Cryptography Basics and Toolbox
C
r
y
p
t
o
g
r
a
p
h
y
1
0
1
•
Manage WHO can view data
(Secrecy)
•
Make sure data is unmodified
(Authentication/data integrity)
•
Know the origin of the data
(Non-Repudiation)
C
r
y
p
t
o
g
r
a
p
h
y
:
G
o
a
l
s
Alice & Bob
Are two persons who want to communicate without anybody
else knows the content
Eve
Eavesdropper, normally a passive person that will try to listen
in on Alice and Bob (perhaps an ex-girlfriend or wife)
Oscar
Opponent, an active person that will try to send messages in
the name of Bob or Alice, or modify messages in transit
D
r
a
m
a
t
i
s
P
e
r
s
o
n
æ
Hash functions
Symmetric encryption
Asymmetric encryption
W
h
a
t
i
s
i
n
o
u
r
t
o
o
l
b
o
x
?
H
a
s
h
F
u
n
c
t
i
o
n
s
A cryptographic hash function takes
as input a binary string of arbitrary
length and returns a binary string
of a fixed length. Hash functions
which satisfy some security proper-
ties are very important in cryptog-
raphy and are widely used in cryp-
tographic applications such as dig-
ital signatures, public-key encryp-
tion systems, password protection
schemes, and conventional message
authentication. Some of these ap-
plications are shown in the follow-
ing chapters.
Let H : {0, 1} ! {0, 1}n denote ahash function which returns a string
of length n, see Figure 6.1.
0101...010111001
H : {0, 1}*
{0, 1}n
Oscar cannot “tweak” the text and have same hash.
Oscar cannot find two texts with same hash.
H
a
s
h
A
l
g
o
r
i
t
h
m
s
:
M
D
2
,
M
D
4
,
M
D
5
W
h
i
r
l
P
o
o
l
,
S
H
A
1
,
S
H
A
2
5
6
K
e
y
e
d
H
a
s
h
F
u
n
c
t
i
o
n
s
A cryptographic hash function takes
as input a binary string of arbitrary
length and returns a binary string
of a fixed length. Hash functions
which satisfy some security proper-
ties are very important in cryptog-
raphy and are widely used in cryp-
tographic applications such as dig-
ital signatures, public-key encryp-
tion systems, password protection
schemes, and conventional message
authentication. Some of these ap-
plications are shown in the follow-
ing chapters.
Let H : {0, 1} ! {0, 1}n denote ahash function which returns a string
of length n, see Figure 6.1.
0101...010111001
MAC :{0,1}k
x {0, 1}*
{0, 1}n
Key
Message Authentication Code
Both Alice and Bob use the same key
for encryption and decryption
Example of Cipher Algorithms:
DES, 3-DES, BlowFish, RC2,
R
C
4
,
A
E
S
a
n
d
C
a
m
e
i
l
l
i
a
S
y
m
m
e
t
r
i
c
e
n
c
r
y
p
t
i
o
n
Alice and Bob each have a Key Pair:
A Public key and a Private Key
E
a
c
h
K
e
y
P
a
i
r
i
s
c
o
n
s
t
r
u
c
t
e
d
s
o
t
h
a
t
d
a
t
a
e
n
c
r
y
p
t
e
d
w
i
t
h
e
i
t
h
e
r
k
e
y
c
a
n
b
e
d
e
c
r
y
p
t
e
d
w
i
t
h
t
h
e
o
t
h
e
r
.
A
s
y
m
m
e
t
r
i
c
e
n
c
r
y
p
t
i
o
n
•
Public keys are published for all to see,
private keys kept secret, thus:
•
I
f
A
l
i
c
e
e
n
c
r
y
p
t
s
w
i
t
h
h
e
r
p
r
i
v
a
t
e
k
e
y
,
a
n
y
o
n
e
c
a
n
d
e
c
r
y
p
t
t
h
e
m
e
s
s
a
g
e
•
I
f
A
l
i
c
e
e
n
c
r
y
p
t
s
w
i
t
h
B
o
b
s
p
u
b
l
i
c
k
e
y
,
o
n
l
y
B
o
b
c
a
n
d
e
c
r
y
p
t
t
h
e
m
e
s
s
a
g
e
s
w
i
t
h
h
i
s
p
r
i
v
a
t
e
k
e
y
•
Examples: RSA, DSA and EC elliptic
curves.
