密码学与网络安全 第二讲

单击此处编辑母版标题样式,2012/9/25,#,密码学与网络安全,第二讲 传统加密技术,Outline,Course reviews,Cryptography & Steganography,Basic concepts of cryptography,Cryptanalysis and brute-force attack,Roadmap of,cryptography,Classical Cipher,Substitution & Permutation Cipher,2024/9/21,2,OSI Security Architecture,2024/9/21,3,2024/9/21,4,Cryptography & Steganography,Cryptography,Greek origins, means,secret writing,It encodes a message so it cannot be understood,Steganography,Greek origins, means,covered writing,Art of hiding information in ways that prevent the detection of hidden message, Existence is not known,2024/9/21,5,Steganography,Example: covering data with text,We can use single space between words to represent the binary digit 0 and double space to represent binary digit 1. The following short message hides the 8-bit binary representation of the letter A in ASCII code 01000001.,2024/9/21,6,Steganography,Fi,s,hing fr,e,shwater be,n,ds an,d,sa,l,twater co,a,sts re,w,ards an,y,one fe,e,ling st,r,essed. Re,s,ourceful an,g,lers us,u,ally fi,n,d ma,s,terful le,a,pers fu,n,an,d,ad,m,it sw,o,rdfish ra,n,k ov,e,rwhelming an,y,day,Send Lawyers, Guns, and Money,Simmons Prisoners Problem,The prisoners problem and the subliminal channel,2024/9/21,7,Cryptography is everywhere,Secure communication,SSL/TLS,WEP,WPA2,802.11i,Encrypting files on disk,EFS,TrueCrypt,Content protection (e.g. DVD, Blu-ray),CSS,AACS,User authentication, ,2024/9/21,8,Building Block,Encryption algorithm is,publicly known,Never use a proprietary cipher,2024/9/21,9,Crypto core,2024/9/21,10,Secret key,Establishment,Secure,Communication,a,ttacker?,k,k,c,onfidentiality and integrity,m,1,m,2,Alice,Bob,Talking to Alice,Talking to Bob,Crypto can do much more,2024/9/21,11,Digital signatures,Anonymous communication,Alice signature,Alice,Who did I just talk to?,Bob,Crypto can do much more,2024/9/21,12,Alice,Anonymous,digital,cash,Can I spend a “digital coin” without anyone knowing who I am?,How to prevent,double spending,?,Who was that?,Internet,1$,(anon. comm.),Crypto can do much more,Electronic auction,Zero knowledge proof,Privately outsourcing computation,2024/9/21,13,Alice,s,earchquery,What did she search for?,results,E query ,E results ,A rigorous science,Provable Security,Precisely specify adversarial model,Propose a construction,Prove that breaking construction under threat model will solve an underlying hard problem,2024/9/21,14,Basic Cryptographic Concepts,Cryptography,密码编码学,研究各种加密方案的学科,Cryptanalysis,密码分析学,研究破译密码,获得消息的学科,2024/9/21,15,密码编码学和密码分析学统称为保密学,Cryptology,Basic Cryptographic Concepts,2024/9/21,16,Model of Symmetric Cryptosystem,2024/9/21,17,Classification of Cryptosystems,The number of keys used,Symmetric, single-key or secret-key,Asymmetric, public-key,The way in which plaintext is processed,Block Cipher,Stream Cipher,2024/9/21,18,密码系统安全性评价,无条件安全性，也称,信息理论上安全,若密文中不含明文的任何信息,则认为该密码体制是安全的,否则就认为是不安全的,.,计算安全性,把搭线窃听者提取明文信息的可能性改为提取明文信息的可行性,即窃听者在一定的计算资源条件下,不能从密文恢复出明文,则认为该密码体制是安全的,否则就认为是不安全的,.,2024/9/21,19,密码分析,(,攻击,),密码分析,攻击者在不知道解密密钥及通信者所采用的加密体制的细节条件下,对密文进行分析,试图获取机密信息,密码分析学,:,研究分析解密规律的科学,密码设计和密码分析是共生的,两者密切有关但追求的目标相反,两者解决问题的途径有很大差别,密码设计是利用数学来构造密码,而密码分析除了依靠数学,工程背景,语言学等知识外,还要靠经验,统计,测试,直觉判断能力, .,有时还靠点运气,2024/9/21,20,密码分析,(,攻击,),破译或攻击密码系统,穷举破译法,(Exhaustive Attack Method),又称作蛮力攻击,(Brute-force Method).,密码分析法,:,密码分析法之所以能够破译密码,最根本的是依赖于明文中的多余度,这是,Shannon 1949,年用他开创的信息论理论第一次透彻地阐明的密码分析的基本问题,2024/9/21,21,穷举破译法,穷举破译法是对截收的密报依次用各种可解的密钥试译,直到得到有意义的明文,;,或在不变密钥下,对所有可能的明文加密直到得到与截获密报一致为止,此法又称为完全试凑法,(Complete trial-and-error),原则上只要有足够多的计算时间和存储容量,穷举法总是可以成功,.,为了减少搜索计算量,可以采用较有效的改进试凑法,:,将密钥空间划分成几个等可能的子集,对密钥可能落入哪个子集进行判断,2024/9/21,22,密码分析法,Attack models,or attack types specify how much information a cryptanalyst has access to when cracking an encrypted message.,2024/9/21,23,Ciphertext-Only