Download presentation
Presentation is loading. Please wait.
Published byCassandra Jennings Modified over 7 years ago
1
Information Security and Trust Week 2: Encryption Basics
2
Confidentiality How to protect message from eavesdropping and wiretapping? Mallory Our company’s profit and loss statement is… Bob Alice plaintext
3
Cryptography Use a language that only Alice and Bob can understand
Mallory Nz dsfejr dbse ovncds jt… ciphertext Bob Alice
4
Concepts Cryptography – hidden writing Encryption – encode or encipher
Decryption – decode or decipher Cryptosystem – a system for encryption and decryption Cryptographer – anyone who invents encryption algorithms Cryptanalyst – anyone who attempts to break encryption algorithms Cryptology – research of encryption and decryption, including both cryptography and cryptanalysis
5
Cryptosystem Algorithms with a parameter – key K Why use key?
What is Kerckhoff’s principle? Plaintext Encryption Algorithm E Ciphertext Decryption Algorithm D Plaintext P C P Kerckhoffs Principle
6
Encryption Encryption is the process of feeding plaintext and key into a function and getting ciphertext output Ciphertext is “garbage” unless decrypted Plaintext Encryption Function
7
Decryption Decryption is the process of feeding ciphertext and a key into another function and getting original plaintext output Decryption Function Plaintext
8
Symmetric Cryptosystem
C=E(K,P) P=D(K,C) Plaintext Encryption Algorithm E Ciphertext Decryption Algorithm D Plaintext P C P Secret channel K K
9
Cryptanalysis (Attacks)
Cryptanalyst (Mallory) Knows E and D Given ciphertext, find plaintext What else Mallory knows? Ciphertext only Mallory knows ciphertext only Known plaintext Mallory happens to know some plaintext-ciphertext pairs Chosen plaintext Mallory knows some plaintext-ciphertext pairs for selected plaintext Chosen ciphertext Mallory knows some plaintext-ciphertext pairs for selected ciphertext
10
Classical Ciphers Caesar cipher Vigenére cipher Zimmerman cipher
Vernam cipher
11
Caesar Cipher Shifting alphabet How many possible keys?
12
Demo and Discussion Demo with CrypTool Observation:
The break between two words is preserved Repeated letters are mapped to repeated letters Decrypt the following Caesar cipher Wklv phvvdjh lv qrw wrr kdug wr euhdn Hints: Observe the following patterns Wrr, wr Wklv, lv
13
“Unbreakable” cipher: Vigenére Tableau
Same letters are not mapped to the same letters Encrypt Keyword: hothot (repeat: row) Plaintext: attack (column) ciphertext: hhmhqd Decrypt Keyword: hothot (repeat: column) Ciphertext: hhmhqd (from that column find c letter) Plaintext: attack (the index of row)
15
Demo and Discussion Demo with CrypTool
How “unbreakable” is Vigenére cipher?
16
Codebook/Zimmermann Cipher
A codebook cipher is literally a dictionary-like book containing words and their corresponding codewords. Zimmerman Telegram Februar fest finanzielle folgender Frieden Friedenschluss What is the key? Compare it with Vigenére cipher
17
Zimmerman Telegram Decrypted
18
Perfect Cipher
19
Vernam Cipher The only unbreakable stream cipher
K: a long, non-repeating sequence of random numbers Perfectly secure: unbreakable even with infinite amount of computational power 1 0 =1; =1 0 0 =0; =0 Exclusive OR Plaintext Ciphertext P C K Secret channel
20
Vernam Cipher An example of Vernam Cipher Alice: Bob: 1 0 =1; 0 1=1
1 0 =1; =1 0 0 =0; =0 P: … K: … C: … C: … K: … P: …
21
Demo and Discussion Demo with CrypTool
Why is Vernam cipher perfectly secure? Being perfect means…
22
Modern Ciphers Substitution and transposition Combinations Evaluation
23
Permutation Substitution: Confusion
Obscure the relationship between plaintext and ciphertext First remove spaces A legitimate receiver can breakmostmessagesintowordsfairlyeasily Then break messages arbitrarily into blocks of a uniform size (e.g., every five letters) Map each plaintext letter to a unique ciphertext letter How many keys?
24
Caveat All permutation substitution ciphers are subject to
known plaintext attack ciphertext only attack Not to mention chosen plaintext and chosen ciphertext attacks
25
Frequency Attack source:
26
Transposition: Diffusion
Spread out the message by re-arranging letters
27
Product Cipher Combinations of confusion and diffusion operations in many rounds DES (56 bits) 16 rounds Strong ciphers: AES (128, 192, 256), RSA (2048, 4096)
28
Evaluation Shannon’s characteristics of good ciphers
Amount of secrecy determines amount of labor Set of keys and enciphering algorithm are simple Implementation is simple Errors do not propagate Size of ciphertext is no larger than original message
29
It takes your computer at least 1000 years to break my cipher!!
