Professional Documents
Culture Documents
Criptografia
Criptografia
Cyber Security
Cryptography
Is:
Michele Nogueira, Ph.D. – A tremendous tool for protecting information
Computer Security Science Center (CCSC)
– The basis for many security mechanisms
Is not:
– The solution to all security problems
no eavesdropping
– Reliable unless implemented and used properly no tampering
– Something you should try to invent yourself
2 3
Goal 2: Protect files (data at rest) Cryptography Cryptography concepts
4 5 6
Cryptography concepts Cryptography Building Blocks
Symmetric cipher
nonce
• Two main types Alice Bob
m, n E(k,m,n)=c c, n D(k,c,n)=m
– Symmetric encryption (shared key) E D
– Asymmetric encryption (public key)
k k
Problem: OTP key is as long as the message One time key !! “Two time pad” is insecure: n bits n bits
R(kn, ⋅)
R(k1, ⋅)
R(k2, ⋅)
R(k3, ⋅)
• Goal: provide message integrity. No confidentiality. Most widely used MAC on the Internet
Eavesdropping security is insufficient for most applications H: hash function
– Ex: Protecting public binaries on disk
example: SHA-256; output is 256 bits
● Need also to defend against active (tampering) attacks
k k
● Next: methods to ensure message integrity message m tag
Building a MAC out of a hash function:
Alice Bob
– Standardized method: HMAC
Generate tag: Verify tag: ?
tag ← S(k, m) V(k, m, tag) = `yes’ S( k, msg ) = H(k⊕opad ǁ H( k⊕ipad ǁ msg ) )
www.ccsc-research.org
ccsc@ufpr.br 19 20 21
Building Blocks Building Blocks
Cryptography
Public-key encryption Trapdoor permutations
1. KeyGen: generate two equal length primes p, q Goal: bind document to author identity
set N ← p⋅q (3072 bits ≈ 925 digits) • Problem: attacker can copy Alice’s sig from one doc to another
set e ← 216+1 = 65537; d ← e-1 (mod ϕ(N))
Main idea: make signature depend on document • Only someone who knows sk can sign a message m
pk = (N, e); sk = (N, d)
Example: signatures from a trapdoor permutation (e.g. RSA) • Anyone who has pk can verify a (msg, signature) pair
2. RSA(pk, x) : x → (xe mod N)
sign(sk, m):= F-1 (sk, H(m))
Inverting this function is believed to be as hard as factoring N
verify(pk, m, sig):= accept if F(pk, sig) = H(m)
3. RSA-1(sk, y): y → (yd mod N) 25 26 27
Digital Certificates Digital Certificates Digital Certificates
How does Alice (browser) obtain Bob’s public key pkBob ? Sample Certificate Real World!
Goal: Browser and Server want a shared secret, unknown to attacker Goal: “... provide privacy and reliability between two ClientHello: nonceC, KeyShare
communicating applications” Client Server
ServerHello: nonceS, KeyShare, Enc[certS,…]
Two main parts secret
Browser Server CertVerify: Enc[SigS(data)], Finished key
1. Handshake Protocol: Establish shared secret key
using public-key cryptography Finished
certS
attacker ?? session-keys ← HKDF( DHkey, nonceC , nonceS )
key key 2. Record Layer: Transmit data using negotiated key
Example: Diffie-Hellman key exchange Encrypted ApplicationData
• Only secure against eavesdropping Our starting point: Using a key for encryption and integrity Encrypted ApplicationData
• TLS 1.3: enhances Diffie-Hellman key exchange
31 32 33
⟹ security against an active attacker
Summary
● Overview on cryptography
● Cryptography as a tool
● Types: symmetric and asymmetric encryption
● Cases of use
www.ccsc-research.org
ccsc@ufpr.br 34