View
233
Download
6
Embed Size (px)
Citation preview
1
Week 2Cryptography
2
CryptographyConcepts
3
Cryptography Crypt secret
Graphia writing
Latin
• Concerned with developing algorithms:- Conceal the context of some message from all except the sender and recipient (privacy or secrecy), and/or
Cryptography
Every night in my dreamI see you
I feel you thatIs how I know youGo on far away a
Cross the distance
in night Everydream
I you see myI you that feel
know you Is how I Go away a on far
distance Cross the
4
Cryptography
• Concerned with developing algorithms:
- Verify the correctness of a message to the recipient (authentication)
- Form the basis of many technological solution to computer and communications security problems
cryptography - study of encryption principles/methods
5
Goals & Setting
• To ensure security of communication across an insecure channel.
• The ideal channel:
Dedicated, untappable, impenetrable
Pipe/tube
Sender Receiver
6
Secure Channel
ISP/Office
7
Secure Channel
8
Secure Channel
9
Secure Channel
10
Secure Channel
11
Secure Channel
12
Authenticated
Secure Channel
13
Secure Channel
14
Connected
Secure Channel
15
Secure Channel
ISP/Office
Connection Established
16
Goal & Setting
Sender Receiver
Adversary (Attacker) The source of allpossible threats
Not all aspect of an ideal channel can be emulated
17
Basic Terminology
plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext to plaintext
18
Sender Receiver
Plaintext
The secret message is:You can get A-/A+ in SKR5200; (however depend onyou)
Encryption Decryption
The secret message is:You can get A-/A+ in SKR5200; (however depend onyou)
hjfjghkf@#@#$%^&jklll098GHJFD!@#$#$#$%
Plaintext
ciphertext
Simple Process
19
Categories of cryptography
20
Comparison between two categories of cryptography
21
Symmetric Encryption Asymmetric Encryption
Cryptography
•conventional / private-key / single-key•sender and recipient share a common key•all classical encryption algorithms are private-key
•uses two keys – a public & a private key•asymmetric since parties are not equal •uses clever application of number theoretic concepts to function•complements rather than replaces private key crypto
Encryption Method
22
Symmetric Encryption
23
Symmetric Encryption
Classical Modern
Stream cipher Block cipher
Symmetric Encryption Technique
24
Symmetric Encryption
• conventional / private-key / single-key• sender and recipient share a common key
• 2 Techniques: Classical & Modern
Classical Techniques: • Substitution:
Caesar Cipher Monalphabatic Cipher Playfair Cipher Hill Cipher Polyalphabetic Cipher One-Time Pad
• Transposition• Rotor Machines • Steganography
Modern Techniques: •DES, 3DES, AES
25
Basic of Symmetric Cryptography
Basic of Symmetric Cryptography
Classical SubstitutionCipher
Classical SubstitutionCipher
Classical TranspositionsCipher
Classical TranspositionsCipher
SummarySummary
26
Symmetric Encryption
or conventional / private-key / single-keysender and recipient share a common keyall classical encryption algorithms are private-keywas only type prior to invention of public-key in 1970’s
27
Basic Terminology
plaintext - the original message ciphertext - the coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintextcryptography - study of encryption principles/methodscryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing keycryptology - the field of both cryptography and cryptanalysis
28
Symmetric Cipher Model
29
Requirementstwo requirements for secure use of symmetric encryption:
a strong encryption algorithma secret key known only to sender / receiver, have:
plaintext X ciphertext Y key K encryption algorithm Ek
decryption algorithm Dk
Ciphertext Y = EK(X) Plaintext X = DK(Y)
assume encryption algorithm is knownimplies a secure channel to distribute key
30
Cryptography
can characterize by:type of encryption operations used
substitution / transposition / productnumber of keys used
single-key or private / two-key or publicway in which plaintext is processed
block / stream
31
Types of Cryptanalytic Attacks
ciphertext only only know algorithm / ciphertext, statistical, can identify plaintext
known plaintext know/suspect plaintext & ciphertext to attack cipher
chosen plaintext select plaintext and obtain ciphertext to attack cipher
chosen ciphertext select ciphertext and obtain plaintext to attack cipher
chosen text select either plaintext or ciphertext to en/decrypt to attack cipher
32
Simple Question
What are the essential ingredients of a symmetric cipher?
How many keys are required for two people to communicate via a cipher?
33
Simple Question
What are the essential ingredients of a symmetric cipher?
Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.
How many keys are required for two people to communicate via a cipher?
One secret key.
34
Basic of Symmetric Cryptography
Basic of Symmetric Cryptography
Classical SubstitutionCipher
Classical SubstitutionCipher
Classical TranspositionsCipher
Classical TranspositionsCipher
SummarySummary
35
Classical Substitution Ciphers
where letters of plaintext are replaced by other letters or by numbers or symbolsor if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
36
Caesar Cipher
earliest known substitution cipherby Julius Caesar first attested use in military affairsreplaces each letter by 3rd letter onexample:meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
37
Caesar Cipher
can define transformation as:Plain: a b c d e f g h i j k l m n o p q r s t u v w x y zCipher:D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
mathematically give each letter a numbera b c d e f g h i j k l m0 1 2 3 4 5 6 7 8 9 10 11 12n o p q r s t u v w x y Z13 14 15 16 17 18 19 20 21 22 23 24 25
then have Caesar cipher as:C = E(p) = (p + k) mod (26)p = D(C) = (C – k) mod (26)
38
Example 1
Caesar used a shift of 3
Using this encryption, the message:• treaty impossible
Would be encoded as :
t r e a t y i m p o s s i b l e WUHDWB LP S RVVLEOH
39
Example 2
Caesar used a shift of 5
Using this encryption, the message:• treaty impossible
Would be encoded as :
t r e a t y i m p o s s i b l e
40
To test your understanding
Ceasar wants to arrange a secret meeting with Marc Anthony, either at the Tiber (the river) or at the Colisuem (the arena). He sends the ciphertext EVIRE. However, Anthony doest not know the key, so he tries all possibilities. Where will he meet Caesar?
41
To test your understanding
Ceasar wants to arrange a secret meeting with Marc Anthony, either at the Tiber (the river) or at the Colisuem (the arena). He sends the ciphertext EVIRE. However, Anthony doest not know the key, so he tries all possibilities. Where will he meet Caesar?
