Cryptography: Securing the Information Age

Source: www.aep.ie/product/ technical.html

"If you think cryptography can solve your problem, then you don't understand your problem and you don't understand cryptography." -- Bruce Schneider

Essential Terms

• Cryptography• Encryption

Plain text Cipher text• Decryption

Cipher text Plain text• Cryptanalysis• Cryptology

Source: http://www.unmuseum.org/enigma.jpg

Information Security for…

•Defending against external/internal hackers•Defending against industrial espionage•Securing E-commerce•Securing bank accounts/electronic transfers•Securing intellectual property•Avoiding liability

Types of Secret Writing

Secret writing

Steganography Cryptography

Our Concern..

Secret writing

Steganography Cryptography

Substitution Transposition

Code

Cipher

Copyright 1999 Jay D. DysonAll right reserved

Overview of Cryptography

• Cryptography is an often misunderstood and misused security tool. Today more than ever, privacy is a necessary part of business communications. The following is an overview of public key cryptography and one of its more widely-used implementations, Pretty Good Privacy (PGP).

What is Cryptography?

Overview of cryptography.. Terminology:

Cryptographic/Cipher System - A method of disguising a message so only authorized users may read it.Cryptology - The study of cryptography.Encryption - The process of converting plaintext into cipher text.Decryption - The process of converting cipher text back to its original plaintext.Cryptographic Algorithm - The computational procedure used to encrypt and decrypt messages. Cryptanalysis - The process of finding a weakness in, or actual breaking of, a cryptographic system.

• The simplest and oldest way to send a secret message to someone. The code must be known to the sender or recipient.

Types of Cryptographic SystemsSecret Codes

Code Phrase True Meaning

My coffee is cold

Pass the cream

Launch the missiles

Don’t launch the missiles

Types of Cryptographic SystemsCiphers

• Substitution ciphers are the simplest type of cipher system.

• Each letter of the alphabet is assigned to a number or different letter.

• ROT13 is a commonly used cipher.

A B C D E F G H I J K L M

1 2 3 4 5 6 7 8 9 A B C . . .

Types of Cryptographic SystemsOne-Time Pads

• One-Time Pads uses a different key for a specific time period.

• Truly secure, no patterns evolve.• Most vulnerabilities due to human carelessness.

Copyright 1999 Jay D. DysonAll right reserved

14 07 09 06 10 02 25 13 17 08 15One-Time Pad - Shift each encrypted letter x places to the right

fazmyqbgnkeEncrypted Message

This is a test

Crypto Keys & AlgorithmsGeneral Concepts and Definitions

• As a password is used to access a computer system, a cryptographic key is a password or passphrase that is used to unlock an encrypted message.

• Different encryption systems offer different key lengths - Just as a longer password provides more security (Windows NT excluded) the longer and more complex the key is, the more security an encryption system provides.

• A cryptographic algorithm is a mathematical function used for encryption and decryption. Most algorithms contain a certain number of “rounds.” This determines how many times the text will be run through the algorithm

Cryptographic MethodsSecret Key (symmetric) Cryptography

• A single key is used to both encrypt and decrypt a message. A secure channel must be in place for users to exchange this common key.

Plaintext Message

Secret Key

Encrypted Message

Secret Key

Cryptographic MethodsPublic Key (asymmetric) Cryptography• Two keys are used for this method, the public

key is used to encrypt. The private key is used to decrypt. This is used when it isn’t feasible to securely exchange keys.

Jay’s Public Key

Jay’s Private Key

Frank Encrypted

Message

Clear Text

Cryptographic MethodsOne-Way Functions

• One-way functions:Used to generate a fixed-length hash (also known as a message-digest) of a file. This hash is essentially a ‘digital fingerprint’ of the file that would be sent along with a document. The recipient would use the same method to generate a hash. If the hashes do not match the file has been altered.

