30 Sept Cryptography

Information about 30 Sept Cryptography

Published on January 5, 2008

Author: Eagle

Source: authorstream.com

Content

INLS 187:  INLS 187 September 30, 2004 Cryptography Cryptography:  Cryptography Greek kryptós (hidden) and gráphien (to write) The study of ways to hide or obscure information, making it unreadable without secret knowledge An interdisciplinary subject Before computers, linguistics dominated the crypto field. Today, it is mathematics, number theory, statistics, computational complexity, and finite mathematics. Engineering is also a majore contributor. Cipher or Cypher?:  Cipher or Cypher? A cryptographic algorithm is called a cipher, which is the mathematical function used for encryption and decryption. A (secret) "code" is also often used synonymously with "cipher“ The term has a specialised technical meaning: codes are a method for classical cryptography, substituting larger units of text, typically words or phrases (e.g., "apple pie" replaces "attack at dawn"). In contrast, classical ciphers usually substitute or rearrange individual letters (e.g., "attack at dawn" becomes "buubdl bu ebxo" by substitution.). The secret information in a code is specified in a codebook. "Cipher" is alternatively spelt "cypher"; similarly "ciphertext" and "cyphertext", and so forth. Both spellings have long histories in English, and there is occasional tension between their adherents. Eras:  Eras Two distinct eras of cryptography: Pre-computer “classical” Post-computer “modern” Classic Era:  Classic Era Long and colorful history Secret writing—types of shorthand or letter substitution (Crypto-Gram in newspaper) Early mechanical devices—rotor machines, Enigma (used by the Germans in WWII) One-time pads—also used extensively in WWII era Photo of Enigma machine:  Photo of Enigma machine Modern Era:  Modern Era Digital computers heralded the modern era Operates on binary strings, not alphabets Extensive academic research Became more “open” in the 1970s when DES and RSA were published Has been a mainstream technology ever since Users of cryptography:  Users of cryptography Formerly the realm of spies, military leaders and diplomats Has become much more widespread as technology has democratized secrecy Still a ways to go before it is common—technological and political hurdles to get over Associated fields:  Associated fields Cryptanalysis – code breaking Cryptology – overall name for both cryptography & cryptanalysis Steganography – study of information hiding & watermarking Terminology:  Terminology Sender Receiver Cipher Encryption (encipher, if using ISO 7498-2 terminology) Decryption (decipher, as above—”crypt” refers to dead bodies) Plaintext Ciphertext Authentication Symmetric key cryptography Public key (asymmetric) cryptography One-time pads Strength Snake Oil Quantum cryptography Moore’s Law Encryption and Decryption:  Encryption and Decryption Plaintext Encryption Decryption ciphertext Original Plaintext Sender Receiver Notation:  Notation Sorry, I have to do this… E(M) = C (encrypting message = ciphertext) D(C) = M (decrypting ciphertext = message) D(E(M)) = M (just shorthand) Encryption and decryption using a Key:  Encryption and decryption using a Key Plaintext Encryption Decryption ciphertext Original Plaintext Sender Receiver Key Key New notation:  New notation EK(M) = C DK(C) = M So DK EK(M) = M (symmetric) Sometimes, two keys are used (public key) EK1(M) = C DK2(C) = M Thus, DK2 EK1(M) = M Cryptanalysis:  Cryptanalysis Keeping the plaintext secret is the whole point of cryptography Those who wish to reveal the plaintext: Adversaries, attackers, interceptors, interlopers, intruders, opponents, “the enemy” Cryptanalysis is the science of recovering a plaintext without knowing the key (but an attack could recover the key or the plaintext) Cryptanalysis:  Cryptanalysis Four types of cryptanalytic attacks: Ciphertext-only—have access only to ciphertext of several messages