Cryptography Chapter 5.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
Advertisements

Block Ciphers and the Data Encryption Standard
Principles of Information Security, 2nd edition1 Cryptography.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Security+ Guide to Network Security Fundamentals, Fourth Edition
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Lecture 23 Symmetric Encryption
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Chapter 12 Cryptography (slides edited by Erin Chambers)
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Linux Networking and Security Chapter 8 Making Data Secure.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography.
Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Cryptography, Authentication and Digital Signatures
Chapter 20 Symmetric Encryption and Message Confidentiality.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Chapter 21 Public-Key Cryptography and Message Authentication.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
BZUPAGES.COM Cryptography Cryptography is the technique of converting a message into unintelligible or non-understandable form such that even if some unauthorized.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Cryptography and Its Algorithms Scott Chappell. What is Cryptography?  Definition: the art of writing or solving codes.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
Cryptography Chapter 5.
BCIS 4630 Fundamentals of IT Security
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Encryption Encryption: Transforms Message so that Interceptor Cannot Read it –Plaintext (original message) Not necessarily text; Can be graphics, etc.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
Basics of Cryptography
Cryptographic Hash Function
IS3230 Access Security Unit 9 PKI and Encryption
Security through Encryption
PART VII Security.
DISSERTATION ON CRYPTOGRAPHY.
Fluency with Information Technology Lawrence Snyder
Presentation transcript:

Cryptography Chapter 5

Objectives Identify and describe the three types of cryptography. List and describe current cryptographic algorithms. Explain how cryptography is applied for security. While there are only three objectives, this is a chapter with a lot of information.

Agenda Basic Terms and the Encryption/Decryption Process Types of Ciphers Modern Day Encryption Hashes Symmetric Encryption Asymmetric Encryption Steganography Cryptography Algorithm Use

Key Terms Algorithm Block cipher Key management Keyspace Collision attack Cryptanalysis Cryptography Differential cryptanalysis Digital rights management Hash Key Key escrow Key management Keyspace Linear cryptanalysis Multiple encryption Shared secret Shift cipher Steganography Stream cipher Transposition cipher Trapdoor functions Vigenère cipher XOR Algorithm - A step-by-step procedure; typically an established computation for solving a problem within a set number of steps. Block cipher - A cipher that operates on blocks of data. Collision attack - An attack on a hash function, in which a specific input is generated to produce a hash function output that matches another input. Cryptanalysis - The process of attempting to break a cryptographic system. Cryptography - The art of secret writing that enables an individual to hide the contents of a message or file from all but the intended recipient. Diameter - The base protocol that is intended to provide an authentication, authorization, and accounting (AAA) framework for applications such as network access or IP mobility. Diameter is a draft IETF proposal. Hash - Form of encryption that creates a digest of the data put into the algorithm. These algorithms are referred to as one-way algorithms because there is no feasible way to decrypt what has been encrypted. Key - In cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message. Key management – the exchange, storage, safeguarding, and revocations of keys. Keyspace - The entire set of all possible keys for a specific encryption algorithm. Linear cryptanalysis - The use of linear functions to approximate a cryptographic function as a means of analysis. Multiple encryption - The use of multiple layers of encryption to improve encryption strength. Shared secret – Both the sender and the receiver of encrypted messages have the same key. Shift cipher – one letter of the alphabet is shifted a set number of places in the alphabet for another letter. Steganography – the hiding of data inside of other data. Stream cipher – a stream cipher works by enciphering the plaintext in a stream, usually bit by bit. Transposition cipher – the characters of a message are used but the order is changed. Trapdoor functions - a hidden method used to gain access to a computer system, network or application. Often used by software developers to ensure unrestricted access to the systems they create. Synonymous with trapdoor. Vigenère cipher – a polyalphabetic substitution cipher that depends on a password. XOR – Bitwise exclusive OR, an operation commonly used in cryptography.

Basic Definitions Cryptography is the art and science of secret writing, encrypting, or hiding of information from all but the intended recipient. Cryptanalysis is the process of attempting to break a cryptographic system and return the encrypted message to its original form. In the beginning, people in power attempted to hide information by controlling who was taught to read and write. Eventually, more complicated methods of concealing information by shifting letters around to make the text unreadable were developed. These complicated methods are called cryptographic algorithms, also known as ciphers.

Basic Definitions (continued) Plaintext – a piece of data that is not encrypted Ciphertext – the output of an encryption algorithm Cipher – a cryptographic algorithm Algorithm – a step-by-step, recursive computational procedure Key – a sequence of characters or bits used by an algorithm to encrypt or decrypt a message Encryption – changing plaintext to ciphertext Decryption – changing ciphertext to plaintext The word cipher comes from the Arabic word sifr, meaning empty or zero.

Encryption and Decryption Process This diagram is similar to the earlier slide, except here we have the addition of a key.

Cryptographic Algorithms Every current encryption scheme is based upon an algorithm. The cryptographic algorithm—what is commonly called the encryption algorithm or cipher—is made up of mathematical steps for encrypting and decrypting information. Security+ objective 5.1m Use of Proven Technologies

Keys Keys are special pieces of data used in both the encryption and decryption processes. The algorithms stay the same, but a different key is used. This ensures your data is secure even if they know the algorithm. The more complex the key, the greater the security of the system. Keyspace is every possible key value. Key complexity is achieved by giving the key a large number of possible values. This is usually defined in a numeric size of bits 1024 bits, meaning 21024 different keys. When an algorithm lists a certain number of bits as a key, it is defining the keyspace. Security + Objective 5.1h Comparative strength of algorithms

Types of Ciphers Shift Substitution Transposition Vigenère One-time pad

Shift Cipher A classic example of this is the early shift cipher, known as Caesar’s cipher. Caesar’s cipher uses an algorithm and a key: the algorithm specifies that you offset the alphabet either to the right (forward) or to the left (backward), and the key specifies how many letters the offset should be. The Caesar’s cipher is also known as a shift cipher.

