Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Intro to Cryptography
1. Intro to Cryptography
Michael Soltys
California State University at Channel Islands
August 20, 2015 v1.1
Crypto - Michael Soltys August 10, 2015 v1.1 Introduction - 1/45
2. WEP, WPA/WPA2 SSL/SSH
PGP/GPG
RSA Encryption 128 bytes:
BE 89 0E A1 AD FA 7D 58 6A A1 6A E4
3B ED 75 E4 3E F2 19 F7 F3 0F FA D9
EF 62 10 52 7B FC DD 94 96 A8 35 6B
1B 50 60 2E 2E 79 AC 7C 2E A3 81 DE
8D 37 F9 EE 6E 4F 82 C7 E4 12 04 55
AF 57 69 94 8C EF 2E 50 7A 6D 53 0F
5B 5F 62 58 5E CF F2 DF F4 4D CE 71
B6 82 D7 86 E5 4F 77 E4 91 AA E4 BD
5A 65 AA 9E 20 4F 38 5E B4 8B E0 36
45 80 A8 D5 24 5C 46 9D F1 80 C0 6B
62 A5 1F 26 5E AE 17 47
DRM
FairPlay
MD5
5c3079df8a48623f5aa10f0181a7ab03
Crypto - Michael Soltys August 10, 2015 v1.1 Introduction - 2/45
3. We know how to do crypto scientifically
→ and it is a huge help
But, in practice most security problems due to buggy code
→ writing software that is not buggy is the problem of
CS/SE
Challenge 1: build secure systems with insecure components
→ similar to building reliable systems with unreliable
components
Challenge 2: the art of making the right trade-offs to satisfy
contradictory objectives (e.g., security & speed)
Crypto - Michael Soltys August 10, 2015 v1.1 Introduction - 3/45
4. Cryptography is the art of computing & communicating in the
presence of an adversary
cryptography = κρυπτo (hidden or secret) + γραφη (writing)
Three broad applications:
encryption
authentication
integrity checking
Not all security is an application of crypto, e.g., Firewalls.
Crypto - Michael Soltys August 10, 2015 v1.1 Introduction - 4/45
5. Fundamental TENET of cryptography
Lots of smart people have been trying to figure out how
to break X,
but so far they have not been able to come up with anything yet.
Therefore X is “secure” . . .
Crypto - Michael Soltys August 10, 2015 v1.1 Introduction - 5/45
6. Fundamental ASSUMPTION of cryptography
Everybody knows how it works, i.e., the algorithm is public
knowledge.
The secret is the “key”.
In principle it can always be broken; but in practice it is too much
work for the “bad guy.”
Crypto - Michael Soltys August 10, 2015 v1.1 Introduction - 6/45
7. Great free tools to practice the ideas presented in these slides:
GnuPG (http://www.gnupg.org)
OpenSSL (http://www.openssl.org)
Crypto - Michael Soltys August 10, 2015 v1.1 Introduction - 7/45
15. Rounds of substitutions & permutations
Crypto - Michael Soltys August 10, 2015 v1.1 Symmetric ciphers - 15/45
16. XOR, exclusive OR
x y x ⊕ y
0 0 0
0 1 1
1 0 1
1 1 0
If a, b ∈ {0, 1}n then a ⊕ b is a string in {0, 1}n where the i-th bit
is ai ⊕ bi
Bit-wise XOR
Can also Bit-wise XOR a stream
Crypto - Michael Soltys August 10, 2015 v1.1 Symmetric ciphers - 16/45
17. DES (1977)
“Data Encryption Standard”
IBM’s cipher + NSA =⇒ DES
DES
56 bits
key
64 bits
input
64 bits
output
Technically, key is also 64 bits, but each octet is
x1 x2 x3 x4 x5 x6 x7 y where y = 7
i=1 xi .
Crypto - Michael Soltys August 10, 2015 v1.1 DES - 17/45
18. inverse of original permutation
64−bit input
permutation
Round 1
Round 2
Round 16
Generate 16 keys, each
of 48−bits from the
initial 56−bits
56−bit key
swap left & right sides
Crypto - Michael Soltys August 10, 2015 v1.1 DES - 18/45
19. 4
32−bit L
32−bit R
32−bit R
Mangler
Function
32−bit L nn
n+1 n+1
+
Kn
1
2
3
Reversible “Feistel cipher.”
