information system security wk4-cryptography-2

IT346 Information System Security

Faculty of Information Technology Page

IT346 Information System SecurityWeek 4: Cryptography (Continue)

Pongsak

Typewritten Text

Pongsak

Typewritten Text

อ.พงษ์ศักดิ์ ไผ่แดง

Pongsak

Typewritten Text

Pongsak

Typewritten Text

Pongsak

Typewritten Text

Pongsak

Typewritten Text

Pongsak

Typewritten Text

Cryptography� Cryptography -!'./0*1%2.'ก'��-"34"5 !'6'ก78'1)' crypto 29:

+;41)' <)(= +4>78'1)' graph 29:+;41)'ก'�?@9.=Cryptography 60*!971'!-!'.1)' Aก�� B

� Cryptography C#DC=ก'�;E(*ก"=@D(!F4+4>3'�3=?2G H�.;�>ก(5�D1. 3 ?27H=H4.9-4"ก


;�>ก(5�D1. 3 ?27H=H4.9-4"ก‣ Symmetric Key Cryptography -�J( Secret Key Cryptography7J(ก'�

?@D'�-"3@D(!F4+55 A3!!',�B‣ Asymmetric Key Cryptography -�J( Public Key Cryptography7J(ก'�

?@D'�-"3@D(!F4+55 A(3!!',�B‣ Hash Function 7J(ก'�3�D'*,"1+2=@D(!F4

Symmetric Key Cryptography� ?�'3'!'�/+5)*�>55 Cryptography +55 Symmetric Key ((ก,'!

�F;+55ก'��8'?=%=ก'�5= Plaintext 6>+5)*R�D?;S=

�� (Block Cipher)‣ <0:*6>28'ก'�?@D'�-"3294>54T(7 1 54T(7;�>ก(5�D1.-4'.5%,

DES: 1 Data Block = 64 bits


<0:*6>28'ก'�?@D'�-"3294>54T(7 1 54T(7;�>ก(5�D1.-4'.5%,• DES: 1 Data Block = 64 bits• 3DES: 1 Data Block = 64 bits• AES: 1 Data Block = 128 bits

��)*�� (Stream Cipher) ‣ <0:*6>28'ก'�?@D'�-"3294>5%,

• RC4

Stream Ciphers� �8'?=%=ก'�?@D'�-"35= bit 294> bit ‣ ?;S=ก'��8'?=%=ก'�5=3'. (Stream) @(*@D(!F4

� Key 29:C#DC=ก'�?@D'�-"36>?;S=3'.?#)=?�9.1ก"= ?�9.ก1)' Keystream ‣ Keystream 38'-�"5ก'�?@D'�-"3+55 Stream Cipher ?;S= pseudorandom

keystreamPseudorandom 7J(ก'�3^)!+55?29.! 6>R�D7)'29:?3!J(=?;S=7)'3^)! +,)


keystream‣ Pseudorandom 7J(ก'�3^)!+55?29.! 6>R�D7)'29:?3!J(=?;S=7)'3^)! +,)

3�D'*!'6'กก�>51=ก'�29:/Fกก8'-=�R1D(.)'*+=)=(=

Stream Ciphers� +,)4> bit @(* Keystream 6>/Fก�8'?=%=ก'� (?#)=ก'� XOR) ก"5+,)4>

bit @(*@D(!F4� 7̂a3!5",% random C= keystream 6>28'4'.7̂a3!5",%?#%*3/%,%@(*

plaintext (?#)= 71'!/9:@(*,"1("กb�C= plaintext) H�.(",H=!",%� 6>R!)!9ก'�C#D*'= Keystream <c8' !%d>="c=6>3'!'�/-' plaintext 29:


� 6>R!)!9ก'�C#D*'= Keystream <c8' !%d>="c=6>3'!'�/-' plaintext 29:?7.C#D Key ="c=eC=ก'� encrypt R�D

Ci = Pi XOR StreamKeyi

Stream Ciphers� 7)' Secret Key @(* Stream Cipher กT7J(7)' Seed 29:;E(=C-Dก"5,"1

3�D'* Pseudorandom Keystream

KeyK

KeyK


KeyStream Generator

(Pseudorandom byte

generator)

