Professional Documents
Culture Documents
CH02-CompSec4e Accessible
CH02-CompSec4e Accessible
Chapter 2
Cryptographic Tools
Copyright © 2018, 2015, 2012 Pearson Education, Inc. All Rights Reserved
2
Encryption: The universal technique for providing confidentiality for transmitted or stored data
Two main types of encryptions:
Symmetric (aka Private Key, or single-key Encryption)
Asymmetric (aka Public Key, or two-key Encryption)
3
4
Symmetric Encryption
Symmetric Encryption
5
Simplified Model of Symmetric Encryption
6
7
8
Data Encryption Standard (DES)
9
Average Time Required for Exhaustive Key Search
Key Size (bits) Cipher Number of Alternative Keys Time Required at Time Required at
109 decryptions / s
10 to the ninth power decryptions per microseconds 10 to the 13 power decryptions per microseconds
1013 decryptions / s
1 hour
10
Triple DES (3DES)
Repeats basic DES algorithm 3 times using either two or three unique keys
DESk3(DESk2(DESk1(Plaintext))) or DESk1(DESk2(DESk1(Plaintext)))
Attractions:
168-bit key (3x56bit) length overcomes the vulnerability to brute-force attack of DES
Underlying encryption algorithm is still D ES
Drawbacks:
Algorithm is slow in software
Uses a 64-bit block size for plaintext
11
Advanced Encryption Standard (AES)
12
Block Cipher – Encryption of large data
13
Practical Security Issues
Typically, symmetric encryption is applied to a unit of data larger than a single 64-bit or
128-bit block
Electronic CodeBook (ECB) mode is the simplest approach to multiple-block encryption
Each block of plaintext is encrypted using the same key
Cryptanalysts may be able to exploit regularities in the plaintext
Modes of operation
Alternative techniques developed
to increase the security of symmetric block encryption for large sequences
14
ECB Problem
15
Alternative Mode : CBC
16
Block & Stream Ciphers
Block Cipher
Processes the input one block at a time
Produces an output block for each input block
Can reuse keys
More common
Stream Cipher
Processes the input elements continuously
Primary advantage is that they are almost always
faster and use far less code
Encrypts plaintext one byte at a time
Pseudorandom stream is one that is unpredictable
unless you know the input key
17
18
Message Authentication
Message Authentication
19
Message Authentication Without Confidentiality
20
21
Hash Functions
Secure Hash Function Properties
22
Security of Hash Functions
25
Message Authentication Using a One-Way Hash Function
26
27
Public-Key Encryption
(aka Asymmetric)
Public-Key Encryption Structure
28
Public-Key Cryptography (1 of 2)
Plaintext
Readable message or data that
is fed into the algorithm as
input
Encryption algorithm (e.g., RSA)
Performs transformations on
the plaintext
Public and private key
Pair of keys, one for
encryption, one for decryption
Ciphertext
Scrambled message produced
as output
Decryption key
Produces the original plaintext
29
Public-Key Cryptography (2 of 2)
Sender encrypts data using his/her own private key
Receiver decrypts data using sender’s public key
30
Applications for Public-Key Cryptosystems
Symmetric Key Encryption of Secret
Algorithm Digital Signature Distribution Keys
RSA Yes Yes Yes
Diffie–Hellman No Yes No
DSS Yes No No
Elliptic Curve Yes Yes Yes
31
Requirements for Public-Key Cryptosystems
Computationally infeasible to
find private key from public key
32
Asymmetric Encryption Algorithms
33
34
Digital Signatures
Digital Signatures
35
Digital Signature Process
36
37
Digital Certificates
Public-Key Certificate Use
38
Digital Envelopes
39
40
Usage Examples:
Keys for public-key algorithms
Stream key for symmetric stream cipher
Symmetric key for use as a temporary session key
Creating a digital envelope
Handshaking to prevent replay attacks
41
Random Number Requirements
Randomness Criteria:
Unpredictability
Frequency of occurrence of the numbers statistically should be approximately the same
Independence
No one value in the sequence can be inferred from the others
42
Random Vs. Pseudorandom
43
Practical Application: Encryption of Stored Data
44
Summary (1 of 2)
Public-key encryption
Structure
Applications for public-key cryptosystems
Requirements for public-key cryptography
Asymmetric encryption algorithms
Digital signatures and key management
Digital signature
Public-key certificates
Symmetric key exchange using public-key encryption
Digital envelopes
Practical Application: Encryption of Stored Data
46