se571 security in computing

SE571Security in Computing

Chap 2: Elementary Cryptography

SE571 Security in Computing Dr. Ogara 2

Chap 2 Examines… Concepts of encryption Cryptanalysis: how encryption systems are

“broken” Symmetric (secret key) encryption and the

DES and AES algorithms Asymmetric (public key) encryption and

the RSA algorithm Key exchange protocols and certificates Digital signatures Cryptographic hash functions


Common Terminologies Cryptography - practice and study of

hiding information/using encryption to conceal text

Cryptoanalysis - to find some weakness or insecurity in a cryptographic scheme

Cryptology - research into and study of encryption and decryption; it includes both cryptography and cryptanalysis


Common Terminologies Decryption – the method of turning cipher

text back into plaintext Encryption algorithm – set of rules or

procedures that dictates how to encrypt and decrypt data, also called an encryption cipher

Encryption – method of transforming data (plaintext) into an unreadable format

Plaintext – the format(usually readable) of data before encrypted


Common Terminologies Ciphertext – the scrambled format of

data after being encrypted Key – a value used in the encryption

process to encrypt and decrypt/ also called cryptovariable


Encryption


Symmetric Encryption Uses one key for both encryption and

decryption Receiver and sender share same key

(private key) to lock and unlock Also called private key encryption Must securely distribute keys to other

parties


Symmetric Encryption Anyone with key can either encrypt or

decrypt (similar to password) Very fast to encrypt or decrypt Provides authentication as long as key

remains secret Problem

• How do A and B obtain their shared secret key?

• Key distribution is e.g. n users communicating in pairs need n*(n-1)/2 keys


Asymmetric Encryption Receiver and sender have two keys –

public and private Public key can be sent in an e-mail

message or posted in a public directory

Public key used to encrypt and private key to decrypt or vise-versa

Requires a lot of resources


Asymmetric and Symmetric Encryption

Secret Key (Symmetric)

Public Key (Asymmetric)

No. of keys 1 2Protection of keys

Must be kept secret One key must be kept secret; the other can be freely exposed

Best uses Cryptographic workhorse; secrecy and integrity of data—single characters to blocks of data, messages, files

Key exchange, authentication

Key distribution

Must be out-of-band Public key can be used to distribute other keys

Speed Fast Slow


Encryption


Cryptanalysis attempts to do six things…

break a single message recognize patterns in encrypted

messages, to be able to break subsequent ones by applying a straightforward decryption algorithm

infer some meaning without even breaking the encryption, such as noticing an unusual frequency of communication or determining something by whether the communication was short or long


Cryptanalysis attempts to do six things…

deduce the key, to break subsequent messages easily

find weaknesses in the implementation or environment of use of encryption

find general weaknesses in an encryption algorithm, without necessarily having intercepted any messages


Forms of Ciphers Confusion (substitution)

• One letter is exchanged for another• Basis of many cryptographic algorithms used

for diplomatic communication through the first half of the twentieth century

• Basis for some widely used commercial-grade encryption algorithms

• Examples: Ceasar cipher One-Time Pad The Vernam cipher


Forms of Ciphers Diffusion (Transposition)

• Order of the letters is rearranged• Basis for some widely used commercial-

grade encryption algorithms• Goal - widely spread the information from

the message or the key across the ciphertext (diffusion)

• Also known as permutation (rearrangement of symbols of a message)


Ceasar cipher Romans used a shift cipher called Ceasar

cipher Shift ciphers simply shift characters in an

alphabet

Advantages• Easy to memorize and implement

Disadvantage• Pattern is obvious


One-Time Pads Large, non-repeating set of keys is

written on sheets of paper, glued together into a pad

Requires a prearranged chart called Vigenere table (contains 26 letters in each column in some scrambled order)

Receiver needs a pad similar to the sender


One-Time Pads Example:

• Message has 300 characters in length • Keys are 20 characters long• Sender needs 15 pages of keys• Sender writes keys one at a time above the

letters of plain text • Sender encipher plain text with Vigenere

chart• Receiver uses appropriate number of keys

to decipher message


One-Time Pads Problems

• Requires absolute synchronization between sender and receiver

• Difficult to store and account for the keys


The Vernam Cipher Developed by Gilbert Vernam for AT&T Is immune to most cryptanalytic attacks Uses long non-repeating sequence of

numbers that are combined with the plaintext Used long punched paper tape that fed into a

teletype machine Tape contained random numbers that were

combined with characters typed into the teletype

sequence of random numbers had no repeats, and each tape was used only once


The Vernam Cipher


The Vernam Cipher - Example Plain text - VERNAM CIPHER Ciphertext - tahrsp itxmab


Columnar Transposition Plaintext characters are rearranged

into columns Example:

• Plain text - THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS

• Ciphertext - tssoh oaniw haaso lrsto imghw utpir seeoa mrook istwc nasns


Columnar Transposition


Characteristics of Good Ciphers The amount of secrecy needed

should determine the amount of labor appropriate for the encryption and decryption

The set of keys and the enciphering algorithm should be free from complexity


Characteristics of Good Ciphers The implementation of the process

should be as simple as possible Errors in ciphering should not

propagate and cause corruption of further information in the message

The size of the enciphered text should be no larger than the text of the original message


