Professional Documents
Culture Documents
Infrastructure
Security:
The
Emerging
Smart
Grid
Cyber
Security
Lecture
2:
Cryptographic
Basics
Carl
Hauser
&
Adam
Hahn
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Cryptosystem Overview
Elements of a Cryptosystem
Threats
to
cryptosystems
Threats
(theore$c)
Brute-force
aLack
try
every
possible
key
un$l
you
can
nd
intelligible
transla,on
Cryptanalysis
leverage
knowledge
about
crypto
algorithms,
and/or
some
knowledge
about
the
ciphertext
and
plaintext
Threats (real-world)
ALacker capabili$es:
Cryptosystem
Principles
Kerckho's
principle
(more
specic
deni$on)
made
assump$on
that
aLacker
knows
how
the
cryptosystem
algorithms
work,
only
the
key
must
be
protected
Perfect
secrecy
Cipher
text
conveys
no
informa$on
about
plain
text
Cant
do
cryptanalysis
or
brute
force
aLacks
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Subs$tu$on Ciphers
Transposi$on Ciphers
Message(P):
A
Random
Key
(k):
Z
T T A C K T O M O R R O W
R Q W X O M G D E G F B I
K J W Z Y F U P S X W P E
ALackers dilemma:
Op#on 1
Key
1:
Z R Q W X O M G D E G F B I
Plaintext
1:
A T T A C K T O M O R R O W
???
Op#on
2
Key
2:
W W W I G Y M B P Q N Y L L
Plaintext
2:
D O N O T A T T A C K Y E T
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Block
cipher
Stream
cipher
Block
Ciphers
Breaks
plaintext
into
n-bit
blocks,
and
then
encrypts
each
block
individually
Plain
Text
n-bits
n-bits
Cipher
Text
Elements
Key
-
random
string
of
bytes,
(56
<
#
of
bits
<
256
bits)
Encryp$on
algorithm
-
Con$nued
rounds
of:
Subs$tu$ons
Transposi$ons
3DES
340,282,366,920,938,463,463,374,607,431,768,211,456
Or
Decryp$on $mes:
Block
Chaining
How
do
we
handle
messages
longer
than
the
block
size
Example
Electronic
Code
Book
(ECB)
each
block
encrypted
independently
from
previous
Similar
blocks
encrypt
to
same
output
Cipher
Block
Chaining
(CBC)
each
block
XORs
the
output
of
the
previous
block
Similar
blocks
encrypt
to
dierent
output
Plain text
128bit AES-ECB
128bit AES-CBC
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Fundamental
Idea
Encryp$on
and
Decryp$on
use
dierent
keys
Also
called
public
key
crypto
RSA Cryptosystem
RSA Keys
(5,35)
is
a
public
key;
anyone,
including
Trudy
can
encrypt
with
it;
(29,35)
is
Bobs
private
key
only
he
is
able
to
decrypt
messages
created
with
the
public
key
Solu$on
Source:
S.
Fuloria,
R.
Anderson,
K.
McGrath,
K.
Hansen.
F,
Alvarez.
The
Protec$on
of
Substa$on
Communica$ons.
SCADA
Security
Scien$c
Symposium.
2010
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Preimage
resistant
Second
preimage
resistant
Collision
Resistant
SHA-I
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Receiver
veries
message
by
compu$ng
the
HMAC
and
compare
with
the
appended
HMAC
HMAC(k, m) = H(K | m)
BeLer example
HMAC
usage
Key
(k)
Plaintext
HMAC
Func$on
Alice
Plaintext
HMAC
Plaintext
Key (k)
HMAC
Plaintext
HMAC
Func$on
Network
HMAC
Bob
HMAC
???
Yes
=
OK
No
=
modied/spoofed
Overview
Crypto
principles
Historical
ciphers
Modern
symmetric
ciphers
Modern
asymmetric
ciphers
Cryptographic
Hash
Func$ons
Authen$ca$on
Message
authen$ca$on
code
Digital
signature
Digital
Signatures
U$lize
public
key
crypto
in
reverse,
to
provide
authen$city
Sender
encrypts
(signs)
with
private
key
(usually
a
message
hash)
Receive
decrypts
(veries)
with
public
key
Digital
Signatures
Plaintext
Key (PRa)
Alice
Hash
Key
(PUa)
Alices
public
key
Sign
Hash
DS
Plaintext
DS
Plaintext
Plaintext
DS
Network
Key
(PUa)
Verify
Hash
Hash
???
Bob
Hash
Authen$ca$ng Principals
About
trust:
trust
is
reliance
on
another
to
perform
as
expected.
To
say
something
is
trusted
is
not
a
statement
about
its
reliability
but
rather
a
statement
about
risk!
Cer$cate Crea$on
Cer$cate
Usage
1.
2.
3.
4.
5.
Cer$cate Example
Cer$ca$on Hierarchies
Crypto
Warnings
Strong
crypto
!=
strong
security
Crypto
usually
bypassed
not
broken
Vulnerabili$es
in
Design
Implementa$on
Installa$on
My
best
recommenda$on
Use
well-researched,
standard
techniques
Use
library
implementa$ons
and
pay
aLen$on
to
details
about
how
to
use
them
correctly
Inves$gate
the
literature
for
recent
status
of
both
the
library
and
underlying
technique
Consult
an
ac$ve
expert
END