Monday, December 16, 2019
Security Free Essays
string(726) " g p y MESSAGE SPACE \(ALL POSSIBLE PLAINTEXT MESSAGES\) TRANSFER \$5000 TO MY SAVINGS ACCOUNTâ⬠Cryptography MESSAGE SPACE \( \(ALL POSSIBLE PLAINTEXT MESSAGES\) ââ¬Å"TRANSFER TRANSFER \$5000 TO MY SAVINGS ACCOUNTâ⬠ENCRYPTION IS SECURE IF ONLY AUTHORIZED PEOPLE KNOW HOW TO REVERSE IT CODE SPACE \(ALL POSSIBLE ENCRYPTED MESSAGES\) CODE SPACE \(ALL POSSIBLE ENCRYPTED MESSAGES\) â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ MUST BE REVERSIBLE \(BUT ONLY IF YOU KNOW THE SECRET\) â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ ââ¬Å"1822UX S4HHG7 803TG 0J71D2 MK8A36 18PN1â⬠â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ ENCRYPTION IS ONE-TO-ONE AND REVERSIBLE EVERY CODE CORRESPONDS TO EXACTLY ONE MESSAGE â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ ââ¬Å"1822UX S4HHG7 803TG 0J71D2 MK8A36 18PN1â⬠FEB/MAR 2012 à © 2012 MICHAEL I\." ePayment Security ECOM 6016 Electronic Payment Systems â⬠¢ Keep financial data secret from unauthorized parties (privacy) ââ¬â CRYPTOGRAPHY Lecture 3 ePayment Security â⬠¢ Verify that messages have not been altered in transit (integrity) ââ¬â HASH FUNCTIONS â⬠¢ Prove that a party engaged in a transaction ( (nonrepudiation) ) ââ¬â DIGITAL SIGNATURES â⬠¢ Verify identity of users (authentication) ââ¬â PASSWORDS, DIGITAL CERTIFICATES THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Cryptography and Hash Functions yp g p y Message digest (hash) algorithms ââ¬â Secure Hash Algorithm: SHA-1, SHA-2, SHA-3 competition ââ¬â Securing passwords Hash Functions â⬠¢ A ââ¬Å"hashâ⬠is a short function of a message, f ti f sometimes called a ââ¬Å"message digestâ⬠g g â⬠¢ BUT: a hash is not uniquely reversible â⬠¢ Many messages have the same hash Has hà functionà H producesà aà fixedà sizeà hash ofà aà messageà M,à usuallyà 128? 512à bits h = H(M) â⬠¢ S Symmetric encryption ti ti ââ¬â DES and variations ââ¬â AES: Rijndael â⬠¢ Public-key algorithms ââ¬â RSA â⬠¢ Defending against attacks ââ¬â Salting, nonces g â⬠¢ Digital signatures THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. We will write a custom essay sample on Security or any similar topic only for you Order Now SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS One-Way Hash Functions â⬠¢ For any string s, H(s), the hash of s, is of fixed length (shorter than ) ( h t th s) â⬠¢ Hashes should be easy to compute â⬠¢ A ââ¬Å"one-wayâ⬠has is computationally difficult to invert: canââ¬â¢t find any message corresponding to a given hash Thisà isà aà messageà Mà This is a message M thatà weà wantà toà makeà unalterableà soà ità cannotà beà forgedà orà modified. One-Way Hash Functions â⬠¢ There are plenty of hash functions but no obvious one-way h h f hash functions ti â⬠¢ Good one-way hashes have the diffusion property: Altering any it of the message changes many bits of the hash â⬠¢ This prevents trying similar messages to see if they hash to the same thing We ll non reversibility â⬠¢ Weââ¬â¢ll see how non-reversibility provides security h = H(M) H 52f21cf7c7034a20 17a21e17e061a863 This is the has h of message M M: THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Uses of One Way Hash Functions One-Way â⬠¢ â⬠¢ â⬠¢ â⬠¢ Password verification Message authentication (message digests) Prevention of replay attack Digital signatures Key-Hashed Message Authentication Codes (HMACs) Shared Key Original Plaintext Hashing with MD5, SHA, etc. HMAC Key-Hashed Message Authentication Code (HMAC) Appended to Plaintext Before Transmission HMAC Original Plaintext Note: No encryption; only hashing THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Key-Hashed