1. IT346 Information System Security
Week 4: Cryptography (Continue)
อ.พงษ์ ศักดิ์
Faculty of Information Technology
ไผ่แดง
Page
2. Cryptography
ก
Cryptography
F F
F graph
Fก
F ก
F F
Cryptography F ก ˂ ก F
ก F 3
ก
‣ Symmetric Key Cryptography
F
F
‣ Asymmetric Key Cryptography
F
F
‣ Hash Function ก
F
Faculty of Information Technology
ก F crypto
Cryptography
Secret Key Cryptography ก
Public Key Cryptography ก
F
Page
3. Symmetric Key Cryptography
F
ก
Cryptography
ก
Plaintext
(Block Cipher)
ก F
‣
1
Symmetric Key
F F ˈ
ก
ก
F
• DES: 1 Data Block = 64 bits
• 3DES: 1 Data Block = 64 bits
• AES: 1 Data Block = 128 bits
(Stream Cipher)
ก F
‣
• RC4
Faculty of Information Technology
Page
4. Stream Ciphers
ก
‣
F
ˈ ก
Key
bit
ก
bit
F ก
(Stream)
F
ˈ
‣ Keystream
ก
keystream
‣ Pseudorandom
F
กก
ก F
ก
กก
Faculty of Information Technology
F
F
F
ก
ก F Keystream
Stream Cipher ˈ pseudorandom
F F
F F
ˈ F F
F
F
Page
5. Stream Ciphers
F bit
bit
F
Keystream
ก
ก ( F ก XOR) ก
random keystream
plaintext ( F
ก
plaintext)
F ก F Keystream
F Key
ก encrypt F
F
plaintext
Ci = Pi XOR StreamKeyi
Faculty of Information Technology
Page
6. Stream Ciphers
F Secret Key
Stream Cipher ก
F Pseudorandom Keystream
F Seed
˂
Key
K
Key
K
KeyStream Generator
(Pseudorandom byte
generator)
Fก
KeyStream Generator
(Pseudorandom byte
generator)
Plaintext
Byte
Stream
P
+
ENCRYPTION
Faculty of Information Technology
Ciphertext
Byte
Stream
C
+
Plaintext
Byte
Stream
P
DECRYPTION
Page
7. One-Time-Pad (OTP)
Stream Cipher F
Vernam Cipher)
ˈ
ก
break F (unbreakable cipher)
ก One-Time-Pad (
F
F F
กF
‣ Keystream
OTP ˈ random number F
F
F F F
ก Secret Key F Pseudorandom number generator
‣ Secret Key
OTP
Keystream F
F F F
F ก plaintext
Fก
F
OTP
F ก
F ˈ
F F
F
ก
Faculty of Information Technology
Page
8. Stream Cipher Properties
F
ก
F Stream Cipher
Fก ก Encryption
F
ˈ
F
ก
กF
ก
ก
‣ Keystream
F
F random F ก
random ก F
F
F
‣ Secret Key
F
˂ ก Brute-force Attack
ก
F ก F 128 bits
‣
F
F F ก F Block Cipher
F ก
Stream Cipher
F
F
F ก Block Cipher F Key
Fก
Faculty of Information Technology
ก
F
F
Page
9. RC4
ก
Ron Rivest
RC4 ˈ Stream Cipher
Security (Security Company)
F Key
F (variable key size) ก
(Byte-oriented Stream Cipher)
ก
random permutation
RC4 ˈ
F
F
F ก กก ก
F
F SSL/TLS
wireless WEP
Faculty of Information Technology
Fก RSA
F
Page
10. RC4 Keystream Generation
RC4 F keystream ก secret internal state
F
F กF
‣
F
FS
ˈ F
‣ Pointer i
ก
F: ก F Permutation (
F
256 bytes
j: Pointer
8 bits
ก
ก
F
2
F
Faculty of Information Technology
F
S
F กF
F Key ( ก
F 40 256 bits) ก ก
F
F FS
F Key Scheduling Algorithm (KSA)
‣
F FS F ก
ก
F key stream
random generation algorithm (PRGA)
‣
2
F)
256
Keystream Generation
F
F
Fก
F pseudo-
Page
11. Key Scheduling Algorithm (KSA)
KSA F ก ก
ก
‣
F
F
Fก F
F
ก 00000001, ... )
F
FS
ก F
ก
กก
Fก
F
F
FS
ก F
ก F byte
F
( F S[0] ก 00000000, S[1]
ก F F Identity Permutation
for i from 0 to 255
S[i] := i
endfor
‣
S
ก 256
F Key
F
ก Permute (
F) F
for i from 0 to 255
j := (j + S[i] + key[i mod keylength]) mod 256
swap S[i] and S[j]
endfor
Faculty of Information Technology
Page
12. Pseudo-Random Generation Algorithm (PRGA)
PRGA F ก
‣
F
byte
Keystream
Faculty of Information Technology
F Keystream
ก
F ก
PRGA
ก
F ก encryption
F keystream ก
Fก
Byte
1
Page
