Upload
hu-ferrell
View
194
Download
0
Embed Size (px)
DESCRIPTION
第二 章 密码学技术. 安全需求. 机密性 Confidentiality. 确保信息仅可被授权的用户访问. 维护数据的有效性及正确性,抵御恶意的或意外的更改. 可追究性 accountability. 完整性 Integrity. 确保一个主体能够对他的行为 / 结果负责. 维护资源 / 服务能够传递到有效用户. 真实性 authenticity. 可用性 Availability. 隐私性 privacy. 保证数据来源的真实性. 维护个人身份信息的机密性. 2014/11/15. 2. 2. 基本的安全路径. 你所声称的你是你; - PowerPoint PPT Presentation
Citation preview
***Integrityauthenticityaccountability/privacyConfidentialityAvailability/
Identification
Authentication
Authorization
(Identification)
,
Cryptography is originated and developed from the requirements of application.
2.1 2.2 DES2.3 2.4
2.1
virtual private network1
2
2
ATMATMATMPINATMPINPIN /C&RChallengen and Response
PIN kZero-Knowledge
/
(1)
(1) (1)
(2)(2) (2)(3)USBePass(3)(4)S() =C()(4)
HashVSS,SSL
3
1930K.Godel1906-1978(A.Church1903-1995)(A.M.TUI-ing1912-1954)
fg :2+35;fx2 g2x,fgfg,fggfgfg ()()()
, ,,
(E.L.Post1897-1954)-()
Turing (a) (b)
TuringTuring Turing
()()
(4)
: - Shannon Diffie/HellmanRSA
20
1949ShannonDES1975HellmanDiffieRSA
AliceEP K CBobDCK P
1DE2KAB 3P C
1D E XOR2KP One-time Padone time pad
Confusion Substitution
Diffusion p1:00000000 c1:00000010 p2:00000001 c2:00000011 p1:00000000 c1:01011010 p2:00000001 c2:11101011
(5)
(5)Shannon
-/
/-/ -
Kerkhoffs-/KEY
()()
A,B, C [D(x1x2)=D(x1)D(x2)]*C rEB(r)EB(x)DB(EB(r)EB(x))rxC rrxDB(EB(r)EB(x))EB(r)EB(x)
PCKEDPCKkKekEP CdkDC PxPdkekxx
-/ -/ -/
dictionary attack brute force attack
symmetric cipher)conventional cipher)asymmetric cipher):public-key cipher) , .,publickey).,private key).
ABCDABCD%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%ABCDABCD%#%%#%ABCD%#%
ABCDABCD%#%;~@%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%%#%;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@;~@%#%;~@ABCDABCD%#%%#%ABCD%#%
block cipher):stream cipher):.
one-time pad[P =? NP]P NP PSPACE EXPTIME EXPSPACE()RSA ?
Unconditionally secure ,,,. Onetime padprovable security Computationally secure .
brute force attackM key/sG key/s2^3235.82^5610^32^12810^2410^18
1
DES DES (DES) 64 5664 56 DESDES
(AES)DES1997NIST2001 FIPS 197128 & 128/192/256
2
3
RSA (Rivest, Shamir, Adleman) 19771024Diffie-Hellman (DSS) SHA-1 (ECC)RSA
2.2 DES
substitution transpostion
wuhdwb lpsrvvleohTREATY IMPOSSIBLECi=E(Pi)=Pi+3(
ABCDEFGHIJKLMNOPQRSTUVWXYZ defghijklmnopqrstuvwxyzabc
24133421a1 2 1 3 Aa 1 2 1 3 Ab2 4 2 4 B b 2 4 2 4 Bc3 1 3 2 Cc 3 1 3 2 Cd4 3 4 1 Dd 4 3 4 1 Da1 2 1 31 2 2 41 2 3 2A1 2 4 1b2 4 2 42 4 3 22 4 4 1B2 4 1 3c3 1 3 23 1 4 13 1 1 3C3 1 2 4d4 3 4 14 3 1 34 3 2 4D4 3 3 2aAbBcAdAabcdABAAa2 4 1 32 4 2 42 4 3 2A2 4 4 1b3 1 2 43 1 3 23 1 4 1B3 1 1 3c4 3 3 24 3 4 14 3 1 34 3 2 4d1 2 4 11 2 1 31 2 2 41 2 3 2aBbAcCdAabcdBACAa3 1 1 33 1 2 43 1 3 23 1 4 1b4 3 2 44 3 3 24 3 4 14 3 1 3c1 2 3 21 2 4 11 2 1 31 2 2 4d2 4 4 12 4 1 32 4 2 42 4 3 2bBbCaDbBbbabBCDBa4 3 1 34 3 2 44 3 3 24 3 4 1b1 2 2 41 2 3 21 2 4 11 2 1 3c2 4 3 22 4 4 12 4 1 32 4 2 4d3 1 4 13 1 1 33 1 2 43 1 3 2aAaAcDdAaacdAADAa1 2 1 31 2 2 41 2 3 21 2 4 1b2 4 2 42 4 3 22 4 4 12 4 1 3c3 1 3 23 1 4 13 1 1 33 1 2 4d4 3 4 14 3 1 34 3 2 44 3 3 2aAbBcAdAabcdABAA abcd abcd bbab aacd abcd ABAA BACA BCDB AADA ABAA4
