Modern Guiding Principles in Cryptography

Loading...

Do curso por University of Colorado System

Classical Cryptosystems and Core Concepts

66 classificações

Explore Related Videos

At Coursera, you will find the best lectures in the world. Here are some of our personalized recommendations for you

University of Colorado System

Classical Cryptosystems and Core Concepts

66 classificações

Curso 1 de 4 em Specialization Introduction to Applied Cryptography

Welcome to Introduction to Applied Cryptography. Cryptography is an essential component of cybersecurity. The need to protect sensitive information and ensure the integrity of industrial control processes has placed a premium on cybersecurity skills in today’s information technology market. Demand for cybersecurity jobs is expected to rise 6 million globally by 2019, with a projected shortfall of 1.5 million, according to Symantec, the world’s largest security software vendor. According to Forbes, the cybersecurity market is expected to grow from $75 billion in 2015 to $170 billion by 2020. In this specialization, you will learn basic security issues in computer communications, classical cryptographic algorithms, symmetric-key cryptography, public-key cryptography, authentication, and digital signatures. These topics should prove especially useful to you if you are new to cybersecurity Course 1, Classical Cryptosystems, introduces you to basic concepts and terminology related to cryptography and cryptanalysis. It is recommended that you have a basic knowledge of computer science and basic math skills such as algebra and probability.

Na lição

Cryptographic Tidbits

In this module we present an introduction to cryptography, differentiate between codes and ciphers, describe cryptanalysis, and identify the guiding principles of modern cryptography. After completing this course you will be able to read material related to cryptographic systems, understanding the basic terminology and concepts. You will also have an appreciation for the historical framework of modern cryptography and the difficulty of achieving its aims.

Modern Guiding Principles in Cryptography12:08

Conheça os instrutores

William Bahn
Lecturer
Computer Science
Richard White
Assistant Research Professor
Computer Science
Sang-Yoon Chang
Assistant Professor
Computer Science

Now that we have an historical context for cryptography and cryptanalysis, and

have been exposed to many of the terms and concepts involved, we turn our

attention to summarizing some of the key lessons that history has taught us and

laying out the foundation for modern cryptographic systems.

Perhaps the core principle adhered to by modern cryptography is captured by

Kerckhoffs' Principle, which essentially states that a cryptosystem should remain

secure, even if the adversary knows every detail of the system, except the key.

This underscores the need to safeguard the security of the key,

which opens its own Pandora's box of complications.

Included in this is the key distribution problem, the resulting desirability of

public key cryptosystems and the need and role for trusted third parties.

One thing that is frequently overlooked, often with disastrous consequences,

are how human factors impact the practical security of a cryptosystem.

Each of these topics will be covered in greater depth as needed in later modules

and other courses.

The goal here is to establish a general framework encompassing all of them for

future work to build upon.

We saw that throughout the vast majority of history,

the security of cryptosystems relied on the entire system remaining secret from

the enemy, a practice now known as security through obscurity.

Once the workings of the algorithm became known, the residual security provided by

whatever key remained, was minimal and easily defeated.

As a result, the entire cryptosystem had to be discarded, and a new one deviced.

In examining the history of cryptographic failures, the Dutch cryptographer,

Auguste Kerckhoffs, laid out a set of design principles in 1883 that should

guide the design of cyphersystems.

One of these principles was that the system should be easy to use,

and not require the user to know or comply with long lists of rules.

Consider how violating this principle with regards to the Enigma machine

changed the course of World War II more than half a century later.

Another of Kerckhoffs' design principles is so

critically important that it, by itself, is now known as Kerckhoffs' Principle.

This principle merely states that the design of the cryptosystem should

not require secrecy and

that the system should remain secure even if its design falls into enemy hands.

This is often expressed by saying that you should be able to turn over

all of your design documents to your enemy and

pay them to build your cipher machines for you.

A major advantage of complying with this principle is that instead of relying on

the expertise of a small handful of people to test the security of a cryptosystem,

which is done by trying to find clever ways to break it,

the design can be made public.