Known-plaintext (brute force)—cryptanalyst has access to ciphertext and plaintext of several messages (get someone to encrypt a message for you) Chosen-plaintext attack—cryptanalyst can select a message, know it, and see the ciphertext Adaptive-chosen-plaintext attack—ability to modify #3 based on results of previous efforts. More Cryptanalysis:  More Cryptanalysis Chosen-ciphertext attack – ability to choose different ciphertexts to be decrypted with access to decrypted plaintext. Imagine a tamper-proof box that does automatic decryption and having to deduce the key. Chose-key attack—cryptanalyst has some knowledge about the relationship(s) between different keys. Very obscure, but can be used against flawed ciphers. Rubber-hose attack—threats, blackmail, or torture used to obtain a key. Bribery is a “purchase-key” attack. Very low-tech and highly successful. Protocols:  Protocols Protocols solve real-world problems Key distribution/exchange is a major issue—public key protocols have resolved this Digital signatures Multiple key public cryptography Secret sharing Zero-knowledge proofs Blind signatures Simultaneous signing Simultaneous exchange of secrets Secure voting Digital cash Algorithms:  Algorithms XOR (exclusive or logical operation) DES (old DoD standard) RSA (Rivest, Shamir, Adleman) Diffie-Helman Pohlig-Helman Rabin ElGamal AES (new Dod standard) Rijandael (promising newcomer) LOKI IDEA One-way hashes One-Way functions:  One-Way functions Central to public-key cryptography Easy to compute, harder to reverse, given x, easy to do f(x), but with f(x) you can’t get back to x Breaking a plate is a good example of a one-way function No mathematical evidence they exist or can be constructed We have many that no one has been able to reverse though Not useful by themselves—no way to decrypt Solve problems for us—digital signatures, MD5 hashes, and fingerprints Key Length:  Key Length Security = strength of algorithm + length of key Key of 8 bits has 28 or 256 possible combinations. Trivial to break even without a computer (50% chance of finding the key after 128 tries) Every bit you add doubles the number of possible combinations. Key Length Cont.:  Key Length Cont. Assuming a key of 56 bits, there are 256 possible combinations. If a supercomputer can try 1,000,000 keys a second, it would take 2285 years to find the correct key. A 64-bit key would take 585,000 years. 128 bits requires 1025 years. The universe is somewhere around 1010 years old. Cluster and grid computers are much faster than 1M keys/s these days So how did DES get beat?:  So how did DES get beat? The previous examples assumed a perfect algorithm. We have nothing close to that. DES had algorithmic weaknesses that allowed for a more systematic approach than brute force. The security of a cryptosystem should rest in the key, not in the secrecy of the algorithm. Perfect-looking cryptosystems are often extremely weak. Strong cryptosystems with a few minor changes can become weak. Be wary of new algorithms, and walk away from secret ones. Brute force DES machine cost $1M in 1993, can be done with a Beowulf cluster for much less than that now. How long should my key be?:  How long should my key be? No single answer, sorry How long does the data need to be secure? A few seconds? A few years? Forever? Many considerations—time it takes to perform the encryption/decryption operations is #2 consideration Key Length Guidelines:  Key Length Guidelines Last key length slide:  Last key length slide It’s hard to predict future computing power Current hardware performs fast enough to allow much longer key lengths—the examples we did on the listserv had 1792 bit keys, some werer 1028, 2048, etc. If the algorithm is strong, then these key lengths should provide good security Choosing Algorithms:  Choosing Algorithms Depends on the application Encrypting streams of data in real-time has different requirements than encryption files on your local computer