Message Authentication Codes (HMACs) Receiver Repeats the HMAC Computation On the Received Plaintext Shared Key Received Original Plaintext Nonce to Prevent Replay Attack p y Replay attack: repeating the messages in a challenge-response protocol (lik username/ h ll t l (like / password) to gain access to a system â⬠¢ Defense: make the messages different EVERY TIME the protocol is used. â⬠¢ But how? The username and password donââ¬â¢t change don t â⬠¢ Answer: use a random number, called a ââ¬Å"nonceâ⬠each time. Require the user to include the nonce in his response â⬠¢ NOTE: Nonce is an obsolete word: ââ¬Å"for the nonceâ⬠means ââ¬Å"for the time being,â⬠ââ¬Å"just for nowâ⬠THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Hashing with same algorithm ith Computed HMAC ? COMPARE ? Received HMAC If computed and received HMACs are the same, The sender must know the key and so is authenticated AND the message has not been altered THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Password Verification System sends nonce to user: Secure Hash Algorithm SHA-512 â⬠¢ US Federal Information Processing Standard, but used around the world â⬠¢ Uses exclusive-OR operation ? A= 0011011110001 B= 1101001101011 A? B= 1110010011010 nonce = 992883774 System looks up password pp Password store Iam#4VKU User concatenates nonce to password: Iam#4VKU 992883774 ||nonce p||nonce Iam#4VKU 992883774 H H(p||nonce) 779dsfe55d2884e0ea5 e3a011fa3211b Allow Login Yes Deny Login No Exact Match? H H(p||nonce) 779dsfe55d2884e0ea5 e3a011fa3211b â⬠¢ Exclusive-OR is lossy; knowing A ? B does not reveal even one bit of either A or B â⬠¢ Regular OR: If a bit of A ? B is zero, then both corresponding bits of both A and B were zero User sends H(p||nonce) ove r network THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Information Hiding with Exclusive-OR â⬠¢ x ? y = 1 if either x or y is 1 but not both: y x? y 0 0 1 1 1 0 Secure Hash Algorithm SHA-512 g 0 1 â⬠¢ If x ? y = 1 we canââ¬â¢t tell which one is a 1 â⬠¢ Canââ¬â¢t trace backwards to determine values Can t â⬠¢ If x ? y = 1 then BOTH x and y are 1 THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Secure Hash Algorithm Flow LONG MESSAGE TO BE HASHED SHA-512 Block Function TAKE FIRST 32 WORDS (1024 BITS) REPEAT FOR EACH 1024-BIT BLOCK STARTING HASH EIGHT 64-BIT 64 BIT WORDS (512 BITS) EXPAND TO 80 WORDS (2560 BITS) REPEAT 79 MORE TIMES â⬠¦ FINAL HASH (512 BITS) 111011 010101 110100 010011 011101 001011 010001 001011 11001 110101 000100 110001 011101 101011 110001 111011 Ch(e,f,g)à =à (eà ANDà f)à XORà (NOTà eà ANDà g) Maj(a,b,c)à =à (aà ANDà b)à XORà (aà ANDà c)à XORà (bà ANDà c) ? (a)à =à ROTR(a,28)à XORà ROTR(a,34)à XORà ROTR(a,39) ? (e)à =à ROTR(e,14)à XORà ROTR(e,18)à XORà ROTR(e,41) +à =à additionà moduloà 2^64 Ktà à =à aà 64? bità additiveà constantà forà roundà t Wtà =à aà 64? bità wordà derivedà fromà theà à currentà 512? bità inputà blockà forà roundà t THE UNIVERSITY OF HONG KONG FEB/MAR 2011 à © 2011 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS History of SHA Weââ¬â¢re now on the third generation of SHA: SHA-0 (1993-1995) (weakness f SHA 0 (1993 1995) ( k found early) d l ) SHA-1 (1995-2005) SHA-2 (2005 ââ¬â ) â⬠¢ SHA-512 is part of SHA-2 â⬠¢ SHA 1 is weak but not yet fully cracked, still the most SHA-1 cracked widely used hash algorithm SHA-3 â⬠¢ RIGHT NOW there is a competition for SHA 3 ââ¬â Began in 2007 ââ¬â There are five f inalists: BLAKE, Grostl, JH, Keccak, Skien ââ¬â Winner to be announced in 2012 Hashingà V. S. Encryption Hashing V. S. Encryption Hello,à world. Aà sampleà sentenceà toà showà encryption. k E NhbXBsZSBzZW50ZW5jZS B0byBzaG93IEVuY3J5cHR