13. Pseudo-Random Generation Algorithm (PRGA)
PRGA ˈ
ก
F
‣
‣
F
•
•
•
•
F pointer i
ก
i
(
j
(
F S[i]
S[j]
F
F Keystream
(S[i] + S[j]) mod 256
Faculty of Information Technology
j F
PRGA
F 0
ก
F
)1
F ก F
) F ก F S[i] F
Fก F
F
F S[i] ก
F ก F
FS
F S[j]
F
i := 0 , j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhile
Page
15. Attack on Cryptography
ก
F F
plaintext
F F
Cryptanalysis ก
Key F ˈ ก break ก encrypt
F F ˈ 3
‣ Ciphertext-only attack ciphertext encrypt
ก
‣ Known-plaintext attack
ก
ก
‣ Chosen-plaintext attack
ก
attacker
F F ciphertext
Faculty of Information Technology
ก key
F plaintext
ciphertext plaintext
F key F
ciphertext plaintext
ก plaintext
˂
Fก plaintext
F ˈ
F key F
ก ˈ
key F
ก key
ก key
F
F
Page
15
17. Asymmetric Key Cryptography
F
key
symmetric key cryptography
ก ก encrypt
decrypt
F
‣
ก
F F
ˆ
‣
‣
‣
ˆ
F
F
F F
F
F
F
F
ก
key กF
F F
F F ก ก F
F
Fก กF
ก ก ก Key
ก ก ก
ก Key
F ˈ
ก
F
F
ก F
F F key
ก F F
ก F
F
ก F
ก
F ciphertext ก F
F
ก
Symmetric Key Encryption F
non-repudiation
Public Key Encryption F key
Asymmetric Encryption
F ก ก encrypt
decrypt F
Faculty of Information Technology
Page
17
18. Asymmetric Key Cryptography
cryptosystem
key 2
F กF
‣ Public Key
FF
‣ Private Key
F ˁ
asymmetric key cryptography
ˈ key
F
ˈ key ก
F F
ก Encryption
ก
F ˈ
F F
F
ˁ
ˁ
ˈ
F
‣ F F F
public key
F
ก
ˈ
F
ก F กF
F
ก encrypt F
F public key
F
F private key
Fก
‣ F decrypt F
‣
ก
encrypt F
F
F
public key ˈ
F
F
F
private key
decrypt F
Faculty of Information Technology
Page
18
20. Asymmetric Encryption
Public-Key Cryptosystem
‣
encrypt F
plaintext ก
ก
E(P, PKreceiver) = C
F ciphertext
decrypt F
P = Plaintext
C = Ciphertext
PK = Public Key
SK = Private Key
E(C, SKreceiver) = P
public key
private key
decryption F F F
‣ ก
ʽ
public key ˈ
private key
Fก F F
Public Key
‣ F
Plaintext
Faculty of Information Technology
Encryption
Ciphertext
F
F
ก encryption
F
Private Key
Decryption
Plaintext
Page
20
21. Public Key Cryptography
Public Key Cryptography
function
‣ One-Way Function
ˆ กF
ก F F
F
F
ก F one-way
ˈ
F
ก ก F
‣ ก
(Multiplication)
•
•
F
F
F
ก ก
F F 12x12
F F
F F 144
F กF ก
144 = 12x12 = 144x1 = 24x6,
F
ก
ก
F
F
(Factorization)
F F 12x12 = 144
กก
ก
ก Logarithms
‣ Exponential
• F
F F 3ก 6
กก
•
F F
F F 729
F ก F ก กก
(x=?, y=?)
Faculty of Information Technology
F
FF
36 =729
ก
logx 729 = y
Page
21
24. ก
ก F
ก
‣
RSA
(prime number) p
ก ก
F Fก
ก
ก
Fก
n = pq
m = (p-1)(q-1)
ก F e 1<e<m
e
m
ˈ
‣
ก
F e
q
F
F
ก
F ก
F ก F ก
F
F
ก (gcd)
ก
ก
F gcd(e, m) ˈ 1
eก m ˈ 1
F
d
ed mod m = 1
Public Key = F (e, n)
Private Key = F (d, n)
Faculty of Information Technology
Page
24
25. ก
RSA Encryption
F ก F F
Key (e, n)
F
‣ Ciphertext
F
M
F
F Public
C = Me mod n
RSA Decryption
ciphertext C
‣ Message
M<n ก
F Private Key (d, n)
F
M = Cd mod n
F
‣ p = 5, q = 7, n = 35, m = 24
‣ e = 5, d = 29
Faculty of Information Technology
Page
25
26. F ก
F
n = 35, e = 5
Plaintext
M
Me
Ciphertext = Me mod n
L
12
248832
17
O
15
759375
15
V
22
5153632
22
E
5
3125
10
Faculty of Information Technology
Page
26
27. F ก
n = 35, d = 29
Cd
Ciphertext
M= Cd mod n
Plaintext
17
48196857210675091509141182522307000
12
L
15
12783403948858939111232757568359400
15
O
22
8.5164331908653770195619449972111e+38
22
V
10
100000000000000000000000000000
5
E
Faculty of Information Technology
Page
27