Types of Cryptosystems: Block vs. Stream, Symmetric vs. Asymmetric, Study notes of Cryptography and System Security

Download Types of Cryptosystems: Block vs. Stream, Symmetric vs. Asymmetric and more Study notes Cryptography and System Security in PDF only on Docsity! 1 Types of Cryptosystems ECE 646 - Lecture 3 Implementation of Security Services 2 Project, Next Steps • Due Today: Initial choice, literature list • Wednesday: List of topics and people with e-mail address on webpage • Sept 19: Final choice, final groups • Sept 26: Draft project specifications • Discussions of groups with instructor • Oct 3: Final specifications due 3 Review of Reading Assignments • Ross Anderson, Why Cryptosystems Fail • Matt Curtin, Snake Oil Warning Signs: Encryption Software to Avoid • 2006 CSI/FBI Computer Crime and Security Survey 4 Review of Lecture 1 • Identification • Security Services • Handwritten and Digital Signatures • Network Security Threats 16 Typical stream cipher Sender Receiver Pseudorandom Key Generator xi plaintext yi ciphertext ki keystream key initialization vector (seed) Pseudorandom Key Generator xi plaintext yi ciphertext ki keystream key initialization vector (seed) 17 Secret-key vs. public-key ciphers Types of Cryptosystems (2) 18 Secret-key (Symmetric) Cryptosystems key of Alice and Bob - KAB key of Alice and Bob - KAB Alice Bob Network Encryption Decryption 19 Key Distribution Problem N - Users N · (N-1) 2 Keys Users Keys 100 5,000 1000 500,000 20 Digital Signature Problem Both corresponding sides have the same information and are able to generate a signature There is a possibility of the
receiver falsifying the message
sender denying that he/she sent the message 21 Public Key (Asymmetric) Cryptosystems Public key of Bob - KB Private key of Bob - kB Alice Bob Network Encryption Decryption 26 Digital Signature Alice Bob signature message signature message Alice’s public key Alice’s private key Alice’s public key signature message Alice’s public key Intruder signature message Alice’s public key Judge 27 Implementation of Security Services 28 Message Hash function Public key cipher Alice Signature Alice’s private key Bob Hash function Alice’s public key Non-repudiation Hash value 1 Hash value 2 Hash value Public key cipher yes no Message Signature 29 Hash function arbitrary length message hash function hash valueh(m) h m fixed length 30 Hash functions • Basic Requirements 1) Public description, no key. 2) h(m) can be applied to any size m. 3) h(m) produces fixed length output. 4) h(m) is easy to compute (hw and sw). 31 Hash functions Why not use error correcting codes? 36 Hash functions Why is there no collision free hash function? 37 Bithday Paradox • 1st person, P[b'day] = 1 • any person, P[b'day] on a specific date] = • 2nd person, P[b'day ≠ 1st person] = • 3rd person, P[b'day ≠ 1st and 2nd ] = • P[all 3 have different b'day] = • for 46 ppl: • P[no two ppl. have b'day same] = 0.052 i.e. P[two have same b'day] = 94.8% ! 1 365 1 1 365 = 364 365 1 2 365 1 1365 1 2365  1 1365 1 2365 1 45365 =0.052 38  i=1 k1 1 in P[no collisions amongst k elements in a group of size n] = Recall: ex=1x x 2 2!  x 3 3!  if x1 e x 1x if n i then for x= i n x1  i=1 k1 1 in =i=1 k1 e  i n =e  1 ne  2 ne  3 ne  k1 n =e 123k1 n Recall: 123k1= k k1 2 P[no collision] e  k k1 2n P[at least one collision] 1e  k k1 2n 1 e  k k1 2n ln 1   k k1 2n k k1 2n ln 1 =2n ln  11  39 k k1 2n ln  11  if k 1, then k2 k k1 2n ln  11  k 2n ln  11  Example: k  =0.5 2n ln  110.5 =1.18 n • A collision is found after √n trials with a probability of 50%. • Hash output space 2160 (i.e. 160 bits) then finding collision takes √2160 = 280 steps. 40 Message Hash function Public key cipher Alice Signature Alice’s private key Bob Hash function Alice’s public key Non-repudiation Hash value 1 Hash value 2 Hash value Public key cipher yes/no Message Signature 41 Message Hash function Public key cipher Alice Signature Alice’s private key Bob Hash function Alice’s public key Non-repudiation Hash value 1 Hash value 2 Hash value Public key cipher yes/no Message Signature Signature generation function Signature verification function 46 CBC-MAC (Cipher Block Chaining MAC) Secret-key cipher KAB M1 KAB M2 . . . . KAB Mt 0 Message MAC Secret-key cipher Secret-key cipher 47 Relations among security services INTEGRITY AUTHENTICATION NON-REPUDIATION CONFIDENTIALITY 48 Message Hash function Public key cipher Alice Signature Alice’s private key Bob Hash function Alice’s public key Non-repudiation Hash value 1 Hash value 2 Hash value Public key cipher yes no Message Signature 49 Message Secret key algorithm Alice MAC Secret key of Alice and Bob Bob Secret key algorithm Authentication MAC’ MAC yes no Message MAC Secret key of Alice and Bob KAB KAB 50 Hybrid Systems 51 Features required from today’s ciphers STRENGTH FUNCTIONALITY • easy key distribution • digital signatures PERFORMANCE 56 Permutation C order of wires P HardwareSoftware ASM sequence of instructions <<, |, & sequence of instructions ROL, OR, AND n n x1 x2 x3 xnxn-1 . . . y1 y2 y3 ynyn-1 . . . Basic operations of secret key ciphers - P-box P-box n x n 57 Basic Operations of the Public Key Cryptosystem RSA Encryption Decryption ciphertext = modplaintext public key modulus public key exponent plaintext = modciphertext private key modulus private key exponent k-bits k-bits k-bits k-bits k-bits k-bits 58 Alice Bob session key (random secret-key) Bob’s public key Hybrid Systems Bob’s private key Network Session key encrypted using Bob’s public key Message encrypted using session key 59 Hybrid Systems - Sender’s Side (2) Alice session key random Bob’s public key message Secret key cipher Public key cipher 1 2 3 Session key encrypted using Bob’s public key Message encrypted using session key 60 Hybrid Systems - Receiver’s Side (2) Bob session key random Bob’s private key message Secret key cipher Public key cipher 2 1 Session key encrypted using Bob’s public key Message encrypted using session key 61 Evaluating the security of secret-key ciphers