Among the shifts of EVIRE, there are two words: arena and river. Therefore, Anthony cannot determine where to meet Caesar.
42
Cryptanalysis of Caesar Cipher
only have 26 possible ciphers A maps to A,B,..Z
could simply try each in turn a brute force search given ciphertext, just try all shifts of lettersdo need to recognize when have plaintexteg. break ciphertext "GCUA VQ DTGCM"
43
Summary of Substitutions
Substitutions are effective cryptographic devices. In fact, they werethe basis of many cryptographic algorithms used for diplomatic communication through the first half of the century.
But substitution is not only kind of encryption technique. Thegoal of substitution is confusion; the encryption method is an attempt to make it difficult for cryptanalyst or intruder to determinehow a message and key were transformed into ciphertext.
44
Basic of Symmetric Cryptography
Basic of Symmetric Cryptography
Classical SubstitutionCipher
Classical SubstitutionCipher
Classical TranspositionsCipher
Classical TranspositionsCipher
SummarySummary
45
A transposition is an encryption in which the letters of the messageare re arranged. With transposition is an encryption in which the letters of the message are rearranged. With transposition, thecryptography aims for diffusion, widely spreading the informationfrom the message or key across the ciphertext. Transpositions tryto break established patterns. Because a transposition is re arranged of the symbols of a message, it also known as a permutation.
Transpositions (permutations)
46
Transposition Ciphers
now consider classical transposition or permutation ciphers these hide the message by rearranging the letter order without altering the actual letters usedcan recognise these since have the same frequency distribution as the original text
47
Rail Fence cipher
write message letters out diagonally over a number of rows then read off cipher row by roweg. write message out as:
“meet me after the toga party”
giving ciphertext
MEMATRHTGPRYETEFETEOAATm
e
e
t
m
e
a
f
t
e
r
t
h
e
t
o
g
a
p
a
r
t
y
48
Row Transposition Ciphers
a more complex scheme is to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of the columns then becomes the key of the algorithm.
write letters of message out in rows over a specified number of columns
then reorder the columns according to some key before reading off the rows
Key: 4 3 1 2 5 6 7Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y zCiphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
49
Product Ciphers
ciphers using substitutions or transpositions are not secure because of language characteristicshence consider using several ciphers in succession to make harder, but:
two substitutions make a more complex substitution two transpositions make more complex transposition but a substitution followed by a transposition makes a new much harder cipher
this is bridge from classical to modern ciphers
50
Basic of Symmetric Cryptography
Basic of Symmetric Cryptography
Classical SubstitutionCipher
Classical SubstitutionCipher
Classical TranspositionsCipher
Classical TranspositionsCipher
SummarySummary
51
Summary
Stream cipher: that is, they convert one symbol of plaintextimmediately into a symbol of ciphertext. (The exception is the columnar transposition cipher). The transformation depends onlyon the symbol, the key, and the control information of the enciperment algorithm. A model of stream enciphering is shown:
Plain text
Encryption
Key (optional)
CiphertextISSOPMI wdhuw
52
SummarySome kinds of errors, such as skipping a character in the key during encryption,affect the encryption of all future characters. However, such errors can sometimes be recognized during encryption because the plan text will be properly recovered up to a point, and then all following characters will be wrong.
Errors can sometimes be
recognized
#&^&*gjd!@#$%CID&%$ HJG
Erors can sometimes be
recognzed
Errors can sometimes be
recognized
If that is the case, the receiver may be able to recover from the error by droppinga character of the key on the receiving end. Once the receiver has successfully recalibrated the key with the ciphertext, there will be no further effects from this error.
To address this problem and make it harder for cryptanalyst to break the code, Therefore, a block chipper has been introduced.
#&^&*gjd!@#$%CID&%$ HJG recalibrate
53
Summary – easy to break
The Caesar Cipher allows simple straightforward encoding and decoding. Therefore, it allows unauthorized message recipients to crack such encoded messages easily. If an eavesdropper manages to obtain the encoded message, he only has to test the 26 possible shifts in order to find the original message. This message-cracking attack is called “brute force” and is best performed withthe aid of computers. In our example, however, the pen and pencil approach is sufficient.
54
Summary – easy to break
eulqjfvmrkgwnslhxotmiypunjzqvokarwplbsxqmctyrnduzsoevatpfwbuogxcv
rhydwsizextjafyukbgzvlchawmdibxnejcyofkdzpgleaqhmfarenacsjohdtkpi
55
Substitution Technique
Transposition Technique
•where letters of plaintext are replaced by other letters or by numbers or symbols•or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns.
• transposition or permutation ciphers • these hide the message by rearranging the letter order • without altering the actual letters used• can recognise these since have the same frequency distribution as the original text
Classical Techniques
56
• A typical stream cipher encrypts plaintext one byte at a time.
• Use a key as input to a pseudorandom bit generator that produces a stream of 8-bit numbers that are apparently random.
• Pseudorandom stream is one that is unpredictable without knowledge of the input key.
Stream Cipher Structure
Pseudorandom byte Generator
(key stream generator)
+Plaintext Byte stream
M
Ciphertext Byte stream
C
Key K
K
Pseudorandom byte Generator
(key stream generator)
+ PlaintextByte stream
M
Key K
K
Encryption Decryption
57
• The output of the generator, called a keystream, is combined one byte at a time with the plaintext stream using the bitwise exclusive-OR (XOR) operation.
11001100 Plaintext
Decryption requires the use of the same pseudorandom sequence:
Stream Cipher Structure
01101100 key stream
10100000 Ciphertext+
10100000 Ciphertext
01101100 key stream
11001100 Plaintext+
58
Symmetric Encryption
Classical Modern
Stream cipher Block cipher
Focus
Symmetric Encryption Technique
59
Block Ciphers / Feistel Cipher
Block Ciphers / Feistel Cipher
60
Block Ciphers
• A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.