DESShannon1949 Shannon Diffusion ConfusionShannon
block cipher()n64(Padding)
Codebook (Substitution Table)642^k
stream cipher keystream(,) XOR(plaintextkeystream)One-time Pad
m=m1,m2,.mk k=k1,k2,.kk ci=mi ki ,i=1,2,.kRC4 SEALSoftware Optimized Encryption Algorithm
8 vs. 11Padding
1Feistel/DESn2wL0 R0KKk1k2kr r16XORpxx = pF
Feistel Network
Feistel for LoopL0 R0L1R0 R1L0F(k1,R0)L2R1R2L1F(k2,R1)L3R3R3L2F(k3,R2)LiRi-1 RiLi-1F(ki,Ri-1)LnRn-1 RnLn-1F(kn,Rn-1)LnRn
Feistel /
2n2C L2R2L0+R0L1R0 R1L0F(k1,R0)L2R1R2L1F(k2,R1)L2R2R1L2L1R2F(k2,R1)R0L1L0R1F(k1,R0)L0R0L1R2F(k2,R1)L1F(k2,R1)F(k2,R1)L1L0R1F(k1,R0)L0F(k1,R0)F(k1,R0)L0
Feistel 16Round
FeistelDESCASTBlowfish/(Twofish?)RC6(/5)
FeistelAESIDEA
* FeistelXOR
DESIBMW. Tuchman C. Meyer 1971-19721967Horst FeistelNBS)1973519748IBMLUCIFERDES197531977115Data Encryption Standard19777152DES
DES SIZE=64bits SIZE=56bits =1616 =48bits
DESDES64645664
Data Encryption StandardDESDESFeistel 64bit 56bit 16S-Boxes
DES EncryptionOverviewPC-1PC-2PC-1PC2Round
Key: Permuted Choice One (PC-1)57 49 41 33 25 17 9 8 1 58 50 42 34 26 18 1610 2 59 51 43 35 27 2419 11 3 60 52 44 36 3263 55 47 39 31 23 15 40 7 62 54 46 38 30 22 4814 6 61 53 45 37 29 5621 13 5 28 20 12 4 6478K56C0D0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1617 18 19 20 21 22 23 2425 26 27 28 29 30 31 3233 34 35 36 37 38 39 4041 42 43 44 45 46 47 4849 50 51 52 53 54 55 5657 58 59 60 61 62 63 64
Key: Permuted Choice Two (PC-2)14 17 11 24 1 5 3 2815 6 21 10 23 19 12 426 8 16 7 27 20 13 241 52 31 37 47 55 30 4051 45 33 48 44 49 39 5634 53 46 42 50 36 29 3286918225648KiRound number 1 2 3 4 5 6 7 8 910111213141516Bits rotated 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Keyi48bit282
IP & IP-158 50 42 34 26 18 10 260 52 44 36 28 20 12 462 54 46 38 30 22 14 664 56 48 40 32 24 16 857 49 41 33 25 17 9 159 51 43 35 27 19 11 361 53 45 37 29 21 13 563 55 47 39 31 23 15 78814040 8 48 16 56 24 64 3239 7 47 15 55 23 63 3138 6 46 14 54 22 62 3037 5 45 13 53 21 61 2936 4 44 12 52 20 60 2835 3 43 11 51 19 59 2734 2 42 10 50 18 58 2633 1 41 9 49 17 57 25IP16IP-1oddeven
DES
RoundKi 48bit
Expansion Permutation 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 1312 13 14 15 16 1716 17 18 19 20 2120 21 22 23 24 2524 25 26 27 28 2928 29 30 31 32 1Ri32bit 48bit68
Round Function6848
S-Boxes1-424
S-Boxes5-8
Permutation Function P
16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 919 13 30 6 22 11 4 2584S
DES EncryptionReview
One Samplep=0123456789ABCDEFk=133457799BBCDFF1 c=85E813540F0AB405
DES64DESDESRSA challenge DESAESDESAESDES/3DESAESRC4RC5IDEABlowfishFree/Open
DESDESDES2^47DES2^56 (DES Chanllenge III)DESAESDESDES
DES Modes of Operation-FIPS 81DES basic function:DES(IN, Key, Enc/Dec) = OUT
Key 56bits (random bits!)Enc- IN 64bits plaintext block- OUT 64bits ciphertext blockDec- IN 64bits ciphertext block- OUT 64bits plaintext block
Apply DES twice using two keys, K1 and K2. C = EK2 [ EK1 [ P ] ] P = DK2 [ DK1 [ C ] ]
DESThis leads to a 2x56=112 bit key, so it is more secure than DES. Is it?Goal: given the pair (P, C) find keys K1 and K2?