Shift Cipher (continued) Solve this: LPHKWYBLA The shift cipher Any shift cipher can easily be encoded and decoded on a wheel of two pieces of paper with the alphabet set as a ring; moving one circle the specified number in the shift, you can translate the characters. The answer is – swordfish

Substitution Ciphers Shift ciphers are easy to crack. Simply figure out the number of rotations. Substitution ciphers were developed because they are more complex. Substitution ciphers work on the principle of substituting a different letter for every letter. a becomes g, b becomes d, and so on. The letters are not in order as they are in shift ciphers. Substitution ciphers were popular in Elizabethan England (roughly the second half of the sixteenth century). This system permits 26 possible values for every letter in the message, making the cipher many times more complex than a standard shift cipher.

Cryptanalysis of Substitution Cipher Digrams and trigrams – two- and three-letter words. There are only a limited number of one-, two-, and three-letter words. Look for patterns and letters that appear multiple words.

Decrypting a Cipher Ex. Oa o qsps ox oxlom o qegvl smc ngppr njonbsx Since any letter can be substituted for any other letter, we must narrow down the possibilities. O appears as a single letter and in two digrams. In English, what letters are used alone? Only two, I and A There are a limited number of two letter words that begin with the letter I and the letter A. If, in, is, it, an, as, at The letter must also work in the fifth and last word. The fourth word is also the first two letters of the fifth word. If you wish to do this with the class, you may want to use the board or have students take out scratch paper and see what they come up with. Use “if” as the first word That makes O = A and A=F The sentence is now – If I (good start) Then there is ox oxlom Use in for ox that would make X = N The sentence is now If I _ _ _ _ in In_i_ I …. You may want to play with this. The point is to give the class a small sense of how using clues in the ciphertext can be used to get back to the plaintext. The answer to the cipher is “If I were in India, I would eat curry chicken” a b c d e f g h i j k l m n o p q r s t u v w x y z m k n l s a z j o y b v i x e u f p d c g w q h r t

Then, written horizontally Transposition The order of the letters are changed. Ex. THE UNEXAMINED LIFE IS NOT WORTH LIVING Written vertically over six columns becomes: TX SOV HAL RI EMINTN IFOHG UNET NE L EDIWI The Spartans would do this using ribbon and a cylinder. They would do this by wrapping a ribbon around a cylinder and writing the message across. When unwrapped, the letters would look like garbled text. It was deciphered by using a cylinder of the exact same diameter of the original. In our example the “cylinder” was six across. If you try to decipher the text using five columns or seven columns, it will not work. You may want to ask the students to decipher the following using four columns: EEAAX_N_CI_HESAAL_CBLNTIEO_TNTB_C_U_ The answer is: Excellence is not an act but a habit Then, written horizontally becomes: TX SOVHAL RIEMINTN IFOHGUNET NE LEDIWI

Vigenère Cipher The Vigenère cipher is a much more complex cipher. It corrects the issues with more simplistic keys. It works as a polyalphabetic substitution cipher that depends on a password. The Vigenère cipher system and systems like it. Makes the algorithms rather simple But the key rather complex, with the best keys comprising very long and very random data

Vigenère Cipher (continued) A Vigenère cipher is done by setting up a substitution table like this one: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C (etc.) The password is matched up to the text it is meant to encipher. The cipher letter is determined by use of the grid matching the plaintext character’s row with the password character’s column, resulting in a single ciphertext character where the two meet. For example – Plain text is “Send Help” and the password is “cabinet.” 1st plaintext letter S (column), 1st password letter c (row) Ciphertext is now U If the password is not long enough, the password is repeated until one character of the password is matched up with each character of the plaintext. The key in the encryption system is the password. The example also illustrates that an algorithm can be simple and still provide strong security. If someone knows about the table, they can determine how the encryption was performed, but they still will not know the key to decrypting the message.

One-Time Pad Unbreakable Dependent on random pad generation Requires both parties to have the identical pad and start from the same point in the pad Impractical for most common applications Large pads required Difficult to generate truly random numbers Difficult to get the pads to both parties Security + Objective 5.3 One-time Pad

Modern Day Encryption Cryptanalysis Public algorithms Hashes Modern algorithms

Methods of Cryptanalysis In modern times, computers are used both for encryption and for cryptanalysis. Modern encryption methods use a combination of substitution, transposition and other functions in the algorithms. Two methods of cryptanalysis have been developed using the computer: Differential cryptanalysis compares the input plaintext to the output ciphertext to determine the key used to encrypt. Linear cryptanalysis uses both plaintext and ciphertext, and puts the plaintext through a simplified cipher to deduce what the key is likely to be in the full version of the cipher. The birth of the computer made it possible to easily execute the calculations required by more complex encryption algorithms. Today, the computer almost exclusively powers how encryption is performed. Computer technology has also aided cryptanalysis. New methods to be developed, such as linear and differential cryptanalysis.

