Cryptography

1
Cryptography

• Henry C. Co
• Technology and Operations Management,
• California Polytechnic and State University

2
P.A.I.N.

• Privacy/Confidentiality Information exchanged
  between two parties cannot be read by anyone but
  the intended recipient
• Authentication The parties exchanging data can
  validate each others identities
• Integrity Information exchanged between two
  parties arrives in tact and unmodified
• Non-Repudiation Agreements can be legally
  enforced.

3
Why Use Cryptography?

• Greek for secret writing
• To establish a shared secret when other people
  (eavesdroppers) are listening.

Source Gene Itkis
4
Vocabulary

• Cryptanalysis the art of breaking ciphers, i.e.
  retrieving the plaintext without knowing the
  proper key.
• Cryptographers people who do cryptography
• Cryptanalysts practitioners of cryptanalysis.
• Cryptology the branch of mathematics that
  studies the mathematical foundations of
  cryptographic methods.
• Cipher the Encoder, i.e., the encryption/decrypti
  on scheme

5
Encryption/Decryption

• Encoding the contents of the message (the
  plaintext) in such a way that hides its contents
  from outsiders is called encryption.
• The process of retrieving the plaintext from the
  cipher-text is called decryption.
• Encryption and decryption usually make use of a
  key, and the coding method is such that
  decryption can be performed only by knowing the
  proper key.

- plaintext
attack at midnight
- ciphertext
buubdl bu njeojhiu
6
The Encryption Process
Object Hide a message (Plaintext) by making
it unreadable (ciphertext).
UNREADABLE VERSION OFPLAINTEXT
MATERIAL WE WANT TO KEEP SECRET
MIGHT BE TEXT DATAGRAPHICS AUDIO VIDEO SPREA
DSHEET . . .
DATA TO THE ENCRYPTION ALGORITHM
MATHEMATICAL SCRAMBLING PROCEDURE
(TELLS HOW TO SCRAMBLE THIS PARTICULAR MESSAGE)
SOURCE STEIN, WEB SECURITY
7
Key

• The key is a parameter to an encryption
  procedure.
• Procedure stays the same, but produces different
  results based on a given key
• 40-bit or 128-bit keys
• The number of binary digits in the encryption
  key.
• The more bits in the key, the more secure the
  encryption and less likely an attacker can guess
  your key and unlock the file.
• Attackers have already found ways to crack 40-bit
  keys.

8
A Symmetric XOR Cipher

• A encrypts to R with key X and key X decrypts R
  to A

9
One Time Pad

• The perfect encryption
• Pad perfectly random list of letters
• Use each letter exactly once to encrypt one
  letter of message and to decrypt the one letter
  of message
• Discard each letter once used (hence, pad)
• Method Add the message letter and the key letter
  Mod 26. This is reversible like XOR.
• The message can never, ever, be found (unless you
  have the pad).

10
Cryptosystems

• Cryptosystems Symmetric Asymmetric
• Symmetric Use the same key (the secret key) to
  encrypt and decrypt a message
• Asymmetric Use one key (the public key) to
  encrypt a message and a different key (the
  private key) to decrypt it.
• Symmetric Cryptosystems Problems
• How to transport the secret key from the sender
  to the recipient securely and in a tamperproof
  fashion? If you could send the secret key
  securely, then, in theory, you wouldn't need the
  symmetric cryptosystem in the first place --
  because you would simply use that secure channel
  to send your message.
• Frequently, trusted couriers are used as a
  solution to this problem.
• A more efficient and reliable solution is to use
  an asymmetric cryptosystem.

11
Symmetric (Private) Key
12
Symmetric Encryption
SAME KEY USED FOR BOTH ENRCYPTION AND DECRYPTION
SENDER AND RECIPIENT MUST BOTH KNOW THE KEY THIS
IS A WEAKNESS
SOURCE STEIN, WEB SECURITY
13

• Private or symmetric key systems rely on
  symmetric encryption algorithms where information
  encrypted with a key K can only be decrypted with
  K.
• Secret key is exchanged via some other secure
  means (hand-delivery, over secured lines,
  pre-established convention).
• Time to crack known symmetric encryption
  algorithms

14
Symmetric Cryptosystems

• Data Encryption Standard (DES)
• Developed in the 1970s made a standard by the US
  government, and also been adopted by several
  other governments worldwide. Widely used in the
  financial industry.
• Block cipher with 64-bit block size.
• Uses 56-bit keys Strong enough to keep most
  random hackers and individuals out, but it is
  easily breakable with special hardware.
• A variant of DES, Triple-DES or 3DES is based on
  using DES three times (normally in an
  encrypt-decrypt-encrypt sequence with three
  different, unrelated keys). Many people consider
  Triple-DES to be much safer than plain DES.