++Plaintext

Byte

Stream

P

Ciphertext

Byte

Stream

C

KeyStream Generator

(Pseudorandom byte

generator)

++Plaintext

Byte

Stream

P

ENCRYPTION DECRYPTION

One-Time-Pad (OTP)� Stream Cipher R�D+�*5"=�'4C6!'6'ก One-Time-Pad (-�J(?�9.ก1)'

Vernam Cipher) <0:*?;S=?27=%7ก'�?@D'�-"329:?#J:(1)'R!)3'!'�/ break R�D (unbreakable cipher) ‣ Keystream @(* OTP ?;S= random number (.)'*+2D6�%* R!)R�D3�D'*!'

6'ก Secret Key g)'= Pseudorandom number generator


6'ก Secret Key g)'= Pseudorandom number generator ‣ Secret Key @(* OTP 7J(,"1 Keystream <0:*,D(*!9@='�C-h)(.)'*=D(.

?2)'ก"5 plaintext 28'C-D ก'�3�D'*�>55 OTP 28'R�D.'ก 60*R!)?;S=29:=%.!C#D(.)'*+i�)-4'.="ก

Stream Cipher Properties� @D(71�78'=0*C=ก'�3�D'* Stream Cipher‣ C#Dก"5ก'� Encryption 29:+,)4>7�"c*6>28'*'=?;S=�>.>?14'.'1='= #)1*

ก'�28'*'=.'1='=ก)(=29:6>!9ก'�1=ก4"5!'28'<c8'+55?�%! ‣ Keystream 29:3�D'*6>,D(* random C-D!'ก29:3^� .%:* random !'ก?2)'C�

6>C-D�>�"571'!;4(�j".3F*@0c=?2)'="c=‣ Secret Key 71�!9@='�C-h) ?i%:!;E(*ก"= Brute-force Attack H�.;ก,%6>


‣ Secret Key 71�!9@='�C-h) ?i%:!;E(*ก"= Brute-force Attack H�.;ก,%6>R!),:8'ก1)' 128 bits

� ��56��78�ก��9:�;��9��;��6�8��ก<�� Block Cipher �*�=��ก�� >��6)� Stream Cipher )��=?>��<��@��AB8�CA� 9�� 9��ก8� Block Cipher A�<� Key ��A 9��ก8�

RC4� RC4 ?;S= Stream Cipher 29:((ก+55H�. Ron Rivest C-Dก"5 RSA

Security (Security Company)� C#D Key 29:;�"5@='�R�D (variable key size) !9ก'�28'*'=C=�>�"5R5,m

(Byte-oriented Stream Cipher) +4>28'ก'�H�.('G".?27=%7 random permutation


random permutation� RC4 ?;S=29:=%.!(.)'*+i�)-4'. C#DC=ก4Rกก'��"กb'71'!;4(�j".

,)'*e ?#)= SSL/TLS +4> wireless WEP

RC4 Keystream Generation� RC4 3�D'* keystream 6'ก secret internal state <0:*;�>ก(5�D1. 2

3)1= R�D+ก)‣ ��D ��D S ��A 256 C�*D: ?กT57)' Permutation (34"5,8'+-=)*) @(*7)'29:

?;S=R�D2"c*-!�@(*R5,m �1! 256 bytes‣ Pointer i ��6 j: Pointer @='� 8 bits 38'-�"5?กT5,8'+-=)*5= S


Pointer i ��6 j: Pointer @='� 8 bits 38'-�"5?กT5,8'+-=)*5= S

� Keystream Generation ;�>ก(5�D1. 2 @"c=,(= R�D+ก)‣ C#D Key (;ก,%@='�,"c*+,) 40 t 256 bits) C=ก'�ก8'-=�7)'?�%:!,D=C-Dก"5

('�m?�.m S H�.g)'= Key Scheduling Algorithm (KSA)‣ =8'('�m?�.m S 29:R�D6'ก@"c=,(=+�ก !'3�D'* key stream H�.C#D pseudo-

random generation algorithm (PRGA)

