IT Security Basic - CH.2.0 Cryptography

Submitted by keithyau on Mon, 01/11/2010 - 14:23

Cryptography


Elements of crypto-system
  1. Affordable on making the algorithm public
  2. Easy to change the Key, but difficult on designing a new secure algorithm
  3. The security level must depends on anything that can easily be changed I.E. "KEY"
Encryption = plaintext -> Ciphertext
Decryption = Ciphertext -> plaintext
Brute-force attack = Enumerate over all the possible keys

Types of attacks
  1. Ciphertext only, only use ciphertext to guess the key
  2. Known plaintext, use pairs of
    to guess the key
  3. Chosen plaintext, input something and observe the output => guess what is the seret
Three laws of security
  1. Absolutely secure systems do not exist
  2. To halve your vulnerability, you have to double your expenditure
  3. Cryptography is typically bypassed, not penetrated
What is a good ciphers
  1. Confusion - The relationship between key and ciphertext as complex as possible
  2. Diffusion - spreads the influence of a single plaintext bit over many ciphertext bits
  3. Avalanche Effect - Minor change to the plaintext or the key cause significant changes to the ciphertext
Classic Cipher
  1. Caesar Cipher - Use a list to store the key E.g. [A=k, B=H, C=U....] * Use Frequency Analysis to crack
  2. Rail-Fence - Re-arrange the order of the words












Secret-key [symmetric key] system
  1. Use the same key on both encryption & decryption
  2. Block Cipher, Process the message block by block, * Key can be reused
  3. Stream Cipher, Process the message bit by bit, * Never reuse the key













DES: The Data Encryption Standard

  1. The same hardware can be used for both encryption and decryption
  2. The most widely used encryption standard in the world
  3. In common use for over 20 years
  4. How secure is DES?
  5. Key length reference













3DES
  1. Increase the effective key-length of DES by doing multiple DES
  2. 3DES = do DES rounds for 3 times
  3. Why not 2 times? "Meet-in-the-middle attack", can reduce >50% of effect of DES
AES
  1. Expected to replace DES & 3DES as the standard encryption world wide
  2. Fex complex rounds verse many simple rounds
  3. 4 transformations - substitutes Bytes, shift row, Mix column, Add round key
What can we do if there is some lost during ciphertext transmission?
  1. Use Cipher Block Chaining mode (CBC)
  2. Use the last encrypted block as "Message Authentication Code" (MAC)

  3. The receiver, who knows the key in advance, can then encrypt the plaintext upon its arrival using CBC mode. If the message has been tampered with during transmission, the MAC won't match !

Some other verification mode
  1. CBC
  2. CFB - Cipher feedback mode
  3. OFB - output feedback mode
  4. CTR - Counter mode
Key distribution
  1. Since Key can be cracked at a given time, so it have to change frequently
  2. Get new key from KDC - Key Distribution Center
Two types of Encryption
  1. Link Encryption - Secure the whole path between transmission
  2. End-to-End encryption - Data is encrypted and then transmit as a whole


1206, No. 1388 New Jinqiao Road, Jinqiao district, Shanghai, China
General Enquiry: info@yubis.net
Website: http://www.yubis.net