• No results found

and Network Security

N/A
N/A
Protected

Academic year: 2022

Share "and Network Security"

Copied!
22
0
0

Loading.... (view fulltext now)

Full text

(1)

Cryptography

and Network Security

Manoj Prabhakaran

IIT Bombay

Lecture 0

(2)

People Devices

Security

Network In this course:

Cryptography as used in network security

(3)

Security

In this course:

Cryptography as used in network security

Cryptography &

Crypto Network

Security

(4)

In the News

“Properly implemented strong

crypto systems are one of the few things that you can rely on.”

“… Unfortunately, endpoint security is so terrifically weak that [the adversary] can frequently find ways around it.”

(5)

What is Cryptography?

It’s all about controlling access to information

A tool for enforcing

policies on who can learn and/or influence

information

Do we know what we are talking about?

(6)

What is information?

Or rather the lack of it?

Uncertainty

Measured using Entropy

Borrowed from thermodynamics An inherently “probabilistic”

notion

Rudolf Clausius (1822-1888)

Ludwig Boltzmann (1844-1906)

Claude Shannon (1916-2001)

(7)

What is information?

Information Theory: ways to quantify information

Application 1: to study efficiency of communication (compression, error-correction)

Application 2: to study the

possibility of secret communication The latter turned out to be a relatively easy question! Secret communication possible only if (an equally long) secret key is shared ahead of time

Claude Shannon (1916-2001)

(8)

Access to Information

A second look

Information at hand may still not be “accessible” if it is hard to work with it

Computation!

Shannon’s information may reduce uncertainty only for

computationally all-powerful parties

(9)

Computational Complexity

A systematic study of what computationally bounded

parties can and cannot do A young and rich field

Much known, much more unknown

Much “believed”

Alan Turing

Stephen Cook

Leonid Levin Richard Karp

Basis of the Modern Theory of Cryptography

(10)

Compressed Secret-Keys

Impossible in the information-theoretic sense:

a truly random string cannot be compressed

But possible against computationally bounded players:

use pseudo-random strings!

Pseudo-random number generator a.k.a Stream Cipher

Generate a long string of random-looking bits from a short random seed

Andy Yao Manuel Blum

(11)

The Public-Key Revolution

“Non-Secret Encryption”

No a priori shared secrets

Instead, a public key. Anyone can create encryptions, only the

creator of the key can decrypt!

Publicly verifiable digital signatures Forms the backbone of today’s secure communication

Clifford Cocks

Malcolm Williamson

Merkle, Hellman, Diffie James Ellis

Shamir, Rivest, Adleman

(12)

Crypto-Mania

Public-Key cryptography and beyond!

Secret computation: collaboration among mutually distrusting parties

Compute on distributed data, without

revealing their private information to each other Compute on encrypted data

And other fancy things... with sophisticated control over more complex “access” to information

Do it all faster, better, more conveniently and more securely (or find out if one cannot). And also make sure we know what we are trying to do.

(13)

Turing Awards

For theoretical cryptographers:

Manuel Blum

Turing Award ‘95 Andrew Yao Turing Award ‘00

Shamir , Rivest & Adleman Turing Award ‘02

Goldwasser & Micali Turing Award ‘12 (Merkle) Hellman & Diffie

Turing Award ‘15

(14)

Independence, Indistinguishability, Infeasibility, Zero-Knowledge, ...

one-way functions, collision-resistant hash functions, ... Sema

ntic security, non- mallea

bility, existential unforgeability... Leakage resilient crypto,

Imperfect randomness, ...

RSA, elliptic curve groups, lattices, ...

PK Encryption, Signatures

Encr yptio

n, Authen

ticat ion Strea

m ciphers, Block ci

phers

Pseudorandom ness

gen erators, PR

F, ...

