ITS 451 – Crypto Basics2 A simple example… Text: U-M ASCII Encoded: 01010101 00101101 01001101 “Encoding” refers to convenient reformatting. No secrecy here. Call it plaintext. Let’s “Encrypt” it, i.e. hide its meaning from nosy 3 rd parties.
ITS 451 – Crypto Basics3 A simple example… Let’s generate 24 random bits, call it a key. –Say, by coin flips. –Tails 1. Heads 0 -------- -------- -------- 01010101 00101101 01001101 For each bit, if the same, result is 0. If they’re different, result is 1. This is the XOR (exclusive OR) function.
ITS 451 – Crypto Basics4 A simple example… _ _ _ _ _ _ _ _ _ _ _ _ The result is an encrypted string. Call it ciphertext. This simple XOR method is unbreakable. –Even by the CIA or NSA or Microsoft. –Even by the most hard working hacker. IF…
ITS 451 – Crypto Basics5 Simple XOR To decrypt, need to know: –That simple XOR is in use. –The key pattern. Strength of the system depends on: –Secrecy of the key
ITS 451 – Crypto Basics6 Encryption Generally, you need to understand the process and have the key. In the Practical Cryptography’s notation: c := E(K e, m)
ITS 451 – Crypto Basics7 Decrypting Undoing the encryption is easy for this simple example. -------- -------- -------- Once more: For each bit, if the same, result is 0. If they’re different, result is 1. This is the XOR (exclusive OR) function.
ITS 451 – Crypto Basics8 Decryption Generally, you need to understand the encryption method and have the key. In the Practical Cryptography’s notation: m := D(K e, c) We have assumed the same key is used for encryption and decryption.
ITS 451 – Crypto Basics9 Secrecy of XOR Example? Unbreakable, if: –Key remains secret –Key never reused
ITS 451 – Crypto Basics10 SKE Using the same key for both encryption and decryption is called SKE: –Symmetric Key Encryption –Secret Key Encryption
ITS 451 – Crypto Basics11 SKE – The Whole Thing
ITS 451 – Crypto Basics12 PCs Changed The World Evolution of encryption methods: –Pencil & paper –Machines, e.g. German Enigma –Computers, e.g. PC Computers allow much more sophisticated methods. Internet allows rapid dissemination of information, including computer code, algorithms, commentary, and analysis.
ITS 451 – Crypto Basics13 Kerckhoffs’ Principle Genuine security lies in keeping the key secret, not in keeping the process secret. Why? –Public algorithms have public analysis. –Weaknesses are publicly exposed. Analogous to open source software. This is a machine era notion.
ITS 451 – Crypto Basics14 How can I attack SKE? For any encryption scheme there are two strategies: Brute Force and Analytic Attacks. Brute Force –I know the algorithm, so I just try different keys until I get lucky. –Highly dependent on machine power. »The bigger the “key space” the more tries it takes to get lucky.
ITS 451 – Crypto Basics15 Moore’s Law Often quoted as “Computers double in speed every two years.” –Gordon Moore noted exponential growth in the # of transistors per integrated circuit. –1965 A brute force attack that takes 8 days with current technology will take 4 days in two years…?!? – Practical Cryptography suggests 50-year horizon…
ITS 451 – Crypto Basics16 “Computationally Impractical” You know what to do and can write a program to do it, but the program takes so long to run that it’s effectively useless.
ITS 451 – Crypto Basics17 Analytic Attack Instead of systematically trying all the keys, we attempt to determine the key based on: –The ciphertext –What we know about the plaintext –What we know about the algorithm
ITS 451 – Crypto Basics18 Symmetric Key Encryption
ITS 451 – Crypto Basics19 The Problem with SKE The intended recipient must know the process and have the key. A cracker seeks these, too. The problem, then, is to get the key to the recipient. –Worse if you communicate with many people! The Key Distribution Problem
ITS 451 – Crypto Basics20 Some Key Distribution Solutions “One time pads.” –Run out eventually. Keep using the same key. –Every transmission provides data for crackers. Transmit new keys using old keys. –Or have a special key used only for transmission of new keys.