Time Key length Machine overhead Will it be exported? Laws become a factor, if so NSA has huge resources—who are you trying to secure against? Choosing algorithms:  Choosing algorithms Which is better, symmetric key crypto or public key crypto? Kind of a dumb question—each was created to solve different kinds of problems Symmetric—best for data on your hard drive Public—good for messages Prime Numbers:  Prime Numbers We always hear about prime numbers when talking about crypto A prime is an integer greater than 1 whose only factors are 1 and itself Examples: 73, 2521, 2365347734339, 2756839 – 1 What role do large primes play? Primes help generate strong keys Key Management:  Key Management PKI—Public key infrastructure Keyservers What if someone gets a hold of your private key? Well, that’s why you have a passphrase to protect it! Symmetric keys must be passed face to face or use a trusted courier Man-in-the-middle attacks Authentication:  Authentication I will cover this in another class when I talk about Identification Systems Quantum cryptography:  Quantum cryptography Fiber optic communications channels make it possible to create sound channels that cannot be intercepted Quantum mechanical principles will alert recipient that the channel has been compromised Quantum computers:  Quantum computers A whole different issue than quantum cryptography Relies on Einstein’s wave-particle duality—a photon can exist in a number of states Measuring a photon causes it to behave like a particle If quantum computers can be built, they will be able to brute force keys at astounding rates because they can try many combinations simultaneously It is entirely possible that cryptography as a field will not survive quantum computers Regulation:  Regulation US heavily regulates exportation of cryptographic systems, software, and algorithms—considered a “munition” Everyone has it anyways Illegal in many countries—France prohibits use of crypto (people still use it) Steganography Example:  Steganography Example Demo Easy to see differences when using a hex editor to look at the files Steganography is not just limited to images—could use any kind of file such as an MP3, would sound like noise Also—secret inks, tiny pin punctures, micro-dots, differences in handwritten words,number of words in paragraphs, errant marks on documents, grilles covering the message except for a few characters Neal Stephenson on crypto:  Neal Stephenson on crypto At the 10th Computers, Freedom and Privacy Conference Without a sociopolitical context, cryptography is not going to protect you. He singled out PGP for criticism, saying that relying on the encryption scheme is like trying to protect your house with a fence consisting of a single, very tall picket. A slide showed the lone picket rising into the sky, a bird considering it with bulging eyes. Zimmerman’s response:  Zimmerman’s response After Stephenson’s speech, Zimmermann put up his hand, and Stephenson called on him. It's clear Zimmermann had "gotten" the speech. He didn’t go so far as to endorse anything like "social structures," communities of trust, neighborhoods of understanding. Zimmermann had been staunchly against laws, rules, regulations: anything that could be considered a form of social coercion. But he admits that perhaps code is not enough. A few more ideas:  A few more ideas The conference went completely off the rails after that. Whitfield Diffie said: "Crypto was a security technique that didn't require trusting anyone else. Now it turns out you have to trust other people." He was younger, he seems to say, he had ideas, he was wrong. "I had a very mathematical and very inapplicable idea about authentication." More ideas:  More ideas My personal take is that the conference was invaded by leftists—it became a huge hate-fest against corporations, which was in vogue at the time. One need only look to EU regulations to see that they have utterly failed to protect individuals.

