ebook img

Paper Script Information Systems Security 157.738 - Apprendre-en PDF

140 Pages·2012·0.81 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Paper Script Information Systems Security 157.738 - Apprendre-en

preliminary Paper Script Information Systems Security 157.738 MSc CompSci Sebastian Link Version March 24, 2003 Massey University Department of Information Systems Private Bag 11222 Palmerston North New Zealand Plagiarism 2003 Since most of your marks will contribute towards your overall marks for the course we cannot acceptworkwhichhasbeenwrittenjointlywithothersunlessitisanapprovedgroupactivity. Similarly,ifyouincludeinyourassignmentsmaterialgainedfromotherworksinyoursub- ject area it is absolutely imperative that you give due acknowledgment. Deliberately copying from printed work and passing it o(cid:11) as your own is cheating. Copyright 2003 Books, journals, computer software and other teaching materials made available by Massey University are for the student’s own studies and copying or use of them for other purposes is an infringement of copyright. 3 Preface This lecture manual is intended to serve as an introduction to cryptography for graduate Information Systems students. It is self-contained, especially fundamental mathematical con- cepts are introduced in a way they will be needed to understand formally how and why particular cryptographic methods work. Therefore, students are not required to have a deep mathematical background. Unfortunately, proofs for theorems have been omitted in general, although the author tried to convey as much mathematical (cid:13)avour as possible. The script covers a lot more than can be taught within a (cid:12)ve day block course, where it is important that lectures and exercises alternate. Basically, greater extracts have been taken and adopted from Stinson’s \Cryptography: The- ory and Practice" and from the \Handbook of Applied Cryptography". I am grateful for any kind of helpful suggestions and corrections. Table of Contents 1 The Signi(cid:12)cance of Cryptography 1 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Information Security and Cryptography . . . . . . . . . . . . . . . . . . . . . 2 2 Simple Cryptosystems 6 2.1 Basics on Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2 General De(cid:12)nitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 Monoalphabetic Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3.1 Modular Arithmetic - Part I. . . . . . . . . . . . . . . . . . . . . . . . 11 2.3.2 The Shift Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.3.3 Permutations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.3.4 The Substitution Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.3.5 Modular Arithmetic - Part II . . . . . . . . . . . . . . . . . . . . . . . 17 2.3.6 The A(cid:14)ne Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4 Polyalphabetic Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.4.1 The Vigenere Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.4.2 Matrices and determinants . . . . . . . . . . . . . . . . . . . . . . . . 26 2.4.3 The Hill Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.4.4 The Permutation Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . 32 2.5 Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.5.1 Di(cid:11)erent Levels of Attack . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.5.2 Cryptanalysis of the A(cid:14)ne Cipher . . . . . . . . . . . . . . . . . . . . 35 2.5.3 Cryptanalysis of the Substitution Cipher. . . . . . . . . . . . . . . . . 37 2.5.4 Cryptanalysis of the Vigenere Cipher. . . . . . . . . . . . . . . . . . . 39 2.5.5 A known Plaintext Attack on the Hill Cipher . . . . . . . . . . . . . . 44 3 Modern Block Ciphers 45 3.1 Introduction to block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 3.2 DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3.2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3.2.2 Product ciphers and Feistel ciphers . . . . . . . . . . . . . . . . . . . . 46 3.2.3 The DES Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.2.4 Triple DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.2.5 Security and Attacks on DES and Triple DES . . . . . . . . . . . . . . 54 3.2.6 DES Modes of Operation . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.3 FEAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 ii 3.4 IDEA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.5 SAFER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 3.6 RC5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 3.7 The Advanced Encryption Standard: Rijndael . . . . . . . . . . . . . . . . . . 65 3.7.1 The Basic Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 3.7.2 The Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 3.7.3 Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 3.7.4 Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 4 The RSA System 73 4.1 Introduction to public-key cryptography . . . . . . . . . . . . . . . . . . . . . 73 4.2 More mathematical background . . . . . . . . . . . . . . . . . . . . . . . . . . 77 4.2.1 Asymptotic notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 4.2.2 The Euclidean Algorithm and its extension . . . . . . . . . . . . . . . 