Cryptography

1
Cryptography

• Troy Latchman
• Byungchil Kim

2
Fundamentals

• We know that the medium we use to transmit data
  is insecure, e.g. can be sniffed.
• Cryptography allows a sender to disguise data in
  hopes that an intruder can gain no information
  from the intercepted data.

3
Fundamentals

• Alice and Bob are two innocent people.
• Trudy is an intruder.

4
Fundamentals

• Alice generates some data that is in plaintext.
  She then uses a key (Ka) and an encryption
  algorithm to transform the data into ciphertext.
• The data is transmitted and sniffed along the
  way. Trudy gains no information about the
  contents of the message because the data is in
  ciphertext (encrypted).
• Bob receives the ciphertext and uses a key (Kb)
  and a decryption algorithm to transform the data
  into plaintext.

5
Fundamentals

• Shortened Notation
• Alice starts with message m and applies her key
  as well as m to an encryption algorithm to get
  the ciphertext Ka(m)
• Bob receives Ka(m) and applies this as well as
  his key to the decryption algorithm to get the
  original message Kb(Ka(m)) m
• m gt Ka(m) gt Kb(Ka(m)) gt m

6
Keys

• Symmetric Key
• Alices and Bobs keys are identical and are
  private.
• Public Key
• Two keys are used. One of the keys is public (the
  whole world knows it). The other key is known
  either by Alice or Bob, not both.

7
Symmetric Key

• Caesar cipher is a very old and simple symmetric
  key algorithm
• Take each letter in the plaintext message and
  translate it into another letter.
• The translation is done by adding a constant, k,
  to the plaintext letter.
• The number for each letter is its position in the
  alphabet, e.g. A1, Z26. The alphabet has wrap
  around where A comes after Z.

8
Symmetric Key

• Caesar cipher example
• Let k3 (the key)
• Plaintext BOB, I LOVE YOU. ALICE
• Ciphertext ERE, L ORYH BRX. DOLFH
• Note that Caesar cipher only has 25 possible
  keys, so a brute force method to break the
  encryption can be used.

9
Symmetric Key

• Monoalphabetic cipher - an improvement over
  Caesar cipher
• Each letter gets translated to a set random
  letter by a 1 to 1 algorithm.
• 26! possible pairings (keys).
• Monoalphabetic cipher was later improved by
  polyalphabetic encryption.

10
Symmetric Key

• Data Encryption Standard (DES)
• http//www.aci.net/kalliste/des.htm
• Created in 1977 and updated in 1993. The
  algorithm works by manipulating input on the bit
  level.
• The algorithm needs an input (limited to 64 bits)
  and a 64 bit key (effectively only 56 bits due to
  8 parity bits)

11
Symmetric Key

• Basic operation of DES

12
Symmetric Key

• The 56-bit DES is considered too insecure. The
  encryption was cracked in 22 hours in 2002 using
  a special purpose computer.
• 3DES is more secure. This runs DES 3 times with 3
  different keys.
• Advanced Encryption Standard (AES) is the
  successor to DES. It uses key lengths of 128,
  192, and 256 bits. It is estimated that a
  computer that could break 56-bit DES encryption
  in 1 second would take approximately 149 trillion
  years to crack 128-bit AES encryption.

13
Public Key

• One short fall to using a symmetric key is that
  both parties must know the key before they start
  the encrypted communication.
• How do the parties initially get the key?
• They could meet in person so that the
  communication would be secure, but this is
  usually inconvenient.
• Elegant Solution public key encryption.

14
Public Key

• Instead of Alice and Bob having the same secret
  key. Bob will have 2 keys, a public key (Kb)
  which the whole world knows, and a private key
  that only Bob knows (Kb-).
• This eliminates the need for distributing secret
  keys.

