Cns Scr 08 Cryptography

8/13/2019 Cns Scr 08 Cryptography

1/87

C

32012


2/87

:

C, :

C

C

:

A

D C

N


3/87


4/87

, :

( ?)

E


5/87

A B. A .

B A.

B A.

O, A B, A B


6/87

H ? O :

.

. .

I

A :

.

H ().

E/

().


7/87

A .

H .

A

H?

. .

H ( ).

D: .

O , .

, .


8/87


9/87


10/87

A A IN

.

IN

.

C

.

M .


11/87

N A : .

I

. M ,

.

N

.

N .

.


12/87

I

.

C .

.

N,

.


13/87

C A

.

, .

.

.

/

() .


14/87

C

.

. C

.


15/87

()


16/87

1970.

.

A / .

.

I , . I .

O .

B C .

.


17/87

:

A (E)

H ? A (K) .

(D) E

: C = EK(M)

M = DK(C)

A:

D E .

, .

.


18/87

B :

C .

.

A .

B :

I .

B

.


19/87

:

M (C)

(A, ) M

C ( )

B

: E

DE, 3DE (D E )

AE (A E )


20/87

.

M

E

( ). O .

E

( ).

M .


21/87

M C

A .

HELLOOLD 1, 2 3

:

?

A:


22/87

C C , 26 .

B ,

. E

.

N 26 . 26! (! I )

Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA


23/87

C F , :

M

.

C .

C . L .

F , E : 12.702%

0.074%


24/87


25/87

C C .

C BENCH ().

A C :

E :


26/87


27/87

.

I , , .

:

reeb sdder ekil i

: i like redds beer

epgniusn rae omtsyl aft

: penguins are mostly fat


28/87

:

N :

D...S...A...A...R...M...I

.E.R.A.T.P.E.S.B.I.G.E.N.P.D

.

.

H, 3. , DE

3DE.

..A...N...L...E...N...A...O


29/87

C

.

C :

A

.

.


30/87

C B

A

, , .

M

.

C

,

.

.

.

M

.


31/87

C C

.

. AND

.

C

.

.

J .


32/87

C M .

.


33/87

D


34/87

C H .

H ( )

.

Data of ArbitraryLength

.

:

D

M

F

Fixed-LengthHash Value

e883aa0b24c09f


35/87


36/87

MD5 MD 5

MD5

. O

H .

MD5

.

C

(O, , ).

128 .


37/87

HA H A

MD5

A 264

160

MD5 SHA

HA1

HA

.

HA224, HA256, HA384 HA512

HA

HA2.


38/87

.


39/87


40/87

HMAC

Sent Data SecretKey

Pay to Terry Smith$100.00

One Hundred and xx/100Dollars

Received DataPay to Terry Smith$100.00


SecretKey

HMAC(Authenticated

Fingerprint)

Pay to Terry Smith$100.00


4ehIDx67NMop9

4ehIDx67NMop9

HMAC(Authenticated

Fingerprint)4ehIDx67NMop9

I HMAC

HMAC,

.

I , .

Unsecuremedium


41/87

K DES Key Keyspace # of Possible Keys

56-bit256

11111111 11111111 11111111

11111111 11111111 11111111 1111111172,000,000,000,000,000

57-bit

25711111111 11111111 11111111

11111111 11111111 11111111 11111111 1 144,000,000,000,000,000

58

Twice asmuch time

Four time asmuch time

58-bit 11111111 11111111 11111111

11111111 11111111 11111111 11111111 11

288,000,000,000,000,000

59-bit

25911111111 11111111 11111111

11111111 11111111 11111111 11111111 111 576,000,000,000,000,000

60-bit

26011111111 11111111 11111111

11111111 11111111 11111111 11111111 1111 1,152,000,000,000,000,000

With 60-bit DESan attacker would

require sixteenmore time than

56-bit DES

For each bit added to the DES key, the attacker would require twice the amount of time tosearch the keyspace.

Longer keys are more secure but are also more resource intensive and can affect throughput.


42/87

Protection up

192192177696Protection upto 10 years

160160124880Protection up

to 3 years

HashDigital

SignatureAsymmetric

KeySymmetric

Key

to 20 years

2562563248128Protection upto 30 years

51251215424256Protection against

quantum computers

Calculations are based on the fact that computing power will continue to grow at itspresent rate and the ability to perform brute-force attacks will grow at the same rate.

Note the comparatively short symmetric key lengths illustrating that symmetricalgorithms are the strongest type of algorithm.


43/87

K

Key

Key Generation

Key Storage

Key Verification

Key Exchange

Certain keys are weaker than others. Theyare regenerated if found (Caesar keys 0and 25 do not encrypt).

