[2] Cryptographic Tools
Symmetric Encryption : single-key encryption
- plaintext : original message
- encryption algorithm
- secret key
- ciphertext : scrambled message
- decryption algorithm
2 requirements
- encryption algorithm : Block Ciphers
- secret key shared by sender and recipient
@Block Ciphers
- planetext, ciphertext, key size
- 1) Data Encryption Standard (64, 64, 56)
- 2) 3DES (64, 64, 112/168)
- 3) Advanced Encryption Standard (128, 128, 128/192/256)
Attacking Symmetric Encryption
- brute-force attack 무차별적 대입 (56 비트 키는 약 10시간이면 뚫린다)
- cyptanalysis 암호학적 분석
Message Authentication (against falsification and transactions) : Veryfing received message is authentic
authentic의 조건
- contents unaltered
- is from authentic source
- timely in correct sequence
순서 확인 방법
1. conventional encryption (key)
2. separate authentication mechanism (key + tag)
- Message Authentication Code
secret key to generate a small block of data
메시지와 블럭을 같이 보냄
- One Way Hash Function
no secrete key as input, instead send message digest
(variable-size message) -> fixed-size message
복호화 불가능
Hash Function Requirements
impossible to prove
x such that H(x) = h
y != x such that H(y) == H(x)
(x, y) such that H(x) == H(y)
Public Key Encryption (asymmetric, mathematical functions)
- plaintext
- public key and private key
- encrption algorithm
- ciphertext
- decryption algorithm
Public Key Authentication
- 공개키로 잠근건 개인키로 열고 (authentication)
- 개인키로 잠근건 공개키로 연다 (integrity)
encrypt a small bit block called authenticator
- lower cost, same result
Public Key Requirements
- easy to create key pairs
- easy for sender knowing public key to encrypt
- easy for receiver knowiing private key to decrypt
- impossible to determine PRb by PUb
- impossible to determine message by Pub and ciphertext
Public Key Algorithms
- key exchange algorithm
- RSA
- elliptic curve cryptography
- digital signature standard
Public Key Certifiates
- authenticity of public keys (퍼블릭키로 인증)
public key + user ID singed by a trusted third party
siginature is created by encrypted hash code and CA's private key
- distribute secret keys : digital envelopes
first arrange 없이 secrete키 공유하는 법
1. creation (message M, encrypt E, decrypt D)
- M을 one-time symmetric key로 E -> E1
- 해당 symmetric key를 수신자의 PUb로 E -> E2
- E1와 E2를 모두 전송
2. open (Message M, encrypt E, decrypt D)
- E2를 수신자의 PRb로 D -> D2
- D2로 E1를 D -> D1(M)
Random Numbers (generation of keys)
- Pseudo Random Number Generator (simulation and modeling)
- 랜덤성으로 통계적 기준은 넘지만 예측가능. 효율적이다.
구현
- linear congruential method
- blum blum shub
- ANSI X9.17 PNRG
- True Random Number Generator (lotteries, games, security)
효율은 안좋지만 효과는 제일 좋다
Authentication = user authentication + message authentication
'CS > 정보 보안' 카테고리의 다른 글
| [정보 보안] Malicious Software (6) (0) | 2024.06.22 |
|---|---|
| [정보 보안] 운영체제 보안 (5) (0) | 2024.06.22 |
| [정보 보안] 데이터 베이스 보안 (4) (0) | 2024.06.22 |
| [정보 보안] User Authentication (3) (0) | 2024.06.22 |
| [정보 보안] Computer Security Overview (1) (0) | 2024.06.22 |