pb24KsZSBzZ k D Hello,à world. Aà sampleà sentenceà toà showà encryption. ? NhbXBsZSBzZW50ZW5jZS B0byBzaG93IEVuY3J5cHR p pb24KsZSBzZ Encryptionà isà twoà way,à andà requiresà aà keyà toà encrypt/decrypt Thisà isà aà clearà textà youà canà easilyà readà g y withoutà usingà theà key. Theà sentenceà isà longerà thanà theà textà above. h 52f21cf7c7034a20 7a e 7e06 a863 17a21e17e061a863 ââ¬â Hashing is one way There is no ââ¬Ëde hashingââ¬â¢ Hashingà isà one? way. Thereà isà noà de? hashing THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Cryptography yp g p y MESSAGE SPACE (ALL POSSIBLE PLAINTEXT MESSAGES) TRANSFER $5000 TO MY SAVINGS ACCOUNTâ⬠Cryptography MESSAGE SPACE ( (ALL POSSIBLE PLAINTEXT MESSAGES) ââ¬Å"TRANSFER TRANSFER $5000 TO MY SAVINGS ACCOUNTâ⬠ENCRYPTION IS SECURE IF ONLY AUTHORIZED PEOPLE KNOW HOW TO REVERSE IT CODE SPACE (ALL POSSIBLE ENCRYPTED MESSAGES) CODE SPAC E (ALL POSSIBLE ENCRYPTED MESSAGES) â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ MUST BE REVERSIBLE (BUT ONLY IF YOU KNOW THE SECRET) â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ ââ¬Å"1822UX S4HHG7 803TG 0J71D2 MK8A36 18PN1â⬠â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ ENCRYPTION IS ONE-TO-ONE AND REVERSIBLE EVERY CODE CORRESPONDS TO EXACTLY ONE MESSAGE â⬠¢ â⬠¢ â⬠¢ â⬠¢ â⬠¢ ââ¬Å"1822UX S4HHG7 803TG 0J71D2 MK8A36 18PN1â⬠FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG The Encryption Process MATERIAL WE WANT TO KEEP SECRET Role of the Key in Cryptography â⬠¢ The key is a parameter to an encryption procedure â⬠¢ Procedure stays the same, but produces different results based on a given key S P E C I A L T Y B D F G H J K M N O Q R U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C O N S U L T I N G EXAMPLE: OBJECT: HIDE A MESSAGE (PLAINTEXT) BY MAKING IT UNREADABLE (CIPHERTEXT) UNREADABLE VERSION OF PLAINTEXT MIGHT BE: TEXT DATA GRAPHICS AUDIO VIDEO SPREADSHEET â⬠¦ MATHEMATICAL SCRAMBLING PROCEDURE DATA TO THE ENCRYPTION ALGORITHM (TELLS HOW TO SCRAMBLE THIS PARTICULAR MESSAGE) D S R A V G H E R M SOURCE: STEIN, WEB SECURITY FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS NOTE: THIS METHOD IS NOT USED IN ANY REAL CRYPTOGRAPHY SYSTEM. IT IS AN EXAMPLE INTENDED ONLY TO ILLUSTRATE THE USE OF KEYS. THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG Symmetric Encryption SAME KEY USED FOR BOTH ENCRYPTION AND DECRYPTION Advanced Encryption Standard (AES) Based on a method called Rijndael, invented by j , y Vincent Rijmen and Joan Daeman (both male), who won a cryptography competition â⬠¢ Replaced Data Encryption Standard (DES) in 2001, but DES is still widely used â⬠¢ Symmetric block cipher with block length 128 bits, key lengths 128/192/256 bits â⬠¢ V Very fast: PC implementations at 3GB per second f t i l t ti t d SENDER AND RECIPIENT MUST BOTH KNOW THE KEY THIS IS A WEAKNESS SOURCE: STEIN, WEB SECURITY THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS AES Overview Input message: 4Ãâ"4 matrix Transformations in Each AES Round Symmetric key Output from Round n-1 SubByte: substitutes bytes of the 4 x 4 matrix ShiftRows: shifts rows of the 4 x 4 matrix MixColumn: replace bytes in each column by different functions of the whole column AddRoundKey: XOR round key with the 4 x 4 matrix 128-bit blocks Round n: Number of rounds based on key length 128-bit, 10 rounds 192 bit, 192-bit, 12 rounds 256-bit, 14 rounds SubByte ShiftRows MixColumn Round key Each round key is different, obtained from full symmetric key AddRoundKey Encrypted output: Input to Round n+1 R d 1 THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS SubByte Input: ea 04 65 85 83 45 5d 96 5c 33 98 b0 f0 