Public Algorithms The best algorithms are always public algorithms. They are peer reviewed by other cryptographic and mathematical experts. Publication is important, as any flaws in the system can be revealed by others before actual use of the system. A system that maintains its security after public testing can be reasonably trusted to be secure. A public algorithm can be more secure because good systems rely on the encryption key to provide security, not the algorithm itself.

Public Algorithms (continued) While everyone knows how to use a knob to open a door, without the key to unlock the knob, that knowledge is useless.

Hashes Hashing functions Collision attacks Common hash algorithms SHA Message Digest

Hashing Functions Hashing functions are commonly used encryption methods. A hashing function is a special mathematical function that performs one-way encryption. Once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext. There is no feasible way to generate two different plaintexts that compute to the same hash value. Two popular hash algorithms are the Secure Hash Algorithm (SHA) series and Message Digest (MD) hash of varying versions (MD2, MD4, MD5).

Hash Function

Common Uses of Hashing Functions Hashing functions are used to Store computer passwords Ensure message integrity Hashing produces a unique value that corresponds to the data entered. The hash value is also reproducible by anyone else running the same algorithm against the same data. This means you can Create a file. Get its hash value. Send the file and the hash to someone. They can run the file and get it hash value as well. If the hashes match, the file is in complete tact.

Collision Attack A collision attack is used to compromise a hash algorithm. It occurs when an attacker finds two different messages that hash to the same value. This attack is very difficult and requires generating a separate algorithm that attempts to find a text that will hash to the same value of a known hash. This must occur faster than simply editing characters until you hash to the same value, which is a brute-force type attack. Hash functions that suffers from collisions lose integrity. An attacker that can make two different inputs hash to the same value, can trick people into running malicious code.

SHA SHA stands for secure hash algorithm. Refers to four hash algorithms published by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). Federal Information Processing Standards (FIPS) 180-2 Applies compression function to data input. Accepts up to 264 bits or less and then compresses it down to a smaller number of bits i.e. – 160 bits for SHA-1 Security + Objective 5.2a SHA These algorithms are included in the SHA standard Federal Information Processing Standards (FIPS) 180-2. The individual standards are named SHA-1, SHA-256, SHA-384, and SHA-512. The latter three variants are occasionally referred to collectively as SHA-2.

Block Method Most algorithms use block mode to process data to create the hash. They break the data into sets of bits (blocks) such as 512. If a file were 1400 bits long, it would create three blocks with the third one being padded with zeros. 2x512 is 1024, the third block would be 376 bits of the message and 136 bits of zeros. Security + Objective 5.2a SHA

Four Variants of SHA SHA-1, SHA-256, SHA-384, SHA-512 SHA-1 was one of the more secure hash functions. But it has been found to be vulnerable to a collision attack. These longer versions are referred to as SHA-2. SHA-256, SHA-384, and SHA-512 All have longer hash results, and are more difficult to attack successfully. SHA-2 does require more processing power to compute the hash. Security + Objective 5.2a SHA

Message Digest Message digest (MD) is the generic version of one of several algorithms that are designed to create a message digest or hash from data input into the algorithm. MD algorithms work in the same manner as SHA: They use a secure method to compress the file and generate a computed output of a specified number of bits. The MD algorithms were all developed by Ronald L. Rivest of MIT. MD2 MD4 MD5

MD2 and MD4 MD2 Developed in 1989; an early version of MD5 It takes a data of any length and produces a hash output of 128 bits. MD2 is optimized for 8-bit machines. MD4, MD5 are optimized for 32-bit machines. MD4 Developed in 1990; optimized for 32-bit computers It is a fast algorithm, but it is subject to more attacks than more secure algorithms such as MD5. It has been shown to be vulnerable to collision. As such, most people use MD5 instead. MD4 An extended version of MD4 computes the message in parallel and produces two 128-bit outputs—effectively a 256-bit hash. Even though a longer hash is produced, security has not been improved because of basic flaws in the algorithm. Cryptographer Hans Dobbertin has shown how collisions in MD4 can be found in under a minute using just a PC. This vulnerability to collisions applies to 128-bit MD4 as well as 256-bit MD4. Most people are moving away from MD4 to MD5 or a robust version of SHA. Security+ objective 5.2b MD5

MD5 Developed in 1991 and is structured with additional security to overcome the problems in MD4. Very similar to the MD4 algorithm, only slightly slower and more secure. Creates a 128-bit hash of a message of any length and segments the message into 512-bit blocks. Security + Objective 5.2 MD5 MD5 creates a 128-bit hash of a message of any length. Like MD4, it segments the message into 512-bit blocks and then into sixteen 32-bit words. First, the original message is padded to be 64 bits short of a multiple of 512 bits. Then a 64-bit representation of the original length of the message is added to the padded value to bring the entire message up to a 512-bit multiple. After padding is complete, four 32-bit variables, A, B, C, and D, are initialized. A, B, C, and D are copied into a, b, c, and d, and then the main function begins. This has four rounds, each using a different nonlinear function 16 times. These functions operate on three of a, b, c, and d, adding the result to the fourth variable, the fourth variable being a sub-block of the text and a constant, and then rotating the result of that addition to the right a variable number of bits, specified by the round of the algorithm. After adding the result of this operation to one of a, b, c, and d, that sum replaces one of a, b, c, and d. After the four rounds are completed, a, b, c, and d are added to A, B, C, and D, and the algorithm moves on to the next block. After all blocks are completed, A, B, C, and D are concatenated to form the final output of 128 bits.

