Cryptography And Computer Security Introduction and Symmetric Cryptography, Lecture Slide - Computer Science, Slides of Cryptography and System Security

Download Cryptography And Computer Security Introduction and Symmetric Cryptography, Lecture Slide - Computer Science and more Slides Cryptography and System Security in PDF only on Docsity! Outline Course Overview Symmetric cryptography CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 11, 2010 Michael J. Fischer CPSC 467b 1/18 Outline Course Overview Symmetric cryptography 1 Course Overview 2 Symmetric cryptography Michael J. Fischer CPSC 467b 2/18 Outline Course Overview Symmetric cryptography Information security in the real world Some goals of information security. Protection against data damage. Protection against theft of intellectual property. Protection against surveillance. Protection against unauthorized actions. Protection of constitutional privacy rights. Protection of freedom of information. Michael J. Fischer CPSC 467b 5/18 Outline Course Overview Symmetric cryptography How is security achieved in the real world? Prevention: Physical barriers, locks, encryption, firewalls, etc. Detection: Audits, checks and balances. Legal means: Laws, sanctions. Concealment: Camouflage, steganography. Michael J. Fischer CPSC 467b 6/18 Outline Course Overview Symmetric cryptography Threat examples Some risks and possible countermeasures: Eavesdropping on private conversations: encryption. Unauthorized use of a computer: passwords, physical security. Unwanted email: spam filters. Unintentional data corruption: checksums and backups. Denial of service: redundancy, isolation. Breach of contract: nonrepudiable signatures. Data corruption: access controls, cryptographic hash functions. Disclosure of confidential data: access controls, encryption, physical security. Michael J. Fischer CPSC 467b 7/18 Outline Course Overview Symmetric cryptography Computer science, mathematics and cryptography Cryptography cuts across both computer science and mathematics. Computer science: Cryptographic algorithms must be implemented correctly. Mathematics: Underlies both algorithms and their analysis. Many cryptographic primitives are based on: Number theoretic problems such as factoring and discrete log; Algebraic properties of structures such as elliptic curves. Understanding and modeling security uses Probability theory and coding theory; Complexity theory. Will explore in enough depth to provide insight for how algorithms work and why they are believed secure. Michael J. Fischer CPSC 467b 10/18 Outline Course Overview Symmetric cryptography Organization of this course Roughly organized around cryptographic primitives. For each one: What can be done with it? Study of cryptographic algorithms and protocols. [Primary reference: Trapp & Washington.] What are its properties? Modeling and analysis. Requires complexity theory, probability theory, and statistics. [Primary reference: Katz & Lindell.] How is it built? Requires a fair amount of mathematics, particularly number theory and algebra. [We’ll cover needed math.] How is it implemented? Requires attention to detail, especially to prevent accidental leak secret information. [We’ll do some implementation.] Michael J. Fischer CPSC 467b 11/18 Outline Course Overview Symmetric cryptography What this course is not This course is broad rather than deep. It will not go deeply into the mathematics and details of newer cryptosystems such as AES and elliptic curves. It will only briefly touch on cryptanalysis, the flip side of cryptography. It will not go deeply into real-world security protocols. It will not talk about security mechanisms for computer and network devices and applications such as firewalls, operating system access controls, detecting software security holes, or dealing with web security vulnerabilities. Michael J. Fischer CPSC 467b 12/18 Outline Course Overview Symmetric cryptography Requirements What do we require of E , D, and the computing environment? Given c , it is hard to find m without also knowing k. k is not initially known to Eve. Eve can guess k with at most negligible success probability. (k must be chosen randomly from a large key space.) Alice and Bob successfully keep k secret. (Their computers have not been compromised; Eve can’t find k on their computers even if she is a legitimate user, etc.) Eve can’t obtain k in other ways, e.g., by social engineering, using binoculars to watch Alice or Bob’s keyboard, etc. Michael J. Fischer CPSC 467b 15/18 Outline Course Overview Symmetric cryptography Symmetric cryptosystems (somewhat more formal) A symmetric cryptosystem consists of a set M of plaintext messages, a set C of ciphertexts, a set K of keys, an encryption function E : K ×M→ C a decryption function D : K × C →M. We often write Ek(m) = E (k , m) and Dk(c) = D(k, c). Michael J. Fischer CPSC 467b 16/18 Outline Course Overview Symmetric cryptography Desired properties Decipherability ∀m ∈M, ∀k ∈ K, Dk(Ek(m)) = m. In other words, Dk is the left inverse of Ek . Feasibility E and D, regarded as functions of two arguments, should be computable using a feasible amount of time and storage. Security (weak) It should be difficult to find m given c = Ek(m) without knowing k . Michael J. Fischer CPSC 467b 17/18