A
s
y
m
m
e
t
r
i
c
e
n
c
r
y
p
t
i
o
n
S
y
m
m
e
t
r
i
c
v
s
A
s
y
m
m
e
t
r
i
c
S
p
e
e
d
Slow
Fast
#
o
f
K
e
y
s
2 per person {2×⍵
}
Many {.5×⍵
×
⍵
-1}
K
e
y
D
i
s
t
r
i
b
u
t
i
o
n
Easy Public key
Needs secure
communication
Alice creates MAC
MAC ← AuthSym(SymKey
Alice&Bob
, Data)
Bob verifies MAC
MAC ≡ AuthSym(SymKey
Alice&Bob
, Data)
A
u
t
h
e
n
t
i
c
a
t
i
o
n
:
S
y
m
m
e
t
r
i
c
Alice creates Signature
sig←Encrypt(PrivKey
Alice
,Hash(data))
Bob verifies Signature
Decrypt(PubKey
Alice
,sig) ≡ Hash(data)
Also non-repudiation
A
u
t
h
e
n
t
i
c
a
t
i
o
n
:
A
s
y
m
m
e
t
r
i
c
Alice Encrypts
CipherText ← Encrypt(SymKey
Alice&Bob
,PlainText)
Bob Decrypts
PlainText ← Decrypt(SymKey
Alice&Bob
,CipherText)
S
e
c
r
e
c
y
:
S
y
m
m
e
t
r
i
c
Alice Encrypts
CipherText ← Encrypt(PubKey
Bob
,PlainText)
Bob Decrypts
PlainText ← Decrypt(PrivKey
Bob
,CipherText)
S
e
c
r
e
c
y
:
A
s
y
m
m
e
t
r
i
c
Alice Encrypts
SymKey←Random
CipherText ←Encrypt(SymKey,PlainText)
EncSymKey←Encrypt(PubKey
Bob
,SymKey)
Bob Decrypts
SymKey←Decrypt(PrivKey
Bob
,EncSymKey)
PlainText←Decrypt(SymKey,CipherText)
B
e
t
t
e
r
S
e
c
r
e
c
y
:
A
s
y
m
m
e
t
r
i
c
Alice Encrypts
SymKey←Random
EncSymKey←Encrypt(PubKey
Bob
,SymKey)
CipherText ←Encrypt(SymKey,PlainText)
sig←Encrypt(PrivKey
Alice
,Hash(PlainText))
Bob Decrypts
SymKey←Decrypt(PrivKey
Bob
,EncSymKey)
PlainText←Decrypt(SymKey,CipherText)
Decrypt(PubKey
Alice
,sig)=Hash(PlainText)
E
v
e
n
B
e
t
t
e
r
S
e
c
r
e
c
y
How do we keep our keys safe?
Windows Certificate Store
PKCS#11 smartcard
From APL: in a PKCS#8
PKCS => Public-Key Cryptographics Standard
K
e
y
P
r
o
b
l
e
m
•
The DCL is a DLL/so and a set of cover-functions
•
Provides access to a large set of hashing and
encryption functions
•
Provides tools for dealing with ”certificates”
containing keys
•
Cross-platform (but cross Unicode/Classic is
problematic due to translation issues)
D
y
a
l
o
g
C
r
y
p
t
o
g
r
a
p
h
i
c
L
i
b
r
a
r
y
•
Store certificates and keep private
keys secret.
But:
•
Limits on available algorithms
•
Mimited tools for Dyalog
•
Microsoft.Net
•
Some Conga support
C
e
r
t
i
f
i
c
a
t
e
S
t
o
r
e
s
OO example: Keyed Component file
kf←
⎕
New KeyedFile ('D:\download\Keyed')kf['Products' 'Sales']←'Many' 'None'
kf[
⊂
'Products']
Many
S
a
m
p
l
e
s
OO example: Keyed Component file
Extended to handle encrypted and
compressed components.