15

• RC2, RC4 and RC5 (RSA Data Security, Inc.)
• Variable-length keys as long as 2048 bits
• Algorithms using 40-bits or less are used in
  browsers to satisfy export constraints
• The algorithm is very fast. Its security is
  unknown, but breaking it does not seem trivial
  either. Because of its speed, it may have uses in
  certain applications.
• IDEA (International Data Encryption Algorithm)
• Developed at ETH Zurich in Switzerland.
• Uses a 128 bit key, and it is generally
  considered to be very secure. e it.
• Patented in the United States and in most of the
  European countries. The patent is held by
  Ascom-Tech. Non-commercial use of IDEA is free.
  Commercial licenses can be obtained by contacting
  idea_at_ascom.ch.
• Used in email encryption software such as PGP and
  RSA

16

• Blowfish
• Developed by Bruce Schneider.
• Block cipher with 64-bit block size and variable
  length keys (up to 448 bits). It has gained a
  fair amount of acceptance in a number of
  applications. No attacks are known against it.
• Blowfish is used in a number of popular software
  packages, including Nautilus and PGPfone.
• SAFER
• Developed by J. L. Massey (one of the developers
  of IDEA). It is claimed to provide secure
  encryption with fast software implementation even
  on 8-bit processors.
• Two variants are available, one for 64 bit keys
  and the other for 128 bit keys. An implementation
  is in ftp//ftp.funet.fi/pub/crypt/cryptography/sy
  mmetric/safer.

17
Limitations

• Parties that have not previously met cannot
  communicate securely
• Many people need to communicate with a server
  (many-to-one communications)
• cannot keep server key secret for long
• Once the secret key is compromised, the security
  of all subsequent messages is suspect and a new
  key has to be generated
• Authentication service must know private key
• privacy implications---someone else knows your
  key
• two possible points of attack
• changing authentication service requires a new
  key
• Digital signatures are difficult
• Crossrealm authentication
• accessing services outside the domain or realm of
  your authentication server is problematic
• requires agreement and trust between
  authentication services
• introduces another potential point of attack

18
Asymmetric (Public) Key
19
Public-Key (Asymmetric) Encryption
2. SENDERS USE SITES PUBLIC KEY FOR
ENCRYPTION
3. SITE USES ITS PRIVATE KEY FOR DECRYPTION
4. ONLY WEBSITE CAN DECRYPT THE
CIPHERTEXT. NO ONE ELSE KNOWS HOW
1. USERS WANT TO SEND PLAINTEXT TO
RECIPIENT WEBSITE
SOURCE STEIN, WEB SECURITY
20
Asymmetric Key

• A sender encrypts a document using two separate
  keys a public key and a private key.
• The public key can only encrypt files, not
  decrypt them.
• The private key is the only key that can decrypt
  the file.
• Therefore, the only person that can decrypt a
  message is the person holding the private key.
  The person with the private key gives users the
  public key which is used only to encrypt files
  for that user.

21
Asymmetric Cryptosystems

• RSA (named for its inventors Ronald Rivest, Adi
  Shamir and Leonard Adelman)
• Patented by RSA Data Security Inc.
• Basis for all Web and secure e-mail software
• Variable key lengths ranging from 512 to 1024
  bits
• El Gamal (named for its inventor, Taher ElGamal)
• Variable key-lengths ranging from 512 to 1024
  bits
• Unpatented but patent dispute with the
  Diffie-Hellman algorithm (which expired 4/1997)

Source Bob Thibadeau http//dollar.ecom.cmu.edu/s
ec/lec02.ppt
22
Properties

• These algorithms are based on computationally
  intensive problems such as finding the prime
  factors of large numbers.
• Longer the length of the key pair, the more time
  it takes to compute the private key
• Keys used in todays internet will take millions
  of years to crack using todays technologies