And now millions of highly skilled people can try to find weaknesses and

publish those results.

At first glance, this might seem the very essence of insanity,

as it would appear that you're making your enemy's job that much easier.

The thing to remember is that you should assume that your enemy is willing to put

many times the resources available to you at work to break your system.

And that they have access to people at least as talented as any of yours.

Hence, if there are weaknesses that your small team of experts missed,

your enemy is probably going to find them.

But if the entire world is looking at your design,

then it becomes highly unlikely that any significant weaknesses discovered by your

enemy isn't also going to be discovered by several other people and made public,

thus giving you the opportunity to revise your design and remove that weakness.

This is why it's become quite common for the designers of cryptographic algorithms

to issue public challenges, sometimes with prizes worth millions of dollars,

to the first person that can break the system,

and some of these prizes have been successfully claimed.

Kerckhoffs also recognized that a direct consequence of this principle is that

the security of the system must therefore rest in the security of a key, and

that this key should be as simple and small as possible.

It should be easily communicated, and

the parties should be able to change it as needed.

One thing that Kerckhoffs didn't directly address,

most likely because in his time cyphers were used on very small scales compared

to what became commonplace in the 20th century with the advent

of industrial scale cryptography, is know as the key distribution problem.

This problem reflects the difficulty of generating sufficient key material,

securely distributing it to the parties that need it, and

being able to detect when and if there's been a compromise.

We've previously considered the inability of the Soviet Union to

keep pace with its need for one time pads in World War II, and how this resulted in

significant breaks into their top secret traffic via project Venona.

Let's consider how the number of keys needed grows as the scope

of a cryptosystem grows.

If you have end users,

then the greatest security is achieved if each pair of users has a unique key.

A strong advantage of using such pairwise keys is that if a key is compromised,

it only endangers the traffic between that pair of individuals,.although

this could be parlayed into additional key breaches.

Because the benefit to the enemy of compromising one key is minimal,

the resources that they're likely to put into the effort is likewise probably going

to be limited.

But this only true if it is feasible to properly manage all of the keys.

With N participants each needing N- 1 keys to communicate with the other people,

the total number of keys that you need is on the order of N squared.

If you have a small team of operatives, say 10, then you only need about 50 keys,

and this is not too unreasonable.

But today we need to secure communication networks that have literally millions of

users, some human and some not, such as communication relays and

in-place sensor networks.

For the best security, you would want every pair of users to have their own key,

but 1 million users would require 1 trillion keys.

And then somehow you would need to distribute 1 million of these keys

to each of 1 million users.

This is completely unmanageable, and 1 million nodes is small compared to

something the scope of the global information grid.

An alternative is to have large groups of users share a common key,

to reduce the total number of keys to a manageable level.

The problem here is that the the larger the group,

the more valuable a key compromise becomes to your adversary, and

hence the greater the resources they may commit to the effort.

This is an addition to the fact that just having the key known to a larger group of

people, increases the likelihood that someone is going to get careless and

exposed the key.

Furthermore, it becomes increasing likely that any bridge that does happen, will not

be detected by the other users, who will continue using the compromised key.

About the only thing worse than your key becoming known to your enemy is for

you not to know that it has.

No one has yet devised a truly practical and

scalable solution to the key distribution problem.

But in the mid 1970s, a revolutionary alternative was developed independently

by both classified and unclassified researchers.

The basic idea stems from asking whether it was possible to

use secrets that didn't have to be shared.

Something that had previously not even been considered,

since its absurdity would have seemed obvious.

It was taken as a given that secret communications relied on shared secrets,

now known as symmetric keys.

But let's rephrase the question slightly as two separate questions.

First, is it possible to use two different but related keys, such

that two people can communicate securely as long as each one has one of the keys.

This is what is known as asymmetric cryptography.

Second, if this is possible, we then ask, is it possible to make one

of the keys public knowledge without compromising the other key?

