Encryption and Security - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

Encryption and Security

Description:

– PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 34
Provided by: chrisb2
Learn more at: https://www.cs.usfca.edu
Category:

less

Transcript and Presenter's Notes

Title: Encryption and Security


1
Encryption and Security
2
Outline
  • Overview of encryption
  • Terminology
  • History
  • Common issues
  • Secret-key encryption
  • Block and stream ciphers
  • DES
  • RC5

3
Overview
  • Intro, history and terminology
  • Symmetric-key encryption
  • Techniques
  • DES, RC5
  • Public-key encryption
  • RSA, hash functions, digital signatures
  • Key exchange, certificates, PKI

4
Overview
5
Terminology
  • Code
  • Replacement based on words or semantic structures
  • Cipher
  • Replacement based on symbols

6
Terminology
  • Cryptography
  • The science of encrypting or hiding secrets.
  • Cryptanalysis
  • The science of decrypting messages or breaking
    codes and ciphers.
  • Cryptology
  • The combination of the two.

7
Terminology
  • Plaintext an unencrypted message
  • Cyphertext an encrypted message
  • Security a combination of
  • Authentication
  • Access control

8
Three eras of cryptology
  • Pre-WWII
  • Cryptography as a craft
  • Widely used, but few provable techniques
  • 1940s-1970
  • Secret key encryption introduced
  • Information theory used to characterize security
  • 1970-present
  • Public key systems introduced

9
Early cryptography
  • Caesar cipher
  • Replace each letter l with l 3 mod 26
  • Attack at dawn becomes
  • Dwwdfn dw gdzq
  • Two components
  • Algorithm Shift characters by a fixed amount
  • Key the fixed amount.
  • Note Knowing the algorithm (but not the key)
    makes this cipher much easier to crack
  • 26 possibilities vs 26!

10
Weaknesses of the Caesar Cipher
  • Word structure is preserved.
  • Break message into equal-length blocks.
  • dww dfn dwg dzq
  • Letter frequency is a big clue
  • e,t,a,o most common English letters.
  • Using a single key preserves frequency.
  • Solution use multiple keys
  • E.g. shift by (3,5,7)
  • Attack at dawn becomes dya dhr dyk dbu
  • Better, but frequency information still present.
  • An attacker that knows the block size can
    separate out characters encoded with different
    keys.

11
Caesar Cipher
  • The Caesar cipher is still useful as a way to
    prevent people from unintentionally reading
    something.
  • ROT-13
  • By decrypting, the user agrees that they want to
    view the content.
  • Fundamental problem key length is shorter than
    the message.

12
Vernam Cipher
  • 1920s introduction of the one-time pad.
  • Randomly generated key
  • Same length as message
  • XORed with message
  • Theoretically unbreakable
  • Attacker can do no better than guessing
  • Ciphertext gives no information about plaintext.

13
Vernam Cipher
  • Example winning lottery number is 117
  • 1110101 (7 bits)
  • Randomly generated key 0110101
  • XOR 1000000
  • No two bits are encoded with the same mapping
    an attacker has no frequency information to help
    guess the key.
  • Problem keys are very large.
  • How to distribute this key?
  • Shared source of randomness?

14
Symmetric Key Encryption
  • The Caesar Cipher and the one-time pad are
    examples of symmetric-key (secret-key)
    encryption.
  • Single key shared by all users.
  • Fast
  • How to distribute keys?

15
Keyspace
  • The keyspace is the set of all possible keys.
  • Caesar cipher keyspace 0,1,2,,25
  • Vernam cipher keyspace 2n 1
  • Size of the keyspace helps us estimate security.
  • Assumption exhaustive search is the only way to
    find a key.

16
Substitution Ciphers
  • Symbols are replaced by other symbols according
    to a key.
  • Caesar cipher is a substitution cipher.
  • To escape frequency analysis, we can use a
    homophonic substitution cipher
  • Map symbols to multiple symbols.
  • e.g 0 -gt 01, 10, 1-gt00,11
  • 011010010 becomes 011100101101011110
  • Advantage frequencies hidden
  • Disadvantage message and key are longer
  • Substitution is said to add confusion
  • Measure of the relationship between plaintext and
    ciphertext

17
Transposition Ciphers
  • A transposition cipher is one that permutes the
    symbols of the message according to a preset
    pattern.
  • Attack at dawn becomes cda tka wan tat
  • Helps avoid detection of symbols based on
    correspondence.
  • q followed by u.
  • Said to increase diffusion
  • Reduce redundancies in plaintext.

18
Product ciphers
  • By themselves, substitution and transposition
    ciphers are relatively insecure.
  • By combining these operations, we can produce a
    secure cipher.
  • This is how DES works.
  • M -gt Sub(M) -gt Trans(Sub(M)).
  • Might go through multiple rounds.