2d as c5 16 x 16 matrix specifies byte substitutions: ShiftRows Input: Output: 87 f2 4d 97 87 f2 4d 97 Output: 87 f2 4d 97 ec 6e 4c 90 4a c3 46 e7 8c d8 95 a6 S-Box 6e 4c 90 ec 46 e7 4a c3 a6 8c d8 95 ec 6e 4c 90 4a c3 46 e7 8c d8 95 a6 SOURCE: WILLIAM STALLINGS THE UNIVERSITY OF HONG KONG SOURCE: WILLIAM STALLINGS FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS MixColumn Add Round Key Final output for this round: Input: 87 f2 4d 97 Output: 47 40 a3 4c 37 d4 70 9f 94 e4 3a 42 ed a5 a6 bc SOURCE: WILLIAM STALLINGS SOURCE: WILLIAM STALLINGS 6e 4c 90 ec 46 e7 4a c3 a6 8c d8 95 The 4 x 4 matrix is XORed with the round key THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS AES Round Summary Input bytes: A Rijndael Animation by Enrique Zabala Transformations: Output bytes: O b ANIMATION SOURCE: WILLIAM STALLINGS 32 Cipher Block Chaining Example â⬠¢ â⬠¢ DES is an older, less secure symmetric encryption algorithm; uses 56-bit keys 56 bit In ECB mode, the same input text always produces the same output. This creates risk of partial decryption. PLAINTEXT BLOCK 1 PLAINTEXT BLOCK 2 Triple DES â⬠¢ â⬠¢ Security can be increased by encrypting multiple times with different keys Double D bl DES i not much more secure th single DES b is t h than i l because of a ââ¬Å"meet-in-the-middleâ⬠attack K1 K2 K3 INITIALIZATION STRING ? DES ? DES etc. PLAINTEXT BLOCK 1 DES ENCRYPT DES DECRYPT DES ENCRYPT CIPHERTEXT BLOCK 1 CIPHERTEXT BLOCK 1 CIPHERTEXT BLOCK 2 â⬠¢ â⬠¢ â⬠¢ This method is called 3DES-IK, for ââ¬Å"independent keysâ⬠q g y Equivalent to a single 112-bit key If K1 = K2 = K3 this is just single DES THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Public Key Public-Key (Asymmetric) Encryption 2. SENDERS USE SITEââ¬â¢S PUBLIC KEY FOR ENCRYPTION 3. SITE USES ITS PRIVATE KEY FOR DECRYPTION Public-Key Encryption y yp 2. Bob looks up Aliceââ¬â¢s public key 5. Alice uses her PRIVATE KEY to decrypt M 1. Bob wants to send M to Alice M 1. 1 USERS WANT TO SEND PLAINTEXT TO RECIPIENT WEBSITE 4. ONLY WEBSITE CAN DECRYPT THE CIPHERTEXT. NO ONE ELSE KNOWS HOW 4. Bob transmits the encrypted message in the clear M SOURCE: STEIN, WEB SECURITY STEIN THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS 3. Bob uses Aliceââ¬â¢s public key to encrypt M SOURCE: CHIN-TSER HUANG 6. Alice now has M. No one else does 09/13/2011 36 Public-Key Encryption â⬠¢ â⬠¢ â⬠¢ â⬠¢ When Alice gets M no one else could have read it M, No one else has Aliceââ¬â¢s PRIVATE key Problem: she canââ¬â¢t be sure Bob sent it can t Anyone with Aliceââ¬â¢s PUBLIC key could have sent it Public Key Public-Key Authentication 2. Bob encrypts M with his PRIVATE key 4. Alice looks up B bââ¬â¢ Bobââ¬â¢s public key 1. Bob wants to send M to Alice so she is sure Bob sent it . Alice decrypts M with Bobââ¬â¢s PUBLIC key M 3. Bob sends the encrypted message to Alice M THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Public-Key Authentication â⬠¢ When Alice gets M she is sure it came from Bob M, â⠬ ¢ No one but Bob has Bobââ¬â¢s PRIVATE key â⬠¢ Problem: anyone can read M ââ¬â all that is needed is Bobââ¬â¢s PRIVATE key â⬠¢ Is there some way to achieve security AND authentication at the same time? Secure Authenticated Messages Use two public-private key pairs ââ¬â one for Bob, one for Alice M M Aliceââ¬â¢s Public Key PUA Aliceââ¬â¢s Private Key PRA Bobââ¬â¢s Private Key PRB Bobââ¬â¢s Public Key PUB Keys in key pairs are mathematically linked THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS One-Way Trapdoor Functions â⬠¢ A function that is easy to compute â⬠¦ â⬠¢ But computationally difficult to invert without knowing the secret (the ââ¬Å"trapdoorâ⬠) trapdoor ) â⬠¢ Example: f (x, y) = xâ⬠¢y â⬠¢ Given f (x y), it is difficult to find either x or y (x, y) â⬠¢ Given f (x, y) and x (the secret), it is easy to find y â⬠¢ Any one way trapdoor function can be used in public one-way publickey cryptography. Rivest-Shamir-Adelman Rivest Shamir Adelman (RSA) â⬠¢ It is easy to multiply two numbers but apparently hard y py pp y to factor a number into a product of two others. y â⬠¢ Given p, q, it is easy to compute n = p â⬠¢ q â⬠¢ Example: p = 5453089; q = 3918067 â⬠¢ Easy to find n = 21365568058963 y â⬠¢ Given n, it is hard to find two numbers p, q with p â⬠¢ q = n â⬠¢ Now suppose n = 7859112349338149 What are p and q such that p â⬠¢ q = n ? â⬠¢ Multiplication is a one-way function â⬠¢ RSA exploits this fact in public-key encryption THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Rivest-Shamir-Adelman (RSA) â⬠¢ Each user generates a public/private key pair: â⬠¢ Select two large primes at random: p q (1024 bits) p, â⬠¢ Compute their product n = p â⬠¢ q ââ¬â note: ? (n) = number of divisors of n = (p-1)(q-1) â⬠¢ Select a small odd number e that does not divide ? (n) â⬠¢ Find the multiplicative inverse of e, that is, a number ( ? ( )) such that e â⬠¢ d = 1 (mod ? (n)) â⬠¢ Public encryption key is the pair (e. n) â⬠¢ Private decryption key is the pair (d, n) â⬠¢ Knowing (e, n) is of no help in finding d. Still need p q g and q, which involves factoring n, which is difficult THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS RSA Encryption â⬠¢ The message M is an integer â⬠¢ To encrypt message M using key (e, n): â⬠¢ Compute C(M) = M e (mod n) p ( ) ( ) â⬠¢ To decrypt message C using key (d, n): â⬠¢ Compute P(C) = C d (mod n) â⬠¢ N t th t P(C(M)) = C(P(M)) = (M e)d ( d n) Note that (mod ) eâ⬠¢d = M (mod n) = M Because e â⬠¢ d = 1 ( (mod n) ) â⬠¢ DEMO THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS RSA Example = 61; q = 53 n = pq = 3233 (modulus, can be given to others) e = 17 (public exponent, can be given to others) d = 2753 (private exponent kept secret! ) exponent, PUBLIC KEY = (3233, 17) PRIVATE KEY = (3233, 2753) To encrypt 123, compute 12317 (mod 3233) = 337587917446653715596592958817679803 mod 3233 = 855 37 digits INVERSE OF 5 IS 3 MULTIPLICATION MOD 7 Multiplicative Inverses p Over Finite Fields â⬠¢ â⬠¢ â⬠¢ 1 1 The i Th inverse e-1 of a number e satisfies e-1 â⬠¢ e = 1 f b ti fi The inverse of 5 is 1/5 If we only allow numbers from 0 to n-1 (mod n), then for special n1 n) values of n, each e has a unique inverse 0 1 2 3 4 5 6 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1 6 â⬠¢ 2 = 12 WHEN DIVIDED BY 7 GIVES REMAINDER 5 To decrypt 855 compute 8552753 (mod 3233) = 123 855, (intermediate value has 8072 digits) SOURCE: FRANCIS LITTERIO THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS EACH ROW EXCEPT THE ZERO ROW HAS EXACTLY ONE 1 EACH ELEMENT HAS A UNIQUE INVERSE THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Trapdoor Functions for Cryptography ANY one-way trapdoor function f(x) can be used for y p ( ) public-key cryptography â⬠¢ Alice wants to send message m to Bob â⬠¢ Bobââ¬â¢s public key e is a parameter to the trapdoor function fe(x) (the inverse fe -1(x) is easy to compute knowing B bââ¬â¢ private k d b t diffi lt without d) k i Bobââ¬â¢s i t key but difficult ith t â⬠¢ Alice computes fe(m), sends it to Bob 1 â⬠¢ Bob computes fe -1(fe(m)) = m (easy if d is known) â⬠¢ Eavesdropper Eve canââ¬â¢t compute m = fe -1(fe(m)) 1 without th t d ith t the trapdoor d t find th i to fi d the inverse fe -1 Discrete Logarithms If ab = c, we say that logac = b y g â⬠¢ Example: 232 = 4294927296 so log2(4294927296) = 32 p g g