If this has a solution, then Alice can generate both keys,

keep one all to herself and

publish the other for Bob to look up, as can even Mallory and everyone else.

As the saying goes, if you want to keep something a secret, never tell anyone.

If two people know a secret, then it's no longer a secret.

This is known as public key cryptography, and it's become perhaps the most single

critical component in today's vibrant online economy.

On one level this would seem to trivially solve the key distribution problem.

Alice can publish her public key in as many ways that she wants, and

Bob only needs to be able to find one of them.

But there's a really big catch,

how does Bob know that the key he finds is really Alice's public key?

Perhaps Mallory made up a pair of keys and published one of those in Alice's name.

Bob has to be able to trust that the key he looks up

really is the one published by Alice.

Whether we are talking about symmetric or

asymmetric cryptography, nearly any practical cryptosystem that operates

on any meaningful scale currently uses some form of trusted third party.

The role of the trusted third party, usually named Trent

in our cast of characters, varies depending on the system.

Consider the case in which Alice and Bob, who don't know each other and

are thousands of miles apart, need to communicate securely.

If they want to use a symmetric cryptosystem,

then they need some way of getting identical copies of a key.

If Alice creates the key, then she needs Trent to deliver the key to Bob.

Alice must trust that Trent will actually deliver the right key to Bob,

will not give the key to anyone else, and

probably that Trent will not retain a copy of the key.

Bob, on the other hand,

must trust that the key that Trent gives him really is the key that Alice provided,

and the Trent didn't give it to anyone else or keep a copy.

If Alice and Bob choose to use an asymmetric cryptosystem,

then they generally rely on Trent to publish the public keys.

So they must trust that Trent will faithfully publish the public key

associated with a given user and trust that Trent has adequately

vetted the identity of the person that provided him with the key,

requesting that he do so.

In addition, if Alice sends Bob her public key directly,

he must assume that it might actually have come from Mallory.

So he contacts Trent and

trusts in him to verify that Alice really is the owner of that key.

Don't worry if you're only getting a general sense for

all of this, that's all that's hoped for

at this point, we've got an entire course devoted to asymmetric cryptography.

The last thing that we want to touch on briefly are what are generally referred

to as human factors.

No system is fool proof, the universe is always producing better fools.

But the security of any system ultimately relies on the users following the rules.

Recall how several breaks in the systems like Enigma stemmed primarily from

human users not following the proper protocols when using the machine.

And these were quite highly skilled and trained operators.

Imagine what would have happened if the system had been widely used by

large numbers of minimally trained users.

Now consider how much of our modern interactions rely on common

everyday people, sometimes even young children, not doing things such as

using their birthday as the password, or not writing down their PIN numbers on

the back of their debit cards, or not clicking on the link in the email with

the urgent message about needing to update their operating system immediately.

We've reached a point in which the computational security of modern

cryptosystems is sufficiently strong, that breaches in security are caused by flaws

in the implementation, sloppy practices on the part of users, or

successfully tricking a user into revealing compromising information.

To recap what we've just learned, modern cryptography relies on some bedrock

principles that have been hard won over the millennia.

The most important is that a cryptosystem isn't secure if its details must hide in

the shadows.

The only thing that should have to remain secret are the particular keys being used,

but managing keys properly is a difficult task that doesn't scale well.

So when possible, we want to use public key systems that eliminate

much of the need to securely distribute keys.

But in any event, for the foreseeable future we

will be relying on trusted third parties for critical aspects of our operations.

But how do such parties establish and maintain that trust,

given that they are as exposed to the same human fact weaknesses as the rest of us.

Explore nosso catálogo

Registre-se gratuitamente e obtenha recomendações, atualizações e ofertas personalizadas.

O Coursera proporciona acesso universal à melhor educação do mundo fazendo parcerias com as melhores universidades e organizações para oferecer cursos on-line.

© 2019 Coursera Inc. Todos os direitos reservados.

Baixar na App Store

Baixar no Google Play