se571 security in computing
DESCRIPTION
SE571 Security in Computing. Chap 2: Elementary Cryptography. Chap 2 Examines…. Concepts of encryption Cryptanalysis: how encryption systems are “broken” Symmetric (secret key) encryption and the DES and AES algorithms Asymmetric (public key) encryption and the RSA algorithm - PowerPoint PPT PresentationTRANSCRIPT
SE571Security in Computing
Chap 2: Elementary Cryptography
SE571 Security in Computing Dr. Ogara 2
Chap 2 Examines… Concepts of encryption Cryptanalysis: how encryption systems are
“broken” Symmetric (secret key) encryption and the
DES and AES algorithms Asymmetric (public key) encryption and
the RSA algorithm Key exchange protocols and certificates Digital signatures Cryptographic hash functions
SE571 Security in Computing Dr. Ogara 3
Common Terminologies Cryptography - practice and study of
hiding information/using encryption to conceal text
Cryptoanalysis - to find some weakness or insecurity in a cryptographic scheme
Cryptology - research into and study of encryption and decryption; it includes both cryptography and cryptanalysis
SE571 Security in Computing Dr. Ogara 4
Common Terminologies Decryption – the method of turning cipher
text back into plaintext Encryption algorithm – set of rules or
procedures that dictates how to encrypt and decrypt data, also called an encryption cipher
Encryption – method of transforming data (plaintext) into an unreadable format
Plaintext – the format(usually readable) of data before encrypted
SE571 Security in Computing Dr. Ogara 5
Common Terminologies Ciphertext – the scrambled format of
data after being encrypted Key – a value used in the encryption
process to encrypt and decrypt/ also called cryptovariable
SE571 Security in Computing Dr. Ogara 6
Encryption
SE571 Security in Computing Dr. Ogara 7
Symmetric Encryption Uses one key for both encryption and
decryption Receiver and sender share same key
(private key) to lock and unlock Also called private key encryption Must securely distribute keys to other
parties
SE571 Security in Computing Dr. Ogara 8
Symmetric Encryption Anyone with key can either encrypt or
decrypt (similar to password) Very fast to encrypt or decrypt Provides authentication as long as key
remains secret Problem
• How do A and B obtain their shared secret key?
• Key distribution is e.g. n users communicating in pairs need n*(n-1)/2 keys
SE571 Security in Computing Dr. Ogara 9
Asymmetric Encryption Receiver and sender have two keys –
public and private Public key can be sent in an e-mail
message or posted in a public directory
Public key used to encrypt and private key to decrypt or vise-versa
Requires a lot of resources
SE571 Security in Computing Dr. Ogara 10
Asymmetric and Symmetric Encryption
Secret Key (Symmetric)
Public Key (Asymmetric)
No. of keys 1 2Protection of keys
Must be kept secret One key must be kept secret; the other can be freely exposed
Best uses Cryptographic workhorse; secrecy and integrity of data—single characters to blocks of data, messages, files
Key exchange, authentication
Key distribution
Must be out-of-band Public key can be used to distribute other keys
Speed Fast Slow
SE571 Security in Computing Dr. Ogara 11
Encryption
SE571 Security in Computing Dr. Ogara 12
Cryptanalysis attempts to do six things…
break a single message recognize patterns in encrypted
messages, to be able to break subsequent ones by applying a straightforward decryption algorithm
infer some meaning without even breaking the encryption, such as noticing an unusual frequency of communication or determining something by whether the communication was short or long
SE571 Security in Computing Dr. Ogara 13
Cryptanalysis attempts to do six things…
deduce the key, to break subsequent messages easily
find weaknesses in the implementation or environment of use of encryption
find general weaknesses in an encryption algorithm, without necessarily having intercepted any messages
SE571 Security in Computing Dr. Ogara 14
Forms of Ciphers Confusion (substitution)
• One letter is exchanged for another• Basis of many cryptographic algorithms used
for diplomatic communication through the first half of the twentieth century
• Basis for some widely used commercial-grade encryption algorithms
• Examples: Ceasar cipher One-Time Pad The Vernam cipher
SE571 Security in Computing Dr. Ogara 15