Key Scheduling Algorithm (KSA)� KSA C#DC=ก'�ก8'-=�7)'?�%:!,D=C-Dก"5('�m?�.m S H�.28'*'=�"*=9c‣ @"c=,(=+�ก ('�m?�.m S 6>/Fก,"c*7)'C-D3!'#%ก+,)4>,"1 ?กT57)' byte 29:!97)'

?2)'ก"57)',8'+-=)*@(*3!'#%ก,"1="c=e (?#)= S[0] ?กT5 00000000, S[1] ?กT5 00000001, ... ) ?�9.กก'�6"�?�9.*�"*ก4)'11)' Identity Permutation

for i from 0 to 255


‣ �8'?=%=ก'� 256 �(5 +,)4>�(56>28'ก'� Permute (34"5,8'+-=)*) 7)'C= S H�.=8'7)' Key !'g3! �"*=9c

for i from 0 to 255

j := (j + S[i] + key[i mod keylength]) mod 256

swap S[i] and S[j]

endfor

S[i] := i

endfor

Pseudo-Random Generation Algorithm (PRGA)

� PRGA C#DC=ก'�3�D'* Keystream ‣ C=+,)4>�(5@(*ก'�28'*'=@(* PRGA 6>3�D'* keystream ((ก!' 1

byte �"*="c= 68'=1=�(5C=ก'�28'*'=60*@0c=(.F)ก"568'=1= Byte @(* Keystream 29:,D(*ก'�C#DC=ก'� encryption


Pseudo-Random Generation Algorithm (PRGA)� ก'�28'*'=@(* PRGA ?;S=�"*=9c‣ ?�%:!,D= ,"c*7)' pointer i +4> j R1D29:,8'+-=)* 0‣ +,)4>�(5@(*ก'�28'*'=@(* PRGA ;�>ก(5�D1.

• ?4J:(= i R;2'*@1' (+551=) 1 ,8'+-=)* 6'ก="c=()'=7)' S[i] ((ก!'• ?4J:(= j R;2'*@1' (+551=) ?2)'ก"57)' S[i] 29:()'=!'R�D 6'ก="c=()'=7)' S[j] • 34"57)' S[i] +4> S[j]


• 34"57)' S[i] +4> S[j]• 7)'R5,m@(* Keystream �(5="c=e ?2)'ก"57)'C=('�m?�.m S ,8'+-=)*29:

(S[i] + S[j]) mod 256 i := 0 , j := 0

while GeneratingOutput:

i := (i + 1) mod 256

j := (j + S[i]) mod 256

swap S[i] and S[j]

K := S[(S[i] + S[j]) mod 256]

output K

endwhile

Pseudo-Random Generation Algorithm (PRGA)

� +3�*+,)4>�(5@(*ก'�28'*'=@(* PRGA


Attack on Cryptography� Cryptanalysis 7J(ก�>51=ก'�29:C-DR�D!'<0:* plaintext H�.29:R!),D(*

2�'5 Key 29:C#D ?;S=ก'� break ก'� encrypt <0:*+5)*R�D?;S= 3 ;�>?j2‣ Ciphertext-only attack !9 ciphertext 29: encrypt 6'ก key ?�9.1ก"= ?;S=

;�%!'a!'กi(29:6>3'!'�/=8'!'1%?7�'>-m-' plaintext -�J( key R�D‣ Known-plaintext attack !92"c* ciphertext+4> plaintext 29:!'6'ก key

?�9.1ก"= !'กi(29:6>3'!'�/=8'!'1%?7�'>-m-' key R�D


Known-plaintext attack !92"c* ciphertext+4> plaintext 29:!'6'ก key ?�9.1ก"= !'กi(29:6>3'!'�/=8'!'1%?7�'>-m-' key R�D‣ Chosen-plaintext attack !92"c* ciphertext+4> plaintext 29:!'6'ก key

?�9.1ก"= H�. attacker 3'!'�/?4J(ก plaintext ?(*?iJ:(;E(=?@D'R;C=�>55?iJ:(C-DR�D ciphertext29:3"!i"=zmก"5 plaintext ="c=e C#D?;S=@D(!F4?i%:!?,%!29:6>3'!'�/=8'!'1%?7�'>-m-' key R�D

15

Asymmetric Key Cryptography


Asymmetric Key Cryptography(Public Key Cryptography)