y â⬠¢ Computing ab and logac are both easy for real numbers â⬠¢ In a finite field, it is easy to calculate c = ab mod p but given c, a and p it i very diffi lt t find b i d is difficult to fi d â⬠¢ This is the ââ¬Å"discrete logarithmâ⬠problem â⬠¢ Analogy: Given x it is easy to find two real numbers y, z such that x = y â⬠¢ z â⬠¢ Given an integer n it is hard to find two integers p, q such that n = p â⬠¢ q THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MIC HAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Diffie-Hellman Key Exchange y g â⬠¢ Object: allow Alice and Bob to exchange a secret key â⬠¢ Protocol has two public parameters: a prime p and a number g ; p such that given 0 ; n ; p there is some k such that gk = n (g is called a generator) g ) â⬠¢ Alice and Bob generate random private values a, b between 1 and p-2 â⬠¢ Aliceââ¬â¢s public value is ga (mod p); Bobââ¬â¢s is gb (mod p) â⬠¢ Alice and Bob share their public values â⬠¢ Alice computes (gb)a (mod p) = gba (mod p) â⬠¢ Bob computes (ga)b (mod p) = gab = gba (mod p) â⬠¢ Let key = gab. Now both Alice and Bob have it. â⬠¢ No one else can compute it ââ¬â they donââ¬â¢t know a or b THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Security Attacks y â⬠¢ A LOT of money is protected by cryptography â⬠¢ H k Hackers are constantly t i to defeat it t tl trying t d f t ââ¬â ââ¬â ââ¬â ââ¬â ââ¬â Brute force (try all keys) Mathematical attack (find weaknesses in the algorithm) Social engineering (get people to reveal their key) Man-in-the-middle (intercept communications) Side channel attacks THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Side Channel Attacks â⬠¢ ââ¬Å"Side channelâ⬠: any observable information emitted by the physical implementation of the cryptosystem â⬠¢ Timing (see when certain operations performed) â⬠¢ C h contents ( Cache t t (see which memory l hi h locations are ti accessed) â⬠¢ Electromagnetic radiation (monitor RF emissions) â⬠¢ Power consumption (trace the power used by a chip) â⬠¢ Physical chip structure (for hard wired keys) hard-wired Cache Observation â⬠¢ AES uses large tables (4 x 1024 bytes) for efficiency â⬠¢ One encryption accesses only a small portion of the tables, which is a function of the data and the encryption key THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS Power Consumption p â⬠¢ Some bit operations consume more electric power than others Major Ideas j Secure hash algorithms create message digests â⬠¢ E Encryption algorithms are complex ti l ith l ââ¬â must be studied carefully (by cryptographers) ââ¬â subject to sophisticated attacks bj t t hi ti t d tt k â⬠¢ Symmetric encryption is fast â⬠¢ AES is the new standard symmetric encryption algorithm â⬠¢ Nonces defend against replay attacks â⬠¢ RSA is the principal public-key encryption algorithm Public key â⬠¢ Public-key encryption is slow because of the need to work with huge numbers (~2000 bits) THE UNIVERSITY OF HON G KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS SOURCE: BERTONI ET AL. THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS El Gamal Encryption â⬠¢ Based on the discrete logarithm g â⬠¢ Bobââ¬â¢s public key is (p, q, r) â⬠¢ Bobââ¬â¢s private key is s such that r = qs mod p THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS â⬠¢ Alice sends Bob the message m by picking a random secret number k and sending (a, (a b) = (qk mod p mrk mod p) p, â⬠¢ Bob computes b (as )-1 mod p = mrk (qks)-1 = mqks (qks)-1 = m â⬠¢ (Bob knows s; nobody else can do this) THE UNIVERSITY OF HONG KONG FEB/MAR 2012 à © 2012 MICHAEL I. SHAMOS How to cite Security, Papers
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment