Modern Cryptography Code: ICE0605 Credit/Hour : 3/3 Prof : Kwangjo Kim (Tel. x6118), [email protected],...
-
Upload
blake-thomas -
Category
Documents
-
view
222 -
download
0
Transcript of Modern Cryptography Code: ICE0605 Credit/Hour : 3/3 Prof : Kwangjo Kim (Tel. x6118), [email protected],...
Modern CryptographyModern Cryptography
Code: ICE0605 Credit/Hour : 3/3 Prof : Kwangjo Kim (Tel. x6118),
[email protected], http://vega.icu.ac.kr/~kkj
TA :Hyunrok Lee ([email protected]) Hour : Mon./Wed.19:00-20:15 Web page :
http://caislab.icu.ac.kr/Lecture/data/2008/spring/ice605
1
Syllabus Syllabus
1. Course Description As an introductory course to cryptography and information security, this
lecture introduces the security notions and basic building blocks of modern cryptography. We discuss two typical cryptosystems- symmetric cryptosystems that include block ciphers (DES and AES) and stream ciphers, and public key (asymmetric) cryptosystems like RSA, ElGamal, Elliptic Curve Cryptosystem, etc. The hash function, digital signature, key management and identification scheme including zero knowledge proof are also discussed. No prerequisites are required.
2. Textbook - Main Textbook : Douglas R. Stinson, Cryptography-Theory and Practice, 3rd Ed. CRC Press, 2006, ISBN 1-58488-508-4 - Recommended Reading Material : Menezes et al, Handbook of Applied
Cryptography, CRC Press, 1997, ISBN 0-8493-8523-7
- Handouts
3. Test and Evaluation - Midterm Exam: 20%, Final Exam:25% - Homework: 15% , Quiz:10%, Term Project : 25% , Attendance 5%
2
Weekly LectureWeekly LectureWk Contents Cmt Wk Contents Cmt
1 Introduction/Conventional Cipher
9 Public Key Cryptosystem (II) Hw#3
2 Block Cipher (I) Hw#1 10 Digital Signature (I) Qz#3
3 Block Cipher (II) Qz#1 11 Digital Signature (II) Hw#4
4 Cryptanalysis Hw#2 12 Identification Qz#4
5 Stream Cipher Qz#2 13 ZKIP/Key Management Hw#5
6 Hash Functions/ MAC TR#1 14 TP Presentation TR#2
7 Midterm Exam 15 Final Exam
8 Public Key Cryptosystem (I)
3
4
Related Subject
• Mathematics - Number Theory - Algebra : Group, Ring & Field Theory - Elliptic curves• Probability/ Statistics• Information Theory / Coding Theory• Computational Complexity - algorithm, Turing machine - NP-completeness• Quantum Computing, etc
5
Who is interested in cryptology ?
• Government• Diplomatic• Military• Finance• Police
• Industrial• Academic• Standard • Electronic Commerce• Service Provider• DRM/ Digital Watermark• Ubiquitous Security• Rule and Regulations• etc.
Traditional
Emerging Applications
Security anywhere
6
Worldwide Academic Research
• USA - IACR (International Association for Cryptologic Research) http://www.iacr.org/ : Crypto(‘81-), Eurocrypt(’82-), Asiacrypt(’91-), FSE, PKC, CHES - IEEE(Symposium on Privacy and Security) - ACM-CCS (Comp. & Comm. Security) - PKI Workshop(’01-), etc.
• Europe - ESORICS(European Symposium on Research in Computer Security) - EuroPKI(’04-), etc.
• Asia - Australia : Auscrypt(‘90-’92), ACISP (‘95-) - Japan : SCIS(‘84-), CSS(’02-), IWSEC(’06-) , Pairing(’07-) - Korea : KIISC (Korea Institute of Information Security and Cryptology) (’89-) http://www.kiisc.or.kr/, ICISC(‘97-), IWDW(’02-), WISA(’0-), IWAP(’00-) - China : ICICS(‘00-),ACNS(’02-) - Malaysia : Mycrypt(’05-) - India : Indocrypt (’99-), -Vietnam: Vietcrypt(’06-)
History of AsiacryptHistory of Asiacrypt
1900BC : Non-standard hieroglyphics1500BC : Mesopotamian pottery glazes 50BC : Caesar cipher1518 : Trithemius’ cipher book1558 : Keys invented1583 : Vigenere’s book1790 : Jefferson wheel1854 : Playfair cipher1857 : Beaufort’s cipher1917 : Friedman’s Riverbank Labs1917 : Vernam one-time pads
7
Term Projects(Term Projects(ExEx.).)
Cryptographic application of your majoring fieldDesign and/or Cryptanalysis of Block Cipher or
Stream cipherDesign and/or Cryptanalysis of Public Key
CryptographyDesign of cryptographic protocols for key
management or authentication, etc.New applications of cryptographic protocols for
secure e-voting, secure WSN, etcEfficient Implementation of cryptographic library in
RFID etc.
8
Why are you taking this Why are you taking this course?course?
What do you expect What do you expect after this course?after this course?