Asymmetric Key Cryptography� @D(?39.@(* symmetric key cryptography 7J( 2"c*gFD3)*+4>gFD�"5,D(*C#D

key ?�9.1ก"=C=ก'� encrypt +4> decrypt 28'C-D‣ ,D(*!9ก'�+4ก?;49:.= key ก)(=29:6>?�%:!�"53)*@D(!F4 28'C-D.^)*.'ก-'กgFD�"5

+4>gFD3)*R!)?7.!9;{%3"!i"=zmก"=!'ก)(=‣ ;|h-'?�J:(*ก'�/Fก�"ก6"5 Key

;|h-'?ก9:.1ก"5ก'�6"�ก'� Key 29:!9(.F)?;S=68'=1=!'ก?!J:(C#DC=�>55C-h)


;|h-'?�J:(*ก'�/Fก�"ก6"5 Key ‣ ;|h-'?ก9:.1ก"5ก'�6"�ก'� Key 29:!9(.F)?;S=68'=1=!'ก?!J:(C#DC=�>55C-h)‣ ?=J:(*6'ก2"c*gFD�"5+4>gFD3)*/J( key ?�9.1ก"= gFD3)*3'!'�/;{%?3zก'�3)*

@D(!F4R�D ?=J:(*6'กgFD�"5?(*กT3'!'�/3�D'* ciphertext �"*ก4)'1@0c=!'R�D?#)=ก"= =":=7J( Symmetric Key Encryption C��)�8�)�Q� non-repudiation

� Asymmetric Encryption -�J( Public Key Encryption C#D key ,)'*ก"=C=ก'� encrypt +4> decrypt @D(!F4

17

Asymmetric Key Cryptography� �>55 cryptosystem +55 asymmetric key cryptography +,)4>}~'.

6>/J( key 2 ("= R�D+ก)‣ Public Key >��D)�S��T6 ?;S= key 29:?g.+i�)?;S=3'z'�a> }~'.

(J:=eR�D�FD‣ Private Key >��D)�<�*8< ?;S= key 29:?กT5R1D3)1=,"1 ?;S=71'!4"5

38'-�"5+,)4>}~'.


Private Key >��D)�<�*8< ?;S= key 29:?กT5R1D3)1=,"1 ?;S=71'!4"538'-�"5+,)4>}~'.

� @"c=,(=ก'� Encryption ;�>ก(5�D1.‣ gFD3)*@D(!F4 -' public key @(*gFD�"5 <0:*;�>ก'G?;S=3'z'�a> -�J(R�D!'

6'กgFD�"5ก)(=-=D'=9c 6'ก="c= encrypt @D(!F4 �D1. public key @(*gFD�"5‣ gFD�"5 decrypt @D(!F4 �D1. private key 29:3"!i"=zmก"= ‣ 5̂774C�กT3'!'�/ encrypt @D(!F4!'."*gFD�"5R�D ?i�'> public key ?;S=

3'z'�a> +,)?di'>gFD�"5?2)'="c=29:!9 private key +4>3'!'�/ decrypt R�D18

Asymmetric Key Cryptography


Asymmetric Encryption� Public-Key Cryptosystem !97^a3!5",%�"*=9c‣ ?!J:( encrypt @D(!F4 ?�'6>R�D ciphertext +4>?!J:( decrypt @D(!F46>R�D

plaintext ก4"5((ก!'

‣ /D'!92"c* public key +4> private key ?�'3'!'�/�8'?=%=ก'� encryption

E(P, PKreceiver) = C

P = PlaintextC = CiphertextPK = Public KeySK = Private Key

E(C, SKreceiver) = P


‣ /D'!92"c* public key +4> private key ?�'3'!'�/�8'?=%=ก'� encryption +4> decryption R�D(.)'**)'.�'.‣ ก�� @VA W� public key @X�)�S��T6 C��9:�?>�)��=�:��<T>�

private key 9��)8��8�SDก8�CA�;��Y

20

Encryption DecryptionPlaintext Ciphertext Plaintext

Public Key Private Key

Public Key Cryptography� Public Key Cryptography 28'*'=j'.C,D2�b�929:?�9.ก1)' one-way

function ‣ One-Way Function ?;S=�|*กm#"=2'*7a%,G'3,�m 29:3'!'�/78'=1aR�D

*)'. +,)C=2'*,�*ก"=@D'! /D'6>78'=1a-'7)'?�%:!,D=6'กg44"izm6>28'R�D.'ก!'ก ?#)=‣ ก'�7Fa (Multiplication) ?29.5ก"5 ก'�-',"1;�>ก(5 (Factorization)