Source Bob Thibadeau http//dollar.ecom.cmu.edu/s
ec/lec02.ppt
23
Problems

• Keys are usually very long and encryption is
  expensive
• RSA encryption is a 1000 times slower than
  typical symmetric algorithms
• hard to remember secret key - where do you store
  it?
• typically only used for authentication, then a
  random key and a symmetric encryption algorithm
  is used for subsequent communication
• Multicast is problematic
• Better to authenticate using public key
  algorithm, then use random key with symmetric
  algorithm
• How do you know you have the right public key for
  a principal?
• Public key is usually distributed as a document
  signed'' by a well known and trusted
  certification authority (e.g. Verisign). This is
  called a certificate. How do you determine if
  signature is upto date? What if the key has
  been compromised?

Source Bob Thibadeau http//dollar.ecom.cmu.edu/s
ec/lec02.ppt
24
Slow

• Public key cryptosystems are slow, really slow!
• three orders of magnitude (1000 times) slower
  than DES
• mainly used as key exchange tool
• Scientists are supposed to be real smart and
  love to solve difficult problems
• but even they hope to never solve factoring
• if you can find a quick solution,
• fame, dollars and danger lurk!

Source Bob Thibadeau http//dollar.ecom.cmu.edu/s
ec/lec02.ppt
25
Summary

• Private (Symmetric) key
• encryption is fast
• identity is not easily portable across
  authentication services
• secret key must be held by server
• good for structured, organizational security
• Public (Asymmetric) key
• encryption is slow
• identity is inherently portable
• secret key need not ever be revealed
• provides digital signatures
• good for individuals in loosely structured
  networks

26
Digital Envelopes
27
Digital Envelope

• Combination of public-key (asymmetric)
  cryptography and symmetric systems
• Sender
• Generate a secret key at random called the
  session key (which is discarded after the
  communication session is done)
• Encrypt the message using the session key and the
  symmetric algorithm of your choice
• Encrypt the session key with the recipients
  public key. This becomes the digital envelope
• Send the encrypted message and the digital
  envelope to the recipient

28

• Recipient
• Receive the envelope, uses private key to decrypt
  it recovering the session key.
• The message is secure since it is encrypted using
  a symmetric session key that only the sender and
  recipient know.
• The session key is also secure since only the
  recipient can decrypt it.
• Can even act like a one time pad

Source Bob Thibadeau http//dollar.ecom.cmu.edu/s
ec/lec02.ppt
29
(No Transcript)
30
Digital Certificates and Certifying Authorities
31
Certificate

• A certificate (or digital certificate) is an
  electronic public key for a specific encryption
  algorithm combined with an electronic signature
  of a trusted third party.
• A certificate has the following content
• The certificate issuer's name
• The entity for whom the certificate is being
  issued (aka the subject)
• The public key of the subject
• Some time stamps
• The certificate is signed using the certificate
  issuer's private key. Everybody knows the
  certificate issuer's public key (that is, the
  certificate issuer has a certificate, and so
  on...). Certificates are a standard way of
  binding a public key to a name.

32
Certificate Authority

• A certificate authority is an organization that
  electronically issues public keys for public key
  encryption algorithms, with an electronic
  signature to ensure authenticity. Verisign is one
  well-known such certificate authority.

Haviland Barnes, The Digital Lexicon, 2002
33
Certifying Authorities

• Trusted third parties called Certifying
  Authorities (CAs) provide public key validation
  (like a notary)
• a CA vouches for the identities of individuals
  and organizations
• you only need to store the public keys of a few
  well-known/trusted CAs.
• Before sending a message, ask your recipient to
  send you a digital certificate signed by one of
  these CAs.
• From the certificate, verify the recipients
  identity and recover his/her public key

34
Digital Certificate
0. CA AUTHENTICATES SENDER, DIGITALLY
SIGNS CERTIFICATE
4. DECRYPT SENDERS MESSAGE USING
SENDERS PUBLIC KEY
3. VERIFY IDENTITY OF SENDER.
2. VERIFY THAT CA NAME MATCHES.
1. USE CAS PUBLIC KEY TO VERIFY
CERTIFICATE IS GENUINE AND HAS NOT BEEN
ALTERED.
SOURCE FORD BAUM, SECURE ELECTRON IC COMMERCE
35
Public Key Infrastructure

• The Certification Authority (CA)
• Creates and signs digital certificates,
• Maintains a list of certificates that have been
  revoked before the expiration date (certificate
  revocation lists),
• Makes these certificates and revocation lists
  available, and
• Provides an interface so administrators can
  manage certificates. 
• Registration Authority (RA)
• Evaluates the credentials and relevant evidence
  that a person requesting a certificate is who
  they claim to be.
• Approves the request for issuance of a
  certificate by a CA.
• Digital certificate
• Binds an entity's identification to its public
  key and is issued by the Certification Authority.
  