• Typically, a block size of 64 or 128 bits is used. • Block cipher algorithms can operate in many Modes. A block cipher algorithm can be a :
• Electronic Codebook Mode• Cipher block Chaining Mode• Cipher Feedback Mode• Output Feedback Mode • Counter Mode
• provide secrecy and/or authentication services
61
Feistel Cipher Design Principles
block size increasing size improves security, but slows cipher
key size increasing size improves security, makes exhaustive key searching harder, but may slow cipher
number of rounds increasing number improves security, but slows cipher
subkey generation greater complexity can make analysis harder, but slows cipher
round function greater complexity can make analysis harder, but slows cipher
fast software en/decryption & ease of analysisare more recent concerns for practical use and testing
62
Block Cipher Design
• Divide input bit stream into n-bit sections, encrypt only that section, no dependency/history between sections
• In a good block cipher, each output bit is a function of all n input bits and all k key bits
63
Plaintext
F
Ln+1 Rn+1
RnLn
Kn+1
Substitution
Permutation+XOR
Fiestel Cipher Encryption
Encryption Process: Rn +1 = Ln F(Rn, Kn+1)Ln + 1 = Rn
64
Fiestel Cipher Encryption
Plaintext
F
Ln+1 Rn+1
RnLn
K1
+
F
Ln+1 Rn+1
Ki
+
F
Ln+1 Rn+1
Kn
+
Ciphertext
Round 1
Round i
Round n
65
Ln+1 Rn+1
Plaintext
Ln Rn
F
Kn-1
+XOR
Fiestel Cipher Decryption
Decryption Process:
Ln = Rn+1 F(Ln-1, Kn-1) Rn = Ln - 1
66
Fiestel Cipher Decryption
Rn
Plaintext
Ln
Ln+1 Rn+1
F
K1
+
Ln+1 Rn+1
F
Ki
+
Ln+1 Rn+1
F
Kn
+
Ciphertext
Round n
Round i
Round 1
67
Fiestel Cipher Decryption
Rn
Plaintext
Ln
Ln+1 Rn+1
F
K1
+
Ln+1 Rn+1
F
Ki
+
Ln+1 Rn+1
F
Kn
+
Ciphertext
Round n
Round i
Round 1
Plaintext
F
Ln+1 Rn+1
RnLn
K1
+
F
Ln+1 Rn+1
Ki
+
F
Ln+1 Rn+1
Kn
+
Ciphertext
Round 1
Round i
Round n
68
Fiestel Cipher Algorithm
Input: T: 2t bits of clear text k1, k2, ..., kr: r round keys f: a block cipher with bock size of t
Output: C: 2t bits of cipher text
Algorithm: (L0, R0) = T, dividing T in two t-bit parts (L1, R1) = (R0, L0 ^ f(R0, k1)) (L2, R2) = (R1, L1 ^ f(R1, k2)) ...... C = (Rr, Lr), swapping the two parts
^ is the XOR operation.
69
One of Security Implementations
ATM PIN SECURITY
70
ATM Introduction
Automated Teller Machines (ATM) have become ubiquitous and let you withdraw money fromyour bank account 24 hrs a day and 7 days a week with your ATM card. The ATM cardconstitutes of two things:
the Card number and the Personal Identification Number or PIN.
Each bank issues a card number that is unique to each customer. If it is a debit card, the cardnumber will also be unique worldwide.
• The PIN is like a password to verify a customer’s authenticity. • Cash dispensers in the ATM verify both the card number and the PIN.
71
Working Principle of ATM
• The ATM systems have three main components: Cash dispenser, ATM Server and PIN machine. • The Cash dispenser reads the Card number and the PIN entered by a customer and sends them to a central ATM Server. • The ATM Server has a database which stores ATM card no. and PIN details. • The third component, the PIN machine is used to authenticate the customer ‘s ATM PIN. It is directly connected to the ATM Server and is a tamper proof device that stores a single secret key.
Cash Dispenser ATM Server
Customer AccountHolding Server
PIN Machine
Leased Line
BANK
72
Working Principle of ATM
ATM Server
Leased Line
Customer AccountHolding Server
PIN Machine
Cash Dispenser ATM Server
Customer AccountHolding Server
PIN Machine
Leased Line
BANK
73
Working Principle of ATM
ATM Server
Leased Line
Customer AccountHolding Server
PIN Machine
After the customer enters an ATM counter, he inserts his ATM card into the machine and types his PIN on a numeric keypad.
The Cash dispenser reads the card number from the magnetic strip and the PIN that he has typed and sends them to the ATM Server.
The ATM Server verifies the PIN against the card number with the help of the PIN machine and sends a positive or negative acknowledgement to the Cash dispenser.
At this point, the customer is authenticated and can use his account.
74
ATM PIN Security
• The security of the ATM PIN is a critical element in the entire process.
• There are two ways that an attacker could try to get the ATM PIN: He could either sniff the network when the Cash dispenser is transmitting the PIN to ATM Server or he could compromise the ATM Server and PIN machine to extract the PIN of a user.
• How these threats have been addressed in today’s ATM systems? how.
75
•To prevent the sniffing of the PIN during the transmission, PIN is encrypted using DES or 3DES encryption algorithm and then transmitted from Cash dispenser to ATM Server.
• The shared secret key is stored in Cash dispenser as well as in ATM Server. This application stores the shared DES key in encrypted form using vendor’s proprietary algorithm (e.g. ACI ATM software).
• The solution for the second problem is interesting. The system splits each customer’s PIN into two parts and stores them in two different machines. So even if one of the machines is compromised, the PIN is still secure. Now the problem is of course how to split the PIN securely into two parts. Here we also have to keep in mind that customer can always change his PIN.
ATM PIN Security
76
ATM PIN Security
• An algorithm has been designed that allows the customer’s PIN to be split and also allows the customer to change his PIN.
• Let the customer PIN be a and let’s say it is split into two parts b and c . a = b + c
b is a variable part of the PIN and is called PIN Offset. The PIN Offset is stored in the ATM Server
c is the constant part of the PIN and is called Natural PIN. The Natural PIN is generated in the PIN machine each time.
How does the PIN Machine generate the constant c for each customer and yet keep it a secret? Remember that the ATM card number of a customer is unique. So, the constant part c can be a cryptographic function of the card number.
c = f (card#)
There are different methods to derive a constant number from a card number and a popularmethod is to derive it using the DES algorithm. The PIN machine stores a DES key in itsElectrically Erasable Programmable Read Only Memory (EEPROM). This key is used toencrypt the card number and generate DES encrypted value.