Related presentations


Other presentations created by Eagle

Practice of International Trade
03. 09. 2007
0 views

Practice of International Trade

final thesis presentation
29. 10. 2007
0 views

final thesis presentation

Nature ppt
03. 09. 2007
0 views

Nature ppt

Bridge Construction for class
30. 12. 2007
0 views

Bridge Construction for class

CIO 01
01. 01. 2008
0 views

CIO 01

Poster3 XB
14. 09. 2007
0 views

Poster3 XB

CREATION EVOLUTION
14. 09. 2007
0 views

CREATION EVOLUTION

SUSA502
03. 09. 2007
0 views

SUSA502

cocotutor
10. 10. 2007
0 views

cocotutor

ch11
16. 11. 2007
0 views

ch11

CEM Agro Eng
23. 11. 2007
0 views

CEM Agro Eng

kompella hotnets slides
28. 09. 2007
0 views

kompella hotnets slides

desanker
03. 09. 2007
0 views

desanker

S4 Lavigne
03. 09. 2007
0 views

S4 Lavigne

ECOMM Yalta 2004
04. 10. 2007
0 views

ECOMM Yalta 2004

Stan Abram
12. 10. 2007
0 views

Stan Abram

systheory ecopersp
19. 02. 2008
0 views

systheory ecopersp

crime 1
24. 02. 2008
0 views

crime 1

PierPaoloPasolini
24. 02. 2008
0 views

PierPaoloPasolini

RailShipments
28. 02. 2008
0 views

RailShipments

future truck
29. 02. 2008
0 views

future truck

9 13 07
27. 11. 2007
0 views

9 13 07

goodpracticehei pl
18. 03. 2008
0 views

goodpracticehei pl

eCp 2007 WP GI Prague
21. 03. 2008
0 views

eCp 2007 WP GI Prague

Alien Land Laws and Internment
26. 03. 2008
0 views

Alien Land Laws and Internment

20080311104620774
27. 03. 2008
0 views

20080311104620774

02 EnergyCirculation
07. 04. 2008
0 views

02 EnergyCirculation

Cuando El Viento Sopla 2115
21. 06. 2007
0 views

Cuando El Viento Sopla 2115

Cosas de Gatos 1850
21. 06. 2007
0 views

Cosas de Gatos 1850

Casas Diferentes 1966
21. 06. 2007
0 views

Casas Diferentes 1966

Carta de Navidad 1875
21. 06. 2007
0 views

Carta de Navidad 1875

Carta a los Reyes Magos 1870
21. 06. 2007
0 views

Carta a los Reyes Magos 1870

Barbies 2108
21. 06. 2007
0 views

Barbies 2108

A las puertas de la Navidad 1873
21. 06. 2007
0 views

A las puertas de la Navidad 1873

Amiga 1969
21. 06. 2007
0 views

Amiga 1969

Acertijo 2090
21. 06. 2007
0 views

Acertijo 2090

cb
07. 10. 2007
0 views

cb

emotion 07
20. 02. 2008
0 views

emotion 07

custintermang
28. 03. 2008
0 views

custintermang

CLSAInvestorMeetNov2 006
30. 03. 2008
0 views

CLSAInvestorMeetNov2 006

Piesman
24. 11. 2007
0 views

Piesman

Keynes Fiscal
09. 04. 2008
0 views

Keynes Fiscal

Utah0303
10. 04. 2008
0 views

Utah0303

williams
13. 04. 2008
0 views

williams

trendswrshprevised2
14. 04. 2008
0 views

trendswrshprevised2

LaTeX 5
14. 09. 2007
0 views

LaTeX 5

Oral Health Kindergarten
14. 09. 2007
0 views

Oral Health Kindergarten

MakingDx SN
04. 01. 2008
0 views

MakingDx SN

gfish2002
14. 09. 2007
0 views

gfish2002

Binaries3
28. 11. 2007
0 views

Binaries3

All Presenters
19. 06. 2007
0 views

All Presenters

wri idb draft2
19. 06. 2007
0 views

wri idb draft2

4Design methodology
29. 12. 2007
0 views

4Design methodology

Arriba el animo 2033
21. 06. 2007
0 views

Arriba el animo 2033

tronning
09. 10. 2007
0 views

tronning

Bahrain 2107
21. 06. 2007
0 views

Bahrain 2107

A Veces 1928
21. 06. 2007
0 views

A Veces 1928

Conejos a 50 pesos 2114
21. 06. 2007
0 views

Conejos a 50 pesos 2114

Blanca Navidad 1874
21. 06. 2007
0 views

Blanca Navidad 1874

Esther
14. 09. 2007
0 views

Esther

Acuarelas 1930
21. 06. 2007
0 views

Acuarelas 1930

Adan y Eva 1968
21. 06. 2007
0 views

Adan y Eva 1968

CTS
03. 09. 2007
0 views

CTS

TriTops
02. 01. 2008
0 views

TriTops

Ciudad de Mexico 1973
21. 06. 2007
0 views

Ciudad de Mexico 1973

El Negro Huerta 2038
21. 06. 2007
0 views

El Negro Huerta 2038

Abrazo 1929
21. 06. 2007
0 views

Abrazo 1929

Concurso de coches 2113
21. 06. 2007
0 views

Concurso de coches 2113

07 VC ChromakeyTemplate
11. 10. 2007
0 views

07 VC ChromakeyTemplate

Turkey map
26. 11. 2007
0 views

Turkey map

riverfront training
28. 12. 2007
0 views

riverfront training

canned searches
03. 10. 2007
0 views

canned searches

Christian Bale 1781
21. 06. 2007
0 views

Christian Bale 1781

revitalizing iuds
03. 09. 2007
0 views

revitalizing iuds

revitalizing iuds condensed
03. 09. 2007
0 views

revitalizing iuds condensed

LOC Feb99
14. 09. 2007
0 views

LOC Feb99

EAS306
21. 11. 2007
0 views

EAS306

bertwashington
19. 06. 2007
0 views

bertwashington

HomelandSecurityPanel
04. 03. 2008
0 views

HomelandSecurityPanel

Casa de botellas 2044
21. 06. 2007
0 views

Casa de botellas 2044