Scribd
Upload
32 views19 pages

Class 1 A

The document introduces basic principles of cryptography, emphasizing the importance of randomness, the relativity of security to adversarial resources, and Kerckhoffs' principle which states that security should not rely on obscurity. It discusses how modern cryptography secures digital information against attacks and highlights the necessity of public review for cryptographic designs. The document also uses analogies from the physical world to explain security concepts.

Uploaded by

dofape5196
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views19 pages

Class 1 A

The document introduces basic principles of cryptography, emphasizing the importance of randomness, the relativity of security to adversarial resources, and Kerckhoffs' principle which states that security should not rely on obscurity. It discusses how modern cryptography secures digital information against attacks and highlights the necessity of public review for cryptographic designs. The document also uses analogies from the physical world to explain security concepts.

Uploaded by

dofape5196
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Introduction: Basic Principles

Carla Ràfols

CS2425 - Session 1a

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 1 / 16


This course...

Introduction to cryptographic algorithms, including:

Most widely used and deployed ones;

Give tools to reason about security;

Understand basic design principles.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 2 / 16


Cryptography IS
kryptos + graphein = hidden writing

Modern cryptography involves the study of mathematical/algorithmic


techniques for securing digital information, systems and distributed
computations against adversarial attacks.

Originally more focus on military aspects, it is everywhere: pwds, online


shopling, download updates for your OS, cryptocurrencies.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 3 / 16


Cryptography is NOT:

the solution to all security problems;

reliable unless implemented and used properly;

something that you should try to invent yourself, as there are many and many
examples of broken ad-hoc designs.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 4 / 16


What is Security?

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 5 / 16


What is Security?

In many everyday situations, there are ”physical ways”to ensure ”security”.


(a) Voting;
(b) Signing a document;
(c) Locking houses, bikes, etc;
(d) Playing Roulette or Bingo, lottery;
(e) Auctions;
(f) Public Record, ...

Security = means different things in different contexts, usually we have in


mind some “model” of something that should be impossible to do.
Cryptographic Algorithms allow to construct digital analogues of these
”protocols”, sometimes even with stronger security guarantees.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 6 / 16


An example: The bikeshop

We can get inspiration from the physical world to reason about security:

Is this bike secure?

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 7 / 16


An example: The bikeshop
Secure=“bike cannot be stolen”but, for example, bike could be destroyed.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 8 / 16


An example: The bikeshop
Secure=“bike cannot be stolen”but, for example, bike could be destroyed.
Secure = secure against attackers with certain objectives.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 8 / 16


An example: The bikeshop
Secure=“bike cannot be stolen”but, for example, bike could be destroyed.
Secure = secure against attackers with certain objectives.

Security is relative to the resources of the adversary and more security is


expensive;

We assume the attacker (thief) knows how the locks work.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 8 / 16


An example: The bikeshop
Secure=“bike cannot be stolen”but, for example, bike could be destroyed.
Secure = secure against attackers with certain objectives.

Security is relative to the resources of the adversary and more security is


expensive;

We assume the attacker (thief) knows how the locks work.

The advantage of the honest party (owner) is the key, that makes a difficult
problem (opening a lock) easy;
Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 8 / 16
Security in the Digital World

Key = secret, random information;

For honest parties it should be easy to do something that is hard to do for


attackers.

Difficult/ easy = not efficient/ efficient;

Resources = computational power ⇒ money.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 9 / 16


Basic Principles of Cryptography

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 10 / 16


Basic Principles

1 P1: Randomness is crucial.

2 P2: Security is relative to the computational resources of the adversary.

3 P3: Kerchkoffs Principle or No Security by Obscurity.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 11 / 16


Basic Principle 1

The key is secret and an attacker cannot guess it.


Assumption: there are too many possibilities for the key.
The key must be sufficiently random!
Randomness plays a crucial role in cryptography.

Basic Principle 1: Randomness is crucial.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 12 / 16


An easy way to program random
numbers by xkcd comics :-)

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 13 / 16


Basic Principle 2
How much time does it take in the worst case to find a password if:
(a) The password is a 4 numbers.
(b) The password is a 12 English Letters or numbers.
Security depends on how much computational effort we assume the adversary
can do or is willing to do.
For example, it is not rational for an adversary to invest millions to break the
security of an RFID tag.
For simplicity, we do not assume adversaries to be rational and we just say
that a protocol is secure if no efficient attacks are known.

Basic Principle 2: Security is relative to the computational resources of the


adversary.
To simplify, we say that a cryptographic algorithm is secure if no efficient attacks
are known.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 14 / 16


Basic Principle 3: Kerchkoffs principle
No Security by Obscurity
Kerckhoffs’ principle: assume that the attacker knows how the algorithms
work, he just does not have the key;

(Kerchkoff’s Principle, 1883): Design your cryptographic schemes to be secure


against an attacker that knows how they work.
Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 15 / 16
No Security By Obscurity

Kerckhoffs’ principle is understood as fostering that cryptographic designs be


made completely public in contrast to the notion of “security by obscurity”
which suggests that keeping algorithms secret improves security.

Lessons:
very dangerous to use a proprietary, “home-brewed” algorithm;
published designs undergo public review and are therefore likely to be stronger.

Carla Ràfols Introduction to Cryptography and Security CS2425 - Session 1a 16 / 16

You might also like