S
a
m
p
l
e
s
Based on the Keyed Component Class
We need to add:
User information
Access information
E
n
c
r
y
p
t
e
d
C
o
m
p
o
n
e
n
t
f
i
l
e
1.
User Id
2.
Public Key
3.
Salt
4.
Repetitions
5.
Initial Vector
6.
Encrypted Private Key
U
s
e
r
I
n
f
o
r
m
a
t
i
o
n
1.
User Id
2.
Key
3.
Encrypt
UserPubKey
(
SymKey +
Initial Vector +
Hash )
A
c
c
e
s
s
I
n
f
o
r
m
a
t
i
o
n
∇
AddUser(user para);.....
(PrivKey PubKey)←GenerateAsymKeys AsymKeyPairSize
Salt←Random SaltSize
iv←Random CipherBlockSize
rep←PBKDF2Repetitions
DerivedKey←DeriveKey para Salt rep CipherKeySize
EncPrivKey←PrivKey EncryptSym DerivedKey iv
users
⍪
←user PubKey Salt rep iv EncPrivKey
∇
A
d
d
N
e
w
U
s
e
r
∇
data←apl NewComp key;...
(type plain)←Compress Serialize apl
symkey←Random CipherKeySize
iv←Random CipherBlockSize
digest←Hash plain
uix←FindUser cuser
cipher←plain EncryptSym symkey iv
pubkey←
⊃
users[uix;2]
encaccesskey←(symkey,iv,digest)EncryptASym pubkey
access
⍪
←cuser key encaccesskey
data←type cipher
∇
A
p
p
e
n
d
C
o
m
p
o
n
e
n
t
∇ apl
←
data DecryptComp key;...
(type cipher)
←
data
(secret iv digest)
←
GetAccess cuser key cpara
plain
←
cipher DecryptSym secret iv
apl
←
Deserialize Decompress type plain
∇
R
e
a
d
a
C
o
m
p
o
n
e
n
t
∇
r←GetAccess(user key para);...
uix←FindUser user
('User ',user,' not found')⎕
SIGNAL(0>uix)/11
aix←FindAccess user key
('User ',user,' has no access to
',key)
⎕
SIGNAL(0>aix)/11
(user Pubkey Salt rep iv EncPrivKey)←users[uix;]
derivedkey←DeriveKey para Salt rep CipherKeySize
privkey←EncPrivKey DecryptSym derivedkey iv
accessinfo←
⊃
access[aix;3]
r←SplitAccesskey(accessinfo)DecryptASym privkey
∇
G
e
t
A
c
c
e
s
s
∇ data
←
apl ReplaceComp key;...
(type plain)
←
Compress Serialize apl
(secret iv digest)
←
GetAccess cuser key cpara
cipher
←
plain EncryptSym secret iv
data
←
type cipher
∇
R
e
p
l
a
c
e
C
o
m
p
o
n
e
n
t
∇
accesskey GiveAccessTo(user key);...
uix←FindUser user
('User ',user,' not found')⎕
SIGNAL(0>uix)/11
aix←FindAccess user key
('User ',user,' has access to
',key)
⎕
SIGNAL(0<aix)/11
encaccesskey←((
⊃
,/accesskey))EncryptASym
⊃
users[uix;2]
access
⍪
←user key encaccesskey
∇
G
i
v
e
A
c
c
e
s
s
t
o
a
n
o
t
h
e
r
u
s
e
r
Without experience and deep
knowledge, it is difficult to
evaluate the security of any
mechanism:
Use established standards!
