ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Outline Information security Encryption and keys Symmetric encryption –DES Public-key cryptosystems –RSA Digital signatures Digital certificates

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Information Security Keep data secret from unauthorized parties Authenticate identity of users Verify that messages have not been altered in transit Prove that a party engaged in a transaction –Make it impossible for him to deny (nonrepudiation)

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS The Encryption Process MATERIAL WE WANT TO KEEP SECRET UNREADABLE VERSION OF PLAINTEXT DATA TO THE ENCRYPTION ALGORITHM MATHEMATICAL SCRAMBLING PROCEDURE (TELLS HOW TO SCRAMBLE THIS PARTICULAR MESSAGE) MIGHT BE: TEXT DATA GRAPHICS AUDIO VIDEO SPREADSHEET... SOURCE: STEIN, WEB SECURITY OBJECT: HIDE A MESSAGE (PLAINTEXT) BY MAKING IT UNREADABLE (CIPHERTEXT)

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Role of the Key in Cryptography The key is a parameter to an encryption procedure Procedure stays the same, but produces different results based on a given key NOTE: THIS METHOD IS NOT USED IN ANY REAL CRYPTOGRAPHY SYSTEM. IT IS AN EXAMPLE INTENDED ONLY TO ILLUSTRATE THE USE OF KEYS. S P E C I A L T Y B D F G H J K M N O Q R U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z C O N S U L T I N G D S R A V G H E R M EXAMPLE:

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Symmetric Encryption SAME KEY USED FOR BOTH ENRCYPTION AND DECRYPTION SENDER AND RECIPIENT MUST BOTH KNOW THE KEY THIS IS A WEAKNESS SOURCE: STEIN, WEB SECURITY

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Data Encryption Standard (DES) Symmetric, key-based encryption-decryption standard. No public keys Block cipher: operates on 64-bit blocks Uses 56-bit key 16 “rounds” -- key for each round is a 48-bit function of the original 56-bit key. Each key bit participates in an average of 14 rounds Completely symmetric. Same algorithm decrypts. Fast implementation in hardware: 1 gigabit/second

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Data Encryption Standard (DES) 64 BITS OF MESSAGE INPUT PERMUTATION INVERSE OF INPUT PERMUTATION SUBKEYS: EACH IS A 48-BIT FUNCTION OF A 56-BIT KEY OUTPUT: 64 BITS OF ENCRYPTED TEXT LEFT HALF OF BLOCK (32 BITS) f IS A COMPLICATED FUNCTION INVOLVING VARIOUS PERMUTATIONS SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY  IS EXCLUSIVE-OR

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Information Loss with Exclusive-OR x  y = 1 if either x or y is 1 but not both: If x  y = 1 we can’t tell which one is a 1 Can’t trace backwards to determine values xyxy x y

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cracking Symmetric Encryption (40-bit symmetric key = 384-bit PKE key) ESTIMATED TIME TO CRACK KNOWN SYMMETRIC ENCRYPTION ALGORITHMS

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Public-Key (Asymmetric) Encryption 1. USERS WANT TO SEND PLAINTEXT TO RECIPIENT WEBSITE 2. SENDERS USE SITE’S PUBLIC KEY FOR ENCRYPTION 3. SITE USES ITS PRIVATE KEY FOR DECRYPTION 4. ONLY WEBSITE CAN DECRYPT THE CIPHERTEXT. NO ONE ELSE KNOWS HOW SOURCE: STEIN, WEB SECURITY

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Public-Key Encryption Alice wants to send Bob a secure message M. Alice uses Bob’s public key to encrypt M. Bob uses his private key to decrypt M. Bob is the ONLY ONE who can do this, so M is secure. Problem: Anyone could have sent it. Was it really Alice? ALICE’S CLEAR TEXT ALICE’S CODED TEXT ALICE’S CLEAR TEXT TRANSM ISSION BOB DECRYPTS WITH HIS PRIVATE KEY ALICE ENCRYPTS WITH BOB’S PUBLIC KEY BOB’S PRIVATE KEY

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Digital Authentication Alice wants to send Bob a message M so that Bob is sure Alice is the sender. Alice uses her own private key to encrypt M. Bob uses Alice’s public key to decrypt M. Alice is the ONLY ONE who could have sent it. Problem 1: Anyone can read it! Problem 2: Replay attack! ALICE’S CLEAR TEXT ALICE’S CODED TEXT ALICE’S CLEAR TEXT TRANSM ISSION BOB DECRYPTS WITH ALICE’S PUBLIC KEY ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE’S PRIVATE KEY ALICE’S PUBLIC KEY