Forms of Ciphers Diffusion (Transposition)
• Order of the letters is rearranged• Basis for some widely used commercial-
grade encryption algorithms• Goal - widely spread the information from
the message or the key across the ciphertext (diffusion)
• Also known as permutation (rearrangement of symbols of a message)
SE571 Security in Computing Dr. Ogara 16
Ceasar cipher Romans used a shift cipher called Ceasar
cipher Shift ciphers simply shift characters in an
alphabet
Advantages• Easy to memorize and implement
Disadvantage• Pattern is obvious
SE571 Security in Computing Dr. Ogara 17
One-Time Pads Large, non-repeating set of keys is
written on sheets of paper, glued together into a pad
Requires a prearranged chart called Vigenere table (contains 26 letters in each column in some scrambled order)
Receiver needs a pad similar to the sender
SE571 Security in Computing Dr. Ogara 18
One-Time Pads Example:
• Message has 300 characters in length • Keys are 20 characters long• Sender needs 15 pages of keys• Sender writes keys one at a time above the
letters of plain text • Sender encipher plain text with Vigenere
chart• Receiver uses appropriate number of keys
to decipher message
SE571 Security in Computing Dr. Ogara 19
One-Time Pads Problems
• Requires absolute synchronization between sender and receiver
• Difficult to store and account for the keys
SE571 Security in Computing Dr. Ogara 20
The Vernam Cipher Developed by Gilbert Vernam for AT&T Is immune to most cryptanalytic attacks Uses long non-repeating sequence of
numbers that are combined with the plaintext Used long punched paper tape that fed into a
teletype machine Tape contained random numbers that were
combined with characters typed into the teletype
sequence of random numbers had no repeats, and each tape was used only once
SE571 Security in Computing Dr. Ogara 21
The Vernam Cipher
SE571 Security in Computing Dr. Ogara 22
The Vernam Cipher - Example Plain text - VERNAM CIPHER Ciphertext - tahrsp itxmab
SE571 Security in Computing Dr. Ogara 23
Columnar Transposition Plaintext characters are rearranged
into columns Example:
• Plain text - THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS
• Ciphertext - tssoh oaniw haaso lrsto imghw utpir seeoa mrook istwc nasns
SE571 Security in Computing Dr. Ogara 24
Columnar Transposition
SE571 Security in Computing Dr. Ogara 25
Characteristics of Good Ciphers The amount of secrecy needed
should determine the amount of labor appropriate for the encryption and decryption
The set of keys and the enciphering algorithm should be free from complexity
SE571 Security in Computing Dr. Ogara 26
Characteristics of Good Ciphers The implementation of the process
should be as simple as possible Errors in ciphering should not
propagate and cause corruption of further information in the message
The size of the enciphered text should be no larger than the text of the original message
SE571 Security in Computing Dr. Ogara 27
Properties of Trustworthy Encryption Systems
It is based on sound mathematics It has been analyzed by competent
experts and found to be sound It has stood the test of time
SE571 Security in Computing Dr. Ogara 28
Stream and Block Ciphers Stream ciphers - encrypt one bit or
character or symbol of plaintext into bit or symbol of Ciphertext at a time e.g. diffusion
Block ciphers encrypt a group of plaintext symbols as one block e.g. columnar transposition
Block ciphers can effectively act as a stream cipher
SE571 Security in Computing Dr. Ogara 29
Stream and Block CiphersStream ciphers
Block ciphers
SE571 Security in Computing Dr. Ogara 30
Advantages of Stream Ciphers Speed of transformation - the time to
encrypt a symbol depends only on the encryption algorithm itself, not on the time it takes to receive more plaintext
Low error propagation - error in the encryption process affects only a character
SE571 Security in Computing Dr. Ogara 31
Disdvantages of Stream Ciphers Low diffusion - Each symbol is separately
enciphered. Therefore, all the information of that symbol is contained in one symbol of the ciphertext.
Susceptibility to malicious insertions and modifications - Because each symbol is separately enciphered, an active interceptor who has broken the code can splice together pieces of previous messages and transmit a spurious new message that may look authentic.