Attack,http:/en.wikipedia.org/wiki/Ciphertext-only_attack,The attacker is assumed to have access only to a set of ciphertexts, he/she tries to find the corresponding key and the plaintext.,2024/9/21,24,Known-Plaintext Attack,http:/en.wikipedia.org/wiki/Known-plaintext_attack,The attacker has samples of both the plaintext and its ciphertext in addition to the intercepted ciphertext that she/he wants to break.,2024/9/21,25,Chosen-Plaintext Attack,http:/en.wikipedia.org/wiki/Chosen-plaintext_attack,The attacker has the capability to choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts,2024/9/21,26,Chosen-Ciphertext Attack,http:/en.wikipedia.org/wiki/Chosen-ciphertext_attack,Similar to the CPA attack, except that the attacker chooses some ciphertext and decrypts it to form a ciphertext/plaintext pair,2024/9/21,27,Roadmap of Cryptography,Classical Cryptography,1949,密码学作为一种技艺,还不是科学,出现一些密码算法和加密设备,(,Enigma,),密码算法的基本手段,:,代换,(,Substitution,),和置换,(,Permutation,),简单的密码分析手段出现,(Statistics Analysis),2024/9/21,28,Roadmap of Cryptography,1949,1975,密码学进入科学的轨道,计算机使得基于复杂计算的密码成为可能,1949,年, Shannon,发表论文,The communication theory of secret systems, ,截止,2012,年,9,月,24,日,被引用次数,5802,次,1971,1973,年, IBM Watson,实验室的,Horst Feistel,等发表的几篇技术报告,2024/9/21,29,Roadmap of Cryptography,1976,年后,:,公钥密码学与量子密码学,1976,年,Diffie & Hellman,提出非对称密钥密码的思想,New Directions in Cryptography,被引用次数,10310,次,1977,年,Rivest, Shamir & Adleman,提出了,RSA,公钥算法,A method for obtaining digital signatures and public-key cryptosystems,被引用次数,11821,次,2024/9/21,30,Roadmap of Cryptography,1984,年,Bennett & Brassard,提出量子密码分发协议,Quantum Cryptography: Public key distribution and coin tossing,被引用次数,2860,次,1985,年,Shamir,提出基于身份的公钥密码思想,Identity-Based Cryptosystems and Signature Schemes,被引用次数,3880,次,1985,年,Miller & Koblitz,分别独立地提出椭圆曲线加密算法,Use of Elliptic Curves in Cryptography,被引用次数,2761,次,;,Elliptic Curve Cryptosystems,被引用次数,3189,次,2024/9/21,31,Roadmap of Cryptography,2001,年,Boneh & Franklin,利用椭圆曲线双线性对构造出安全实用的基于身份的加密方案,Identity based encryption from the Weil pairing,被引用次数,3993,次,2005,年,Sahai & Waters,提出基于属性的加密思想,Fuzzy identity-based encryption,. ,被引用次数,576,次,2009,年,Gentry,提出一个完全同态加密的方案,Fully homomorphism encryption using ideal lattices,被引用次数,579,次,2024/9/21,32,Classical Cipher,密码学的历史已有,4000,多年，历史上第一套军用密码装置是公元前五世纪的斯巴达密码棒,(,scytale,),David Kahn, The code breakers (1996),2024/9/21,33,Classical Cipher,基于字符的密码,Substitution cipher,代换密码,明文的每一个字符被替换成密文的一个字符,接收者对密文做反向代换就可以恢复出明文,Permutation cipher,置换密码,也称换位密码,(transposition cipher),明文的字母保持相同,但顺序被打乱,2024/9/21,34,Substitution Cipher,单字母代换,每次对单个字母进行代换,分为单字母表代换,Monoalphabetic Substitution,和多字母表代换,Ployalphabetic Substitution,两类,多字母代换,每次对多于,1,个字母进行代换,2024/9/21,35,Monoalphabetic Substitution,Shift cipher (additive cipher),2024/9/21,36,Monoalphabetic Substitution,2024/9/21,37,Monoalphabetic Substitution,2024/9/21,38,Monoalphabetic Substitution,2024/9/21,39,English Letter Frequencies,2024/9/21,40,Polyalphabetic Substitution,2024/9/21,41,Vigenere Cipher,2024/9/21,42,Vigenere Cipher,2024/9/21,43,k =,C R Y P T O,C R Y P T O,m =,W H A T A N I C E D A Y T O D A Y,C R Y P T,(+ mod 26),c =,Z Z Z J U C L U D T U N W G C Q S,Polyalphabetic Substitution,Autokey Cipher,2024/9/21,44,One-Time Pad,2024/9/21,45,One-Time Pad,2024/9/21,46,Polygram Substitution Cipher,Playfair Cipher, Substitution Cipher,Hill Cipher,2024/9/21,48,Permutation Cipher,2024/9/21,49,Rail Fence Cipher,美国南北战争时期,(1861-1865,年,),军队中曾经使用过的,栅栏,式密码,算法描述,:,将明文写成双轨的形式,然后按行的顺序书写得到密文,http:/en.wikipedia.org/wiki/Rail_Fence_Cipher,2024/9/21,50,Columnar transposition,算法描述,:,以矩阵形式排列明文,将明文逐行写入矩阵,然后逐列读出,(,密钥指出各列读出的顺序,),明文,abcdefghijklmnopqrstuvwxyzab,密钥,4312567,密文,DKRY CJQX AHOV BIPW ELSZ FMTA GNUB, 20%;,实验,结果和功能实现,正常,20%;,程序,界面设计良好,15%;,具有创新性,15%,2024/9/21,53,2024/9/21,54,Thank You,！,