Properties of Trustworthy Encryption Systems

It is based on sound mathematics It has been analyzed by competent

experts and found to be sound It has stood the test of time


Stream and Block Ciphers Stream ciphers - encrypt one bit or

character or symbol of plaintext into bit or symbol of Ciphertext at a time e.g. diffusion

Block ciphers encrypt a group of plaintext symbols as one block e.g. columnar transposition

Block ciphers can effectively act as a stream cipher


Stream and Block CiphersStream ciphers

Block ciphers


Advantages of Stream Ciphers Speed of transformation - the time to

encrypt a symbol depends only on the encryption algorithm itself, not on the time it takes to receive more plaintext

Low error propagation - error in the encryption process affects only a character


Disdvantages of Stream Ciphers Low diffusion - Each symbol is separately

enciphered. Therefore, all the information of that symbol is contained in one symbol of the ciphertext.

Susceptibility to malicious insertions and modifications - Because each symbol is separately enciphered, an active interceptor who has broken the code can splice together pieces of previous messages and transmit a spurious new message that may look authentic.


Advantages of Block Ciphers High diffusion - Information from the

plaintext is diffused into several ciphertext symbols. One ciphertext block may depend on several plaintext letters

Immunity to insertion of symbols - Because blocks of symbols are enciphered, it is impossible to insert a single symbol into one block. The length of the block would then be incorrect, and the decipherment would quickly reveal the insertion


Disdvantages of Block Ciphers Slowness of encryption - The person

or machine using a block cipher must wait until an entire block of plaintext symbols has been received before starting the encryption process

Error propagation - An error will affect the transformation of all other characters in the same block


Three commonly used encryption schemes

DES – Data Encryption Standards AES – Advanced Encryption

Standards RSA – Rives-Shamir-Adelman

Encryption


DES Developed by U.S government for

general public (adopted in 1976) Based on data encryption algorithm

developed by IBM Combines two fundamental building

blocks of encryption – substitution and transposition

Uses only standard arithmetic and logical operations on numbers up to 64 bits long


Double and Tripple DES Lack of trust with DES 56-bit key length Development of double encryption for

greater secrecy Two keys perform two encryptions thus

making it hard to unlock [C=E(k2, E(k1,m))]

Unfortunately the assumption is false Three keys adds significant strength [C

= E(k3, E(k2, E(k1,m)))]


Double and Tripple DES 1997 researchers using over 3,500

machines in parallel were able to infer a DES key in four months’ work

1998 for approximately $100,000, researchers built a special “DES cracker” machine that could find a DES key in approximately four days

Hence need for better and stronger algorithm


AES Algorithm is called Rijndael – named

after the two creators (Vincent Rijmen and Joan Daemen)

Adopted in 2001 Uses substitution; transposition; and

the shift, exclusive OR, and addition operations

Keys based on 128, 192 and 256 bits


AES Does it have flaws? How long will it remain sound? Cryptanalysts have not found any

flaws yet


Rives-Shamir-Adelman Encryption (RAS)

Public key system introduced in 1978 Named after three inventors Uses two keys for encryption and

dceryption


Four applications of encryption Hash functions Key exchange Digital signatures Certificates


Hash Functions Important for integrity Put a shield or seal around a file by

computing a cryptographic function called hash or checksum or message digest of a file

Examples:• MD4, MD5 (Message Digest) – produce 128 bit• SHA/SHS (Secure Algorithm or Standards) –

produce 160-bit digest


Key exchange Example: Web browser connecting to

shopping website Encrypted session must be established S = sender of protected information R = receiver of protected information Establish assurance that information

came from S Public key cryptography can help here


Key exchange Use lockboxes and keys S puts protected information into lockbox

that can be opened by S public key S puts lockbox into another one that can

be opened by ONLY by R’s private key R uses private key to open outer box and

S public key to open inner box (proof it came from S)


Diffie–Hellman key exchange protocol

Does not require preshared public keys S and R uses simple arithmetic to exchange

a secret They agree on field number n and starting

number g Each thinks of a secret number, say, s and r. S sends to R gs and R sends to S gr. Then S computes (gr)s and R computes (gs)r,

which are the same, so grs = gsr becomes their shared secret.


Digital Signatures Provide reliable means to ensure the

origin of data Cryptographic hash codes are used to

support digital signatures Cryptographic hash codes offer a

fast, fairly reliable way of determining whether a piece of data has been modified between sender and receiver


Digital Signatures It must be unforgeable It must be authentic It is not alterable It is not reusable


Public Key Encryption Ideally suited to digital signatures If S wishes to send M to R, S uses the

authenticity transformation to produce D(M, KS). S then sends D(M, KS) to R. R decodes the message with the public key transformation of S


Cetificates Binds a public key and users’ identity Signed by Certificate of Authority (CA) Example – Two people Edward posts his public key in public but

retains private key Diana creates public key and includes it into

message with her identity Edward signs (affirms Diana’s public key and

identity) by creating has value and then encrypting message and hash value with private key

se571 security in computing

Documents

key private key

privatepublic key

secretone key

bandpublic key

private key encryptionmust

public directorypublic

shared secret key

cryptanalysis se571