77
ATM PIN Security
There are different methods to derive a constant number from a card number and a popularmethod is to derive it using the DES algorithm. The PIN machine* stores a DES key in itsElectrically Erasable Programmable Read Only Memory (EEPROM). This key is used toencrypt the card number and generate DES encrypted value.
* The DES key is stored in the EEPROM of the machine. EEPROM is chip which is fixed on machine’s circuit board. To retrieve the key, one has to open the box case, remove the circuit board from the box, connect the EEPROM to a EEPROM reader to get the key. So physical security is very important for ATM Server room.
78
ATM PIN Security
Card # + DES key = DES encrypted value
This DES encrypted value is then converted into decimalized form and the first four digits ofthe value are taken. That is the Natural PIN, c . Once again, to summarize, the path is:
DES encrypted value → Decimalized value → First 4 digits of the value = c
The Natural PIN, the constant part, c is not stored anywhere in the entire process. Nobodycan get the PIN by compromising the PIN machine*. The PIN Offset or b is the variable part.When a customer changes his/her PIN only this part is changed. So even if the ATM Server iscompromised only b will be revealed and it is useless without c to get actual Customer PIN a .
* The DES key is stored in the EEPROM of the machine. EEPROM is chip which is fixed on machine’s circuit board. To retrieve the key, one has to open the box case, remove the circuit board from the box, connect the EEPROM to a EEPROM reader to get the key. So physical security is very important for ATM Server room.
79
ATM PIN Authentication Process
• The mechanism for authenticating the ATM PIN is quite simple. When a customer inserts his ATM card and type the PIN, the card number and PIN are sent to the ATM Server encrypted.
• The ATM Server decrypts the card number and the PIN; it first validates the card number against its database.
• The valid card number, the PIN Offset b of that card and the PIN typed by the customer are sent to the PIN machine.
• Now the PIN machine generates the Natural PIN c from the card no., adds it with PIN Offset b and generates the true Customer PIN a .
• Then it compares the actual Customer PIN a with the customer supplied PIN. If the two of them matched then it sends positive acknowledgement to ATM Server indicating that the customer is authenticated.
• Note that in this process, the Natural PIN never leaves the tamper proof PIN Machine, and the PIN machine does not have to store individual PINs of all the users. Instead, it securely stores the DES key for generating the Natural PIN from each user’s card number.
80
Generation & Distribution of ATM PIN
• The ATM system deals with critical customer information and is more secure by design.
• But there can still be security risks during the generation and distribution of a new card and PIN .
• The Card number is generated by the ATM Server and the PIN is generated by the PIN machine from the card number as mentioned above.
• But for the first time, the PIN Offset of the new PIN is randomly generated by the PIN machine.
• There are two ways to print the PIN mailer.
In the first method, the operator will generate a new PIN using the PIN machine, get the PIN and generate the printout of the PIN mailer.
In the second method, the operator requests the PIN machine to generate a new PIN. The PIN machine generates the PIN and directly prints it to a connected printer and seals the print mailer before giving it to the operator.
• The second method is clearly more secure than first one as the operator never comes to know the secret PIN.
81
Modern Techniques (Block Ciphers)&
Asymmetric Cipher
82
Using Key in Cryptography
83
A sequence of symbols that controls the operation of a cryptographic transformation (e.g. encipherment, decipherment).
In practice a key is normally a string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa. The key should be the only part of the algorithm that it is necessary to keep secret.
Definition of Key
84
The key length is usually expressed in bits, 8 bits to one byte. Bytes are a more convenient form for storing and representing keys because most computer systems use a byte as the smallest unit of storage (the strict term for an 8-bit byte is octet).
Just remember that most encryption algorithms work with bit strings. It's up to the user to pass them in the required format to the encryption function they are using. That format is generally as an array of bytes, but could be in hexadecimal or base64 format.
In theory, the longer the key, the harder it is to crack encrypted data. The longer the key, however, the longer it takes to carry out encryption and decryption operations.
Key Length
85
Analogy - Strength
86
Analogy - Breaking
87
Block cipher encryption algorithms like AES and Blowfish work by taking a fixed-length block of plaintext bits and transforming it into the same length of ciphertext bits using a key.
Most other block cipher encryption methods have a fixed length key. For example, DES has a 64-bit key (but only uses 56 of them) and Triple DES has a 192-bit key (but only uses 168 of them).
IDEA uses a 128-bit key.
The Advanced Encryption Algorithm (AES) has a choice of three key lengths: 128, 192 or 256 bits.
Public key encryption algorithms like RSA typically have key lengths in the order of 1000-2000 bits. Be careful with the difference in key lengths for block cipher algorithms and public key algorithms.
192-bit Triple DES key is equivalent in security terms to a 2048-bit RSA key, and an AES-128 key is equivalent to a 3072-bit RSA key
Key Length
88
To crack some ciphertext encrypted with a 64-bit key by the brute-force method of trying every combination of keys possible means you have 2^64 possible combinations or 1.8 x 10^19 (that's 18 followed by 18 naughts).
We can expect, on the average, to find a correct answer in half this number of tries. If we have a computer that can carry out one encryption operation every millisecond, it will take about 292 million years to find the correct value. Speed up your computer by a million times and it will still take about 3 centuries to solve.
The equivalent brute force technique for a 128-bit key will, in theory, take a "long time", probably past the expected life of the universe. But, in practice, a set of supercomputers operating in parallel can crack a 64-bit key in a relatively short time.
If an attacker has access to a large selection of messages all encrypted with the same key, there are other techniques that can be used to reduce the time to derive the key.
Relevant of Key Length
89
Most encryption schemes are cracked not by brute force trying of all possible combinations of key bits, but by using other knowledge about how the sender derived the key.
This could be a faulty random number generator known to used by the system, or knowledge that the user derived the key solely from a password of only the letters a to z, or just used simple English words. Or perhaps by finding out the keystrokes typed on the keyboard by the user with a keystroke logger, or by bribing (or torturing) someone to give them the key, or by reading the post-it note the user has conveniently left on the side of the computer with the password written on it. The traps are many and subtle and even the experts get it wrong.
