipher text & Key
– Output: Plain text
11 November, 2010 Lecture 3: Cryptography 40
20