SE571 Security in Computing Dr. Ogara 32
Advantages of Block Ciphers High diffusion - Information from the
plaintext is diffused into several ciphertext symbols. One ciphertext block may depend on several plaintext letters
Immunity to insertion of symbols - Because blocks of symbols are enciphered, it is impossible to insert a single symbol into one block. The length of the block would then be incorrect, and the decipherment would quickly reveal the insertion
SE571 Security in Computing Dr. Ogara 33
Disdvantages of Block Ciphers Slowness of encryption - The person
or machine using a block cipher must wait until an entire block of plaintext symbols has been received before starting the encryption process
Error propagation - An error will affect the transformation of all other characters in the same block
SE571 Security in Computing Dr. Ogara 34
Three commonly used encryption schemes
DES – Data Encryption Standards AES – Advanced Encryption
Standards RSA – Rives-Shamir-Adelman
Encryption
SE571 Security in Computing Dr. Ogara 35
DES Developed by U.S government for
general public (adopted in 1976) Based on data encryption algorithm
developed by IBM Combines two fundamental building
blocks of encryption – substitution and transposition
Uses only standard arithmetic and logical operations on numbers up to 64 bits long
SE571 Security in Computing Dr. Ogara 36
Double and Tripple DES Lack of trust with DES 56-bit key length Development of double encryption for
greater secrecy Two keys perform two encryptions thus
making it hard to unlock [C=E(k2, E(k1,m))]
Unfortunately the assumption is false Three keys adds significant strength [C
= E(k3, E(k2, E(k1,m)))]
SE571 Security in Computing Dr. Ogara 37
Double and Tripple DES 1997 researchers using over 3,500
machines in parallel were able to infer a DES key in four months’ work
1998 for approximately $100,000, researchers built a special “DES cracker” machine that could find a DES key in approximately four days
Hence need for better and stronger algorithm
SE571 Security in Computing Dr. Ogara 38
AES Algorithm is called Rijndael – named
after the two creators (Vincent Rijmen and Joan Daemen)
Adopted in 2001 Uses substitution; transposition; and
the shift, exclusive OR, and addition operations
Keys based on 128, 192 and 256 bits
SE571 Security in Computing Dr. Ogara 39
AES Does it have flaws? How long will it remain sound? Cryptanalysts have not found any
flaws yet
SE571 Security in Computing Dr. Ogara 40
Rives-Shamir-Adelman Encryption (RAS)
Public key system introduced in 1978 Named after three inventors Uses two keys for encryption and
dceryption
SE571 Security in Computing Dr. Ogara 41
Four applications of encryption Hash functions Key exchange Digital signatures Certificates
SE571 Security in Computing Dr. Ogara 42
Hash Functions Important for integrity Put a shield or seal around a file by
computing a cryptographic function called hash or checksum or message digest of a file
Examples:• MD4, MD5 (Message Digest) – produce 128 bit• SHA/SHS (Secure Algorithm or Standards) –
produce 160-bit digest
SE571 Security in Computing Dr. Ogara 43
Key exchange Example: Web browser connecting to
shopping website Encrypted session must be established S = sender of protected information R = receiver of protected information Establish assurance that information
came from S Public key cryptography can help here
SE571 Security in Computing Dr. Ogara 44
Key exchange Use lockboxes and keys S puts protected information into lockbox
that can be opened by S public key S puts lockbox into another one that can
be opened by ONLY by R’s private key R uses private key to open outer box and
S public key to open inner box (proof it came from S)
SE571 Security in Computing Dr. Ogara 45
Diffie–Hellman key exchange protocol
Does not require preshared public keys S and R uses simple arithmetic to exchange
a secret They agree on field number n and starting
number g Each thinks of a secret number, say, s and r. S sends to R gs and R sends to S gr. Then S computes (gr)s and R computes (gs)r,
which are the same, so grs = gsr becomes their shared secret.
SE571 Security in Computing Dr. Ogara 46
Digital Signatures Provide reliable means to ensure the
origin of data Cryptographic hash codes are used to
support digital signatures Cryptographic hash codes offer a
fast, fairly reliable way of determining whether a piece of data has been modified between sender and receiver
SE571 Security in Computing Dr. Ogara 47
Digital Signatures It must be unforgeable It must be authentic It is not alterable It is not reusable
SE571 Security in Computing Dr. Ogara 48
Public Key Encryption Ideally suited to digital signatures If S wishes to send M to R, S uses the
authenticity transformation to produce D(M, KS). S then sends D(M, KS) to R. R decodes the message with the public key transformation of S
SE571 Security in Computing Dr. Ogara 49
Cetificates Binds a public key and users’ identity Signed by Certificate of Authority (CA) Example – Two people Edward posts his public key in public but
retains private key Diana creates public key and includes it into
message with her identity Edward signs (affirms Diana’s public key and
identity) by creating has value and then encrypting message and hash value with private key