78 4.2.3 Algorithms in (cid:0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 n 4.2.4 The Chinese Remainder Theorem and the Gauss-Algorithm . . . . . . 81 4.2.5 Some facts about groups . . . . . . . . . . . . . . . . . . . . . . . . . . 83 4.3 The RSA Cryptosystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 4.4 Probabilistic Primality Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.4.1 Fermat’s test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 4.4.2 The Legendre and Jacobi symbols . . . . . . . . . . . . . . . . . . . . 89 4.4.3 Solovay-Strassen Test . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 4.4.4 Miller-Rabin Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 4.4.5 A Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 4.5 The Integer Factorization Problem . . . . . . . . . . . . . . . . . . . . . . . . 96 4.5.1 Trial Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.5.2 Pollard’s (cid:26)-method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.5.3 Pollard’s p 1-method . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 (cid:0) 4.5.4 Elliptic curve factoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 4.5.5 Quadratic sieve factoring . . . . . . . . . . . . . . . . . . . . . . . . . 101 4.6 Attacks on RSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 4.6.1 Relation to factoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 4.6.2 Small Encryption Exponent b . . . . . . . . . . . . . . . . . . . . . . . 104 4.6.3 Forward Search Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4.6.4 Small Decryption Exponent a . . . . . . . . . . . . . . . . . . . . . . . 105 4.6.5 Multiplicative Properties . . . . . . . . . . . . . . . . . . . . . . . . . 106 4.6.6 Common modulus attack . . . . . . . . . . . . . . . . . . . . . . . . . 106 4.6.7 Cycling attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4.6.8 Message Concealing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4.7 RSA Encryption in Practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 5 The ElGamal Cryptosystem 110 5.1 The ElGamal Cryptosystem and Discrete Logarithms . . . . . . . . . . . . . 110 5.2 Algorithms for the Discrete Log Problem . . . . . . . . . . . . . . . . . . . . 113 5.2.1 The Baby-Step-Giant-Step Algorithm . . . . . . . . . . . . . . . . . . 113 5.2.2 Pollard’s (cid:26)-algorithm for Discrete Logs . . . . . . . . . . . . . . . . . . 114 5.2.3 The Pohlig-Hellman Algorithm . . . . . . . . . . . . . . . . . . . . . . 116 iii 5.2.4 The Index Calculus Method . . . . . . . . . . . . . . . . . . . . . . . . 118 A Cryptography Timeline 121 Chapter 1 The Signi(cid:12)cance of Cryptography 1.1 Introduction Cryptographyhasalong andfascinating history.Themost complete non-technical account of the subject isKahn’sThe Codebreakers. Thisbooktraces cryptography fromits initial useby the Egyptians some 4000 years ago, to the twenties century where it played a crucial role in the outcome of both world wars. Completed in 1963, Kahn’s book covers those aspects of the history which are most signi(cid:12)cant (up to that time) to the development of that subject. The predominantpractitioniers ofthe artwereassociated withthemilitary, the diplomatic service and government in general. Cryptography was used as a tool to protect national secrets and strategies. The proliferation of computers and communications systems in the 1960s brought with it a demand from the private sector for means to protect information in digital form and to provide security services. Beginning with the work of Feistel at IBM in the early 1970s and culminating in 1977 with the adoption as a U.S. Federal Information Processing Standard for encrypting unclassi(cid:12)ed information, DES, the Data Encryption Standard, is the most well-known cryptographic mechanism in history. It remains the standard means for securing electronic commerce for many (cid:12)nancial institutions around the world. The most striking development in the history of cryptography came 1976 when Di(cid:14)e and Hellman published New Directions in Cryptography. This paper introduced the revolutionary concept of public-key cryptography and also provided a new and ingenious method for key exchange,thesecurityofwhichisbasedontheintractibilityofthediscretelogarithmproblem. Although the authors had no practical realization scheme at the time, the idea was clear and it generated extensive interest and activity in the cryptographic community. In 1978 Rivest,ShamirandAdlemandiscoveredthe(cid:12)rstpracticalpublic-keyencryptionandsignature scheme, now referred to as RSA. The RSA scheme is based on another hard mathematical problem,theintractibility offactoring largeintegers. Thisapplication of ahardmathematical problemto cryptographyrevitalized e(cid:11)orts to (cid:12)ndmore e(cid:14)cent methodsto factor. The1980s saw major advances in this area but none which rendered the RSA system insecure. Another class of powerful and practical public-key schemes was found by ElGamal in 1985. These are also based on the discrete logarithm problem. Oneofthemostsigni(cid:12)cantcontributionsprovidedbypublic-keycryptographyisthedigital signature. In 1991 the (cid:12)rst international standard for digital signatures (ISO/IEC 9797) was adopted. It is based on the RSA public-key scheme. In 1994 the U.S. Government adopted CHAPTER 1. THE SIGNIFICANCE OF CRYPTOGRAPHY 2 the Digital Signature Standard, a mechanism based on the ElGamal public-key scheme. The search for new-public schemes, improvements to existing cryptographic mechanisms, andproofofsecuritycontinuesatarapidpace.Variousstandardsandinfrastructuresinvolving cryptography are being put in place. Security products are being developed to address the security needs of an information intensive society. The purpose of this paper is to give an up-to-date treatise of the principles, techniques, and algorithms of interest in cryptographic practice. Emphasis has been placed on those aspects whichare most practical andapplied. Thereaderwill beaware of thebasic issues and encouraged to further studies in the (cid:12)elds of interest. Due to time restrictions and in view of the practical intention of this paper, most results will be stated without proofs. 1.2 Information Security and Cryptography The concept of information will be taken to be an understood quantity. To introduce cryp- tography, an understanding of issues related to information security in general is necessary. Informationsecuritymanifestsitselfinmanywaysaccordingtothesituationandrequirement. Regardless of who is involved, to one degree or another, all parties to a transaction must have con(cid:12)dence that certain objectives associated with information security have been met. Some of these objectives are listed in Table 1.1. privacy keeping information secret from all but those who or con(cid:12)dentiality are authorized to see it data integrity ensuring information has not been altered by unauthorized or unknown means entity authentication corroborationof the identity of an entity (e.g., a person, or identi(cid:12)cation a computer terminal, a credit card, etc.) message corroboratingthe source of information; also known as data authentication origin authentication signature a means to bind information to an entity authorization conveyance,to another entity, of o(cid:14)cial sanction to do or be something validation a means to provide timeliness of authorization to use or manipulate information or resources access control restricting access to resources to privileged entities certi(cid:12)cation endorsement of information by a trusted entity timestamping recording the time of creation or existence of information witnessing verifying the creation or existence of information by an entity other than the creator receipt acknowledgementthat information has been received con(cid:12)rmation acknowledgementthat services have been provided ownership a means to provide an entity with the legal right to use or transfer a resourceto others anonymity concealing the identity of an entity involved in some process non-repudiation preventing the denial of previous commitments or actions revocation retraction of certi(cid:12)cation or authorization Table1.1. Some information security objectives CHAPTER 1. THE SIGNIFICANCE OF CRYPTOGRAPHY 3 Over the centuries, an elaborate set of protocols and mechanisms has been created to deal with information security issues when the information is conveyed by physical documents. Often the objectives of information security cannot solely be achieved through mathematical algorithms and protocols alone, but require procedural techniques and abidance of laws to achieve the desired result. For example, privacy of letters is provided by sealed envelopes delivered by an accepted mail service. The physical security of the envelope is, for practical necessity, limited and so laws are enacted which make it a criminal o(cid:11)ense to open mail for which one is not authorized. It is sometimes the case that security is achieved not through the information itself but through the physical document recording it. For example, paper currency requires special inks and material to prevent counterfeiting. Conceptually, the way information is recorded has not changed dramatically over time. Whereas information was typically stored and transmitted via telecommunications systems, some wireless. What has changed dramatically is the ability to copy and alter information. Onecan make thousandsof identical copies ofa piece of information stored electronically and each is indistinguishable from the original. With information on paper, this is more di(cid:14)cult. What is needed then for a society where information is mostly stored and transmitted in electronic formisa means to ensureinformation security which isindependentof the physical medium recording or conveying it and such that the objectives of information security rely solely on digital information itself. One of the fundamental tools used in information security is the signature. It is a building block for many other services such as non-repudiation, data origin authentication, identi(cid:12)ca- tion, and witnessing, to mention a few. Having learned the basics in writing, an individual is taught how to produce a handwritten signature for the purpose of identi(cid:12)cation. At contract age the signature evolves to take on a very