Cryptography & Network Security
Lecture 1: Introduction & Overview
2002. 3. 27
임 채훈
[email protected]세종대학교 인터넷학과
Common Terms(1)
Cryptography
:
The study of mathematical techniques related to aspects of information security
Cryptanalysis
: The study of
mathematical techniques for attempting to defeat cryptographic techniques
Cryptology
: The study of cryptography and cryptanalysis
Cryptosystem
: A general term referring to a set of cryptographic
primitives used to provide information security
Common Terms(2)
Cipher
: Block cipher, Stream cipher, Public key cipher
Plaintext/Cleartext
(평문)
,Ciphertext
(암호문)
Encryption/Encipherment
,
Decryption/Decipherment
Key
(or Cryptographic key)
¾
Secret key
¾
Private key / Public key
Authentication
¾
Message authentication
¾
User authentication
Digital signature
Security Threats
Interruption/Denial of service
Interception: eavesdropping, wiretapping, theft …
Modification
Fabrication/Forgery
Unauthorized access
Security Services
Security services
¾
A service that enhances information security using one or
more security mechanisms
Confidentiality/Secrecy
↔ Interception
Authentication
↔ Forgery
Integrity
↔ Modification
Nonrepudiation
↔ Denial of facts
Access control
↔ Unauthorized access
Availability
↔ Interruption
Security Mechanisms
Security mechanism
¾
A mechanism designed to detect, prevent, or recover from
a security attack
Encryption
Authentication
Digital signature
Models for Evaluating Security
Conditional vs Unconditional
¾
Unconditional security
¾
Computational security
Provable vs Ad hoc
¾
Provable security
¾
Ad hoc security
Summary: Security Needs for Network Communications
Interception Confidentiality
Is Private?
Modification Integrity
Has been altered?
Forgery Authentication
Who am I dealing with?
Claim Non-Repudiation
Who sent/received it? Not SENT ! Denial of Service Availability Wish to access!! Access Control
Have you privilege? Unauthorised access
¾ Encryption with MAC : Confidentiality, Authentication, Integrity Protection ¾ Digital Certificate : Identification
¾ Digital Signature : Authentication, Integrity Protection, Non-Repudiation ¾ Security mechanisms are combined to provide a security service
9 Virtual Private Network(VPN), Firewall, IDS, etc.
Solutions for Security Needs
CO NFI
DEN
TIAL ¾ Temper-evident sealed envelope
¾ ID-card, Passport, Drivers license ¾ Signature
Physical Solutions
Cryptographic Solutions
Classical Encryption Techniques
Basic building blocks of all encryption techniques
¾
Substitution: replacement
¾
Transposition: relocation
Substitution ciphers
¾
Caesar cipher
¾
Monoalphabetic ciphers
¾
Playfair cipher
Confusion and Diffusion
Diffusion
¾ Ideally, ciphertext should look as if it is a random string of letters.
¾ Distributes or disperses the statistical structure of plaintext over the
ciphertext.
¾ Hides the statistical relationships between the
ciphertext
and the
underlying
plaintext
.
¾ Changes in the plaintext should affect many parts of the ciphertext.
¾ Substitution + Transposition
Confusion
¾ The principle of confusion prevents the cryptanalyst from using
ciphertext to figure out the secret encryption key.
¾ Hides the statistical relationship between
ciphertext
and
secret key
.
¾ The interceptor should not be able to predict what changing one
character in the plaintext will do to the ciphertext.
¾ Substitution (Well-designed & Complex)
Cryptographic Primitives
¾
Unkeyed Primitives
9 Hash functions 9 One-way Permutations 9 Random Sequence
¾
Symmetric Key Primitives
9 Symmetric Key Ciphers : Block ciphers, Stream ciphers 9 Message authentication schemes: Keyed hash functions(MAC) 9 Pseudorandom Sequences
¾
Public Key Primitives
9 Public Key Ciphers 9 Digital Signatures 9 Identification PrimitivesSymmetric Encryption Model
E
D
Shared Secret Key Shared Secret KeyKey
K
Secure Channel Insecure Channel Plaintext M Ciphertext C Plaintext M Cryptanalyst Adversary M′ K′ C = EK(M) DK(C) = MAsymmetric Encryption Model
E
Insecure ChannelD
Plaintext Ciphertext Plaintext
Cryptanalyst Adversary M′ KA_d′
Alice
Bob
Symmetric Authentication Model
MAC
Shared Secret Key Shared Secret KeyKey
K
Secure Channel Insecure Channel Message M M + mac Cryptanalyst Adversary K′mac = MACK(M) MACK(M′) = mac′ ?
Regenerated mac = Received mac ?
MAC
= ? Success Or Failure Received Regenerated M′ mac′Asymmetric Authentication Model
SIGN
Insecure Channel Message M M + sig Cryptanalyst Adversary KA_d′ (M′, sig′) = Success ? Success Or Failure M′ + sig′ Obtain Alice’s public KeyAlice’s Public Key KA_e Authentic Channel
Alice’s Private Key KA_d
Bob
Alice
Secret Key vs Public Key Systems
¾Symmetric Key Cryptosystem9 Both parties must share the same secret key
9 Encrypt/Decrypt & MAC generate/verify
9 Very fast : Bulk data encryption, User/message authentication
9 Block/Stream Cipher : AES, DES, IDEA, SEED, Crypton…; RC4, SEAL… 9 MAC schemes: Keyed hash (HMAC), CBC-MAC …
9Problem of Key Sharing; Cannot provide Non-repudiation
¾Public Key Cryptosystem
9 A pair of (Public Key, Private Key) for each user
9 Encrypt/Verify with peer’s Public Key; Decrypt/Sign with its own Private Key
9 Encryption scheme: RSA, ElGamal 9 Key exchange: DH(Diffie-Hellman), ECDH
9 Signature schemes: RSA, DSA, KCDSA, ECDSA, EC-KCDSA … 9 Slow : Key exchange, Authentication, Non-repudiation 9Problem : How to get the right peer’s Public Key
¾
Hash Function
9 Generate a fixed length “Fingerprint” for an arbitrary Message
9 No Key involved 9 One Way Function 9 MD5, SHA1, SHA2, HAS160
¾
Applications
Hash Functions
H
Message M¾
Purposes
9 Secure tag for authentication 9 Message origin authentication 9 User authentication
9 Message integrity
¾
Schemes
9 Keyed hash: HMAC
9 Block cipher: CBC-MAC, XCBC-MAC 9 Dedicated MAC: UMAC
Message Authentication Code(MAC)
MAC SEN D MAC MAC Shared Secret Key
¾
Digital Signature
9 Combine Hash with Digital Signature and use PKC 9 Provide Authenticationand Non-Repudiation
9 RSA; DSA, KCDSA, ECDSA, EC-KCDSA
Digital Signature
Sender’s Private
Key
Hash Algorithm
Hash Hash Algorithm
Hash1 Hash2 Sender’s Public Key SEND Signature Signature Signin g Ve rify in g