Nowadays, an automatic process. Usesrandom numbers to minimize prediction.

Key Revocation and Destruction

The method used for

exchanging keys over anunsecure medium must besecure.

If keys are stored in clear

text, they can be sent ashashes. If they are stored ashashes, they must be sent inclear text.

Revocation notifies all interested parties that acertain key has been compromised and shouldno longer be used.


44/87

D C


45/87

OI C

OI :

D

.

N , I,

.

L ( L) L ( L )

.

A .

, ,.

.

L , .


46/87

E C :

A .

.

:

.

.

A

D

N


47/87

I .

(

).

80 256

E ( C ).

, .

K ?

E: DE, 3DE, AE, IDEA, B


48/87

B : DE (64), AE (128)

: C4, A5 (GM )


49/87

DE

DE 64 .

B 56 , . H 3DE .

.


50/87

3DE

C DE .

C , 35 .

C I DE 3DE.


51/87

3DE


52/87

AE

32.

, . 3DE AE.


53/87

A

AKA .

.

512 4096 .

.

E: A, , DH


54/87

H ?

A B

O , A () B.

I !

I :

A , B !

B A B .

I : A .

A B.

B A.

A , B. B , .

N , .

N !


55/87

,

A, B

A A()M B

B B()M A

A(B()) = B(A()) =

, A(), B(),

.A() B() A(B()).

: A(B()) = B(A())?


56/87

F, !

DH

A A B

A B:

(=23) (=5).

A (=6) B A=

6

A A . B (=15) A B=

B= 515 23= 19

B B .

A = B

196 23=

B = A

815 23=

Green = public dataRed = private data


57/87

A

B A.

A B .

O B .


58/87

A

A B .

B A .

I B A

A.


59/87

H ?

I , .

A > B

A B

.

A .

B ,

.

A , .

B A , .


60/87

L


61/87

D


62/87

D

A

:

A

.

.

N N

.

D : DA, A

N HMAC


63/87

N . HMAC

HMAC, , .

I: ,

.

A: .

.

N .

A .

( ).

()

.


64/87

A

N .

N

.

A , .

C

.

H ?


65/87

H ?

() .

.

.

.

()

.

.

. I , .

I .

HO ?


66/87

, HO ?

ConfirmOrder

Data

The sending device createsa hash of the document

Si ned Data

The receiving deviceaccepts the documentwith digital signatureand obtains the public key

Signature Verified

0a77b3440

Validity of the digital signatureis verified

Encryptedhash

SignatureKey

The sending device

encrypts only the hashwith the private keyof the signer

0a77b3440

The signature algorithmgenerates a standard digital signature

Confirm

Order____________

0a77b3440

SignatureAlgorithm

VerificationKey

Signature isverified with theverificationkey

D


67/87

D

A //

/.

:

.

.

( ).

.

.

( ).

DA


68/87

DA

F G .

C .

DA DA .

A


69/87

A

.

, . F .

M DE ( )

100 DE

100010000 DE 15000 DE C


70/87


71/87


72/87

KI


73/87

KI

D

, .

I 10 , 90

.

A 11 20

.

,

.

.

KI


74/87

KI

KI

A

.

C , , , , .

C

A (

) .

I CA.

CA C A

KI .

CA F


75/87

CA F

L


76/87

C :

C 0: ,

C 1: ,

C 2: ,

C 3:

C 4:

C 5:

F , 1

.

A 3 4 ,

.

KI


77/87

E .

A .

, .

,

KI


78/87

5093 .

509.3

:

, L L

H L.

, , .

I N

G ( G )

C

C , N , I , I

.

C LAN

.

O KI


79/87

KC = K C

A ()

.

C


80/87

KI :

CA

H CA

C CA

CA CA


81/87

Root CA

D .

.

A

.

I ,

KI

.

CA H CA


82/87

CA.

I .

CA

CA. .

I CA , Root CA

.

SubordinateCA

CA C CA


83/87

CA2CA1

CA .

CA3


84/87

CA

Completed Enrollment

After the RegistrationAuthority adds specific

information to thecertificate request andthe request is approvedunder the organizations

CA

A.

Enrollment

request

RAHosts will submitcertificate requeststo the RA

eques orwar e oCA

,on to the Certification

Authority

The CA will sign the certificaterequest and send it back to the host

Certificate Issued

F


85/87

, ,

.

E .

.

, , , , .

.

C .


86/87

"If McDonalds offered a free Big Mac inexchange for a DNA sample, there'd belines around the block.

H N O 14 D 19:00


87/87

Documents

Cns Scr 08 Cryptography