1ECB2CBC3CFB4OFB5CTR
1ECB648
1Figure ECB
2CBC: Cipher Block Chaining IV initialization vectorIV* authentication* 8padding
CFB: Cipher FeedbackIV 64bitIVKeyRIVsRsXORssRRs
* stream cipher
CTR: Counter ModecounterXOR
* Counter
()* *,,,,
[]** 3 VPN SSL PGP*
(),,,
Link vs. End-to-end
App layer vs. Link layer
2.3
RotorDES New Directions in CryptographyWhitfield DiffieHellman 1976D-H
KDC K KdKeKd KeEPKe CDCKd PKe Kd
()
(one-way function)
One-way Functionxy=f(x)yx=f-1(y)///*
Trapdoor One-way Function()x
//
(KeKd)KeKd()KeKd( public key private key secret key)KeKdKeKeCA
(P)(C)(P)PKe C = EPKe DCKdPKd*
RSAH S = SigHKdVerCKe HHKd
RSAMIT Rivest, Shamir & Adleman 1977 R, S, ARon Rivesthttp://theory.lcs.mit.edu/~rivest/Adi Shamirhttp://www.wisdom.weizmann.ac.il/~shamir/Len Adleman http://www.usc.edu/dept/molecular-science///n/
RSAmnc=me mod n
m=cd mod n
RSAp7q17npq119(n)(p-1)(q-1)61696e5d77 (57738549611 mod 96)511977119 m19cme mod n= 195 mod 119 = 66 mod 119c66mcd mod n = 6677mod 11919 mod 119
RSA p, q eddenMiller-Rabin(p-1)/2(q-1)/2edEuclidede365537 X^Y%Z
RSA p, q eddenMiller-Rabin(p-1)/2(q-1)/2edEuclidede365537 X^Y%Z
RSAO(k), O(k){}K()O(k2), O(k2logk){} xc mod nO(k2logc){}
mod n
RSAmecd
n=pq(n)edn(n)d (n)d n(n)
Diffie-Hellman D-HqgAXaBXb AYag^Xa mod qBYbg^Xb mod q YaYbAKYb^Xa mod qBK'Ya^Xb mod q KK'
K?
YaYbXaXbYag^Xa mod qYbg^Xb mod q
Diffie-Hellman ABq=53,g=17ABXA=5, Xb=7 AYagXa mod q=40BYbgXb mod q=6 YaYbAKYb^Xa mod q=38BK'Ya^Xb mod q =38KK'
vs. 1000CA/
vs.
12
12312123
2.4
(,)(DH)
session key
1
1 2 3 3
nn(n+1)/2Diffie-Hellman
2Diffie-Hellman
DH76Diffie-Hellman
qgAXaBXb AYag^Xa mod qBYbg^Xb mod q YaYbAKYb^Xa mod qBK'Ya^Xb mod q KK
KKKYb^Xa mod qKYa^Xb mod q (g^Xb)^Xa mod q (g^Xa)^Xb mod q g^(XbXa) mod q g^(XaXb) mod q q97g5AXa36BXb58Ya5^369750Yb5^5897445044AK44^369775BK50^589775K?YaYbXaXbYag^Xa mod qYbg^Xb mod q
D-H-ABD-HpgEAYag^Xa mod p EEYaBTgt mod pBYg^X mod p EEYTgt mod pD-HATK1gxa.tmod p; BTK2gxb.tmod pAK1BEK1K2BBBK2AEK2K1AAABE
Joux
3/1024RSA100/(10)100*128B = 10KB/s(ABKeB)ABAKsKeAKsBKeBBBKdBABAKsAKsA Ks
ABAB
4
Certification AuthorityCAIPCACA
CACA
1. AliceBobBob2. BobAliceCACABobBob3. AliceCABobBobBob4. BobBob5. CAAliceBobCA
ABBobCAE(PUBCA(K))+EK(M)
5 1 RSATC
2AB A IDa B IDa TC A TC B
5 3
Step1:ARa Step2:BRb Step3:BATB:A
Step4:ABTA: B
ABSA BEMABRSA,ESAEABMAB
.Whitfield Diffie Martin Hellman [DH76]1976 ,.,[Dif88]-(trap-door).Whitfield Diffie Martin Hellman [DH76]1976 ,.,[Dif88]-(trap-door) IP C0D0 --- C15D15IP