BM 482E – Introduction to Computer Security Lecture 4 Cryptography (continued) Mehmet Demirci
Transcription
BM 482E – Introduction to Computer Security Lecture 4 Cryptography (continued) Mehmet Demirci
BM 482E – Introduction to Computer Security Lecture 4 Cryptography (continued) Mehmet Demirci 1 Today • Stream ciphers • Asymmetric key (Public key) cryptography 2 Symmetric Key Cryptography Block ciphers vs. Stream ciphers • Block ciphers encrypt plaintext in blocks (groups of bits). • Stream ciphers encrypt plaintext bit-by-bit. 3 Stream Ciphers • Stream ciphers take a short key, and produce a much longer key. • They use the longer keystream to encrypt and decrypt. • This is an imitation of the one-time pad, but it is not the same. • Key is not random, it is pseudorandom. 4 Stream Ciphers Advantages • They are simple and fast. • They are not constrained by block size. Disadvantages • If key is reused, they are easy to break. • They are malleable, i.e., attacker can modify ciphertext to cause incorrect decryption. 5 Stream Ciphers Example: RC4 • Developed by Ron Rivest. • Common stream cipher, fast and easily implemented in software. • Used in WEP, WPA, TLS etc. • Vulnerable to related-key attacks if key schedule is weak. 6 Block Ciphers vs. Stream Ciphers Summary • Block ciphers are generally more popular than stream ciphers. • Stream ciphers are suitable for low-power devices thanks to their simplicity. • In stream ciphers, keystream generation must be done carefully to avoid vulnerabilities. • In block ciphers, mode of operation must be chosen wisely. 7 Asymmetric Key Cryptography Asymmetric key cryptography: Encryption key ≠ Decryption key • Two keys, one secret (private), one public • Also called “Public key cryptography” 8 Asymmetric Key Cryptography Asymmetric key cryptography is significantly different from symmetric key cryptography. It represents a revolution in cryptography because • It is not based on substitution-permutation networks like symmetric key algorithms, whose main goal is confusion. • It is based on number theory. 9 Public Key Cryptosystem (PKC) PKC Properties • Given encryption key and algorithm, decryption key cannot be determined. • We can use either key for encryption, and the other key for decryption. 10 Public Key Cryptosystem (PKC) PKC Steps • Each user generates a pair of keys. • Makes one key public, keeps the other one secret (private). • Bob encrypts a confidential message with Alice’s public key and sends her the resulting ciphertext to Alice. • Alice decrypts the ciphertext with her own private key to get the message. 11 Public Key Cryptosystem (PKC) PKC for Authorization • Bob encrypts a message with his own private key and sends the resulting ciphertext to Alice (or broadcasts it). • Alice decrypts the ciphertext with Bob’s public key to get the message. • Anyone can decrypt the ciphertext and verify that Bob generated the message. 12 Public Key Cryptosystem (PKC) PKC Requirements It must be • • • • • Easy to generate the key pair. Easy to encrypt a plaintext message. Easy to decrypt a ciphertext if you know the decryption key. Computationally infeasible to obtain the private key given the public key. Computationally infeasible to obtain the plaintext given the ciphertext and the public key. 13 Public Key Cryptosystem (PKC) PKC Requirements How can we achieve these requirements? • We need special functions: Trap-door one-way functions 14 Public Key Cryptosystem (PKC) One-way functions • 𝒀 = 𝒇(𝑿) easy • 𝑿 = 𝒇−𝟏 (𝒀) infeasible Trap-door one-way functions • 𝒀 = 𝒇𝒌 (𝑿) easy, if 𝒌 and 𝑿 are known • 𝑿 = 𝒇𝒌−𝟏 (𝒀) easy, if 𝒌 and 𝒀 are known infeasible, if 𝒀 is known but 𝒌 is not known. 15 Public Key Cryptosystem (PKC) RSA Algorithm • Published by Rivest, Shamir and Adleman in 1978. • Encrypt in blocks, block size is 𝒊 bits, where 𝟐𝒊 < 𝒏 . • Encryption: 𝑪 = 𝑴𝒆 (𝒎𝒐𝒅 𝒏) • Decryption: 𝑴 = 𝑪𝒅 (𝒎𝒐𝒅 𝒏) • 𝒏, 𝒆 are public. • 𝒅 is private. 16 RSA Critical Question How do we find 𝒏, 𝒆, 𝒅 such that 𝑴 = 𝑴𝒆𝒅 (𝒎𝒐𝒅 𝒏) for all 𝑴 < 𝒏 and • It is easy to calculate 𝑴𝒆 (𝒎𝒐𝒅 𝒏) and 𝑪𝒅 (𝒎𝒐𝒅 𝒏) for all 𝑴 < 𝒏 and • It is infeasible to find 𝒅 given 𝒆 and 𝒏 ? Let’s look at some math! 17 Euler’s Totient Function 𝝋 𝒏 : number of positive integers less than 𝒏 and relatively prime to 𝒏. For two prime numbers 𝒑 and 𝒒, let 𝒏 = 𝒑𝒒. Then, 𝝋 𝒏 = 𝝋 𝒑𝒒 = 𝝋 𝒑 × 𝝋 𝒒 = (𝒑 − 𝟏) × (𝒒 − 𝟏) 18 Euler’s Theorem For every 𝒂 and 𝒏 that are relatively prime, 𝒂𝝋(𝒏) ≡ 𝟏 𝒎𝒐𝒅 𝒏 𝒂𝝋 𝒏 +𝟏 ≡ 𝒂 𝒎𝒐𝒅 𝒏 Let’s use this result in RSA. 19 RSA 𝑴 = 𝑴𝒆𝒅 (𝒎𝒐𝒅 𝒏) if 𝒆𝒅 ≡ 𝟏 𝒎𝒐𝒅 𝝋(𝒏) Proof: 20 RSA How to set up RSA: • Choose two primes 𝒑 and 𝒒 (private). • Calculate 𝐧 = 𝒑𝒒 (public). • Choose public 𝒆 < 𝝋(𝒏) such that 𝒈𝒄𝒅 𝝋 𝒏 , 𝒆 = 𝟏. • Calculate private 𝒅 ≡ 𝒆−𝟏 𝒎𝒐𝒅 𝝋 𝒏 . • Encryption: 𝑪 = 𝑴𝒆 (𝒎𝒐𝒅 𝒏) • Decryption: 𝑴 = 𝑪𝒅 (𝒎𝒐𝒅 𝒏) 21 Security of RSA • Brute force attacks → Use long keys, but this will make RSA slower. • Mathematical attacks: Most of these focus on the factoring problem: • Factor 𝐧 = 𝒑𝒒 to determine 𝒑 and 𝒒. Then 𝒅 can be found. • Factoring is a hard problem, so this is not feasible, but factoring algorithms are getting better and computers are getting more powerful. • So, RSA may not be safe forever. • Plain RSA is vulnerable to a chosen-ciphertext attack. 22 Summary • Stream Ciphers • RC4 • Asymmetric Key Cryptography • PKC Steps and Requirements, RSA 23 Next Lecture • Authentication • Hash Functions • Digital Signatures 24