NTLM MD5 has been used as part of the NTLM (NT LAN Manager) challenge/response authentication protocol. Successful attacks on the algorithm have occurred. MD5 collisions can be computed in about 8 hours on a standard home PC. The ability to have two entirely different Win32 executables with different functionality but the same MD5 hash. This has led to people adopting a strong SHA version instead. Security + Objective 5.2d NTLM Cryptanalysis has displayed weaknesses in the compression function. However, this weakness does not lend itself to an attack on MD5 itself. Czech cryptographer Vlastimil Klíma published work showing that MD5 collisions can be computed in about eight hours on a standard home PC. In November 2007, researchers published results showing the ability to have two entirely different Win32 executables with different functionality but the same MD5 hash. This discovery has obvious implications for the development of malware. The combination of these problems with MD5 has pushed people to adopt a strong SHA version for security reasons.

Hashing Summary Hashing functions are very common, and they play an important role in security. Storing passwords Signing messages Maintaining message integrity By computing a digest of the message, less data needs to be signed by the more complex asymmetric encryption.

Symmetric Encryption Symmetric encryption Key management Trusted platform module Popular symmetric encryption algorithms DES, 3DES, AES, CAST, RIVEST, Blowfish, IDEA

Symmetric Encryption (continued) Is an older and more simple method of encrypting information. Both the sender and the receiver of the message have the same key. All symmetric algorithms are based upon this shared secret principle. A cryptographic key is involved in symmetric encryption, so there must be a mechanism for key management. Security + Objective 5.1c Symmetric Key Having the same key is the basis for even the oldest ciphers—the Spartans needed the exact same size cylinder, making the cylinder the “key” to the message. In shift ciphers both parties need to know the direction and amount of shift being performed. All symmetric algorithms are based upon this shared secret principle, including the unbreakable one-time pad method.

Symmetric Algorithm This is a simple diagram showing the process that a symmetric algorithm goes through to provide encryption from plaintext to ciphertext. This ciphertext message is transmitted to the message recipient, who goes through the process to decrypt the message using the same key that was used to encrypt the message. The keys to the algorithm are the same value in symmetric encryption.

Key Management Security of the algorithms relies on the key, as such key management is of critical concern. Includes anything having to do with the exchange, storage, safeguarding, and revocation of keys. A key must be current and verified. If you have an old or compromised key, you need a way to check to see that the key has been revoked. Security + Objective 5.1a key management Managing the cryptographic keys is critically important in symmetric algorithms because the key unlocks the data that is being protected. However, the key also needs to be known by, or transmitted to in a confidential way, the party to which you wish to communicate. Keys must be managed at all stages, which requires securing it on the local computer, securing it on the remote one, protecting it from data corruption, protecting it from loss, and, probably the most important step, protecting it while it is transmitted between the two parties. For symmetric algorithms the most important lesson is to store and send the key only by known secure means. Public key cryptography greatly eases the key management issue.

Trusted Platform Module (TPM) Although keys can be stored in many different ways, new PC hardware often includes the trusted platform module (TPM). TPM provides a hardware-based key storage location that is used by many applications. BitLocker Drive Encryption featured in Microsoft Windows Vista uses TPM. Security + Objective 5.1k TPM More on this in Chapter 6.

Popular Symmetric Encryption Algorithms DES 3DES AES IDEA CAST Rivest Blowfish This is a summary of the slides to follow, briefly describing features of each.

Data Encryption Standard (DES) Developed in 1973, adopted as a federal standard in 1976 Block cipher The block size is 64 bits—64 bits of plaintext gives you 64 bits of ciphertext. 56-bit key length Performs a substitution and permutation (a form of transposition) based on the key 16 times on every 64 bit block. While DES has been a common business standard for 20 years, modern computing power has made the key breakable. NIST now certifies Advanced Encryption Standard (AES) to replace DES. Security + Objective 5.3a DES NBS (Now called NIST) received an algorithm called Lucifer, originally developed by IBM. The NBS and the NSA worked together to analyze the algorithm’s security, and eventually DES was adopted as a federal standard in 1976. NBS specified that the DES standard had to be recertified every five years. Passed without a hitch in 1983, not in 1987. Forced to recertify in 1993. NIST has now certified the Advanced Encryption Standard (AES) to replace DES. Over the years that DES has been a cryptographic standard, some problems have been encountered. Weak keys are keys that are less secure than the majority of keys allowed in the keyspace of the algorithm. In the case of DES, because of the way the initial key is modified to get the subkey, certain keys are weak keys. The weak keys equate in binary to having all 1’s or all 0’s. Semiweak keys, with which two keys will encrypt plaintext to identical ciphertext, also exist, meaning that either key will decrypt the ciphertext. The total number of possibly weak keys is 64, which is very small relative to the 256 possible keys in DES.

3DES Triple DES (3DES) is a variant of DES. Depending on the variant, it uses either two or three keys. Multiple encryption – goes through the DES algorithm three times. 3DES is stronger than DES but has similar weakness. The longer key length makes it more resistant to brute force attacks. 3DES is a good interim step before the new encryption standard, AES. Security + Objective 5.3b 3DES Multiple encryption can be performed in several different ways. The simplest method of multiple encryption is just to stack algorithms on top of each other. —Taking plaintext, encrypting it with DES, then encrypting the first ciphertext with a different key, and finally encrypting the second ciphertext with a third key. In reality, this technique is less effective than the technique that 3DES uses, which is to encrypt with one key, then decrypt with a second, and then encrypt with a third. This greatly increases the number of attempts needed to retrieve the key and is a significant enhancement of security. The additional security comes with a price, however. It can take up to three times longer to compute 3DES than to compute DES. While this is the case, advances in memory and processing power in today’s electronics should make this problem irrelevant in all devices except for very small low-power handhelds.

