30-04-2011, 03:54 PM
Presented By:
Yogita Dey
Amardeep Kahali
Dipanjan Devnagar
Minhaajuddin Ahmad Khan
[attachment=13156]
Cryptography
Background
Information Security requirements have changed in recent times
Traditionally provided by physical and administrative mechanisms
Computer use requires automated tools to protect files and other stored information
Use of networks and communications links requires measures to protect data during transmission
Need for Information Security
Defending against external/internal hackers
Defending against industrial espionage
Securing E-commerce
Securing bank accounts/electronic transfers
Securing intellectual property
Avoiding liability
Threats to Information Security
Pervasiveness of email/networks
Online storage of sensitive information
Insecure technologies (e.g. wireless)
Trend towards paperless society
Weak legal protection of email privacy
Essential Terms
Cryptography
Encryption (code)
Plain text Cipher text
Decryption (decode)
Cipher text Plain text
Cryptanalysis
Cryptology
Cryptographic Algorithms
Symmetric Key or secret key: Involves use of one key.
Asymmetric key or public key: Involves use of two keys viz. public and private.
Message Digest.
Hash Functions.
Symmetric Key Cryptography
Traditional Ciphers
Substitution
Mono alphabetic e.g. Caesar cipher
Poly alphabetic e.g. Vigenère cipher, Hill cipher
Modern Ciphers
Simple Modern Ciphers
XOR Cipher
Rotation Cipher
S-box (Substitution)
P-box (Permutation)
Two types of symmetric ciphers
Stream ciphers
Encrypt one bit at time
Block ciphers
Break plaintext message in equal-size blocks
Encrypt each block as a unit
Stream Ciphers
Combine each bit of keystream with bit of plaintext to get bit of ciphertext
m(i) = ith bit of message
ks(i) = ith bit of keystream
c(i) = ith bit of ciphertext
c(i) = ks (i) m(i)
m(i) = ks (i) c(i)
RC5 Stream Cipher
Feistel like network
Variable block size (32,63 or 128 bits)
Key size (0 to 2040 bits)
Use of data dependent rotations
Really simple
12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts
Block Ciphers
Message to be encrypted is processed in blocks of k bits (e.g., 64-bit blocks).
1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext
Example with k=3
Data Encryption Standard (DES)
US encryption standard designed by IBM [NIST 1993]
56-bit symmetric key, 64-bit plaintext input
Block cipher with cipher block chaining
56-bit-key-encrypted phrase decrypted (brute force) in less than a day
No known good analytic attack
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
New (Nov. 2001) symmetric-key NIST standard, replacing DES
Based on Rijndael Algorithm
Processes data in 128 bit blocks
128, 192, or 256 bit keys
Brute force decryption taking 1 sec on DES, takes 149 trillion years for AES
Asymmetric Key Cryptography
RSA (Rivest, Shamir, Adelman)
DH (Diffie-Hellman Key Agreement Algorithm)
ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm)
RPK (Raike Public Key)
Choose two distinct prime numbers p and q.
Compute n = pq
Compute φ(n) = (p – 1)(q – 1)
Choose an integer e such that 1 < e < φ(n) and e and φ(n) are coprime
Determine d = e-1 mod φ(n)
e is released as the public key exponent and d is kept as the private key exponent
A hybrid encryption technology
Message is encrypted using a private key algorithm (IDEA)
Key is then encrypted using a public key algorithm (RSA)
For file encryption, only IDEA algorithm is used
PGP is free for home use
Digital Signatures
Made by encrypting a message digest (cryptographic checksum) with the sender’s private key
Receiver decrypts with the sender’s public key (roles of private and public keys are flipped)
Prevents
Impostor attacks
Content tampering
Timing modification
Currently Available Technologies
MD4 and MD5 (Message Digest)
SHA-1 (Secure Hash Algorithm version 1)
DSA (The Digital Signature Algorithm)
ECDSA (Elliptic Curve DSA)
Kerberos
OPS (Open Profiling Standard)
VeriSign Digital IDs
Benefits of Cryptographic Technologies
Data secrecy
Data integrity
Authentication of message originator
Electronic certification and digital signature
Non-repudiation
Potential Problems
False sense of security if badly implemented
Government regulation of cryptographic technologies/export restrictions
Encryption prohibited in some countries
All public key schemes are susceptible to brute force attacks…only the work factor varies
With decreasing cost of computer power and mathematical discoveries, work factor is decreasing
Remarks
Encryption does not guarantee security!
Many ways to beat a crypto system NOT dependent on cryptanalysis, such as:
Viruses, worms, hackers, etc.
TEMPEST attacks
Unauthorized physical access to secret keys
Cryptography is only one element of comprehensive computer security