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Secure Authenticated Messages Alice must send Bob a secret & authenticated message M so Bob is sure it was sent by Alice. Use both encryption and signature. ALICE’S CODED TEXT (AUTHENTICATED) ALICE’S CLEAR TEXT BOB DECRYPTS WITH ALICE’S PUBLIC KEY ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE ENCRYPTS WITH BOB’S PUBLIC KEY ALICE’S CODED AND SIGNED TEXT T R A N S M I T ALICE’S CLEAR TEXT (DECRYPTED AND AUTHENTICATED) BOB DECRYPTS WITH HIS PRIVATE KEY BOB’S PUBLIC ALICE’S PUBLIC BOB’S PRIVATE ALICE’S PRIVATE 4 KEYS NEEDED:

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Rivest-Shamir-Adelman (RSA) It is easy to multiply two numbers but apparently hard to factor a number into a product of two others. Given p, q, it is easy to compute n = p q Example: p = ; q = Easy to find n = Given n, hard to find two numbers p, q with p q = n Now suppose n = What are p and q such that p q = n ? Multiplication is a one-way function RSA exploits this fact in public-key encryption

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS RSA Encryption Select two large prime numbers p, q (> 100 digits) Let n = p q Choose a small odd integer e that does not divide m = (p - 1)(q - 1). Then x (p-1)(q-1) = 1 (mod n) Compute d = e -1 (mod m) –That is, d e gives remainder 1 when divided by m Public key is the pair (e, n) Private key is the pair (d, n) Knowing (e, n) is of no help in finding d. Still need p and q, which involves factoring n DEMO

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS MULTIPLICATION MOD 7 Multiplicative Inverses Over Finite Fields The inverse e -1 of a number e satisfies e -1 e = 1 The inverse of 5 is 1/5 If we only allow numbers from 0 to n-1 (mod n), then for special values of n, each e has a unique inverse 6 2 = 12 WHEN DIVIDED BY 7 GIVES REMAINDER 5 EACH ROW EXCEPT THE ZERO ROW HAS EXACTLY ONE 1 EACH ELEMENT HAS A UNIQUE INVERSE

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS RSA Encryption Message M is a number To encrypt message M using key (e, n): Compute C(M) = M e (mod n) To decrypt message C using key (d, n): Compute P(C) = C d (mod n) Note that P(C(M)) = C(P(M)) = (M e ) d (mod n) = M ed (mod n) = M because e d = 1 and m = (p-1)(q-1)

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Message Digest (Hash) A message digest is a “fingerprint” of a message Much shorter than the original message (e.g. 160 bits) Easy to compute Can’t recover the message from the digest Changing the message changes the digest MESSAGE (VERY LONG) DIGEST DIGEST CAN BE USED TO VERIFY THAT THE MESSAGE HAS NOT BEEN ALTERED

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Single Step of SHA-1 Operates on 16-word (512-bit) blocks Expands 16 words to 80 words W t Performs 80 operations as shown for t = a, b, c, d, e are special constants K t are special constants SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY INITIALLY CONSTANTS 80 WORDS INPUT HERE, 1 EACH STEP MAGIC CONSTANTS “<<< 5” means “cyclic left shift 5 bits” REVISED CONSTANTS FOR NEXT STEP

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Digital Signature A function of both the message AND the signer’s private key (different for every message) MESSAGE (LONG) HASH SIG USE SECURE HASH ALGORITHM (SHA) TO PRODUCE HASH (MESSAGE DIGEST) ENCRYPT HASH USING SIGNER’S PRIVATE KEY PRIVATE KEY MESSAGE (LONG)SIG APPEND SIGNATURE TO MESSAGE; SEND BOTH DIGITALLY SIGNED MESSAGE

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Authentication by Digital Signature MESSAGE (LONG) HASH RECIPIENT USES SHA TO COMPUTE HASH RECIPIENT DECRYPTS SIG WITH SIGNER’S PUBLIC KEY MESSAGE (LONG) SIG IF HASHES ARE EQUAL, MESSAGE IS AUTHENTIC. WHY? IF ANY BIT OF M OR SIG IS ALTERED, HASH CHANGES. RECIPIENT RECEIVES SIG + MESSAGE =?

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS X.509 Version 2 Certificate SOURCE: FORD & BAUM, SECURE ELECTRON IC COMMERCE VERSION # OF X.509 UNIQUE # ASSIGNED BY CA EXAMPLES: MD5RSA, sha1RSA USUALLY A DOMAIN NAME EXAMPLES: RSA

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Q A &