Security - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Security

Description:

love letters ??? 6/19/09. Gene Itkis: BU CAS 591 - Topics in Internet Security. 9 ... Love letters. Banking transactions. Television Broadcasts. Internet. 6/19/09 ... – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 37
Provided by: Gene100
Category:
Tags: letters | love | security

less

Transcript and Presenter's Notes

Title: Security


1
Security CryptoLandscape overview
2
What is Cryptography?
  • It all started with
  • Encryption / Decryption

- plaintext
attack at midnight
- ciphertext
buubdl bu njeojhiu
3
Encryption / Decryption (cont.)
ciphertext msg
decoder
(ciphertext in - plaintext out)
encoder
(plaintext in - ciphertext out)
cmb-cmb
eavesdropper
(should understand nothing about the msg)
4
Other scenarios/tools
  • Key exchange
  • Authentication
  • public
  • private
  • Signatures
  • Hashing
  • Certificates, PKI

5
Key exchange
  • Alice and Bob want to establish a shared secret
    (key) when other people (eavesdroppers) are
    listening

6
Authentication
M
Alice sends a msg to Bob, who wants to be sure
the msg is really from Alice
7
Signatures
(M, SigM)
SAlice
SigM Sign(M, SAlice )
8
Authentication public
  • checks
  • contracts
  • love letters ???

9
Public Key Signatures
PAlice
  • Public Key
  • Secret Key

Verify(M, SigM, PAlice )
10
Authentication private
SAlice
Message Authentication Code (MAC) Sign(M, SAlice
)Hash(M, SAlice )
Verify(M, SigM, SAlice ) Check SigM
Sign(M, SAlice )
MAC Shared Secret Sig Symmetric Sig
(SignVerify)
11
Hashing
Hash
y
x1
collision
x2
  • Crypto Hash
  • collisions may exist, but
  • are hard to find
  • Given y hard to find x, s.t. Hash(x)y

12
Another setting
13
Applications
  • Military applications
  • Love letters
  • Banking transactions
  • Television Broadcasts
  • Internet

14
Real Life e-thieves
  • E-thieves (pirates/hackers)
  • Recreational (do it for fun - e-hooligans)
  • Professionals
  • Defense
  • Cost time aspects
  • Periodic renewals
  • Multiple defense lines
  • Obscurity vs. security (or security by obscurity)
  • Recovery from security breaches

15
No Ultimate solution!
  • we are at an on-going electronic warfare with
    e-thieves

16
Encryption/Decryption -more details
  • Outline
  • Block vs. Stream ciphers
  • Symmetrical vs. Asymmetrical (public key)
  • Tool Pseudo-Random Number Generators
  • Complexity (what is hard?)
  • Public Key Crypto
  • Diffie-Hellman
  • Rabins encryption
  • RSA

17
Block vs. Stream Ciphers
  • Cipher Encoder or Encryption/Decryption scheme
  • Stream cipher encodes/decodes char by char
  • Block cipher encodes/decodes block by block
  • Stream cipher Block cipher with block size of 1
    char (state)

18
Symmetric Asymmetric schemes
  • Symmetric
  • decryption as easy as encryption (and vice versa)
  • i.e. if you can encrypt then you can decrypt
  • (and vice versa)
  • (DES is a symmetric block cipher)
  • Asymmetric
  • may not be able to decrypt even if can encrypt
  • (and vice versa)
  • e.g. RSA

19
Symmetric cipher - example
  • Caesar's cipher
  • the letters of the alphabet are shifted ()
  • e.g. a is replaced with b, b with c,
    etc.
  • so msg attack at midnight is encrypted as
    buubdl bu njeojhiu
  • () the shift can be by one (as in the example)
    or more
  • encryption and decryption are equally easy (too
    easy, in fact)

20
One-time pad
  • For each character of the future msg indicate the
    shift

pad
?
msg (plain)
ciphertext (encrypted msg)
21
One-time random pad (cont.)
  • Symmetric
  • Pad is selected at random
  • Perfectly secure, but...
  • One time only
  • so sending the pad is just as hard as sending
    the msg

22
Pseudo-random pad
  • Pseudo-random bit string (PRBS) generator
  • PRBS Hard to guess a bit (after seeing many
    others)

23
Complexity what is hard?
  • measure hardness in terms of size of input
  • easy polynomial hard exponential
  • Easy problems
  • Finding max of n numbers - O(n)
  • Sorting n elements - O(n lg n)
  • Hard problems
  • Factoring N (n bits long) -
  • current best (?)