Random Oracle Model, Generic group model

SSL, TSL

Identity-Based Encryption

Secure

Multi-Party Computation

Secr et sha

ring, Verifi

able Secret sharing

ZK proofs Co

ncrete crypta

nalys is (Bir

thda y a

ttacks , diffe

rentia l cry

ptana lysis, ...) Blind si

gnatures, Mix-nets, D

C-nets,...

e-cash, e-Voting, Fair Ex

change, Privacy

Preserving Datam ining, ...

DES, AES, SHA, HMAC

Hybrid

ontiypcren Algorithms

,

Re duc tions

Ma lwar

e, DD oS, Side-

chan nels Universal composition

Signcryption

Forma l

me thods Blockc

hains Ob

fusc ation

(15)

In This Course

Fundamental notions: secrecy, infeasibility Secure communication

Mathematical content:

Some Probability

A little bit of Groups and Number Theory Definitions and proofs

(Petting the Elephant)

Shared-Key Public-Key

Encryption SKE PKE

Authentication MAC Signature

(16)

Also a Glimpse of…

Security

Security involves many (f)actors other than crypto

Crypto is a tool that when correctly used can help us greatly enhance (and understand) security

(17)

Network Security

How to use cryptography to achieve security goals in a real-life scenario?

Several new issues:

More complex (often informal/ill-specified) security goals Complexity due to support for extra efficiency/backward compatibility/new features

Buggy implementations (software & hardware) Gap between abstract and real-life models:

side-channels

Human factors, trust, identity, current and legacy technology, …

(18)

Cryptography

Information Security

Number Theory, Algebra

Complexity Theory

Bigger Picture

Information Theory

Network

Security Formal Methods

Combinatorics, Graph theory

Cryptography is just one of the tools used in information security Cryptography studies several problems which may not be of immediate use in information security, but is important in building

its own foundations/in establishing links with other areas Many powerful cryptographic tools remain un(der)utilised in

practice!

(19)

Course Logistics

Lectures

Recordings to be posted on Moodle Grading:

Mid/End-semester Exams (65%)

One during the mid-semester exam week

≈3 HW assignments (15%) Course project (20%)

“Theory” course: no significant programming requirement, but course project could be a programming project

(20)

Course Logistics

Live and/or recorded lectures See Moodle

Online forum: piazza.com/iitb.ac.in/spring2021/cs406 Course webpage: see cse.iitb.ac.in/~mp/teach/

(21)

Puzzle #1

Alice and Bob hold secret numbers x and y in {0,..,n} resp.

Carol wants to learn x+y. Alice and Bob are OK with that.

But they don’t want Carol/each other to learn anything else!

i.e., Alice should learn nothing about y, nor Bob about x. Carol shouldn’t learn anything else about x,y “other than” x+y

Can they do it, just by talking to each other (using private channels between every pair of parties)?

(22)

Puzzle #2

Alice and Bob hold secret bits x and y

Carol wants to learn x∧y. Alice and Bob are OK with that.

But they don’t want Carol/each other to learn anything else!

i.e., Alice should learn nothing about y, nor Bob about x. Carol shouldn’t learn anything else about x,y “other than” xy

Can they do it, just by talking to each other (using private channels between every pair of parties)?

References

Related documents

National Action Plan Addressing Climate Change.pdf... Climate Security in the Bay of Bengal | IPCS-Clingendael Institute Special Report #212.. as forestry and peat land,

Russia is the largest hydrocarbon reserves holder and producer in the world. Naturally, one of its energy security objectives is security of demand. Russia attracted global

 A successful cyber security approach has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe..  In an

The impacts of climate change are increasingly affecting the Horn of Africa, thereby amplifying pre-existing vulnerabilities such as food insecurity and political instability

Of those who have used the internet to access information and advice about health, the most trustworthy sources are considered to be the NHS website (81 per cent), charity

i) System files, crucial information and data can be protected by User access control and cryptography, respectively. ii) Firewalls which can be software or hardware are

This is to certify that the thesis entitled ‘Analysis of Issues of Information Security Metric in Indian Context’ being submitted by Manmohan Chaturvedi to the

As the original ElGamal algorithm has its own security disadvantages that only one random number is used, in order to improve its security, the proposed scheme