Why spend hours trying to pick the expensive security lock when the owner of the house has left a window open?
How do encryption schemes fail?
90
Strictly, it's not the length of the key, but the "entropy" in the method used to derive the key. There is approximately one bit of entropy in an normal ASCII character.
If you derive a 128-bit key from a password or pass phrase, you will need a very long pass phrase to get enough theoretical entropy in the key to match the security of the underlying key length: Bruce Schneier estimates that you need a 98-character English pass phrase for a 128-bit key. Most people can't be bothered with such a cumbersome pass phrase.
How do encryption schemes fail?
91
Using AES with a 128-bit key should provide adequate security for most purposes. The longer you intend to keep the encrypted data secret, the longer the key you should use, on the principle that cracking techniques will continue to improve over time. Bruce Schneier recommends a 256-bit key for data you intend to keep for 20-30 years.
No one is going to criticise you for using a key that is too long provided your software still performs adequately. However, the biggest danger in using a key that is too large is the false sense of security it provides to the implementers and users. "Oh, we have n-million-bit security in our system" may sound impressive in a marketing blurb, but the fact that your private key is not adequately protected or your random number generator is not random or you have used an insecure algorithm may mean that the total security is next to useless.
Remember it is the security of the total system that counts, including procedures followed by users.
How do encryption schemes fail?
92
Whatever you use, use an accepted algorithm: DES, Triple DES, RSA, AES, Blowfish, IDEA, etc.
Don't try making up your own algorithm; we (learners) aren't that good. The only secret should be in the value of the key.
Choice of Algorithm
93
People often get confused between "password" and "key". A password is typically a series of ASCII characters typed at a keyboard, e.g. "hello123" or "my secret pass phrase". This makes it easier for users to remember. They are, of course, much easier to crack because there are significantly fewer combinations to choose from. A pass phrase is simply a password that consists of several words in a string, e.g. "she sells sea shells", so the terms "password" and "pass phrase" are equivalent for our purposes. In principle, a pass phrase makes it easier for a user to remember a long combination of characters. In practice, this adds to security only if the pass phrase is something known only to the user. Don't use quotes from famous literature - hackers read them, too.
Password, Pass Phrase & Key
94
A password is typically a series of ASCII characters typed at a keyboard, e.g. "hello123" or "my secret pass phrase". This makes it easier for users to remember. They are, of course, much easier to crack because there are significantly fewer combinations to choose from.
A pass phrase is simply a password that consists of several words in a string, e.g. "she sells sea shells", so the terms "password" and "pass phrase" are equivalent for our purposes. In principle, a pass phrase makes it easier for a user to remember a long combination of characters. In practice, this adds to security only if the pass phrase is something known only to the user.
A key used by an encryption algorithm is a bit string. A 128-bit key will have exactly 128 bits in it, i.e. 16 bytes. You will often see keys written in hexadecimal format where each character represents 4 bits, e.g. "FEDCBA98765432100123456789ABCDEF" represents 16 bytes or 128 bits. The actual bits in this example are :
1111 1110 1101 1100 1011 1010 1001 1000 0111 0110 0101 0100 0011 0010 0001 0000 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
Password, Pass Phrase & Key
95
In a university, a student needs to encrypt her password (with a unique symmetric key) before sending it when she logs in. Does encryption protect the university or the student? Explain your answer.
Just to test 1
96
In a university, a student needs to encrypt her password (with a unique symmetric key) before sending it when she logs in. Does encryption protect the university or the student? Explain your answer.
The encryption protects the student and the university for the first time. However, the intruder can intercept the encrypted password and replay the process some other times. The intruder does not have to know the password in plaintext; the encrypted password suffices for replaying. The university system cannot determine if the student has encrypted the message again or the intruder is replaying it.
Answer for the “Just to test 1”
97
How should I derive the key?
98
a. What are two basic functions used in encryption algorithm? Explain how each of these methods works and
please include the example.
Just to test 2
99
a. What are two basic functions used in encryption algorithm? Explain how each of these methods works and please include the
example.
Substitution and Transposition/Permutation
Substitutionwhere letters of plaintext are replaced by other letters or by numbers or symbols. Or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns.
Transposition/PermutationA transposition is an encryption in which the letters of the message are re arranged. With transposition is an encryption in which the letters of the message are rearranged. With transposition, the cryptography aims for diffusion, widely spreading the information from the message or key across the ciphertext. Transpositions try to break established patterns. Because a transposition is re arranged of the symbols of a message, it also known as a permutation.
Answer for the “Just to test 2”
100
A block cipher is a function E: {0,1}k x {0,1}n {0,1}n . This notation means that E takes two inputs, one being a k-bit string and the other an n-bit string, and returns an n-bit string. The first input is the key. The second might be called the plaintext, and the output might be called a ciphertext. The key-length k and the block-length n are parameters associated to the block cipher. They vary from block cipher to block cipher.
Block Cipher
Plaintext
F
Ln+1 Rn+1
RnLn
Kn+1
Substitution
Permutation+XOR
Encryption Process: Rn +1 = Ln F(Rn, Kn+1)Ln + 1 = Rn
101
Block Cipher
For each key K {0,1}k we let Ek: {0,1}n {0,1}n be the function defined by EK(M) = E(K,M). For any block cipher, and any key K, it is required that the function EK be a permutation on {0,1}n. This means that it is a bijection (ie., a one-to-one and onto function) of {0,1}n to {0,1}n . (For every C {0,1}n there is exactly one M {0,1}n such that EK(M) = C.) Accordingly EK has an inverse, and we denote it (EK)-1.
Plaintext
F
Ln+1 Rn+1
RnLn
Kn+1
Substitution
Permutation+XOR
Encryption Process: Rn +1 = Ln F(Rn, Kn+1)Ln + 1 = Rn
102
Block Cipher
This function also maps {0,1}n {0,1}n , and of course we have (EK)-1(EK(M)) = M and EK ((EK)-1(C)) = C
for all M, C {0,1}n . We let
E-1: {0,1}k x {0,1}n {0,1}n be defined by E-1(K,C) = (EK)-1(C). This is the inverse block cipher to E.