3 DES (continued)

AES No efficient attacks currently exist against AES. AES is a block cipher that separates data input into 128-bit blocks. Can also be configured to use blocks of 192 or 256 bits. AES can have key sizes of 128, 192, and 256 bits, with the size of the key affecting the number of rounds used in the algorithm. Longer key versions are known as AES-192 and AES-256, respectively. No efficient attacks currently exist against AES. Security + Objective 5.3f AES Because of the advancement of technology and the progress being made in quickly retrieving DES keys, NIST put out a request for proposals for a new Advanced Encryption Standard (AES). It called for a block cipher using symmetric key cryptography and supporting key sizes of 128, 192, and 256 bits. After evaluation, the NIST had five finalists: MARS IBM RC6 RSA Rijndael John Daemen and Vincent Rijmen Serpent Ross Anderson, Eli Biham, and Lars Knudsen Twofish Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson In the fall of 2000, NIST picked Rijndael to be the new AES. It was chosen for its overall security as well as its good performance on limited-capacity devices. Rijndael’s design was influenced by Square, also written by John Daemen and Vincent Rijmen. Like Square, Rijndael is a block cipher that separates data input into 128-bit blocks. For a more in-depth description of AES, see the NIST document http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

CAST CAST is an encryption algorithm that is similar to DES in its structure. Uses 64-bit block size for 64- and 128-bit keys 128-bit block size for the 256-bit key version CAST has undergone thorough analysis, with only minor weaknesses discovered. CAST should be placed with other trusted algorithms. Designed by Carlisle Adams and Stafford Tavares. Like DES, it divides the plaintext block into a left half and a right half. The right half is then put through function f and then is XORed with the left half. This value becomes the new right half, and the original right half becomes the new left half. This is repeated for eight rounds for a 64-bit key, and the left and right output is concatenated to form the ciphertext block. CAST supports longer key lengths than the original 64 bits. Changes to the key length affect the number of rounds: CAST-128 specifies 16 rounds and CAST-256 has 48 rounds. This algorithm in CAST-256 form was submitted for the AES standard but was not chosen. Currently, no better way is known to break high-round CAST than by brute-forcing the key, meaning that with sufficient key length, CAST should be placed with other trusted algorithms.

RC RC is the term for ciphers designed by Ron Rivest, (RC – Rivest Ciphers). RC2 – designed as DES replacement, 8 to 1024 bit key size, 64 bit block size, keys below 64 bit are vulnerable. RC5 – block cipher, multiple variable elements, RC6 is newer version. RC6 – 128 bit block size, keys sizes: 128, 192, 256. Runs well on 32 bit computers Resistant to brute force attacks Should provide adequate security for some time to come RC4 – Stream cipher, fast, uses key lengths of 8 to 2048 bits, most vulnerable to possibility of weak keys. RC1 and RC3 never made it to release. RC4 was created before RC5 and RC6 RC4 is a stream cipher A stream cipher works by enciphering the plaintext in a stream, usually bit by bit. It was developed in 1987 and remained a trade secret of RSA until it was posted to the Internet in 1994. The key is used to initialize a 256-byte state table. This table is used to generate the pseudo-random stream that is XORed with the plaintext to generate the ciphertext. Alternatively, the stream is XORed with the ciphertext to produce the plaintext. The algorithm is fast, sometimes ten times faster than DES. The most vulnerable point of the encryption is the possibility of weak keys. One key in 256 can generate bytes closely correlated with key bytes.

Blowfish Designed in 1994 by Bruce Schneier. Block mode cipher, using 64-bit blocks and a variable key length from 32 to 448 bits. Runs well on 32-bit machines. Seems to be strong when implemented with the full 16 rounds.

International Data Encryption Algorithm (IDEA) Released as IDEA in 1992. Block mode cipher using 64-bit block size and 128-bit key. This algorithm is fairly new. Full, eight-round IDEA shows that the most efficient attack would be to brute-force the key. Susceptible to weak key vulnerability, but easy to mitigate. The input plaintext is split into four 16-bit segments, A, B, C, and D. The process uses eight rounds, with a final four-step process. The output of the last four steps is then concatenated to form the ciphertext. The 128-bit key would prevent this attack being accomplished, given current computer technology. The only known issue is that IDEA is susceptible to a weak key—a key that is made of all 0’s. This weak key is easy to check for, and the weakness is simple to mitigate.

Symmetric Encryption Summary Symmetric algorithms are important because: They are comparatively fast. Have few computational requirements Their main weaknesses: Two geographically distant parties both need to have a key that matches the other key exactly. Simple keys can quickly be brute-forced. Secure key exchange can be an issue. This means that larger and more complex keys must be used and exchanged. This key exchange is difficult because the key cannot be simple, such as a word, but must be shared in a secure manner. It might be easy to exchange a 4-bit key such as b in hex, but exchanging the 128-bit key 4b36402c5727472d5571373d22675b4b is far more difficult to do securely. This exchange of keys is greatly facilitated by our next subject, asymmetric, or public key cryptography.

