Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
53 views30 pages

Chapter2 PDF

This chapter discusses cryptographic tools and algorithms. It covers symmetric and asymmetric encryption algorithms for confidentiality, as well as hash functions for message authentication. Symmetric algorithms like DES and AES use a shared secret key for encryption, while asymmetric algorithms like RSA use public/private key pairs. Hash functions produce a fixed-length hash value to verify message integrity. The chapter also addresses key management and the use of random numbers in cryptography.

Uploaded by

atiqa ansar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views30 pages

Chapter2 PDF

This chapter discusses cryptographic tools and algorithms. It covers symmetric and asymmetric encryption algorithms for confidentiality, as well as hash functions for message authentication. Symmetric algorithms like DES and AES use a shared secret key for encryption, while asymmetric algorithms like RSA use public/private key pairs. Hash functions produce a fixed-length hash value to verify message integrity. The chapter also addresses key management and the use of random numbers in cryptography.

Uploaded by

atiqa ansar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Chapter 2

Cryptographic Tools
Cryptographic Tools

 Cryptographic algorithms important element in security


services

 Review various types of elements


 Symmetric encryption
 Public-key (asymmetric) encryption
 Digital signatures and key management
 Secure hash functions
Some Basic Terminology
 Plaintext - original message
 Cipher-text - coded message
 Cipher - algorithm for transforming plaintext to cipher-text
 Key - information used in cipher known only to sender/receiver
 Encipher (encrypt) - converting plaintext to cipher-text
 Decipher (decrypt) - recovering cipher-text from plaintext
 Cryptography - study of encryption principles/methods
 Cryptanalysis (codebreaking) - study of principles/ methods of
deciphering cipher-text without knowing key
 Cryptology - field of both cryptography and cryptanalysis
Symmetric Encryption
Requirements

 Two requirements for secure use of symmetric encryption:


 A strong encryption algorithm
 A secret key known only to sender / receiver

 Mathematically have:
Y = ek(x)
X = dk(y)

 Assume encryption algorithm is known

 Implies a secure channel to distribute key


Cryptography
 Characterize cryptographic system by:
 Type of encryption operations used
 Substitution / transposition / product
 Number of keys used
 Single-key or private / two-key or public
 Way in which plaintext is processed
 Block / stream
Attacking Symmetric Encryption
 Cryptanalysis
 Rely on nature of the algorithm
 Plus some knowledge of plaintext characteristics
 Even some sample plaintext-cipher-text pairs
 Exploits characteristics of algorithm to deduce specific
plaintext or key

 Brute-force attack
 Try all possible keys on some cipher-text until get an
intelligible translation into plaintext
Cryptanalytic Attacks
 Cipher-text only
 Only know algorithm & cipher-text, is statistical, know or
can identify plaintext

 Known plaintext
 Know/suspect plaintext & cipher-text

 Chosen plaintext
 Select plaintext and obtain cipher-text

 Chosen cipher-text
 Select cipher-text and obtain plaintext

 Chosen text
 Select plaintext or cipher-text to encrypt/decrypt
Exhaustive Key Search
Symmetric Encryption Algorithms
DES and Triple-DES
 Data encryption standard (DES) is the most widely used
encryption scheme
 Uses 64 bit plaintext block and 56 bit key to produce a 64 bit
cipher-text block
 Concerns about algorithm & use of 56-bit key

 Triple-des
 Repeats basic DES algorithm three times
 Using either two or three unique keys
 Much more secure but also much slower
Advanced Encryption Standard
(AES)

 Needed a better replacement for DES

 NIST called for proposals in 1997


 Efficiency, security, HW/SW suitability, 128, 256, 256 keys

 Symmetric block cipher

 Uses 128 bit data & 128/192/256 bit keys

 Now widely available commercially


Block
verses
Stream
Ciphers
Useful

 The primary advantage of a stream cipher is that stream


ciphers are almost always faster and use far less code than
do block ciphers.

 The advantage of a block cipher is that you can reuse keys.


Message Authentication
 Protects against active attacks

 Verifies received message is authentic


 Contents unaltered
 From authentic source
 Timely and in correct sequence

 Can use conventional encryption


 Only sender & receiver have key needed

 Or separate authentication mechanisms


 Append authentication tag to clear text message
Message Authentication Codes
Secure Hash Functions
Message
Authentication
Hash Function Requirements
 Applied to any size data

 H produces a fixed-length output.

 H(x) is relatively easy to compute for any given x

 One-way property
 Computationally infeasible to find x such that h(x) = h

 Weak collision resistance


 Computationally infeasible to find y ≠ x such that h(y) = h(x)

 Strong collision resistance


 Computationally infeasible to find any pair (x, y) such that h(x) =
h(y)
Hash Functions
 Two attack approaches
 Cryptanalysis
 Exploit logical weakness in algorithm
 Brute-force attack
 Trial many inputs
 Strength proportional to size of hash code (2n/2)

 SHA most widely used hash algorithm


 SHA-1 gives 160-bit hash
 More recent SHA-256, SHA-384, SHA-512 provide improved
size and security
Public Key Encryption
Public Key Authentication

Authentication and/or data integrity


Public Key Requirements
1. Computationally easy to create key pairs
2. Computationally easy for sender knowing public key to
encrypt messages
3. Computationally easy for receiver knowing private key
to decrypt cipher-text
4. Computationally infeasible for opponent to determine
private key from public key
5. Computationally infeasible for opponent to otherwise
recover original message
6. Useful if either key can be used for each role
Public Key Algorithms

 RSA (Rivest, Shamir, Adleman)


 Developed in 1977
 Only widely accepted public-key encryption algorithm
 Given technical advances need 1024+ bit keys

 Diffie-Hellman key exchange algorithm


 Only allows exchange of a secret key

 Digital Signature Standard (DSS)


 Provides only a digital signature function with SHA-1

 Elliptic curve cryptography (ECC)


 New, security like RSA, but with much smaller keys
Public Key
Certificates
Digital
Envelopes
Random Numbers
 Random numbers have a range of uses

 Requirements:

 Randomness
 Based on statistical tests for uniform distribution and
independence

 Unpredictability
 Successive values not related to previous
 Clearly true for truly random numbers
 But more commonly use generator
Pseudorandom verses Random
Numbers
 Often use algorithmic technique to create pseudorandom
numbers
 Which satisfy statistical randomness tests
 But likely to be predictable

 True random number generators use a nondeterministic


source
 E.G. Radiation, gas discharge, leaky capacitors
 Increasingly provided on modern processors
Practical Application:
Encryption of Stored Data
 Common to encrypt transmitted data

 Much less common for stored data


 Which can be copied, backed up, recovered

 Approaches to encrypt stored data:


 Back-end appliance (hardware device close to data storage;
encrypt close to wire speed)
 Library based tape encryption (co-processor board embedded in
tape drive)
 Background laptop/PC data encryption
Summary

 Introduced cryptographic algorithms

 Symmetric encryption algorithms for confidentiality

 Message authentication & hash functions

 Public-key encryption

 Digital signatures and key management

 Random numbers

You might also like