• Digital certificates, based on the X.509v3
  standard, enable Internet applications and other
  users to verify the identity of an entity. 

36

• PKIX, the X.509 standard, defines the contents of
  public key certificates, but certificates
  produced by one vendor product may not
  interoperate with other vendor's because X.509
  does not define the formats of the certificate
  entries and other necessary provisions.
• Digital signature
• A block of data created by applying a
  cryptographic signing algorithm to some data
  using the signer's private key.
• May be used to authenticate the source of the
  message and to assure message recipients that no
  one has tampered with a message since the time it
  was sent by the signer. 

37
Certification Expiration

• Certificates must be invalidated at times due to
• loss, theft, corruption of private keys
• change of information in certificate
• loss of CAs private key itself!
• Certificate Revocation List (CRL) is a component
  of the Public Key Infrastructure (PKI) and
  maintains such invalidated certificates
• check the CRL for a match before using a
  certificate
• Typically, certificates will expire within a
  finite time-interval like a year
• this can pose a problem if a certificate does get
  compromised and will not be caught up to a year
  hence

Source Bob Thibadeau http//dollar.ecom.cmu.edu/s
ec/lec02.ppt
38
Other Issues

• Securing Private Keys
• the private key is stored in encrypted form on
  the hard disk and retrieved only with a password
• private key stored in memory for subsequent
  encryption
• can be compromised in multi-user machines and/or
  by viruses
• store key in a smart card that never leaves the
  users possessions except for quick swipes
• also use personal identification s
• the card gets destroyed if wrong PIN is used
  consecutively
• very long key lengths can be used
• Breaking of encrypted data is possible!
• Using brute-force and parallelization techniques
• Using special-purpose hardware
• U.S. Encryption Policy
• restricts export of any software containing
  longer than 40-bit keys

39
Summary

• Cryptography enables parties to communicate on
  open networks without fear of being eavesdropped
• all cryptographic schemes have their limitations
• Symmetric schemes use a common key for encryption
  and decryption.
• Asymmetric (public key) schemes use a
  public-private key pair where the public key is
  used by senders to encrypt and only the recipient
  with the private key can decrypt the message.
• Trade-offs between symmetric and asymmetric
  schemes.
• Digest functions (Hash-functions) can be used to
  maintain integrity of a message and make it
  tamper-proof.
• Digital envelopes combine the security of
  asymmetric schemes with the efficiency of
  symmetric schemes.
• Certification authorities allow authenticated
  access to public keys.
• A hierarchy of certification authorities
  (hierarchy of trust) can be used.
• Certification Revocation Lists maintain a list of
  invalid certificates.

40
The Secure Socket Layer
41
SSL

• Security protocol for communications privacy over
  the Internet.
• Originally developed by Netscape Communications,
  it has been widely accepted in the Internet
  community.
• Netscape has licensed RSA public key cryptography
  from RSA Data Security Inc. for use in its
  products, specifically for authentication.

42
SSL Implemented by Most Browsers

• Typically uses RSA public key algorithm encrypt a
  session key between the browser and the server,
  and then to use RC4 for bulk (symmetric)
  encryption.
• The SSL software automatically encrypts messages
  before they are put onto the network.
• At the recipient's end, SSL software
  automatically converts the messages into a
  readable document.
• In Microsoft Internet Explorer, an SSL connection
  is indicated by a padlock in the bottom
  right-hand corner of the window.
• Double clicking on the padlock displays details
  of the digital certificate of the server used to
  establish the link. This can be used to provide
  authentication that the site is really what it
  claims to be. (Try this on Amazon.com!)

43
How SSL Works

• Suppose Alice (A) wants to authenticate Bob (B).
  Bob has a pair of keys, one public and one
  private. Bob discloses to Alice his public key.
  Alice then generates a random message and sends
  it to Bob
• Bob uses his private key to encrypt the message
  and returns the encrypted version to Alice
• Alice receives this message and decrypts it by
  using Bob's previously published public key.
• She compares the decrypted message with the one
  she originally sent to Bob if they match, she
  knows she's talking to Bob.
• An imposter presumably wouldn't know Bob's
  private key and would therefore be unable to
  properly encrypt the random message for Alice to
  check.