Note: implies ; ∈ set membershipA B means if A is true then B is also true; if A is false then nothing is said about B. a ∈ S means a is an element of the set S
Rn
Plaintext
Ln
Ln+1 Rn+1
F
K1
+
Ln+1 Rn+1
F
Ki
+
Ln+1 Rn+1
F
Kn
+
Ciphertext
Round n
Round i
Round 1
103
Block Cipher
The block cipher E is a public and fully specified algorithm. Both the cipher E and its inverse E-1 should be easily computable, meaning given K,M we can readily compute E(K,M), and given K,C we can readily compute E-1(K,C). By “readily compute" we mean that there are public and relatively efficient programs available for these tasks.
104
Before Start, Just Review BackBefore Start, Just Review Back
Block Ciphers / Feistel Cipher
Block Ciphers / Feistel Cipher
DESDES
DES of Modes OperationDES of Modes Operation
105
DES – Data Encryption Standard
A Block cipherData encrypted in 64-bit blocks using a 56-bit key (effective key); Ciphertext is of 64-bit longEncrypts by series of substitution and transpositions (or permutations)
106
DES - Basics
DES uses the two basic techniques of cryptography - confusion and diffusion. At the simplest level, diffusion is achieved through numerous permutations and confusions is achieved through the XOR operation and the S-Boxes.This is also called an S-P network.
107
DES - Basics
Fundamentally DES performs only two operations on its input, bit shifting (permutation), and bit substitution. The key controls exactly how this process works.By doing these operations repeatedly and in a non-linear manner you end up with a result which can not be used to retrieve the original without the key.
108
Input of DES
Data: need to be broken into 64-bit blocks; add pad at the last message if necessary.
e.g. X=(3 5 0 7 7 F 1 0 A B 1 2 F C 6 5)HEX
Secret key: Any string of 64 bits long including 8 parity bits.1 parity bit in each 8-bit byte of the key may be utilized for error detection in key generation, distribution, and storage;K=(k1…k7k8… k15k16k17…k24…k32… k40… k48… k56… k64)
The parity bits k8,k16,k24,k32,k40,k48,k56,k64 help ensure that each byte is of odd parity
109
DES Block cipher
110
DES Encryption
111
DES Encryption Diagram
Initial permutation
64-bit plaintext
Iteration 1
Iteration 2
K1
Iteration 16
32-bit Swap
Inverse permutation
64-bit ciphertext
K2
K16
16 subkeys of each 48-bits
112
How to use DES?
Four modes of operations were defined for DES in ANSI standard ANSI X3.106-1983 Modes of Usesubsequently now have 5 for DES and AEShave block and stream modes
113
Handle long messages
Block ciphers encrypt fixed size blockseg. DES encrypts 64-bit blocks, with 56-bit key How to encrypt arbitrary amount of information ?
Message is broken into blocks of 64 bitsAt end of message, handle possible last short block
by padding either with known non-data value (eg nulls)or pad last block with count of pad size
– eg. [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, then 5 bytes pad+count
Then they are encrypted and decrypted in various combinations of keys and texts.
Details for DES, Please refer and read:
Stallings, W. (2006). Cryptography and Network Security. New Jersey: Prentice-Hall. Page 63 - 90
114
115
Chapter 3Public-Key Cryptography
116
OverviewOverview
Symmetric Cryptography Summary
Symmetric Cryptography Summary
Public-Key CryptographyPublic-Key Cryptography
Example: RSAExample: RSA
DiscussionDiscussion
117
Categories of cryptography
118
ASYMMETRIC-KEY CRYPTOGRAPHYASYMMETRIC-KEY CRYPTOGRAPHY
An asymmetric-key (or public-key) cipher uses two An asymmetric-key (or public-key) cipher uses two keys: one private and one public. We discuss one keys: one private and one public. We discuss one algorithms: RSAalgorithms: RSA
RSATopics discussed in this section:Topics discussed in this section:
119
Asymmetric Cryptography
120
Comparison between two categories of cryptography
121
Symmetric Cryptography Summary
Symmetric Cryptography Summary
Public-Key CryptographyPublic-Key Cryptography
Example: RSAExample: RSA
DiscussionDiscussion
122
Message is encrypted
EAB
E
Message is decrypted
D
EAB
Confidentiality – Alice and Bob share the key/
Authentication – only from Alice, therefore is cannot be altered in transit
Man needs Woman, Woman NeedsMoney for shopping
123456696096785403657849302610395867567484509121212347
Man needs Woman, Woman NeedsMoney for shopping
Symmetric Concept
No signature - Bob could forge the message - Sender could deny the message
123
Symmetric Cryptography Summary
Symmetric Cryptography Summary
Public-Key CryptographyPublic-Key Cryptography
Example: RSAExample: RSA
DiscussionDiscussion
124
public-key/two-key/asymmetric cryptography involves the use of two keys:
a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
is asymmetric becausethose who encrypt messages or verify signatures cannot decrypt messages or create signatures
Private-Key Cryptography Definition
125
allows users to communicate securely without having prior access to a shared secret key,
by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically.
the private key is generally kept secret, while the public key may be widely distributed.
In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key.
Private-Key Cryptography - Concept
126
Message is encrypted
EB
Message is decrypted
DB
Public-Key Basic Concept
Man needs Woman, Woman NeedsMoney for shopping
123456696096785403657849302610395867567484509121212347
Man needsWoman, Woman NeedsMoney for shopping
Alice Bob
Message (M)Plaintext Ciphertext
Message (M)Plaintext
Bob’s Public Key (EB) Bob’s Private Key (DB)
127
• This model provides no authentication because any party could also use Bob’s “public key” to encrypt Message (M)
Message is encrypted
EB
Message is decrypted
DB
Public-Key Basic Concept
Man needs Woman, Woman NeedsMoney for shopping
123456696096785403657849302610395867567484509121212347
Man needsWoman, Woman NeedsMoney for shopping
Alice Bob
Message (M)Plaintext Ciphertext
Message (M)Plaintext
Confidentiality
128
Private-Key Cryptography
129
There are many forms of public-key cryptography, including:public key encryption — keeping a message secret from anyone that does not possess a specific private key.
public key digital signature — allowing anyone to verify that a message was created with a specific private key.
key agreement — generally, allowing two parties that may not initially share a secret key to agree on one.
