CMSC 414 Computer and Network Security Lecture 2
- Slides: 26
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz
JCE tutorial ¨ In class next Tuesday
A high-level survey of cryptography
Caveat ¨ Everything I present will be (relatively) informal – I may simplify, but I will try not to say anything that is an outright lie… ¨ Cryptography is about precise definitions, formal models, and rigorous proofs of security (which we will not cover here) – For more details, take CMSC 456 with me (or read my book)!
Goals of cryptography ¨ Crypto deals primarily with three goals: – Confidentiality – Integrity (of data) – Authentication (of resources, people, systems) ¨ Other goals also considered – E. g. , non-repudiation – E-cash (e. g. , double spending) – General secure multi-party computation – Anonymity – …
Private- vs. public-key settings ¨ For the basic goals of confidentiality and integrity, there are two settings: – Private-key / shared-key / symmetric-key / secret-key – Public-key ¨ The private-key setting is the “classical” one (thousands of years old) ¨ The public-key setting dates to the 1970 s
Private-key cryptography ¨ The communicating parties share some information that is random and secret – This shared information is called a key – Key is not known to an attacker – This key must be shared (somehow) in advance of their communication
To emphasize ¨ Alice and Bob share a key K – Must be shared securely – Must be completely random – Must be kept completely secret from attacker ¨ We don’t discuss (for now) how they do this – You can imagine they meet on a dark street corner and Alice hands a USB device (with a key on it) to Bob
Private-key cryptography ¨ For confidentiality: – Private-key (symmetric-key) encryption ¨ For data integrity: – Message authentication codes – (archaic: cryptographic checksums)
Canonical applications ¨ Two (or more) distinct parties communicating over an insecure network – E. g. , secure communication ¨ A single party who is communicating “with itself” over time – E. g. , secure storage
Bob Alice K K shared info K Bob K
Bob K
Security? ¨ We will specify the exact threat model being addressed ¨ We will also specify the security guarantees that are ensured, within this threat model – Here: informally; CMSC 456: formally ¨ Crucial to understand these issues before crypto can be successfully deployed! – Make sure the stated threat model matches your application – Make sure the security guarantees are what you need
Security through obscurity? ¨ Always assume that the full details of crypto protocols and algorithms are public – Known as Kerckhoffs’ principle – Only secret information is a key ¨ “Security through obscurity” is a bad idea… – True in general; even more true in the case of cryptography – Home-brewed solutions are BAD! – Standardized, widely-accepted solutions are GOOD!
Private-key encryption
Functional definition ¨ Encryption algorithm: – Takes a key and a message (plaintext), and outputs a ciphertext – c EK(m) ¨ Decryption algorithm: – Takes a key and a ciphertext, and outputs a message (or perhaps an error) – m = DK(c) ¨ Correctness: for all K, we have DK(EK(m)) = m ¨ We have not yet said anything about security…
Bob Alice K shared info K Bob Alice c K c EK(m) K m=DK(c)
A classic example: shift cipher ¨ Assume the English uppercase alphabet (no lowercase, punctuation, etc. ) – View letters as numbers in {0, …, 25} ¨ The key is a random letter of the alphabet ¨ Encryption done by addition modulo 26 ¨ Is this secure? – Exhaustive key search – Automated determination of the key
Another example: substitution cipher ¨ The key is a random permutation of the alphabet – Note: key space is huge! ¨ Encryption done in the natural way ¨ Is this secure? – Frequency analysis ¨ A large key space is necessary, but not sufficient, for security
Another example: Vigenere cipher ¨ More complicated version of shift cipher ¨ Believed to be secure for over 100 years ¨ Is it secure? – Index of coincidence method
Moral of the story? ¨ Don’t use “simple” schemes ¨ Don’t use schemes that you design yourself – Use schemes that other people have already designed analyzed…
A fundamental problem ¨ A fundamental problem with “classical” cryptography is that no definition of security was ever specified – It was not even clear what it would mean for an encryption scheme to be “secure” ¨ As a consequence, proving security was not even an option – So how can you know when something is secure?
Defining security? ¨ What is a good definition?
Security goals? ¨ Adversary unable to recover the key – Necessary, but meaningless on its own… ¨ Adversary unable to recover entire plaintext – Good, but is it enough? ¨ Adversary unable to determine any information at all about the plaintext – Formalize? – Sounds great! – Can we achieve it?
Note ¨ Even given our definition, we need to consider the threat model – Multiple messages or a single message? – Passive/active adversary? – Chosen-plaintext attacks?
Next time: the one-time pad; its limitations; overcoming these limitations
- Cmsc 414
- Cmsc 414
- Cmsc 414
- Cmsc 414
- Computer security 161 cryptocurrency lecture
- Wireless security in cryptography and network security
- Security security security
- Computer and network security
- Osi security services
- Guide to network security
- Electronic mail security in network security
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- 01:640:244 lecture notes - lecture 15: plat, idah, farad
- Computer & network security
- Gcd of 414 and 662
- Types of network topology
- Mil-std-414
- Tabel military standard
- Mil-std 414
- Pc 414
- Cs 414
- Cse414
- Graph neural network lecture
- Network management principles and practice
- E commerce security meaning
- Computer-aided drug design lecture notes