19
Block Ciphers
  • The ciphers we have seen so far are known as
    block ciphers.
  • Plaintext is broken into blocks of size k.
  • Each block is encrypted separately.
  • Advantages random access, potentially high
    security
  • Disadvantages larger block size needed, patterns
    retained throughout messages.

20
Stream Ciphers
  • A stream cipher encodes a symbol based on both
    the key and the encoding of previous symbols.
  • Ci Mi XOR Ki XOR Mi-1
  • Advantages
  • can work on smaller block sizes little
    memory/processing/buffering needed.
  • Disadvantages
  • Random access difficult, hard to use large keys.
  • Sender and receiver must be synchronized
  • Inserted bits can lead to errors.

21
Combinations
  • Many ciphers combine stream and block properties.
  • Work on multiple symbols, but contain a feedback
    loop.
  • Electronic Code Book (ECB)
  • Pure block cipher, no feedback

E-1
plaintext
E
ciphertext
plaintext
key
key
22
Cipher-block Chaining
  • XOR previous block
  • Chaining dependency order matters.
  • Some error propagation

XOR
plaintext
plaintext
key
E
key
E-1
XOR
ciphertext
23
Cipher-Block Chaining
  • Also incorporated into block ciphers.
  • Makes tampering easier to detect.
  • Helps prevent substitution and impersonation
    attacks.
  • Secret key can also be used to construct a
    running-key generator.
  • Longer sequence of pseudo-random numbers.
  • Can be used to build a one-time pad.

24
Modifications to CBC
  • Cipher feedback
  • Shift register is used to store data.
  • r-bit are shifted into mask of size m.
  • Allows a small number of bits to be immediately
    sent.
  • Output feedback
  • Like cipher feedback, but uses output of
    encryption function.
  • Eliminates error propagation.

25
DES
  • Data Encryption Standard
  • DEA is actually the algorithm.
  • First commercial-grade algorithm with open
    implementation details.
  • Uses a 64-bit key with 8 parity bits, for an
    effective key of 56 bits.
  • Keyspace 256 1017

26
DES
  • Is a combination of a product cipher and a
    Feistel cipher.
  • Product cipher transposition and substitution.
  • Feistel cipher Iterates through a number of
    rounds of a product cipher mapping (L,R) to (R,
    L)
  • 16 rounds
  • Block size48
  • In each round, a different 48-bit subkey is
    selected from the 56-bit key.

27
Security of DES
  • Keyspace is approximately 1017
  • Thought to be secure in 70s.
  • Recently, 56-bit DES broken in under 1 day.
  • Combination of distributed.net EFFs DeepCrack.
  • Able to search several billion keys per second.

28
Extensions to DES
  • 3DES
  • Message is run through DES 3 times
  • C k3 (k2 (k1(M)))
  • Backwards-compatible with DES if all three keys
    are the same.
  • Keyspace is 1042
  • Drawback bit-oriented operations are slow to
    implement in software

29
RC5
  • Symmetric encryption algorithm
  • Word-oriented block cipher.
  • Can vary word length, number of rounds, and key
    length.
  • Goals fast, easy to understand and implement,
    flexible, low memory requirements, secure.
  • Uses stream techniques to modify data

30
RC5
  • Uses three mathematical operations
  • Twos complement addition
  • XOR
  • Left cyclic rotation by variable amounts.
  • These are all fast operations that are directly
    supported by most modern processors.

31
RC5 Algorithm
  • Parameters K (key), w (word length), r (number
    of rounds)
  • Input a 2w length plaintext in registers A and
    B.
  • Output a 2w length ciphertext.
  • 1. Expand K into a table S2(r1) keys.
  • To encrypt
  • A A S0 B B S1
  • For i 1 to r do
  • A ((A xor B) ltlt B) S2 i
  • B ((B xor A) ltlt A) S2i 1
  • Decryption is the same thing in reverse.

32
RC5
  • Simple algorithm key is the data-dependent
    rotations.
  • Keys are accessed sequentially, allowing for
    small caches.
  • Security still unclear, but looks good.
  • 56-bit key 250 days by distributed.net
  • 64-bit key 1747 days by distributed.net
  • 1.02x1011 keys/sec, 1.5 x1019 keyspace
  • 72-bit key in progress.
  • 4.8x1010 keys/sec, 4x1021 keyspace
  • 100 in 788,747 days 2160 years

33
Summary
  • Secret-key algorithms (DES, RC5) have been widely
    studied.
  • Fast
  • Potentially highly secure
  • Well-understood.
  • Excellent for repeated communication.
  • Hard to use in open environments, one-shot
    communications
  • Works for hiding secrets what about signing
    things?
  • Public-key encryption evolved as an answer to
    this problem.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Encryption and Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!