integral part of the person’s identity. This signa- ture is intended to be unique to the individual and serve as a means to identify, authorize, and validate. With electronic information the concept of a signature needs to be redressed; it cannot simply be something unique to the signer and independent of the information signed. Electronic replication of it is so simple that appending a signature to a document not signed by the originator of the signature is almost a triviality. Analogues of the \paper protocols" currently in use are required. Hopefully these new electronic based protocols are at least as good as those they replace. There is a unique oppor- tunity to society to introduce new and more e(cid:14)cient ways of ensuring information security. Much can be learned from the evolution of the paper based system, mimicking those aspects which have served us well and removing the ine(cid:14)ciencies. Achieving information security in an electronic society requires a vast array of techniques and legal skills. There is, however, no guarantee that all of the information security objec- tieves deemed necessary can be adequately met. The technical means is provided through cryptography. De(cid:12)nition1.1. Cryptography is the study of mathematical techniques related to aspects of information security such as con(cid:12)dentiality, data integrity, entity authentication, and data origin authentication. tu Cryptography is not the only means of providing information security but rather one set of techniques. CHAPTER 1. THE SIGNIFICANCE OF CRYPTOGRAPHY 4 Cryptographic goals Of all the information security objectives listed in Table 1.1, the following four form a frame- work upon which the others will be derived. (1) privacy or con(cid:12)dentiality; (2) data integrity; (3) authentication; and (4) non-repudiation. 1. Con(cid:12)dentiality is a service used to keep the content of information from all but those authorizedtohaveit.Secrecy isatermsynonymouswithcon(cid:12)dentialiyandprivacy.There are numerousapproaches to providingcon(cid:12)dentiality, ranging fromphysical protection to mathematical algorithms which render data unintelligible. 2. Data integrity is a service which addresses the unauthorized alteration of data. To assure data integrity, one must have the ability to detect data manipulation by unauthorized parties. Data manipulation includes such things as insertion, deletion and substitution. 3. Authentication is a service related to identi(cid:12)cation. This function applies to both entities and information itself. Two parties entering into a communication should identify each other. Information delivered over a channel should be authenticated as to origin, date of origin,datacontent,timesent,etc.Forthesereasonsthisaspectofcryptographyisusually subdivided into two major classes: entity authentication and data origin authentication. Data origin authentication implicitly provides data integrity (for if a message is modi(cid:12)ed, the source has changed). 4. Non-repudiation isaservicewhichpreventsanentityfromdenyingpreviouscommitments or actions. When disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary. For example, one entity may authorize the purchase of property by another entity and later deny such authorization was granted. A procedure involving a trusted third party is needed to resolve the dispute. A fundamental goal of cryptography is to adequately address these four areas in both theory and practice. Cryptography is about the prevention and detection of cheating and other malicious activities. This paper is intended to describe a number of basic cryptographic tools (primitives) used to provide information security. Unfortunately, we cannot cover all di(cid:11)erent branches that employ primitives. Nevertheless, we provide a schematic listing of the primitives and how they relate in Figure 1.1. These primitives should be evaluated with respect to various criteria such as: 1. Level of Security. This is usually di(cid:14)cult to quantify. Often it is given in terms of the number of operations required (using the best methods currently known) to defeat the intended objective. Typically the level of security is de(cid:12)ned by an upper bound on the amount of work necessary to defeat the objective. This is sometimes called the work factor. 2. Functionality. Primitives will need to be combined to meet various information security objectives. Which primitives are most e(cid:11)ective for a given objective will be determined by the basic properties of the primitives. 3. Methods of operation. Primitives, when applied in various ways and with various inputs, will typically exhibit di(cid:11)erent characteristics; thus one primitive could provide very dif- ferent functionality depending on its mode of operation or usage. 4. Performance. Thisrefersto thee(cid:14)ciency ofa primitive ina particularmodeofoperation. (For example, an encryption algorithm may be rated by the number of bits per second which it can encrypt.)

Description:
ory and Practice” and from the “Handbook of Applied Cryptography”. I am grateful for any 2.5.3 Cryptanalysis of the Substitution Cipher . 37.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.