‣ ก'�7Fa (Multiplication) ?29.5ก"5 ก'�-',"1;�>ก(5 (Factorization)• /D',"c*,D=�D1. 12x12 ?�'3'!'�/-'g47FaR�D*)'. 12x12 = 144• +,)/D',"c*,D=�D1. 144 ?�'-'R�D.'ก1)'?ก%�6'กก'��8'?=%=ก'�C� ?i�'>

144 = 12x12 = 144x1 = 24x6, �‣ Exponential ?29.5ก"5 Logarithms

• /D',"c*,D=�D1. 3 ก"5 6 ?�'3'!'�/-'g4.กก8'4"*R�D*)'. 36 =729 • +,)/D',"c*,D=�D1. 729 ?�'-'R�D.'ก1)'?ก%�6'กก'��8'?=%=ก'�C� logx 729 = y

(x=?, y=?)21

!',��'=ก'�?@D'�-"3@D(!F4� RSA Algorithm� Diffie-Hellman Algorithm (?-!J(=ก"529:C#DC= Key Exchange)� Elliptic Curve Cryptography� Digital Signature Algorithm

Faculty of Information Technology

RSA� RSA 7%�7D=H�. �(= �%?13,m (Ron Rivest) ('�9 #'!9�m (Adi Shamir)

+4>?4T= +(?�%4+!= (Len Adleman) 29: MIT H�.29: RSA !'6'ก='!3ก^4@(*2"c* 3 7=


@"c=,(=C=ก'�?4J(ก79.m@(* RSA� ?4J(ก?4@68'=1=?di'> (prime number) p +4> q 29:!9ก'�,)'*ก"=‣ -4"กC=ก'�?4J(ก,"1?4@2"c*3(*=9c7J( .%:*!'ก.%:*28'C-D.'ก,)(ก'�/(��-"3

4"5R�D +,)กT6>28'C-Dก'�?@D'+4>/(��-"3#D'4*� 78'=1a n = pq� 78'=1a m = (p-1)(q-1)


78'=1a m = (p-1)(q-1)� ?4J(ก7)' e 29: 1 < e < m +4>,"1-'��)1!!'ก (gcd) @(* e ก"5 m ?;S= 1

�"*="c= e +4> m 60*?;S=68'=1=?di'><0:*ก"=+4>ก"=‣ -'H�.ก'�3^)! e +4D12�3(51)' gcd(e, m) ?;S= 1 -�J(R!)

� 78'=1a-'?4@ d H�.29: ed mod m = 1� Public Key = 7)' (e, n) � Private Key = 7)' (d, n)

24

@"c=,(=ก'�?@D'+4>/(��-"3RSA Encryption� ?!J:(,D(*ก'�3)*@D(!F4 M H�. M < n C=ก'�?@D'�-"3="c=6>C#D Public

Key (e, n) H�.C#D3F,� ‣ Ciphertext C = Me mod n

RSA Decryption


RSA Decryption� /(��-"3 ciphertext C H�.C#D Private Key (d, n) H�.C#D3F,� ‣ Message M = Cd mod n

� *8<��; ‣ p = 5, q = 7, n = 35, m = 24‣ e = 5, d = 29

25

,"1(.)'*ก'�?@D'�-"3� n = 35, e = 5

Plaintext M Me Ciphertext = Me mod n

L 12 248832 17

O 15 759375 15


V 22 5153632 22

E 5 3125 10

,"1(.)'*ก'�/(��-"3� n = 35, d = 29

Ciphertext Cd M= Cd mod n Plaintext

17 48196857210675091509141182522307000 12 L

15 12783403948858939111232757568359400 15 O


22 8.5164331908653770195619449972111e+38 22 V

10 100000000000000000000000000000 5 E