How Secure is Secure It takes your computer at least 1000 years to break my cipher!! Computational security No matter how powerful your computer is, you don’t have enough information to defeat the system !! Unconditional security
30
Hands-On Exercise
31
Preparation Windows: download LabPrep.doc to install
OpenSSL (Win32openSSL-0_9_8d.exe) HHD HexEditor ( JCE (jdk-1_5_0_08-windows-i586-p.exe) Mac has already these tools pre-installed
32
Introduction to OpenSSL
OpenSSL is an open source cryptography toolkit that provides various cryptographic algorithms to ensure secure communication. Symmetric key (secret key) encryption Asymmetric key (public key) encryption Message Digests and digital signatures Certificates
33
Example 1: Keys Generation
RSA key Command to generate a RSA key for encryption and signing openssl genrsa -des3 -out privkey.pem 2048 genrsa – Generates RSA Key des3 – Password protect the key using triple DESencryption out <filename>– Save the key in a file. In this example, its privkey.pem <key size> -Size of the key generated. In this example, its 2048 bits
34
Example 2: Certificate Request
A certificate request is sent to a certificate authority to get it signed into a certificate. Command to create a certificate request openssl req -new -key privkey.pem -out cert.csr req - Generate certifcate request. new –New certificate request. key <file name> - Specifies the file to read the private key from. In this example, its privkey.pem out <file name> - Save the request in a file. In this example, its cert.csr
35
Example 3: Encryption Encrypt a file using a prompted password
Command to encrypt a file using TripleDES algorithm openssl des3 -salt -in file.txt -out file.des3 des3 – Encrypt using the TripleDES algorithm salt - Use a salt in the key derivation routines in <file name> - Input file with the clear message out <file name> - Output fule with the encrypted message Users will be prompted to enter a password to complete the encryption
36
Example 4: Decryption Decrypt a file with a prompted password
Command to decrypt a file using TripleDES algorithm openssl des3 -d -salt -in file.des3 -out file.txt des3 – Use the TripleDES algorithm d – decrypt the file salt - Use a salt in the key derivation routines in <file name> - Input file with the encrypted message out <file name> - Output file with the decrypted message Users will be prompted to enter a password to complete the decryption
37
Test OpenSSL Download LabTest.doc Follow instructions in section 2.1
38
Introduction to JCA and JCE
Java Cryptography Architecture (JCA) is part of Java 2 run-time environment. java.security.* JCE (Java Cryptography Extension) is an extension to JCA and is integrated into Java 2 SDK since the 1.4 release. JCE adds encryption and decryption APIs to JCA. javax.crypto.*
39
JCE Core Classes Cipher Class KeyGenerator Class
Provide the functionality of encryption and decryption KeyGenerator Class Generate secret keys for encryption and decryption The SealedObject Class Create an object and protect its confidentiality The Mac Class Provide integrity protection with Message Authentication Code (MAC). Reference:
40
Class: java.crypto.KeyGenerator
Methods: getInstance(String algorithm) Creates an instance of KeyGenerator for a specific algorithm such as “AES”,“DES”,”HMACSHA1” generateKey() Generate a key for the algorithm specified in the KeyGenerator instance
41
Example: Key Generation
The following example generate a SecretKey object using AES. //Create an instance of KeyGenerator with algorithm AES KeyGenerator kg = KeyGenerator.getInstance(“AES"); //Generate the secret key SecretKey mykey = kg.generateKey();
42
Secure Key Storage Keys need to be stored on secondary storage so that programs can access them conveniently and securely for subsequent use. JCA provides an extensible architecture to manage keys through KeyStore. A KeyStore object maintains an in-memory table of key and certificate entries, indexed by alias strings, allowing retrieval, insertion and deletion of entries. Keystore files are usually password protected.
43
Class: java.security.KeyStore
Methods: getInstance (String type) Create an instance of KeyStore of the specified type. load(InputStream stream, char[] password)) Open keystore with password and load keys from keystore file to memory getKey(String alias, char[] password) Access the keystore with password and get the key based on a given key alias setEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) Set a new key entry in the keystore store(OutputStream stream, char[] password) Store this keystore to the given output stream, and protect its integrity with the given password.
44
Example:Create a null KeyStore object
The following sample creates null KeyStore object with password protection. //Create an instance of KeyStore of type “JCEKS”. //JCEKS refers the KeyStore implementation from SunJCE provider ks = KeyStore.getInstance("JCEKS"); //Load the null Keystore and set the password to “changeme” ks.load(null, "changeme".toCharArray());
45
Example:Set Key Entry The following sample sets the generated key “mykey” in the KeyStore. //Create an instance of KeyStore.SecretKeyEntry using “mykey” KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mykey); //Get key alias name from user input. String alias=args[0]; //Create KeyStore Password KeyStore.PasswordProtection password; password = new KeyStore.PasswordProtection("changeme".toCharArray()); //Set the key entry in the key store with an alias. ks.setEntry(alias, skEntry, password);
46
Example:Store KeyStore object in file
The following sample writes the KeyStore object into a file for storage. //Create a new file to store the KeyStore object java.io.FileOutputStream fos = new java.io.FileOutputStream("keystorefile.jce"); //Write the KeyStore into the file ks.store(fos, "changeme".toCharArray()); //Close the file stream fos.close();
47
Example:Retrieving Keys from KeyStore
The following sample retrieves keys from a KeyStore file. //Open the KeyStore file FileInputStream fis = new FileInputStream("keystorefile.jce"); //Create an instance of KeyStore of type “JCEKS” ks = KeyStore.getInstance("JCEKS"); //Load the key entries from the file into the KeyStore object. ks.load(fis, "changeme".toCharArray()); fis.close(); //Get the key with the given alias. String alias=args[0]; Key k = ks.getKey(alias, "changeme".toCharArray());
48
Test for JCE Follow the instructions in section 2.2 in LabTest.doc
49
Review Questions Which of the following is subject to frequency attack? Caesar cipher 2. Vigenére Vernam A perfect cipher is? Combination of confusion and diffusion Combination of substitution and transposition Unconditionally secure Given Vigenére cipher “chedey” of plaintext “attack”, what is the key? Cola Cold Cool
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.