Security TechnologiesPresentation OverviewNames for the protagonists in security protocolsWhat is there to worry about?CryptographySecret Key CryptosystemPowerPoint PresentationCryptoanalysisBasic Encryption TechniquesBasic Encryption Techniques (cont’d)Product CipherData Encryption Standard (DES)DES (cont’d)DES RoundHow Secure is DES?Slide 16Other Secret Key ProtocolsAdvanced Encryption Standard (AES)Remarks on Secret Key SystemsRemarks on Secret Key Systems (cont’d)Public Key CryptosystemPK Cryptosystem (cont’d)Slide 23RSARSA (cont’d)RSA versus DESDigital Signatures in RSADigital Signatures in RSA (cont’d)Signatures and EncryptionNon-RepudiationDiffie-Hellman Key ExchangeEl Gamal Digital SignatureEl Gamal Digital Signature (cont’d)One-way Hash FunctionsOne-way Hash Functions (cont’d)AuthenticationPassword-Based ApproachAddress-Based ApproachAddress-Based Approach (cont’d)Cryptographic ApproachCryptographic Approach (cont’d)Reflection attackReflection attack (cont’d)Trusted IntermediariesTrusted Intermediaries (cont’d)Slide 46Slide 47Mediated authenticationAccess controlImplementations of the Access Matrix: CapabilitiesCapabilities (cont’d)Access Control ListSecurity and Access Control1Security TechnologiesVijay AtluriYelena YeshaOlga Streltchenko2Presentation OverviewSecurity IssuesCryptography and CryptoanalysisBasic Encryption TechniquesSecret Key and Public Key CryptosystemsDigital SignaturesAuthentication3Names for the protagonists in security protocolsAlice: First participant.Bob: Second participant.Carol: Participant in a three- and four-party protocols.Dave: Participant in a four-party protocols.4What is there to worry about?Security on open networks: Alice wants to send a private message to Bob over a public networkWhat if someone intercepts and reads this message? (Confidentiality);What if someone intercepts and alters this message? (Integrity);What if someone pretending to be Alice forges a message and sends it to Bob? ( Authentication);What if Alice denies sending of the message? (Non-repudiation of origin, Digital Signature) ;What if Bob denies the receipt of the message? (Non-repudiation of the destination).What if Bob wants to provide access to selective individuals (Access Control).5CryptographyA tool for confidentiality, integrity, authentication, non-repudiation, and digital signatures.Cryptography: the science of encryption (the good guys).Cryptanalysis: analysis of cryptographic algorithms (the bad guys).Cryptosystems:Secret Key (also known as single key, symmetric key)existing for more than 1000 years.Public Key (also known as two key, asymmetric key)since 1974;both secret key and public key systems are in use and competing with each other.6Secret Key CryptosystemEncryptionAlgorithmDecryptionAlgorithmPlain TextPlain TextCipher TextBKey= K Key= K Secure Channel C = E(K,M)M = D(K,C)where K = keyE = Encryption AlgorithmD= Decryption AlgorithmM = Plaintext MessageC = Ciphertext MessageInsecure Channel C = E(K,M) M MM = D(K,C)A7Features of Secret Key EncryptionUses:–Solves confidentiality and integrity problems–Can be used for Authentication–Can be used to securely store information on insecure media–Integrity checkDisadvantages:–Key Distribution Problem: How to get the key to Alice and Bob? and to others?–If everyone knows the Key, it is no longer a secret8CryptoanalysisObjective of the cryptanalyst is to discover K (the real objective is to discover M).Cryptanalyst is assumed to know E and D.Four Scenarios:Ciphertext only: Cryptanalyst knows only ciphertext.Known Plaintext:: Cryptanalyst knows some plaintext-ciphertext pairs.Chosen Plaintext:: Cryptanalyst knows some plaintext-ciphertext pairs for plaintext of the cryptanalyst's choice.Chosen Ciphertext:: Cryptanalyst knows some plaintext-ciphertext pairs for ciphertext of the cryptanalyst's choice.9Basic Encryption TechniquesSubstitution Simple Alphabetic Substitution Huge key space: 26! (approximately 10^26);Trivially broken for known plaintext attack;Easily broken for ciphertext only attack (for natural language plaintext);Multiple encipherment does not help. ABCDEFGHIJKL....FPAQFZYTLWXM10Basic Encryption Techniques (cont’d)PermutationExample: Caesar ciphers;Key space: N ! for a block size of N;Trivially broken for known plaintext attack;Easily broken for ciphertext only attack (for natural language plaintext).Multiple encipherment does not help Combinations and iterations of substitution and permutation1 2 3 4 3 1 4 211Product CipherSubstitution followed by permutation followed by substitution followed by permutation ....Best known examples: DES (Data Encryption Standard);SKIPJACK. Mathematics to design a strong product cipher is classified.Breakable by exhaustive search of key space for known plaintext, chosen plaintext, chosen ciphertext.Thus, security is based on computational complexity of computing the key.12Data Encryption Standard (DES)DES is a product cipher with 56 bit key and 64 bit block size for plaintext and ciphertext.Developed by IBM and adopted by NIST (1977) with NSA approval for unclassified information (such as EFT).Efficient to implement in hardware, but relatively slow if implemented in software.Encryption and Decryption algorithms are public, but the design principles are classified.The size of the key (56-bits) is one of the most controversial aspects of DES.13DES (cont’d)Algorithm:initial permutation;the 56 bit key is used to generate sixteen 48-bit keys;16 rounds of substitution and permutation are performed;swap left and right halves;final permutation.14DES RoundManglerFunction64-bit input32-bit Ln 32-bit Rn+32-bit Ln+132-bit Rn+164-bit outputKnManglerFunction64-bit output32-bit Ln 32-bit Rn+32-bit Ln+132-bit Rn+164-bit inputKnEncryptionDecryption15How Secure is DES?1977: approved as a Federal standard with 5 year cycle of re-certification;1987: reluctantly re-approved for 5 years;1992: reaffirmed by NIST.DES known plaintext attack56-bit key can be broken in 2^55 = 3.6*10^6 trials.Responding to RSA’s Challenge, in June 1997, hackers led by Rocke Verser of Loveland, CO, broke DES in 5 months by distributing code breaking software over the Internet and making use of idle
View Full Document
Unlocking...