Message Crypto-Algorithm

5058f1af8388633f609cadb75a75dc9d128 bit digital fingerprint

Private vs. public Cryptography

• Private (symmetric, secret) key – the same key used for encryption/decryption

• Problem of key distribution

• Public (asymmetric) key cryptography – a public key used for encryption and private key for decryption

• Key distribution problem solved

Currently Available Crypto Algorithms (private key)

• DES (Data Encryption Standard) and derivatives: double DES and triple DES

• IDEA (International Data Encryption Standard)• Blowfish• RC5 (Rivest Cipher #5)• AES (Advance Encryption Standard)

Currently Available Crypto Algorithms (public key)

• RSA (Rivest, Shamir, Adleman)• DH (Diffie-Hellman Key Agreement Algorithm)• ECDH (Elliptic Curve Diffie-Hellman Key Agreement

Algorithm) • RPK (Raike Public Key)

Simplified-DES

• Popularly called S-DES• Very simple• Uses a 10bit key to encrypt an 8bit data block• Formed the basis of DES• Provide a low grade of security• Hence not much secure

Data Encryption Standard(DES)

• Most widely used private key cryptographic technique

• Was not feasible to crack till 1980’s• Encrypts 64bit data block with 56bit key• Contains many permutation functions hence making

it more and more complex.• Paved way for double, triple and advanced DES

RSA

• Developed by Rivest, Shamir and Adleman• Uses a pair of public and private key• Very much secure and efficient• Simple approach• Security based on the fact that factorizing n to get p

and q is very difficult if n is a large number(>5digits)

Private-key versus public-key cryptography

• Prime advantage of public-key cryptography is increased security - the private keys do not ever need to be transmitted or revealed to anyone.

• Public key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure.

• Example RSA and DES are usually combined as follows• 1. The message is encrypted with a random DES key• 2. DES-key is encrypted with RSA• 3. DES-encrypted message and RSA-encrypted DES-key are

sent.This protocol is called RSA digital envelope.

DES vs. RSA

• RSA is about 1500 times slower than DES– Exponentiation and modulus

• Generation of numbers used in RSA can take time

• Generally infeasible to crack RSA with limited resources and time– http://www.rsasecurity.com/rsalabs/challenges/factoring/numbers.html

Pretty Good Privacy (PGP)Overview & History

• PGP is a personal high-security cryptographic software application that allows people to exchange messages or files with privacy, authentication, and convenience. PGP can be used to encrypt and digitally sign files and e-mail.

• Developed by Phil Zimmerman in the mid ‘80s.• First version released on the Internet in 1991; got

immediate NSA attention and encountered legal issues on its use of RSA and Merkle-Hellman cryptography patents.

• Purchased by ViaCrypt in 1993 (they had RSA license). Re-released in 1994 with RSAREF toolkit license.

• Purchased by Network Associates in 1998.

PGP (Pretty Good Privacy) a hybrid encryption technology• Message is encrypted using a private key

algorithm (IDEA or DES as previously used)• Key is then encrypted using a public key algorithm

(RSA)• For file encryption, only IDEA algorithm is used• PGP is free for home use

Authentication and Digital Signatures

• Preventing impostor attacks• Preventing content tampering• Preventing timing modification• Preventing repudiation

By:• Encryption itself• Cryptographic checksum and hash functions

Digital Signatures

• Made by encrypting a message digest (cryptographic checksum) with the sender’s private key

• Receiver decrypts with the sender’s public key (roles of private and public keys are flipped)

Benefits of Cryptographic Technologies

• Data secrecy• Data integrity • Authentication of message

originator• Electronic certification and digital

signature• Non-repudiation

Potential Problems with Cryptographic Technologies?

• False sense of security if badly implemented• Government regulation of cryptographic

technologies/export restrictions• Encryption prohibited in some countries

How Secure are Today’s Technologies?

• $250,000 machine cracks 56 bit key DES code in 56 hours

• IDEA, RC5, RSA, etc. resist complex attacks when properly implemented

• distributed.net cracked 64 bit RC5 key (1,757 days and 331,252 people) in July, 2002

• A computer that breaks DES in 1 second will take 149 trillion years to break AES!

• Algorithms are not theoretically unbreakable: successful attacks in the future are possible

How Secure are Today’s Technologies?

• Encryption does not guarantee security!• Many ways to beat a crypto system NOT dependent

on cryptanalysis, such as:– Viruses, worms, hackers, etc.– TEMPEST attacks,– Unauthorized physical access to secret keys

• Cryptography is only one element of comprehensive computer security

• Source: The Gartner Group

What is to be done?

The Gartner Group recommends:

• Develop migration plans to stronger crypto.• Begin implementation of modified and stronger

algorithmic techniques.

Your questions are welcome!

Presented by:-

Akshay kumarEkta raghavHimanshu chaudhary