15
Public Key

• Overview of public key encryption

16
Public Key

• Alice fetches Bobs pubic key (Kb)
• She encrypts her message with the key to get
  Kb(m)
• Bob receives the ciphertext and applies his
  private key in order to extract the message
• Kb-(Kb(m)) m
• IMPORTANT Kb(Kb-(m)) m
• (We will see the importance of this later)

17
Public Key

• RSA a public key encryption algorithm named
  after its founders (Ron Rivest, Adi Shamir, and
  Leonard Adleman)
• Choose 2 large prime numbers p and q.
• Compute n pq
• Compute z (p-1)(q-1)
• Choose a number e that is less than n which
  has no common factors (besides 1) with z
• Find a number d such that ed-1 is divisible by
  z with no remainder
• Kb (n,e)
• Kb- (n,d)

18
Public Key

• We now have (n,e) and (n,d), that is Kb and Kb-.
• Alice obtains (n,e) and does the following to
  each letter of her message (again A1 and Z26)
• c me mod n
• where m is the numeric value of the letter and
  c is the cipher output

19
Public Key

• Bob is the only one who has (n,d), that is Kb-,
  and does the following on each letter once he
  receives the ciphertext form Alice
• m cd mod n
• where m is the recovered message

20
Public Key

• RSA example
• Bob does the following
• Chooses p5 and q7
• - Thus, n35 and z24
• Chooses e5 since 5 and 24 have no common factors
  
• Chooses d29 since 529-1 is divisible by 24
• So we have Kb (35,5) and Kb- (35,29)
• Suppose Alice wants to send l o v e to
  Bob

21
Public Key
22
Integrity

• There is a short fall to using public key
  encryption - Trudy, the intruder, can claim she
  is Alice!
• We didnt have to worry about these false claims
  in symmetric key encryption because the mere fact
  that the user on the other end had the correct
  key (which is private) was proof enough they were
  who they said they were.
• How do we regain the integrity that we lost?

23
Integrity

• Bob can sign his message proving that the
  messages are coming from Bob.
• All he has to do is a apply his private key to
  the data he sends Alice Kb-(m)
• Alice then receives this and applies Bobs public
  key Kb(Kb-(m)) m
• (This is the important part from slide 16)

24
Integrity
25
Integrity

• But signing over the entire message is
  computationally expensive.
• Want a less costly way to have integrity.
• Answer Message Digest

26
Integrity

• Message digest algorithms take a message m or
  arbitrary length and compute a fixed-length
  output known as a message digest H(m)
• The algorithm is basically a many to one hash
  function.
• A good algorithm will make it inconceivable for 2
  messages to hash to the same value (message
  digest).

27
Integrity

• Now that we have a small summary of what is in
  the message, we can use this to obtain integrity
  when using public key encryption.
• All Bob needs to do is to apply his private key
  to the message digest. This is much more
  efficient than applying it to the entire message
• Kb-(H(m)) which is called a digital signature

28
Integrity

• Now when Bob wants to communicate, he can just
  send m and Kb-(H(m))
• When Alice receives these two items, she computes
  H(m) two different ways
• Directly from m (like Bob did when sending the
  message)
• By applying Bobs public key to the digital
  signature Kb(Kb-(H(m)) H(m)
• Alice then compares the two message digests and
  see if they match.

29
Integrity
30
Integrity
31
Integrity

• How do we compute H(m)?
• There are widely used algorithms to do so.
• MD5 and SHA-1 are examples of such algorithms.
• MD5 computes a 128-bit message digest in a
  four-step process.
• http//www.faqs.org/rfcs/rfc1321.html

32
The Lab

• Be sure to thoroughly read and understand the
  previous slides.
• We will be doing exercises with built in
  functions in Linux.
• We will examine DES, RSA, MD5, and SHA-1.

33
References

• All figures and tables throughout this
  presentation came from one source
• Kurose, Charlie and Ross, Keith. Computer
  Networking A Top-Down Approach Featuring the
  Internet. New York, NY Addison Wesley, 2003.