Review For Exam 3Elements of CryptographyCryptography?Your knowledge about CryptographySlide 5Basic Terminology 1Basic Terminology 2Slide 8Exhaustive search and Key lengthSlide 10Weak vs. Strong KeysSlide 12Symmetric Key EncryptionSymmetric Key Encryption methodsData Encryption Standard (DES)DES-Cipher Block ChainingTriple DES (3DES)Slide 18Slide 19Advanced Encryption Standard - AESAsymmetric Key EncryptionPublic Key EncryptionPublic Key Encryption methodsBasic Terminology 3Encryption Versus HashingMS-CHAP*: Hashing for AuthenticationDigital Signature for Message-by-Message AuthenticationDigital Signature for Message -by-Message AuthenticationWhat you should knowCryptographic SystemsFigure 8-1: Cryptographic SystemSlide 32Figure 8-2: Major Cryptographic SystemsFigure 8-4: SSL/TLS OperationSlide 35Slide 36Review For Exam 3(April 15, 2010)© Abdou Illia – Spring 20102Elements of Cryptography3Cryptography?Traditionally, cryptography refers toThe practice and the study of encryptionTransforming information in order to prevent unauthorized people to read it.Today, cryptography goes beyond encryption/decryption to includeTechniques for making sure that encrypted messages are not modified en routeTechniques for secure identification/authentication of communication partners.4Your knowledge about Cryptography1) Which of the following do cryptographic systems protect?a) Data stored on local storage media (like hard drives) from access by unauthorized users.b) Data being transmitted from point A to point B in a networkc) Both a and b#$%^@#$5hh&*9(?>/@$#)>5Your knowledge about Cryptography2) Which of the following security issues is addressed by cryptographic systems?a) Confidentiality; i.e. protection against eavesdroppingb) Authentication; i.e. assurance parties involved in a communication are who they claim to bec) Message integrity; i.e. assurance that messages are not altered en routed) Availability; i.e. making sure that communication systems are not shut down by intruders.e) All of the above6Basic Terminology 1NetworkPlaintext“Hello”Ciphertext “11011101”Ciphertext “11011101”Plaintext“Hello”DecryptionAlgorithmInterceptorParty AParty BPlaintext: original message to be sent. Could be text, audio, image, etc.Encryption/Decryption Algorithm: mathematical tool (software) used to encrypt or decryptKey: A string of bits used by to encrypt the plaintext or decrypt the ciphertextCiphertext: encrypted message. Looks like a random stream of bits+ Decryption keyEncryptionAlgorithm+ Encryption keyHelloHello7Basic Terminology 2Encryption:Converting plaintext into ciphertext using algorithms and keysThe size of the ciphertext is proportional to the size of the plaintextCiphertext is reversible to plaintextSymmetric Key Encryption:Same key is used both for encryption and decryptionKeys are usually identical or trivially identical*Asymmetric Key Encryption:Also called Public/Private Key EncryptionTwo different keys are used: one for encryption, one for decryptionParty AParty BParty AParty B* Trivially identical means simple transformation could lead from one key to the another.Flexcrypt: http://www.flexcrypt.com/flexcryptfree.html8Your knowledge about Cryptography3) Based on how symmetric encryption systems work, which of the following is the worst thing to happen?a) An attacker gets a copy of the encryption and decryption algorithmsb) An attacker gets the decryption keyc) a and b are equally damaging4) Which of the following presents more challenge for exchanging keys between partners?a) Asymmetric encryptionb) Symmetric encryptionc) A and b are equally challenging9Exhaustive search and Key lengthKey Length in bits Number of possible keys1 22 44 168 25616 6553656 72057594037927900112 5192296858534830000000000000000000 or 5.1923E+33168 3.74144E+50256 1.15792E+77512 1.3408E+154Attacker could use the right algorithm and do an exhaustive search (i.e. try all possible keys) in order to decrypt the ciphertextMost attacks require the capture of large amount of ciphertextEvery additional bit in the length of the key doubles the search time10Your knowledge about Cryptography4) If you increase the key length from 56 bits to 66 bits. How much more key combinations an attacker who captures enough ciphertext will have to try in order to decipher the captured ciphertext using the appropriate algorithm? _______________________________________5) Assuming that it takes 7 days to try all possible combinations of a 56 bit key, how much time it would take to try all possible combinations when the key length is increased to 58 bits? ________________11Weak vs. Strong KeysSymmetric Key EncryptionUsually used for customer e-businessKeys with lengths of less than 100 bits are considered weak today. Keys with lengths of more than 100 bits are considered strong today.Asymmetric Key EncryptionUsually used for B2B financial e-businessKey pairs must be much longer (512 bit and more) because of the disastrous consequences of breaking the decryption keyKey Length in bits Number of possible keys1 22 416 6553656 72057594037927900112 5192296858534830000000000000000000 or 5.1923E+33168 3.74144E+50256 1.15792E+77512 1.3408E+15412Your knowledge about Cryptography6) Most attacks require the capture of large amount of ciphertext, which can take a certain amount of time. Beside using strong keys what else can be done to make it harder to crack the key?Symmetric Key Encryption14Symmetric Key Encryption methodsTwo categories of methodsStream cipher: algorithm operates on individual bits (or bytes); one at a timeBlock cipher: operates on fixed-length groups of bits called blocksOnly a few methods are used todayMethods Year approved CommentsData Encryption Standard - DES 1977 1998: Electronic Frontier Foundation’s Deep Crack breaks a DES key in 56 hoursDES-Cipher Block ChainingTriple DES – TDES or 3DES 1999Advanced Encryption Standard – AES 2001 Most used todayOther symmetric encryption methodsIDEA (International Data Encryption Algorithm), RC5 (Rivest Cipher 5), CAST (Carlisle Adams Stafford Tavares), Blowfish15Data Encryption Standard (DES)DES EncryptionProcess64-Bit CiphertextBlock64-Bit DES Symmetric Key(56 bits + 8 redundant bits)64-Bit PlaintextBlockDES is a block encryption method, i.e. uses block cipherDES uses a 64 bit key; actually 56 bits + 8 bits computable from the other 56 bitsProblem: same
View Full Document