Scribd
Upload
15 views24 pages

Crypto Primitives and Security Protocols

Uploaded by

Raksa Kun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
15 views24 pages

Crypto Primitives and Security Protocols

Uploaded by

Raksa Kun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

WEEK 4

Introduction to crypto
primitives and protocols

Na Sambathchatovong
2015nsbctvong@[Link]
012561046
TOPIC IN LECTURE

 Security Attacks
 Cryptographic primitives
• Symmetric cryptography
• Public Key cryptography
• Secure Hash Functions
• Digital Signatures
 Key Exchange Protocols
 Public Key Infrastructures
 Two well know security protocols
• TLS/SSL
• Kerberos
LEARNING OUTCOMES

 At the end of this lecture you should be able to:


• Define the main types of cryptographic algorithms
• Discuss their main applications to real-life systems
• Analyse the security of cryptographic algorithms
PRIMARY NETWORK SECURITY

Vulnerabilities of Computing Systems


MAIN SECURITY ATTACKS

• Malware
• Ransomware
• Denial of service
• Phishing and spear-phishing email campaigns
• Advanced persistent threats
• Social engineering
• ………..
PRIMARY NETWORK SECURITY ISSUES

Confidentiality – messages exchanged across network remains private


Integrity – contents of messages are not modified while in transit
Availability – ensures that information and systems are available for authorized user when
needed.

AAA Services
Identification claiming an identity when attempting to access a secured area or system
Authentication proving that you are that identity
Authorization defining the allows and denials of resource and object access for a specific
identity
Auditing recording a log of the events and activities related to the system and subjects
Accounting (aka accountability) reviewing log files to check for compliance and violations in
order to hold subjects accountable for their actions
ENCRYPTION

Means to allow two parties, Alice and Bob, to establish a confidential communication over an
insecure channel that is subject to eavesdropping
ENCRYPTION AND DECRYPTION

The message M is called the plaintext


Alice will convert plaintext M to an encrypted from using an encryption algorithm E
that outputs a ciphertext C for M
CRYPTOSYSTEM

1. The set of possible plaintext


2. The set of possible cipher texts
3. The set of encryption keys
4. The set of decryption keys
5. The correspondence between encryption keys and decryption keys
6. The encryption algorithm to use
7. The decryption algorithm to use
A SIMPLE EXAMPLE: CAESAR CIPHER

 Replace each letter with the one “three over” in the Latin alphabet

what is the cypher text of


have a nice day?

• P = meet me after the party


• C = PHHW PH DIWHU WKH SDUWB
TYPES OF CRYPTOGRAPHIC FUNCTIONS

 Symmetric key functions


 Public key functions
 Hash functions
SYMMETRIC ENCRYPTION

• “Same” key used for encrypting and decrypting


• Fast and simple to implement
• Stream/block ciphers
STREAM VS BLOCK CIPHER

P: AFGGU UOPPT AFGGU UOPPT


K: KXVBU
SYMMETRIC KEY ENCRYPTION USE CASES

• Transmission over an insecure channel


• The transmitted message is encrypted by the sender and then decrypted by the
receiver using the same key
• Prevent attackers from eavesdropping
• Secure storage on insecure media
• Data is encrypted before being stored somewhere
• Only the entity knowing the key can decrypt
SYMMETRIC KEY ALGORITHMS

• Triple DES (Data Encryption Standard)


•C = DESk3(DESk2(DESk1 (P)))
• Data block size: 64 bits
• Key size: 168 bits
• Commonly used in HTTPS web servers
• Attacks: birthday attack
• AES (Advanced Encryption Standard)
• Data block size: 128 bits
• Key size: 168 bits, 192 bits, 256 bits
• Attacks: key related attacks, meet-in-the-middle attack
PRO AND CONS

• Pro
• Encryption is fast
• Cons
• Each pair of communicating parties to share a separate secret key
• The key has to shared among the two parties in a secure fashion
PUBLIC KEY ENCRYPTION

• Two types of keys: public and private


• Private key only known to entity, public key distributed openly
• Encrypt by public key, decrypt by private key or vice versa easy
• Generate public from private key easy, but not vice versa
• Requires no shared secret; allows for auth & non-rep & integrity
PUBLIC KEY ENCRYPTION USE CASES

• Transmitting over an insecure channel


• Sender encrypts with the public key of the receiver
• Only the receiver can decrypt with his/her private key
• Secure storage on insecure media
• Data is encrypted with the public key of the data owner before being stored
• Only the data owner who owns the corresponding private key can decrypt
• Authentication
• Sender encrypts a random number r with the public key of the receiver
• The receiver decrypts with his/her private key and sends r back to the sender
• Digital signatures
DIGITAL SIGNATURES

• Assurances:

• Message had been created/accessed by the holder of the private key (authentication)
• Holderof private key cannot deny having created/accessed the message which has been
signed (non-repudiation)
• Message has not been tampered with (integrity)
• Does not provide confidentiality as message is sent in the clear
• Involves the use of digests and hashing functions
• A hashing function takes data as input and produces a smaller piece of data (digest) as
output
• If
original input data changes even slightly, digest is very different; computationally
unfeasible to create text to obtain given hash
Example algorithms: RSA, DSA, ECDSA
DIGITAL SIGNATURES
CRYPTOGRAPHIC HASH FUNCTIONS

• A checksum on a message M that is


• One way
• It should be easy to compute Y= H(M), but hard to find M given only Y
• Collision-resistant
• It should be hard to find two messages, M and N such that H(M) = H(N)
• Examples
• SHA-256, SHA-3
HASH FUNCTIONS USE CASES

• Improve efficiency of digital signature


• Sign the hash rather than the message
• Password hashing
• Store the hash of the password
• Message authentication codes
• Guarantees the integrity of a message
• Program integrity
• Using a hash of the program code to make sure that the program has not been
modified
ATTACKS ON CRYPTOGRAPHIC PROTOCOLS

• Brute force search


• access to some plaintext messages

• Cryptoanalysis
• Ciphertext only
• access to cyphertext encrypted with same k
• Known plaintext
• access to plaintext-cyphertext pair
• Chosen plaintext
• choose one or plaintext messages
• Chosen ciphertext
• choose one or more ciphertext messages
Q&A

You might also like