44
Message Digest in SSL

• Instead of encrypting the original message sent
  by Alice, Bob constructs a message digest and
  encrypts that. A message digest is derived from
  the random message in a way that has the
  following useful properties
• The digest is difficult to reverse. Someone
  trying to impersonate Bob couldn't get the
  original message back from the digest.
• An impersonator would have a hard time finding a
  different message that computed to the same
  digest value.
• By using a digest, Bob can protect himself. He
  computes the digest of the random message sent by
  Alice and then encrypts the result. He sends the
  encrypted digest back to Alice. Alice can compute
  the same digest and authenticate Bob by
  decrypting Bob's message and comparing values.

45
Digital Signature

• The technique just described is known as a
  digital signature.
• Bob has signed a message generated by Alice, and
  in doing so he has taken a step that is just
  about as dangerous as encrypting a random value
  originated by Alice.
• Consequently, our authentication protocol needs
  one more twist some (or all) of the data needs
  to be originated by Bob.
• When he uses this protocol, Bob knows what
  message he is sending to Alice, and he doesn't
  mind signing it. He sends the unencrypted version
  of the message first, "Alice, This Is Bob." Then
  he sends the digested-encrypted version second.
  Alice can easily verify that Bob is Bob, and Bob
  hasn't signed anything he doesn't want to.

46
(No Transcript)
47
S-HTTP

• A protocol developed by the CommerceNet coalition
  which operates at the level of the HTTP protocol.
  

48

• S-HTTP is less widely supported than Netscape's
  SSL.
• S-HTTP works only for HTTP, it does not address
  security concerns for other popular protocols,
  such as ftp and telnet.
• S-HTTP works similarly to SSL in that it requires
  the sender and receiver to negotiate and use a
  secure key.
• Both SSL and S-HTTP require special server and
  browser software to perform their encryption
  methods. For more information on S-HTTP, visit
  http//www.eit.com/projects/s-http

49
Secure Electronic Transaction (SET)
50
SET

• Open technical standard for the commerce industry
  developed by Visa and MasterCard.
• Uses digital signatures.
• Allows secure payments to merchants on the
  Internet.
• Properties
• Extremely secure Fraud reduced since all parties
  authenticated
• Not widely used
• Requires all parties to have certificates
• Expensive to integrate with legacy application
  Estimate 1 million
• Scalability is still a question

51
How does it work?

• SET technology enables a cardholder to
  authenticate that a merchant is authorized to
  accept payment cards in a secure manner using
  SET technology.
• SET technology enables a merchant that is using
  SET technology to authenticate the payment card
  being used in the transaction.
• SET technology uses an advanced encryption
  system to protect personal payment information
  during transfer over the network.
• SET technology makes sure the payment
  information is read only by the intended
  recipient. Information which can only be decoded
  by a merchant and a financial institution that
  both use valid SET technology.

52
PGPPretty Good Privacy
53
What is PGP

• PGP is a free e-mail security program developed
  by Philip Zimmermann PGP in 1991 to support
  public-key encryption, digital signatures, and
  data compression.
• http//web.mit.edu/afs/net/mit/jis/www/pgp.html
• Before you send an e-mail message, you use PGP to
  encrypt your document. The recipient also uses
  PGP to decrypt the document.
• PGP is an excellent step toward security, and it
  uses a 128-bit key.
• PGP can also be used to apply a digital signature
  to a message without encrypting it. This is
  normally used in public postings where you don't
  want to hide what you are saying, but rather want
  to allow others to confirm that the message
  actually came from you. Once a digital signature
  is created, it is impossible for anyone to modify
  either the message or the signature without the
  modification being detected by PGP.

54

• According to the PGP documentation, it would take
  3x1011 years for someone to break the encrypted
  message of a compressed file.
• A commercial version of PGP, ViaCrypt PGP, is
  available for around 150.
• For information on ViaCrypt PGP, visit
  http//www.dancingbear.com/PGP/VPGPPressRelease.ht
  ml
• Phil Zimmermann also markets a commercial version
  at http//www.pgp.com