Asymmetric Encryption RSA Diffie-Hellman ElGamal ECC

Asymmetric Encryption (continued) Invented by Whitfield Diffie and Martin Hellman in 1975. Uses two keys instead of one. Commonly known as public key cryptography. The system uses a pair of keys: A private key that is kept secret. A public key that can be sent to anyone. Security relies upon resistance to deducing one key, given the other. Security + Objective 5.1d Asymmetric Key

Public Key Encryption It typically works by using hard math problems. A common method relies on the difficulty of factoring large numbers. Trapdoor functions are difficult to process without the key but easy to process when you have the key. Computers can easily multiply very large primes with hundreds or thousands of digits but cannot easily factor the product. They also form the basis for digital signatures. For example, given a prime number, say 293, and another prime, such as 307, it is an easy function to multiply them together to get 89,951. Given 89,951, it is not simple to find the factors 293 and 307 unless you know one of them already. The strength of these functions is very important: Because an attacker is likely to have access to the public key, he can run tests of known plaintext and produce ciphertext. This allows instant checking of guesses that are made about the keys of the algorithm. Public key systems, because of their design, also form the basis for digital signatures, a cryptographic method for securely identifying people. RSA, Diffie-Hellman, elliptic curve cryptography (ECC), and ElGamal are all popular asymmetric protocols. We will look at all of them and their suitability for different functions.

RSA Ron Rivest, Adi Shamir, and Leonard Adleman (RSA) One of the first public key cryptosystems invented. Published in 1997 Used for encryption and digital signatures Uses the product of two very large prime numbers (between 100 and 200 digits long and of equal length) While a simple algorithm, it has withstood the test of more than 20 years of analysis. Does not replace symmetric encryption because RSA is 100 times slower than DES! Asymmetric encryption is used to exchange symmetric keys. Security + Objective 5.3c RSA Considering the effectiveness of RSA’s security and the ability to have two keys, why are symmetric encryption algorithms needed at all? The answer is speed. RSA in software can be 100 times slower than DES, and in hardware it can be even slower. RSA can be used to perform both regular encryption and digital signatures. Digital signatures try to duplicate the functionality of a physical signature on a document using encryption. Typically, RSA and the other public key systems are used in conjunction with symmetric key cryptography. Public key, the slower protocol, is used to exchange the symmetric key (or shared secret), and then the communication uses the faster symmetric key protocol. This process is known as electronic key exchange. Since the security of RSA is based upon the supposed difficulty of factoring large numbers, the main weaknesses are in the implementations of the protocol. Until recently, RSA was a patented algorithm, but it was a de facto standard for many years.

Diffie-Hellman Created in 1976 by Whitfield Diffie and Martin Hellman The protocol is one of the most common encryption protocols in use today. Used for: Electronic key exchange method of the Secure Sockets Layer (SSL) protocol TLS, SSH, and IPsec protocols Enables the sharing of a secret key between two people who have not contacted each other before. Diffie-Hellman is still in wide use. Security + Objective 5.4a SSL/TLS Uses large prime numbers to work. Two users agree to two numbers, P and G, with P being a sufficiently large prime number and G being the generator. Both users pick a secret number, a and b. Then both users compute their public number: Diffie-Hellman is still in wide use. It remains very effective because of the nature of what it is protecting—a temporary, automatically generated secret key that is good only for a single communication session.

ElGamal Taher Elgamal designed the system in the early 1980s. It can be used for both encryption and digital signatures. This system was never patented and is free for use. It is used as the U.S. government standard for digital signatures. ElGamal has been in use for some time. It is used primarily for digital signatures.

Elliptic Curve Cryptography (ECC) Works on the basis of elliptic curves Elliptic curves are defined by this equation: y2 = x3 + ax2 + b Elliptic curves work because they have a special property—you can add two points on the curve together and get a third point on the curve. Security in question due to lack of analysis. Unless there is a breakthrough in math, ECC will continue to be a good algorithm. Security + Objective 5.3e ECC The security of elliptic curve systems has been questioned, mostly because of lack of analysis. However, all public key systems rely on the difficulty of certain math problems. It would take a breakthrough in math for any of the mentioned systems to be weakened dramatically, but research has been done about the problems and has shown that the elliptic curve problem has been more resistant to incremental advances. Again, as with all cryptography algorithms, only time will tell how secure they really are.

Elliptical Curve

Asymmetric Encryption Summary Creates the possibility of digital signatures and corrects the main weakness of symmetric cryptography. Ability to send messages securely without senders and receivers having had prior contact. Digital signatures enable faster and more efficient exchange of all kinds of documents. With strong algorithms and good key lengths, security can be assured.

Steganography Offshoot of cryptography technology Difficult to detect. Greek word steganos, meaning covered Invisible ink, or tattoo, on head under hair Commonly hiding text message in picture file Difficult to detect. Images do not attract attention. Message can also be encrypted. Tools to detect steganography: Stegdetect, StegSecret, SegSpy, and SARC tools. Steganography can be a nightmare for protecting an organization's sensitive information. Security + Objective 5.1b Steganography The data that is hidden in a steganographic message is frequently also encrypted, so that if it is discovered, the message will remain secure. Steganography has many uses but the most publicized uses are to hide illegal material, often pornography, or allegedly for covert communication by terrorist networks. While there is no direct evidence to support that terrorists use steganography, the techniques have been documented in some of their training materials. Steganographic encoding can be used in many ways and through many different media. Some popular steganography detection tools include Stegdetect, StegSecret, StegSpy, and the family of SARC tools. All of these tools use detection techniques based upon the same principle, pattern detection. By looking for known steganographic encoding schemes or artifacts, they can potentially detect embedded data. Additionally steganography insertion tools can be used to attempt to decode images with suspected hidden messages. Invisible Ink is a small program for steganographic insertion of messages and then extraction of those messages, as illustrated here.