O
n
y
o
u
r
o
w
n
•
RFC for Public Key Cryptography
Standard (PKCS#)
•
The Handbook of Applied
Cryptograhy
•
Dyalog Cryptographic Library
F
u
t
h
e
r
i
n
f
o
m
a
t
i
o
n
Cryptography serves the goals of managing who can view data, ensuring data integrity, and verifying the origin of data. It involves dramatis personae like Alice, Bob, Eve, and Oscar. The toolbox includes hash functions, symmetric encryption, and asymmetric encryption. Hash functions play a crucial role by converting input into fixed-length output. Keyed hash functions provide additional security through Message Authentication Codes (MAC). Symmetric encryption involves both parties using the same key for encryption and decryption, with various cipher algorithms like DES and AES being examples.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Cryptography: Goals Manage WHO can view data (Secrecy) Make sure data is unmodified (Authentication/data integrity) Know the origin of the data (Non-Repudiation)
Dramatis Person Alice & Bob Are two persons who want to communicate without anybody else knows the content Eve Eavesdropper, normally a passive person that will try to listen in on Alice and Bob (perhaps an ex-girlfriend or wife) Oscar Opponent, an active person that will try to send messages in the name of Bob or Alice, or modify messages in transit
What is in our toolbox? Hash functions Symmetric encryption Asymmetric encryption
Hash Functions A cryptographic hash function takes as input a binary string of arbitrary length and returns a binary string of a fixed length. Hash functions which satisfy some security proper- ties are very important in cryptog- raphy and are widely used in cryp- tographic applications such as dig- ital signatures, public-key encryp- tion systems, password protection schemes, and conventional message authentication. Some of these ap- plications are shown in the follow- ing chapters. Let H : {0, 1} ! {0, 1}n denote a hash function which returns a string of length n, see Figure 6.1. 0101...010111001 H : {0, 1}* {0, 1}n Oscar cannot tweak the text and have same hash. Oscar cannot find two texts with same hash. Hash Algorithms: MD2,MD4,MD5 WhirlPool,SHA1,SHA256
Keyed Hash Functions A cryptographic hash function takes as input a binary string of arbitrary length and returns a binary string of a fixed length. Hash functions which satisfy some security proper- ties are very important in cryptog- raphy and are widely used in cryp- tographic applications such as dig- ital signatures, public-key encryp- tion systems, password protection schemes, and conventional message authentication. Some of these ap- plications are shown in the follow- ing chapters. Let H : {0, 1} ! {0, 1}n denote a hash function which returns a string of length n, see Figure 6.1. 0101...010111001 Key MAC :{0,1}k x {0, 1}* {0, 1}n Message Authentication Code
Symmetric encryption Both Alice and Bob use the same key for encryption and decryption Example of Cipher Algorithms: DES, 3-DES, BlowFish, RC2, RC4, AES and Cameillia
Asymmetric encryption Alice and Bob each have a Key Pair: A Public key and a Private Key Each Key Pair is constructed so that data encrypted with either key can be decrypted with the other.
Asymmetric encryption Public keys are published for all to see, private keys kept secret, thus: If Alice encrypts with her private key, anyone can decrypt the message If Alice encrypts with Bobs public key, only Bob can decrypt the messages with his private key Examples: RSA, DSA and EC elliptic curves.