Crypto - Michael Soltys August 10, 2015 v1.1 DES - 19/45
20. Example: Apache HTTP server access
.htaccess & .htpasswd
Can create a (variant of) DES login/password pair:
htpasswd -cbd ./.htpasswd crypto 7u3pr4aa
and the result is is the file .htpasswd containing:
crypto:9.ZzClMRzHfmc
Crypto - Michael Soltys August 10, 2015 v1.1 DES - 20/45
22. crypt() function
man 3 crypt for details
password truncated to 8 letters
each encoded with 7 (ASCII)
bits
giving 56 bits of input
salt used to “perturb”
displayed in Base64
64 bits
DES
DES
DES
DES
64 bits of 0s 56 bit passwd
1
2
25
3
Crypto - Michael Soltys August 10, 2015 v1.1 DES - 22/45
32. Stream ciphers: RC4
Message m and one-time pad p both in {0, 1}n.
A stream cipher generates successive bits pi to encode a stream of
bits mi as ci = mi ⊕ pi .
Crypto - Michael Soltys August 10, 2015 v1.1 Stream ciphers - 32/45
33. (Keep in mind that 28 = 256)
let S[i] be an array of octets (i.e., bytes)
Initialize S:
for i=0 . . . 255
S[i]=i
end for
j=0
for i=0 . . . 255
j=(j+S[i]+key[i mod keylength]) mod 256
swap S[i] and S[j]
end for
Crypto - Michael Soltys August 10, 2015 v1.1 Stream ciphers - 33/45
34. Generate pseudo-random bit stream (byte at a time)
i=0
j=0
while "next byte needed"
i=(i+1) mod 256
j=(j+S[i]) mod 256
swap S[i] and S[j]
k=S[(S[i]+S[j]) mod 256]
output k
end while
Crypto - Michael Soltys August 10, 2015 v1.1 Stream ciphers - 34/45
35. 802.11 Wireless Networks Security
WEP (Wired Equivalent Privacy) uses RC4 — deprecated!
WPA (Wi-Fi Protected Access)
WPA uses RC4-type called TKIP (larger keys than WEP)
WPA2 uses AES
WPA/WPA2 part of 802.11i as of 2004.
Crypto - Michael Soltys August 10, 2015 v1.1 Stream ciphers - 35/45
39. Diffie-Hellman Key Exchange
Oldest public key cryptosystem still in use.
Allows two individuals to agree on a shared key, even though
they can only exchange messages in public.
A weakness is that there is no authentication; the other might
be a “bad guy.”
Described in RFC 2631
Crypto - Michael Soltys August 10, 2015 v1.1 PKC - 39/45
40. 0
2
4
6
8
10
12
14
16
0 2 4 6 8 10 12 14 16
"primitive.txt"
Plot of log3(x) over Z17.
Crypto - Michael Soltys August 10, 2015 v1.1 PKC - 40/45
41. Alice Bob
1 Public: p, g such that Zp = g
2 Choose secret a Choose secret b
3 Computer A := ga Compute B := gb
4 Send A to Bob −→ ←− Send B to Alice
5 Compute Ba Compute Ab
Alice & Bob have shared value
6 Ab = (ga)b = gab = gba = (gb)a = Ba
Crypto - Michael Soltys August 10, 2015 v1.1 PKC - 41/45
42. 1. Alice and Bob agree to use a prime p = 23 and base g = 5.
2. Alice chooses secret a = 8; sends Bob A = ga (mod p)
2.1 A = 58
(mod 23)
2.2 A = 16
3. Bob chooses secret b = 15; sends Alice B = gb (mod p)
3.1 B = 515
(mod 23)
3.2 B = 19
4. Alice computes s = Ba (mod p)
4.1 s = 198
(mod 23)
4.2 s = 9
5. Bob computes s = Ab (mod p)
5.1 s = 1615
(mod 23)
5.2 s = 9
Crypto - Michael Soltys August 10, 2015 v1.1 PKC - 42/45
43. Computing large powers in (Zn, ∗) can be done efficiently with
repeated squaring—for example, if (m)b = cr . . . c1c0, then
compute
a0 = a, a1 = a2
0, a2 = a2
1, . . . , ar = a2
r−1 (mod n),
and so am = ac0
0 ac1
1 · · · acr
r (mod n).
Crypto - Michael Soltys August 10, 2015 v1.1 PKC - 43/45
44. DH only resists passive adversaries.
A passive attack is one in which the intruder eavesdrops but does
not modify the message stream in any way.
An active attack is one in which the intruder may:
transmit messages
replay old messages
modify messages in transit
delete selected messages from the wire
A typical active attack is one in which an intruder impersonates
one end of the conversation, or acts as a man-in-the-middle. This
attack motivates the need for authentication.
Crypto - Michael Soltys August 10, 2015 v1.1 PKC - 44/45
45. How to do a “man-in-the-middle” on DH?
Alice Eve Bob
gSA = 8389 gSX = 5876 gSB = 9267
8389 −→ 5876 −→
5876 ←− 9267 ←−
Shared key
KAX = 5876SA = 8389SX
and shared key
KBX = 9267SX = 5876SB
Crypto - Michael Soltys August 10, 2015 v1.1 PKC - 45/45