BM 482E – Introduction to Computer Security Lecture 4 Cryptography (continued) Mehmet Demirci

BM 482E – Introduction to Computer Security
Lecture 4
Cryptography (continued)
Mehmet Demirci
1
Today
• Stream ciphers
• Asymmetric key (Public key) cryptography
2
Symmetric Key Cryptography
Block ciphers vs. Stream ciphers
• Block ciphers encrypt plaintext in blocks (groups of bits).
• Stream ciphers encrypt plaintext bit-by-bit.
3
Stream Ciphers
• Stream ciphers take a short key, and produce a much longer key.
• They use the longer keystream to encrypt and decrypt.
• This is an imitation of the one-time pad, but it is not the same.
• Key is not random, it is pseudorandom.
4
Stream Ciphers
Advantages
• They are simple and fast.
• They are not constrained by block size.
Disadvantages
• If key is reused, they are easy to break.
• They are malleable, i.e., attacker can modify ciphertext to cause incorrect
decryption.
5
Stream Ciphers
Example: RC4
• Developed by Ron Rivest.
• Common stream cipher, fast and easily implemented in software.
• Used in WEP, WPA, TLS etc.
• Vulnerable to related-key attacks if key schedule is weak.
6
Block Ciphers vs. Stream Ciphers
Summary
• Block ciphers are generally more popular than stream ciphers.
• Stream ciphers are suitable for low-power devices thanks to their
simplicity.
• In stream ciphers, keystream generation must be done carefully to
avoid vulnerabilities.
• In block ciphers, mode of operation must be chosen wisely.
7
Asymmetric Key Cryptography
Asymmetric key cryptography: Encryption key ≠ Decryption key
• Two keys, one secret (private), one public
• Also called “Public key cryptography”
8
Asymmetric Key Cryptography
Asymmetric key cryptography is significantly different from
symmetric key cryptography. It represents a revolution in
cryptography because
• It is not based on substitution-permutation networks like symmetric key
algorithms, whose main goal is confusion.
• It is based on number theory.
9
Public Key Cryptosystem (PKC)
PKC Properties
• Given encryption key and algorithm, decryption key cannot be determined.
• We can use either key for encryption, and the other key for decryption.
10
Public Key Cryptosystem (PKC)
PKC Steps
• Each user generates a pair of keys.
• Makes one key public, keeps the other one secret (private).
• Bob encrypts a confidential message with Alice’s public key and sends her the
resulting ciphertext to Alice.
• Alice decrypts the ciphertext with her own private key to get the message.
11
Public Key Cryptosystem (PKC)
PKC for Authorization
• Bob encrypts a message with his own private key and sends the resulting
ciphertext to Alice (or broadcasts it).
• Alice decrypts the ciphertext with Bob’s public key to get the message.
• Anyone can decrypt the ciphertext and verify that Bob generated the message.
12
Public Key Cryptosystem (PKC)
PKC Requirements
It must be
•
•
•
•
•
Easy to generate the key pair.
Easy to encrypt a plaintext message.
Easy to decrypt a ciphertext if you know the decryption key.
Computationally infeasible to obtain the private key given the public key.
Computationally infeasible to obtain the plaintext given the ciphertext and the
public key.
13
Public Key Cryptosystem (PKC)
PKC Requirements
How can we achieve these requirements?
• We need special functions: Trap-door one-way functions
14
Public Key Cryptosystem (PKC)
One-way functions
• 𝒀 = 𝒇(𝑿)
easy
• 𝑿 = 𝒇−𝟏 (𝒀)
infeasible
Trap-door one-way functions
• 𝒀 = 𝒇𝒌 (𝑿)
easy, if 𝒌 and 𝑿 are known
• 𝑿 = 𝒇𝒌−𝟏 (𝒀)
easy, if 𝒌 and 𝒀 are known
infeasible, if 𝒀 is known but 𝒌 is not known.
15
Public Key Cryptosystem (PKC)
RSA Algorithm
• Published by Rivest, Shamir and Adleman in 1978.
• Encrypt in blocks, block size is 𝒊 bits, where 𝟐𝒊 < 𝒏 .
• Encryption: 𝑪 = 𝑴𝒆 (𝒎𝒐𝒅 𝒏)
• Decryption: 𝑴 = 𝑪𝒅 (𝒎𝒐𝒅 𝒏)
• 𝒏, 𝒆 are public.
• 𝒅 is private.
16
RSA
Critical Question
How do we find 𝒏, 𝒆, 𝒅 such that 𝑴 = 𝑴𝒆𝒅 (𝒎𝒐𝒅 𝒏) for all 𝑴 < 𝒏 and
• It is easy to calculate 𝑴𝒆 (𝒎𝒐𝒅 𝒏) and 𝑪𝒅 (𝒎𝒐𝒅 𝒏) for all 𝑴 < 𝒏 and
• It is infeasible to find 𝒅 given 𝒆 and 𝒏 ?
Let’s look at some math!
17
Euler’s Totient Function
𝝋 𝒏 : number of positive integers less than 𝒏 and relatively prime to 𝒏.
For two prime numbers 𝒑 and 𝒒, let 𝒏 = 𝒑𝒒. Then,
𝝋 𝒏 = 𝝋 𝒑𝒒 = 𝝋 𝒑 × 𝝋 𝒒 = (𝒑 − 𝟏) × (𝒒 − 𝟏)
18
Euler’s Theorem
For every 𝒂 and 𝒏 that are relatively prime,
𝒂𝝋(𝒏) ≡ 𝟏 𝒎𝒐𝒅 𝒏
𝒂𝝋
𝒏 +𝟏
≡ 𝒂 𝒎𝒐𝒅 𝒏
Let’s use this result in RSA.
19
RSA
𝑴 = 𝑴𝒆𝒅 (𝒎𝒐𝒅 𝒏)
if
𝒆𝒅 ≡ 𝟏 𝒎𝒐𝒅 𝝋(𝒏)
Proof:
20
RSA
How to set up RSA:
• Choose two primes 𝒑 and 𝒒 (private).
• Calculate 𝐧 = 𝒑𝒒 (public).
• Choose public 𝒆 < 𝝋(𝒏) such that 𝒈𝒄𝒅 𝝋 𝒏 , 𝒆 = 𝟏.
• Calculate private 𝒅 ≡ 𝒆−𝟏 𝒎𝒐𝒅 𝝋 𝒏 .
• Encryption: 𝑪 = 𝑴𝒆 (𝒎𝒐𝒅 𝒏)
• Decryption: 𝑴 = 𝑪𝒅 (𝒎𝒐𝒅 𝒏)
21
Security of RSA
• Brute force attacks → Use long keys, but this will make RSA slower.
• Mathematical attacks: Most of these focus on the factoring problem:
• Factor 𝐧 = 𝒑𝒒 to determine 𝒑 and 𝒒. Then 𝒅 can be found.
• Factoring is a hard problem, so this is not feasible, but factoring algorithms are
getting better and computers are getting more powerful.
• So, RSA may not be safe forever.
• Plain RSA is vulnerable to a chosen-ciphertext attack.
22
Summary
• Stream Ciphers
• RC4
• Asymmetric Key Cryptography
• PKC Steps and Requirements, RSA
23
Next Lecture
• Authentication
• Hash Functions
• Digital Signatures
24