Public-Key Cryptography Options
130
The most obvious application of a public key encryption system is confidentiality;a message which a sender encrypts using the recipient's public key can only be decrypted by the recipient's paired private key.
Public-key digital signature algorithms can be used for sender authentication. For instance, a user can encrypt a message with his own private key and send it. If another user can successfully decrypt it using the corresponding public key, this provides assurance that the first user (and no other) sent it.
Private-Key Cryptography
131
• This model does provide authentication and digital signature
To Provide Authentication & Signature
Man needs Woman, Woman NeedsMoney for shopping
123456696096785403657849302610395867567484509121212347
Man needs Woman, Woman NeedsMoney for shopping
Alice Bob
Message (M)Plaintext Ciphertext
Message (M)Plaintext
• But, this scheme not provide confidentiality, because anyone has Alice’s public key can decrypt the ciphertext.
Alice has “signed” the message
Message is encrypted
EA
Alice use her private key
E
Message is decrypted
DA
Bob user Alice’s public key
D
132
To Provide Confidentiality, Authentication and Signature
Man needs Woman, Woman NeedsMoney for shopping
123456696096785403657849302610395867567484509121212347
Man needs Woman, Woman NeedsMoney for shopping
Alice BobMessage (M)
Plaintext CiphertextMessage (M)
Plaintext123456696096785403657849302610395867567484509121212347
123456696096785403657849302610395867567484509121212347
Message is encrypted
EA
Alice use her private key
E
Message is encrypted
EB
Alice use Bob’s public key
E
Message is decrypted
DB
Bob use his private key
D
Message is decrypted
DA
Bob use Alice’s public key
D
•Bottleneck: The public-key algorithm is complex and must be exercised four times rather than two in each communication
Digital Signature&
Authentication
Confidentiality
133
Why Public-Key Cryptography?
developed to address two key issues:key distribution – how to have secure communications in general without having to trust a KDC with your keydigital signatures – how to verify a message comes intact from the claimed sender
Need to read page:
134
Public-Key Applications
can classify uses into 3 categories:encryption/decryption (provide secrecy)digital signatures (provide authentication)key exchange (of session keys)
some algorithms are suitable for all uses, others are specific to one
135
Security of Public Key Schemes
like private key schemes brute force exhaustive search attack is always theoretically possible but keys used are too large (>512bits) security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (cryptanalyse) problemsmore generally the hard problem is known, its just made too hard to do in practise requires the use of very large numbershence is slow compared to private key schemes
136
1) Well-regarded public-key techniques include:• Diffie-Hellman• RSA encryption algorithm• ElGamal• DSS (Digital Signature Standard), which incorporates the Digital Signature Algorithm.• Various Elliptic Curve techniques• Various Password-authenticated key agreement techniques• Paillier cryptosystem
2) Protocols using asymmetric key algorithms include:• PGP – Pretty Good Privacy• GNU Privacy Guard (GPG) an implementation of OpenPGP• Secure Shell (SSH)• SSL now implemented as an IETF standard; Trasnsport Layer Security (TLS)
Example of Public-Key Cryptographic Techniques
137
Course Work: PresentationCourse Work: Presentation
Symmetric Cryptography Summary
Symmetric Cryptography Summary
Public-Key CryptographyPublic-Key Cryptography
Example: RSAExample: RSA
DiscussionDiscussion
138
As previously mentioned, this algorithm was created by Ron Rivest, Adi Shamir, and Len Adleman of MIT.
Dr. Ron Rivest received his Bachelors Degree in Mathematics from Yale University in 1969, while obtaining his Doctorate Degree in Computer Science from Stanford University in 1974. He is most famously known for his work in the RSA algorithm, along with his creation of the symmetric key encryption algorithms (RC2, RC4, RC5, and RC6).
Dr. Rivest is currently working as a senior Professor of Computer Science in the Department of Electrical Engineering and Computer Science at MIT.
Cryptographers
139
Dr. Adi Shamir received his Bachelors Degree in Mathematics from Tel-Aviv University in 1973, and received his MSc and PhD Degrees in Computer Science from the Weizmann Institute of Israel in 1975 and 1977, respectively. During the latter half of the 1970’s Dr. Shamir participated in research at the facilities of MIT, where he took part in inventing the RSA algorithm. Apart from the RSA algorithm, Dr. Shamir is well known for breaking the Merkle-Hellman cryptosystem and for his creation of the Shamir secret sharing scheme (cryptography).
Presently, Dr. Shamir is a faculty member of the Weizmann Institute in the Department of Mathematics and Computer Science.
Cryptographers
140
Dr. Len Adleman received his Bachelors Degree in Mathematics in 1968 and his Doctorate Degree in Computer Science in 1976 from the University of California, Berkeley. In addition to his involvement in designing the RSA algorithm, Dr. Adleman is widely known for creating the initial field of DNA Computing at the University of Southern California (USC).
At the present time Dr. Adleman is working as a Professor of Computer Science and Molecular Biology at USC.
In 2002 Dr. Rivest, Dr. Shamir, and Dr. Adleman received the ACM Turing Award, awarded on behalf of the Association of Computing Machinery in recognition of their discovery of the RSA encryption algorithm. (This award is commonly referred to as the Nobel Prize of Computer Science.)
Cryptographers
141
RSA
142
Selecting Keys
Bob use the following steps to select the private and public keys:
1. Bob chooses two very large prime numbers p and q. Remember that a prime number is one that can be divided evenly only by 1 and itself.
2. Bob multiplies the above two primes to find n, the modulus for encryption and decryption. In other words, n = p x q.
3. Bob calculate another number = (p-1) x (q-1).
4. Bob chooses a random integer e. He then calculates d so that d x e = 1 mod .
5. Bob announces e and n to the public; he keeps and d secret.
143
Need To Know
In RSA, e and n are announced to the public; d and are kept secret.
Note
144
Encryption
Anyone who needs to send a message to Bob can use n and e. For example, if Alice needs to send a message to Bob, she can change the message, usually a short one, to an integer. This is the plaintext. She then calculates the ciphertext, using e and n.
Alice sends C, the ciphertext, to Bob.
C = Pe (mod n)
145
Decryption
Bob keeps and d private. When he receives the ciphertext, he uses his private key d to decrypt the message.