24
Other hard problems
  • Let Np?q, where p,q are large primes
  • Square root mod N
  • given x,N find y mod N, i.e. y2x mod N
  • (equivalent to factoring N)
  • Discrete log
  • given b,N and x, find y
  • How hard are these problems really?
  • One-way functions easy to compute hard to invert
  • Trap-door a secret making inverting a owf easy

25
Public-Key Crypto
  • Key exchange - Diffie-Hellman
  • PK Encryption - Rabin, RSA
  • e-Signatures - Rabin, RSA ElGamal (a la
    DH) DSA Fiat-Shamir

26
Diffie-Hellman key exchange
p, g
Alice
Bob
a
b
mb? gbmod p
ma? gamod p
ma
mb
mbamod p
mabmod p
gabmod p
shared secret key!
27
Rabins scheme
  • to encrypt msg m simply square it mod N
  • if p,q (such that p?qN) are known, then
    decryption (finding m given x) is easy
  • (using Chinese Reminder Theorem)

mod N
ciphertext
plaintext
28
RSA
  • Let Np?q, and find e,d such that
  • Encryption
  • Decryption

plaintext
ciphertext
29
Public Key Cryptography
  • Encryption and Decryption are different
  • i.e. use different keys (asymmetric)
  • RSA
  • Public N,e (needed to encrypt)
  • Private d (needed to decrypt,
  • can be computed from p,q)
  • Rabins
  • Public N
  • Private p,q

30
Identification, Authentication, Signature schemes
  • Signature sSI(m) of a msg m
  • only I can sign, i.e. compute s, from I and m
  • given s,I, and m, everyone can verify that
    sSI(m)
  • Message Authentication
  • like Signature, but only the receiver of the msg
    is required to be able to verify it
  • Identification
  • only I can prove that he is I

31
Identification, Authentication, Signature schemes
(cont.)
  • Signature can be used for Authentication
  • Signature and Authentication can be used for
    Identification
  • use interaction
  • two players
  • Prover P - e.g. user, who wants to prove that he
    is I
  • Verifier V - e.g. wants to verify that P is
    really I

32
Identification (cont.)
  • must consider all the scenarios
  • both P and V are honest
  • both P and V are dishonest
  • V is honest but P is dishonest
  • P is honest, but V is dishonest
  • note an eavesdropper (observer) should learn
    little from witnessing the P-V dialog
  • usual password scheme - bad!

33
Fiat-Shamir Identification scheme(simplified)
  • Let Np?q, where p,q are large primes
  • using p,q, compute s, such that s2 I 1 (mod N)
  • public (P,V have) N (and I)
  • private (only I has) s
  • also, production center has p,q

34
Fiat-Shamir (cont.)
P (user)
V (e.g., system)
N, I, s
N
pick random r set xr2 mod N
I,x
query 0 1
check r2x mod N (rs)2Ix mod N
r r?s modN
35
Fiat-Shamir (cont.)
  • Proof (of P knowing s)
  • after k rounds the probability of mistake (i.e. P
    cheating without being caught) is (1/2)k
  • Zero-Knowledge
  • if query is known in advance
  • for query0, select r, and xr2 mod N
  • for query1, select z, and xz2I mod N
  • (z pretends to be rs mod N)

36
Security of Fiat-Shamir
  • Relies on
  • hardness of factoring
  • an algorithm cracking Fiat-Shamir yields an
    algorithm for factoring N
  • randomness
  • of r for Zero-Knowledge
  • of query - to prevent P from cheating

37
Summary
  • We are in a continuous chess game against
    e-thieves
  • Cryptography provides a wide array of ideas and
    tools
  • Customization of these tools is needed
  • Multiple lines of defense are important (i.e.
    cannot rely on any single tool)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!