Why do we care about security?, Slides of Cryptography and System Security

Scenario: • Sender tries to communicate value of a random number (0-100) to a remote receiver. • Message must be “transmitted” from sender to.

Typology: Slides

2022/2023

Uploaded on 05/11/2023

gangesha
gangesha 🇺🇸

4.6

(20)

238 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
11/7/11$
1$
How can a computer…
send a secret?
UNIVERSITY of WISCONSIN-MADISON
Computer Sciences Department
CS 202: Introduction to ComputationProfessor Andrea Arpaci-Dusseau
""
Why do we care about security?
Internet security
Need a secure way to buy things online
Need to manage bank account securely
Communicating over an unprotected channel
Messages received by many intermediaries,
any could be eavesdroppers
Home router => Roommate
Building switch => Building manager
Local network => ISP employee
Backbone => Government
Secure Telephone Game
Scenario:
Sender tries to communicate value of a random
number (0-100) to a remote receiver
Message must be “transmitted” from sender to
receiver by evil eavesdroppers
Can the receiver figure out the number and not the
eavesdroppers?
How are you going to do this?
Sender and receiver can communicate out-of-band
ahead of time
Results?
Possible outcomes after 1 attempt
Did receiver figure out number?
Did eavesdroppers figure out number?
Repeat experiment
Try to send another number from sender to receiver
through eavesdroppers
Easier for eavesdroppers to figure out secret the
more examples they see!
What approaches did everyone use?
pf3
pf4
pf5

Partial preview of the text

Download Why do we care about security? and more Slides Cryptography and System Security in PDF only on Docsity!

How can a computer…

send a secret?

UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 202: Introduction to Computation Professor Andrea Arpaci-Dusseau ""

Why do we care about security?

Internet security

  • Need a secure way to buy things online
  • Need to manage bank account securely

Communicating over an unprotected channel

Messages received by many intermediaries,

any could be eavesdroppers

  • Home router => Roommate
  • Building switch => Building manager
  • Local network => ISP employee
  • Backbone => Government

Secure Telephone Game

Scenario:

  • Sender tries to communicate value of a random number (0-100) to a remote receiver
  • Message must be “transmitted” from sender to receiver by evil eavesdroppers
  • Can the receiver figure out the number and not the eavesdroppers?

How are you going to do this?

  • Sender and receiver can communicate out-of-band ahead of time

Results?

Possible outcomes after 1 attempt

  • Did receiver figure out number?
  • Did eavesdroppers figure out number?

Repeat experiment

  • Try to send another number from sender to receiver through eavesdroppers
  • Easier for eavesdroppers to figure out secret the more examples they see!

What approaches did everyone use?

Information Security:

4 Goals "

Confidentiality

  • Eavesdroppers cannot understand messages

Integrity

  • Eavesdroppers cannot modify message undetectably

Availability

  • Messages reach their destination

Authenticity

  • Sender and receiver are who they say they are Alice Eve Bob

What is Cryptography?

Definitions

  1. secret writing
  2. the enciphering and deciphering of messages in secret code or cipher

Used throughout History

  • Ancient ideas (pre-1976)
  • Complexity-based cryptography (post-1976)

Essential component of digital world

Themes of Today’s Lecture

1. Seeing info does not mean understanding it

2. Creating problems often easier than solving

3. Complete strangers can exchange and agree on

secret information

Basic Approach of Cryptography

Theme 1: Seeing info does not mean understanding it Idea: Convert data to form that doesn’t make sense to others

  • Clear text (plain text): Initial readable text
  • Cipher text: Encrypted version of clear text Steps
  1. Sender: Encrypt clear text to cipher text
  2. Cipher text can be stored in readable file or transmitted over unprotected channels
  3. Receiver: Decrypt cipher text to clear text Alice Eve Bob

How to Crack the Code?

Use characteristics of language

  1. Frequency Analysis
    1. Letter combinations or sequences Bigrams: Pairs of letters ST, NG, TH, and QU are common, NZ and QJ are rare Trigrams: Three letters "THE most common E most common, then T

One-time Pad

Approach

  • Each letter of message shifted by different amount
  • Amount to shift is stored on a pad that can only be used once

Advantage

  • Impervious to frequency analysis

Disadvantage

  • How do you get one-time pad to sender and receiver???

Letter scrambling

in World War II

Enigma

  • Used by Nazi Germany (1940’s)
  • Broken by British (Turing), Polish
  • “Won us the war.” – Churchill
  • Recommend: Neal Stephenson's novel Cryptonomicon Moral: Computers  need for new ideas for encryption

Musings about one-time pad

Incredibly strong security

  • Encrypted message “looks random”
  • Equally likely to be encryption of any n-bit string
  • Can’t do frequency analysis on cipher text! Insecure link (Internet) 0110101010011010011011101010010010001… How can you and a friend agree on one-time pads? How can you and Amazon agree on one-time pads?

Public Key Encryption

Exchange one-time pad with public key encryption 2 keys for every user

  • public key known to everyone
  • private key know only to the user Encrypt/Decrypt
  • Private key can decrypt messages encrypted with public key
  • Public key cannot decrypt messages encoded by the public key Example: https protocol
  • User doesn’t need to know anything about protocol
  • Accept certificate that doesn’t look quite right?

Public-key encryption:

Conceptual Story

“Box that clicks shut, and only Amazon has the

key to open it.”

Example: Key exchange

  • User generates one-time pad (random string)
  • Put it in box, lock it with public key, ship it to Amazon
  • Amazon opens box with private key, recovers random string 01011 01011

Theme 2 Again: Easy to Generate,

Hard to Solve

Public/private keys based on Factoring of Large Numbers Generate Integer that is Product of 2 Primes: Easy

  • Pick two n-bit prime numbers p, q
    • Good value for n is 128 (more bits, stronger encryption)
  • Multiply together to get r = pq Use r to generate public key; r, p, and q for private keys
  • Mathematical details omitted; Wikipedia has decent explanation!
  • If someone can infer p and q from r, break encryption! Factoring problem : Hard
  • Given r, can you find p and q?

Factoring is Hard!

Given r, can you find p and q?

Can you suggest a basic algorithm?

  • Set variable try to 2
  • Repeat…
    • Is r mod try == 0?
      • Yes  p = try, r/try =q
      • Done!
    • Change try by 1

How many steps? (Could be optimized!)

  • How many values of r? r represented by 128 bits
  • 2128 (approximately 3.4 10 38)

Despite many centuries, no efficient algorithms

  • Rely on difficulty every time you use e-commerce