Cryptography

• homework
• motivation: threats against
  • computers
  • users
  • documents
• cryptography:
  • letter substitution
  • one-time pad
  • secret-key cryptosystems
  • public-key cryptosystems
  • hashing

Homework

• Due Monday, Nov 23
• 3-14
• 6-14

Motivation: threats against computers

• physical attack: lock doors
• infection: virus scan
• intrusion:
  • guessing passwords
  • getting password file
  • getting access from an authorized machine
  • debugging trapdoor in supervisor program
  • programming mistakes
• intrusion solution: passwords
• intrusion solution: firewalls:
  • packet-level firewall
  • application-level firewall

Motivation: threats against users

• stolen identity: watermarking, digital signatures, encrypted passwords
• privacy: encryption, relays
• connection stealing (fig 8.1)
• name server/directory attack
• denial of service attacks

Motivation: threats against documents

• integrity violation: message authentication code, message hash
• confidentiality violation: encryption

Cryptography: principles

• Alice wants to send to Bob the plaintext P
• Alice has encoding function E
• Bob has decoding function D
• E and D are inverses, that is, D o E = 1
• C = E(P) is the cyphertext
• in general, E(K, P) is a function of the plaintext and a (secret?) key K
• in general, D(K', C), with K = K' a special case
• as long as K' is secret, could publish D, E, K

Cryptography: attacks

• we expect eavesdropper to have access to C
• eavesdropper may have access to C' = E(P') for some P' known to the eavesdropper (known plaintext attack)
• eavesdropper may have access to C" = E(P") for some P" chosen by the eavesdropper (chosen plaintext attack)

Cryptography: letter substitution

• E(P) is a fixed permutation of the letters of the alphabet
• D(P) is the inverse permutation
• problem: if language of P is known, letter frequency can be used to guess D(P)
• algorithm is permutation
• secret key is "which permutation is used"

Cryptography: One-Time Pad

• mathematically unbreakable code
• challenging key distribution: size(K) = size(P)
• produce a key K with each bit random with equal probability of being one or zero
• distribute K to both Alice and Bob
• Alice: C = P \otimes K (with \otimes the bit-wise XOR function)
• Bob: P = C \otimes K
• bits of C are as random as bits of K, even if bits of P are not random

Secret-Key Cryptography

• K = K', so for security, cannot publish K
• challenging key distribution, especially between entities meeting with no mutually trusted third party, e.g. web transactions
• small key sizes (40 bits or less) very vulnerable to exhaustive search
• large key sizes (128 bits or more) may be sufficient to ward off government-level attack for many decades

Public-Key Cryptography

• K != K', so can publish K widely
• untrusted party can send secure message E(K,P) which only Bob can decode with D(K', C)
• public-key algorithms are slower than private-key algorithms
• Secure Socket Layer: use public-key algorithm to exchange private key, use secret-key algorithm to exchange data

Cryptographic Hashes

• M = H(P) is a message digest, H is a hash function (H(K, P) requires a secret key K to compute)
• given only M, hard to find P such that M = H(P) -- hard to pseudo-invert
• given P and H(P), hard to find P' such that H(P') = H(P)
• hard to create two plaintexts P != P' with the same hash
• given a secret string K, hard to find a plaintext P' given a plaintext P such that H(KP) = H(KP')