ITS 451 – Crypto Basics21 Some Key Distribution Solutions Couriers –Can be intercepted/bribed. Algorithmic key construction –Key based on day of month –Key based on readily available data »from newspapers? radio broadcast? Special hardware for key construction
ITS 451 – Crypto Basics22 Gotcha If the key is secret, SKE can be made very secure. –long keys –complex processes Weakness is the necessity to distribute the key.
ITS 451 – Crypto Basics23 SKE & Big Five Attributes of Security Availability – Need to make sure algorithm isn’t too computationally onerous. Integrity – Will mostly handle separately. If key uncompromised & algorithm chosen well: –Confidential – Sure. –Authenticated – Sure. –Non-repudiated – Sure.
ITS 451 – Crypto Basics24 PKE - Public Key Encryption Suppose we could encrypt and decrypt with different, but uniquely corresponding keys. The public key is public – –Hand it out freely –Post it on web –Email it to your friends The private key is private – –Guard it closely. aka Asymmetric Key Encryption
ITS 451 – Crypto Basics25 PKE, More Formally The ciphertext is based on the recipient’s public key: –c := E(P Bob, m) The decryption process uses the recipient’s private key: –m := D(S Bob, c) This means: –m = D(S Bob, E(P Bob, m)) Always.
ITS 451 – Crypto Basics27 The Secrecy Here...... is in the keys. Usually the processes themselves are publicly available. Most commonly used: –RSA »Rivest, Shamir and Adleman
ITS 451 – Crypto Basics28 Message Authentication You can encrypt using either key of the pair. You then decrypt with its partner. If you can decrypt using my public key, the encryption must have been done with my private key. If I can decrypt using my private key, the encryption must have been done with my public key.
ITS 451 – Crypto Basics29 Hash Functions Consider this text: “John went to OSU.” Count the occurrences of the letters. a b c d e f g h i j k l m n
ITS 451 – Crypto Basics30 Another simple example… Text: U-M ASCII Encoded: 01010101 00101101 01001101
ITS 451 – Crypto Basics31 Another simple example… Let’s XOR them sequentially: 01010101 00101101 01111000 01001101 00110101 What’s the connection between “U-M” and 00110101? Let’s call this function H for hash. –00110101 = H(“U-M”)
ITS 451 – Crypto Basics32 Another simple example… It’s not unique. –Other strings give 00110101 as their H value. »Easy to find others. »Note: There are 2 8 (= 256) 8-bit strings. There are an infinite number of possible text strings.
ITS 451 – Crypto Basics33 Another simple example… It’s not reversible. –Given 00110101, it’s not possible to say “this came from ‘U-M’”. »Easy to find others.
ITS 451 – Crypto Basics34 Suppose H(“U-M”) = MD5(“U-M”) = c57b94ee2455d6932eae85efa2bfc091 This is the MD5 function. –All input strings produce 16-byte output, usually written as hex string. »MD5(451 syllabus) = 86721e0212256155e170a413a899a76a –Not unique, but ‘computationally impractical’ to find others. –Not reversible except by trial & error.
ITS 451 – Crypto Basics35 What Good Is It? Error Detection –Transmit block of data, append MD5. –Recipient calculates MD5, compares.
ITS 451 – Crypto Basics36 Suppose We have a document: important, but not necessarily confidential. I do this: –Compute the MD5 digest. –Encrypt the digest with my private PKE key. –Call the result a signature.
ITS 451 – Crypto Basics37 Then you… You get the document & signature. You can… –Compute the MD5 digest of the file. –Decrypt the signature file using my public PKE key, yielding a message digest. –Compare the two. This means… what?
ITS 451 – Crypto Basics38 ITS 453 – Encrypted Communication How, when, where to use encryption methods. –What protocol layer? –What specific encryption techniques? –Solving key distribution problems.
ITS 451 – Crypto Basics39 ITS 453 – Encrypted Communication Basics of encryption, hash functions. –NSA, RSA, etc. PGP: encrypted files / digital signatures Public Key Infrastructure –Trust arrangements –Digital certificates, etc. Authentication –Kerberos WEP / WPA wireless encryption