Googling Steganography

Cryptography Algorithm Use Confidentiality Integrity Nonrepudiation Aunthentication Key escrow Digital signatures Digital rights management Cryptographic applications Here is a list of the many uses of cryptographic algorithms. The following slides will cover each briefly.

Confidentiality Encryption excels at providing confidentiality. Maintains confidentiality on data stored or transmitted. In both cases, symmetric encryption is favored due to speed, and the increase of size when using asymmetric encryption. Public key typically unnecessary for stored items. Public key used for exchange of symmetric keys. Security + Objective 5.1e Confidentiality Maintaining confidentiality often is important for both stored data and transmitted data. In both cases, symmetric encryption is favored because of its speed and because some asymmetric algorithms can significantly increase the size of the object being encrypted. In the case of a stored item, a public key is typically unnecessary, as the item is being encrypted to protect it from access by others. In the case of transmitted data, public key cryptography is typically used to exchange the secret key, and then symmetric cryptography is used to ensure the confidentiality of the data being sent. Asymmetric cryptography does protect confidentiality, but its size and speed make it more efficient at protecting the confidentiality of small units for tasks such as electronic key exchange. In all cases, the strength of the algorithms and the length of the keys ensure the secrecy of the data in question.

Integrity When a message is sent, both the sender and recipient need to know that the message was not altered in transmission. This is especially important for legal contracts. The ability to independently make sure that a document has not been tampered with is very important to commerce. The hash functions compute the message digests, and this guarantees the integrity of the message. Security + Objective 5.1f Integrity and Availablity Integrity, better known as message integrity, is a crucial component of message security. When a message is sent, both the sender and recipient need to know that the message was not altered in transmission. This is especially important for legal contracts—recipients need to know that the contracts have not been altered. Signers also need a way to validate that a contract they sign will not be altered in the future. Note: Message integrity will become increasingly important as more commerce is conducted digitally. The ability to independently make sure that a document has not been tampered with is very important to commerce. More importantly, once the document is “signed” with a digital signature, it cannot be refuted that the person in question signed it. Integrity is provided with one-way hash functions and digital signatures. The hash functions compute the message digests, and this guarantees the integrity of the message by allowing easy testing to determine whether any part of the message has been changed. The message now has a computed function (the hash value) to tell the users to resend the message if it was intercepted and interfered with.

Nonrepudiation The message sender cannot later deny that they sent the message. This is important in electronic exchanges of data, especially when you are unable to meet face-to-face. Nonrepudiation is tied to asymmetric cryptography and cannot be implemented with symmetric algorithms. Security + Objective 5.1g Non-repudiation An item of some confusion, the concept of nonrepudiation is actually fairly simple. Nonrepudiation means that the message sender cannot later deny that they sent the message. This is important in electronic exchanges of data, because of the lack of face-to-face meetings. Nonrepudiation is based upon public key cryptography and the principle of only you knowing your private key. The presence of a message signed by you, using your private key, which nobody else should know, is an example of nonrepudiation. When a third party can check your signature using your public key, that disproves any claim that you were not the one who actually sent the message. Nonrepudiation is tied to asymmetric cryptography and cannot be implemented with symmetric algorithms.

Authentication Authentication lets you prove you are who you say you are. Authentication can be accomplished in a multitude of ways, a token being one of them, digital certificates and tokens are one way. When you log into a secure web site, one-way authentication occurs. Authentication lets you prove you are who you say you are. Authentication is similar to nonrepudiation, except that authentication often occurs as communication begins, not after. Authentication is also typically used in both directions as part of a protocol. Authentication can be accomplished in a multitude of ways, the most basic being the use of a simple password. Every time you sign in to check your e-mail, you authenticate yourself to the server. This process can grow to need two or three identifying factors, such as a password, a token (such as a digital certificate), and a biometric (such as a fingerprint). Digital certificates are a form of token. Digital certificates are public encryption keys that have been verified by a trusted third party. When you log into a secure web site, one-way authentication occurs. You want to know that you are logging into the server that you intend to log into, so your browser checks the server’s digital certificate. This token is digitally signed by a trusted third party, assuring you that the server is genuine. This authentication is one way because the server does not need to know that you are who you say you are—it will authenticate your credit card later on. The other option, two-way authentication, can work the same way: you send your digital certificate signed by a third party, and the other entity with which you are communicating sends its certificate. While symmetric encryption can be used as a simple manner of authentication (only the authorized user should know the secret, after all), asymmetric encryption is better suited to show, via digital signatures and certificates, that you are who you say you are.

Key Escrow The loss of a key can happen for a multitude of reasons: It might simply be lost, the key holder might be incapacitated or dead, the software or hardware might fail, and so on. Key escrow, or keeping a copy of the encryption key with a trusted third party Can be used to retrieve your key in case of emergency Can be used by law enforcement Can negatively affect your security In many cases, that information is locked up until the cryptography can be broken, and as you have read, that could be millennia. This has raised the topic of key escrow, or keeping a copy of the encryption key with a trusted third party. Theoretically, this third party would only release your key to you or your official designate on the event of your being unable to get the key yourself. However, just as the old saying from Benjamin Franklin goes, “Three may keep a secret if two of them are dead.” Anytime more than one copy of the key exists, the security of the system is broken. The extent of the insecurity of key escrow is a subject open to debate, and will be hotly contest in the years to come. Additionally, with computer technology being miniaturized into smartphones and other relatively inexpensive devices, criminals and other ill-willed people have begun using cryptography to conceal communications and business dealings from law enforcement agencies. Because law enforcement agencies have not been able to break the encryption in many cases, government agencies have begun asking for mandatory key escrow legislation.