P = Cd (mod n)
146
Bob chooses 7 and 11 as p and q and calculates n = 7- 11 = 77. The value of Ø=(7-1) or 60. Now he chooses two keys, e and d. if he chooses e to be 13, then d is 37. Now Alice sends the plaintext 5 to Bob. She uses the public key 13 to encrypt 5.
Example 2 - Question
147
Bob chooses 7 and 11 as p and q and calculates n = 7* 11 = 77. The value of Ø=(7-1) or 60. Now he chooses two keys, e and d. if he chooses e to be 13, then d is 37. Now Alice sends the plaintext 5 to Bob. She uses the public key 13 to encrypt 5.
Example 2 - Answer
Plaintext: 5 C = 513 =26 mod 77 Ciphertext: 26
Ciphertext 26 P 2637= 5 mod 77 Plaintext: 5 Intended message sent by Alice
Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext:
The plaintext 5 sent by Alice is received as plaintext 5 by Bob.
148
Example 3
Let me give a realistic example. We choose a 512-bit p and q. We calculate n and . We then choose e and test for relative primeness with (n). We calculate d. Finally, we show the results of encryption and decryption. A program written in Java/C/C++ to do so; this type of calculation cannot be done by a calculator.
The integer q is a 160-digit number.
149
Example 3
We calculate n. It has 309 digits:
We calculate . It has 309 digits:
150
Example 3
We choose e = 35,535. We then find d.
Alice wants to send the message “THIS IS A TEST” which can be changed to a numeric value by using the 00–26 encoding scheme (26 is the space character).
151
Example 3
The ciphertext calculated by Alice is C = Pe, which is.
Bob can recover the plaintext from the ciphertext by using P = Cd, which is
The recovered plaintext is THIS IS A TEST after decoding.
152
Example 4
Bob chooses 7 and 11 as p and q and calculates n = 7 · 11 = 77. The value of = (7 − 1) (11 − 1) or 60. Now he chooses two keys, e and d. If he chooses e to be 13, then d is 37. Now imagine Alice sends the plaintext 5 to Bob. She uses the public key 13 to encrypt 5.
153
Example 4
Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext:
The plaintext 5 sent by Alice is received as plaintext 5 by Bob.
154
Example 5
Jennifer creates a pair of keys for herself. She chooses p = 397 and q = 401. She calculates n = 159,197 and = 396 · 400 = 158,400. She then chooses e = 343 and d = 12,007. Show how Ted can send a message to Jennifer if he knows e and n.
155
Example 5
SolutionSuppose Ted wants to send the message “NO” to Jennifer. He changes each character to a number (from 00 to 25) with each character coded as two digits. He then concatenates the two coded characters and gets a four-digit number. The plaintext is 1314. Ted then uses e and n to encrypt the message. The ciphertext is 1314343 = 33,677 mod 159,197. Jennifer receives the message 33,677 and uses the decryption key d to decipher it as 33,67712,007 = 1314 mod 159,197. Jennifer then decodes 1314 as the message “NO”. Figure 30.25 shows the process.
156
Example 5
157
1. Alice wants to send a cellphone text message to Bob securely, over an insecure communication network. Alice's cellphone has a RSA public key KA and
matching private key VA; likewise, Bob's cellphone has KB and VB. Let's design a cryptographic protocol for doing this, assuming both know each other's public
keys. Here is what Alice's cellphone will do to send the text message m:(i) Alice's phone randomly picks a new AES session key k and computes c = RSA-
Encrypt(KB, k), c’ = AES-CBC-Encrypt(k, m), and t = RSA-Sign(VA, (c, c’)).
(ii) Alice's phone sends (c, c’, t) to Bob's phone.
And here is what Bob's cellphone will do, upon receiving (c, c’, t):
(i) Bob's phone checks that t is a valid RSA signature on (c, c’) under public key KA. If not, abort.
(ii) Bob's phone computes k’ = RSA-Decrypt(VB, c) and m’ = AES-CBC-Decrypt(k’, c’).
(iii) Bob's phone informs Bob that Alice sent message m’.
Example 6 - Question
158
Does this protocol ensure the confidentiality of Alice's messages? Why or why not?
Does this protocol ensure authentication and data integrity for every text message Bob receives? Why or why not?
Suppose that Bob is Alice's stockbroker. Bob hooks up the output of this protocol to an automatic stock trading service, so if Alice sends a text message “Sell 100 shares MSFT” using the above protocol, then this trade will be immediately and automatically executed from Alice's account. Suggest one reason why this might be a bad idea from a security point of view.
Example 6 - Question
159
Does this protocol ensure the confidentiality of Alice's messages? Why or why not?
Yes. Since AES-CBC-Encrypt is secure, no one can recover m from c’ without knowledge of k. Also, since RSA-Encrypt is secure, only someone who knows KB—namely, Bob—can recover k.
Does this protocol ensure authentication and data integrity for every text message Bob receives? Why or why not?
Yes. Since RSA-Sign is secure, if (c, c’) passes step 1, then only someone who knew vA—namely, Alice—could have sent (c, c’). Now (c, c’) uniquely determines m, the message that Alice wanted to send.Conclusion: If Bob accepts m in step 3, then Alice sent m.
Example 6 - Answer
160
Suppose that Bob is Alice's stockbroker. Bob hooks up the output of this protocol to an automatic stock trading service, so if Alice sends a text message “Sell 100 shares MSFT” using the above protocol, then this trade will be immediately and automatically executed from Alice's account. Suggest one reason why this might be a bad idea from a security point of view.
No protection against replays. An active attacker could replay a valid ciphertext from Alice 10 times, causing 1000 shares to be sold—even though Alice only wanted 100 sold. Denial-of-service. An active attacker could prevent Alice’s ciphertext from reaching Bob. Since Alice doesn’t receive any acknowledgement, she will think her trade was executed, when it actually wasn’t. If Alice’s cellphone is lost or stolen, then its new owner can cause trades to be executed from Alice’s account without Alice’s authorization. [It suffices for you to mention any one of these problems.]
Example 6 - Answer
161
How Do You Want Protect Your Network System
Thank YouSee You Next Week
Have A Nice Weekend