Symmetric vs Asymmetric Fast Speed Slow # of Keys Many {.5 -1} 2 per person {2 } Easy Public key Key Needs secure communication Distribution
Authentication: Symmetric Alice creates MAC MAC AuthSym(SymKeyAlice&Bob, Data) Bob verifies MAC MAC AuthSym(SymKeyAlice&Bob, Data)
Authentication: Asymmetric Alice creates Signature sig Encrypt(PrivKeyAlice,Hash(data)) Bob verifies Signature Decrypt(PubKeyAlice,sig) Hash(data) Also non-repudiation
Secrecy: Symmetric Alice Encrypts CipherText Encrypt(SymKeyAlice&Bob,PlainText) Bob Decrypts PlainText Decrypt(SymKeyAlice&Bob,CipherText)
Secrecy: Asymmetric Alice Encrypts CipherText Encrypt(PubKeyBob,PlainText) Bob Decrypts PlainText Decrypt(PrivKeyBob,CipherText)
Better Secrecy: Asymmetric Alice Encrypts SymKey Random CipherText Encrypt(SymKey,PlainText) EncSymKey Encrypt(PubKeyBob,SymKey) Bob Decrypts SymKey Decrypt(PrivKeyBob,EncSymKey) PlainText Decrypt(SymKey,CipherText)
Even Better Secrecy Alice Encrypts SymKey Random EncSymKey Encrypt(PubKeyBob,SymKey) CipherText Encrypt(SymKey,PlainText) sig Encrypt(PrivKeyAlice,Hash(PlainText)) Bob Decrypts SymKey Decrypt(PrivKeyBob,EncSymKey) PlainText Decrypt(SymKey,CipherText) Decrypt(PubKeyAlice,sig)=Hash(PlainText)
Key Problem How do we keep our keys safe? Windows Certificate Store PKCS#11 smartcard From APL: in a PKCS#8 PKCS => Public-Key Cryptographics Standard
Dyalog Cryptographic Library The DCL is a DLL/so and a set of cover-functions Provides access to a large set of hashing and encryption functions Provides tools for dealing with certificates containing keys Cross-platform (but cross Unicode/Classic is problematic due to translation issues)
Certificate Stores Store certificates and keep private keys secret. But: Limits on available algorithms Mimited tools for Dyalog Microsoft.Net Some Conga support
Samples OO example: Keyed Component file kf New KeyedFile ('D:\download\Keyed') kf['Products' 'Sales'] 'Many' 'None' kf[ 'Products'] Many
Samples OO example: Keyed Component file Extended to handle encrypted and compressed components.
Encrypted Component file Based on the Keyed Component Class We need to add: User information Access information
User Information 1. User Id 2. Public Key 3. Salt 4. Repetitions 5. Initial Vector 6. Encrypted Private Key
Access Information 1. User Id 2. Key 3. EncryptUserPubKey( SymKey + Initial Vector + Hash )
Add New User AddUser(user para);..... (PrivKey PubKey) GenerateAsymKeys AsymKeyPairSize Salt Random SaltSize iv Random CipherBlockSize rep PBKDF2Repetitions DerivedKey DeriveKey para Salt rep CipherKeySize EncPrivKey PrivKey EncryptSym DerivedKey iv users user PubKey Salt rep iv EncPrivKey
Append Component data apl NewComp key;... (type plain) Compress Serialize apl symkey Random CipherKeySize iv Random CipherBlockSize digest Hash plain uix FindUser cuser cipher plain EncryptSym symkey iv pubkey users[uix;2] encaccesskey (symkey,iv,digest)EncryptASym pubkey access cuser key encaccesskey data type cipher
Read a Component apl data DecryptComp key;... (type cipher) data (secret iv digest) GetAccess cuser key cpara plain cipher DecryptSym secret iv apl Deserialize Decompress type plain
Get Access r GetAccess(user key para);... uix FindUser user ('User ',user,' not found') SIGNAL(0>uix)/11 aix FindAccess user key ('User ',user,' has no access to ',key) SIGNAL(0>aix)/11 (user Pubkey Salt rep iv EncPrivKey) users[uix;] derivedkey DeriveKey para Salt rep CipherKeySize privkey EncPrivKey DecryptSym derivedkey iv accessinfo access[aix;3] r SplitAccesskey(accessinfo)DecryptASym privkey
Replace Component data apl ReplaceComp key;... (type plain) Compress Serialize apl (secret iv digest) GetAccess cuser key cpara cipher plain EncryptSym secret iv data type cipher
Give Access to another user accesskey GiveAccessTo(user key);... uix FindUser user ('User ',user,' not found') SIGNAL(0>uix)/11 aix FindAccess user key ('User ',user,' has access to ',key) SIGNAL(0<aix)/11 encaccesskey (( ,/accesskey))EncryptASym users[uix;2] access user key encaccesskey
On your own Without experience and deep knowledge, it is difficult to evaluate the security of any mechanism: Use established standards!
Futher infomation RFC for Public Key Cryptography Standard (PKCS#) The Handbook of Applied Cryptograhy Dyalog Cryptographic Library