Digital Signatures Touted as the key to truly paperless document flow. Digital signatures are based on both hashing functions and asymmetric cryptography. Both encryption methods play an important role in signing digital documents. Security + Objective 5.1i Digital Signatures Unprotected digital documents are very easy for anyone to change. If a document is edited after an individual signs it, it is important that any modification can be detected. To protect against document editing, hashing functions are used to create a digest of the message that is unique and easily reproducible by both parties. This ensures that the message integrity is complete. The properties of asymmetric encryption allow anyone to use a person’s public key to generate a message that can be read only by that person, as this person is theoretically the only one with access to the private key. In the case of digital signatures, this process works exactly in reverse. When a user can decrypt the hash with the public key of the originator, that user knows that the hash was encrypted by the corresponding private key. This use of asymmetric encryption is a good example of nonrepudiation, because only the signer would have access to the private key. This is how digital signatures work, by using integrity and nonrepudiation to prove not only that the right person signed the digital document, but also that the digital document was not altered after being signed.

Digital Rights Management (DRM) DRM is the process for protecting intellectual property from unauthorized use. A common example of DRM is the broadcast stream of digital satellite TV. DRM will also become very important in the industry of Software as a Service (SaaS). Another example is hardware token USB keys that must be inserted into the machine for the software to decrypt and run. This is a broad area, but the most concentrated focus is on preventing piracy of software or digital content. Before easy access to computers, or the “digital revolution,” the content we came in contact with was analog or print based A common example of DRM that is mostly successful is the broadcast stream of digital satellite TV. Since the signal is beamed from space to every home in North America, the satellite TV provider must be able to protect the signal so that it can charge people to receive it. Smartcards are employed to securely hold the decryption keys that allow access to some or all of the content in the stream. This system has been cracked several times, allowing a subset of users free access to the content; however, the satellite TV providers learned from their early mistakes and upgraded new smartcards to correct the old problems. Similar to companies that provide satellite TV service, companies that provide SaaS rely on a subscription basis for profitability. If someone could pay for a single license and then distribute that to hundreds of employees, the provider would soon go out of business. Many systems in the past have been cracked because the key was housed inside the software. Another example is hardware token USB keys that must be inserted into the machine for the software to decrypt and run. Placing the keys in hardware makes an attack to retrieve them much harder, a concept that is employed in the Trusted Platform Module; in fact, one of the primary complaints against the TPM is its ability to enforce DRM restrictions.

Cryptographic Applications A few applications can be used to encrypt data conveniently on your personal computer. Pretty Good Privacy (PGP) TrueCrypt is an open source solution for encryption. FreeOTFE offers “on-the-fly” disk encryption as an open source. GnuPG, or Gnu Privacy Guard, is an open source implementation of the OpenPGP standard. BitLocker is a boot-sector encryption method that protects data on the Windows Vista operating system. Security+ objective 5.3d PGP Pretty Good Privacy (PGP) is mentioned in this book because it is a useful protocol suite. Created by Philip Zimmermann in 1991, it passed through several versions that were available for free under a noncommercial license. PGP applications can be plugged into popular e-mail programs to handle the majority of day-to-day encryption tasks using a combination of symmetric and asymmetric encryption protocols. One of the unique features of PGP is its ability to use both symmetric and asymmetric encryption methods, accessing the strengths of each method and avoiding the weaknesses of each as well. Symmetric keys are used for bulk encryption, taking advantage of the speed and efficiency of symmetric encryption. The symmetric keys are passed using asymmetric methods, capitalizing on the flexibility of this method. PGP is now sold as a commercial application, with home and corporate versions. Depending on the version, PGP can perform file encryption, whole disk encryption, and public key encryption to protect e-mail. Begin Cross Check Sidebar TrueCrypt is an open source solution for encryption. It is designed for symmetric disk-based encryption of your files. It features AES ciphers and the ability to create a deniable volume, encryption stored within encryption so that volume cannot be reliably detected. TrueCrypt can perform file encryption and whole disk encryption. Whole disk encryption encrypts the entire hard drive of a computer, including the operating system. FreeOTFE is similar to TrueCrypt. It offers “on-the-fly” disk encryption as an open source, freely downloadable application. It can encrypt files up to entire disks with several popular ciphers, including AES. GnuPG, or Gnu Privacy Guard, is an open source implementation of the OpenPGP standard. This command line–based tool is a public key encryption program designed to protect electronic communications such as e-mail. It operates similarly to PGP and includes a method for managing public/private keys. Security+ objective 5.1j Whole Disk Encryption File system encryption is becoming a standard means of protecting data while in storage. Even hard drives are available with built-in AES encryption. Microsoft expanded its Encrypting File System (EFS), available since the Windows 2000 operating system, with BitLocker, a boot-sector encryption method that protects data on the Windows Vista operating system. BitLocker is also used in Windows Server 2008 as well as the forthcoming Windows 7 operating system. BitLocker utilizes AES encryption to encrypt every file on the hard drive automatically. All encryption occurs in the background, and decryption occurs seamlessly when data is requested. The decryption key can be stored in the TPM or on a USB key.

Chapter Summary Identify and describe the three types of cryptography. List and describe current cryptographic algorithms. Explain how cryptography is applied for security.