10
Questions
Basic Concepts(I)Basic Concepts(I)
Cryptology = Crypto(Hidden) + Logos (word) = Cryptography + Cryptanalysis = Code Writing + Code BreakingEncryption(Decryption),Key,Plaintext,Ciphertext,
Deciphertext
11
E() D()
Key
Adversary
Ke Kd
C
C=E(P,Ke) P=D(C,Kd)
Insecure channel
Secure channel
P D
Basic Concepts(II)Basic Concepts(II)
Channel ◦ Secure : trust, registered mail, tamper-proof device◦ Insecure : open, public channel
Entity ◦ Sender (Alice)◦ Receiver (Bob)◦ Adversary (Charlie)
Passive attack : wiretapping ->PrivacyActive attack : modification,impersonation -> Authentication
12
Basic Concepts(III)Basic Concepts(III)
Classification of crypto algorithms◦by date
Traditional( ~19C): CaesarMechanical(WW I, II ): Rotor Machine, PurpleModern(‘50~): DES, IDEA, AES and RSA, ECC
◦by number of keysConventional: {1,single,common} key,
symmetric Public key cryptosystem: {2,dual} keys,
asymmetric◦by size of plaintext
Block CipherStream Cipher
13
14
Security Requirements - Privacy
Attacker (Eavesdropper)
※ Pictures are taken from the CryptMail User's Guide, Copyright (C) 1994 Utimaco Belgium,
Eavesdropping
A B
C
“Keeping information secret from
all but those who are authorized to it.”
15
Security Requirements - Authentication
Impersonation
A B
C
Entity authentication (or identification) :
Corroboration of the identity of an entity
(e.g., a person, a computer terminal, etc) Message authentication :
Corroboration the source of information
also known as data origin authentication
= data integrity
16
Security Requirements - Integrity
“ Ensuring information has not been altered by unauthorized or unknown means.”
Modification
A B
C
17
Security Requirements - Non-repudiation
Repudiation
A B
I sent this
message to you No, I didn’t
receive it.
“Preventing the denial of previous
commitment or actions.”
Basic SecurityBasic Security RequirementsRequirements
Privacy (or confidentiality) : keeping information secret from all but those who are authorized to it.
Data integrity : ensuring information has not been altered by unauthorized or unknown means
AuthenticationEntity authentication (or identification) : corroboration of the identity of
an entity (e.g., a person, a computer terminal, etc) Message authentication: corroboration the source of information ; also
known as data origin authentication Signature: a means to bind information to an entity Access control: restricting access to resources to privileged
entities. Non-repudiation: preventing the denial of previous commitment or
actions.
18
Advanced Security Advanced Security RequirementsRequirements
Authorization: conveyance, to another entity, of official sanction to do or be something.
Validation: a means to provide timeliness of authorization to use or manipulate information or services
Certification: endorsement of information by a trusted entity Revocation: retraction of certification or authorization Time stamping: recording the time of creation or existence of
information Witnessing : verifying the creation or existence of information by an
entity other than the creator Receipt: acknowledgement that information has been received Ownership: a means to provide an entity with the legal right to use
or transfer a resource to others Anonymity: concealing the identity of an entity involved in some
process
19
A taxonomy of cryptographic primitivesA taxonomy of cryptographic primitives
20
Unkeyed
Primitives
Symmetric-key
Primitives
Public-key
Primitives
arbitrary length hash functions
1-way permutations
RNG, PUF
symmetric-key ciphers
arbitrary length (keyed) hash functions(MAC)
Identification primitives
Identification primitives
signatures
public-key ciphers
Security
Primitives
block ciphers
stream ciphers
signatures
RNG(Random Number Generator), PUF(Physically Unclonable Function)
Attacking Model(I)Attacking Model(I)
By available information to attacker ◦COA (Ciphertext Only Attack)◦KPA (Known Plaintext Attack)◦CPA (Chosen Plaintext Attack)◦CCA (Chosen Ciphertext Attack) •Kerckhoff’s principle: knows the cryptosystem being used
22
23
Attacking Model (II)
• Exhaustive Key Search : Time = O(n), Space=O(1)
• (Pre-computed) Table Lookup : Time=O(1), Space= O(n),
• Time-Memory Tradeoff : Time =O(n2/3) , Space =O(n2/3)
Classification of SecurityClassification of Security
Unconditionally secure : unlimited power of adversary, perfect (ex. : one-time pad)
Provably secure : under the assumption of well-known hard mathematical problem
Computationally secure : amount of computational effort by the best known methods (Practical Secure)
24
Brief History of Modern Brief History of Modern CryptologyCryptology
25
1949
Shannon, The Communication Theory of Secrecy Systems
1975
Diffie and Hellman
1978
RSA
1977
DES
2001
AES – FIPS 197SHA-2IBE from Pairing
2004
ID based PKC w/o Random Oracle
2003
Certificateless PKC
1996
DifferentialFaultAnalysis
1985/1987
ECC
1994
OAEP
1993
Random Oracle Model
1988
Zero Knowledge Proof
Linear Cryptanalysis
1992
Differential Cryptanalysis
1990
2002
E-Voting (Votopia)
1995
SHA-1
2000
Polynomial based PKC
1998
ImpossibleDifferentialCryptanalysis
2006
Power of the Randomized Iterate
DSA
1991
2005
Collisions on Hash Functions
2007
Cryptography with Constant Input Locality