4. Introduction
Cryptography
Securing information in a form only readable by end parties
Cryptography Primitives (building blocks of cryptographic protocols)
Encryption
• Involves the conversion of plain text to cipher text
Decryption
• Involves the conversion of cipher text to plain text
Signature Generation
• Involves producing a special string that can be tied to a user
Signature Verification
• Involves verifying who the user is from the message
Key Negotiation and Exchange
• Involves negotiation and exchange of keys between the various parties involved
Steganography
Hiding information in other files
Ex: pictures, audio, video, executable files
5. Types
Symmetric Cryptography
One key for both encryption and decryption
Asymmetric Cryptography (Public Key Cryptography)
Two keys : One for encryption, other for decryption
6. Symmetric Cryptography
Advantages
Small Key Size
• Size ∞ Computational Power
Disadvantages
Key Management and transfer/sharing
• Number of keys required = n(n-1)/2, where n is the number of
parties involved.
• If there are 5 parties, then number of keys = 10
• If there are 10 parties, then number of keys = 45
• If there are 100 parties, then number of keys = 4950
Provides
Confidentiality, Integrity, Origin Authentication
[based on the Mode used]
7. Symmetric Crypto - Types
Block Ciphers
Divides the text into blocks and acts on each of them
Stream Ciphers
Acts on each bit of the text
11. Block Cipher Modes (2)
CMAC (Cipher based MAC)
Integrity + Authentication
CCM (Counter with CBC-MAC)
Integrity + Authentication
GCM (Galois/Counter Mode)
Integrity + Authentication
Above modes also provide other security services in addition to confidentiality.
12. Block Cipher Modes (3)
Properties:
Provide Confidentiality
Fast Data Storage and Retrieval
Efficient Use of Disk Space
CBC (Cipher Block Chaining)
LRW (Liskov, Rivest and Wagner)
XEX (Xor Encrypt Xor)
XTS (XEX-based Tweaked Codebook Mode)
CMC (CBC Mask CBC)
EME (ECB Mask ECB)
Above modes primarily used in Full Disk Encryption.
13. Stream Ciphers
Uses key streams
Acts on bits of text
Most Hardware Implementations use these
Less complex than block ciphers
NOTE: Block Ciphers can also be used as Stream Ciphers.
14. Stream Cipher Types
Synchronous
These generate random sequence of bits independent of the plain text
and cipher text.
Ex: RC4, HC-128
Asynchronous
These generate key streams based on a set of former cipher text bits.
Ex: CTAK, CFB Mode Block Ciphers
16. Asymmetric Crypto Terms
Trapdoor Functions
Mathematical functions that are easy to apply in one direction,
but extremely difficult in the reverse.
17. Asymmetric Ciphers
DH (DHM)
Based on discrete logarithms
No Authentication
• Digital Signature Required
RSA
Based on factorisation of large numbers
Example Key Sizes: 512bits, 1024bits, 2048bits
Other Ciphers/Algorithms
El Gamal – Based on DH
Cramer-Shoup – Based on El Gamal
Knapsack
18. Elliptical Curve Cryptography
Mathematical equations that use Elliptical Curves
Advantages:
Small Key Size (Size ∞ Computational Power)
256 bit ECC key ≈ 3072 bit RSA/DH key; 384 bit ECC key ≈ 7680 bit RSA/DH key
Algorithms
Digital Signatures
ECDSA: Elliptic Curve Digital Signature Algorithm
ECPVS: Elliptic Curve Pintsov Vanstone Signatures
ECNR: Elliptic Curve Nyberg Rueppel
Key Agreement
ECMQV: Elliptic Curve Menezes-Qu-Vanstone
ECDH: Elliptic Curve Diffie-Hellman
Encryption
ECIES: Elliptic Curve Integrated Encryption Standard
19. Hash Functions
Provides condensed representation of a given text or message
(Message Digest)
Provides
Integrity, Origin Authentication
Collision
Situation when two different texts have the same hash
Examples
MD5 – 128bits – Insecure – Collisions Possible
SHA1 – 160 bits –
263 Hash Operations for identifying a collision instead of 280 operations
RIPEMD-160 – 160 bits – Secure (no collisions identified yet)
SHA256 – 256 bits – Secure
20. Merkle Damgard Technique
A method to build collision resistant hash functions
Used by common hash functions like MD5, SHA1 and SHA256
21. Block Ciphers - MAC
Block Ciphers can also be used as hash functions
MDC-2 – 128 bits
Whirlpool – 512 bits
Used in Message Authentication Code (MAC)
Adds a secret key to message during input
• Provides Origin Authentication
Provides Integrity
Popular Implementation: CBC-MAC
22. Hash Functions - MAC
Hash Algorithms can also be used to produce MAC
Two Types
MDx-MAC Scheme
Uses modified hash functions
SHA1, RIPEMD-160 can be used
HMAC
Unmodified hash functions
Secret key added to message
Used in IPSec, NAS, Mobiles
Ref: RFC2104, FIPS PUB 180, ISO 9797-2
24. Digital Signatures (2)
Software Components
Cryptographic Hash Function
Key Generation Algorithm
Signing Algorithm
Verification Algorithm
Implemented using
Public Cryptosystems: ECC, DSA, RSA, El Gamal
DSA – Digital Signature Algorithm
Used in Digital Signature Standard
Ref: FIPS PUB 186, ISO 9696 and ISO 14888
25. Digital Envelope
Provides
Confidentiality in addition to Integrity, Origin Authentication and Non-
Repudiation
Two possible ways:
Encrypt the message and the digital signature with the recipient's public key
Encrypt the message with a secret key, then encrypt the secret key and the
digital signature with recipient’s public key
26. Further Presentations ….
PKI 101 PKI 201 Crypto Attacks 101
Basics of PKI
infrastructure
and
Key
Management.
Advanced PKI stuff,
which includes
various PKI
models, CRL types
and auditing PKI
infrastructure.
Discussion on
various attacks.