Upload
svein
View
57
Download
2
Embed Size (px)
DESCRIPTION
Chapter 2: Cryptography Technique. "You can have everything in life you want if you'll just help enough other people to get what they want!" -- Zig Ziglar Prepared by: SITI ZAINAH ADNAN If you do have any feedback or comment, please feel free to email me at [email protected] - PowerPoint PPT Presentation
Citation preview
Chapter 2 - 1
ADCS
CS262/0898/V1
Chapter 2: Cryptography Technique
"You can have everything in life you want if you'll just help enough other people to get what they want!" -- Zig Ziglar
Prepared by: SITI ZAINAH ADNAN
If you do have any feedback or comment,please feel free to email me at
[email protected] cooperation is very much appreciated !
Chapter 2 - 2
ADCS
CS262/0898/V1
Chapter 2: Cryptography Technique
TOPICS
• Introduction– Terminology & Basic Encryption Methods– Secret Code– Monoalphabetic Ciphers– Cryptanalysis of a Monoalphabetic Cipher– Polyalphabetic Substitution Cipher– Transpositions– Stream and Block Ciphers
Chapter 2 - 3
ADCS
CS262/0898/V1
References
• Book (available at the Informatics library)– CHAPTER 2, 3 and 4: Security In Computing,
Charles P.Pfleeger, Prentice Hall International
• Notes (available at IVC)
Chapter 2 - 4
ADCS
CS262/0898/V1
Encryption
• Transforms data so that it is unintelligible to the outside observer
• To maintain secure data in an insecure environment
Chapter 2 - 5
ADCS
CS262/0898/V1
Encryption
encryption decryption
plain text input
Transmitted
ciphertext
plain text
output
Chapter 2 - 6
ADCS
CS262/0898/V1
Encryption With One Key
Symmetric encryption (Single-key encryption OR Private Key encryption)
Secret key shared by sender
and recipient
encryption decryption
plain text input
Transmitted
ciphertext
plain text
output
Chapter 2 - 7
ADCS
CS262/0898/V1
Encryption with Two Keys
Asymmetric encryption (Two-key encryption OR Public-Key encryption)
Encryption key
encryption decryption
plain text input
Transmitted
ciphertext
plain text
output
Decryption key
Chapter 2 - 8
ADCS
CS262/0898/V1
Terminology• Encryption
– A process of encoding a message so that its meaning is not obvious. Also known as encode/encipher
• Decryption
– Is the reverse process of encryption.Also known as decode/decipher
• Cryptosystem
– A system for encryption and decryption.
• Plaintext
– The original form of a message.
Chapter 2 - 9
ADCS
CS262/0898/V1
Terminology• Ciphertext
– The encrypted form of an original message.
• Secret Code
– Use of simple secret code to represent the original message.
– Example, apple means go ahead.
Chapter 2 - 10
ADCS
CS262/0898/V1
Terminology• Cryptography
–The science of using mathematics to encrypt and decrypt data
–Enables user to store sensitive information or transmit it across insecure networks so that it cannot be read by anyone except the intended recipient
• Cryptanalysis
–The science of analyzing and breaking secure communication
–Done by cryptanalyst (attackers)
• Cryptology
–The research into and study of encryption and decryption; include cryptography and cryptanalyst
Chapter 2 - 11
ADCS
CS262/0898/V1
Terminology• Key
– A value that is used together with the plaintext as input into encryption algorithms to produce ciphertext
– Allows different encryption of a plaintext
– Provide additional security
– If the encryption algorithm is revealed, future message can still be kept secret because the interceptor will not know the key value
– Basically really big numbers, measured in bits e.g. 1024 bit key
Chapter 2 - 12
ADCS
CS262/0898/V1
Message
Source
Destination
Key
Source
Cryptanalyst
Encryption
Algorithms
Decryption
Algorithms
Secure channel
X Y
K
X’
X
K’
Cryptosystem model
Chapter 2 - 13
ADCS
CS262/0898/V1
• An opponent, observing Y but not having access to K or X, may attempt to recover X or K or both X and K - assume that opponent knows the encryption E and decryption D algorithms
• To recover X and K, plaintext estimate X’ and estimate K’ are recovered
Chapter 2 - 14
ADCS
CS262/0898/V1
• Input are ; message X and the encryption key K, the encryption algorithm forms the chipertext as:
Y + [Y1, Y2....Yn] OR Y= Ek (X)
Y is produced by encryption algorithm E as a function of plaintext X, which determined by key K value
• The intended receiver, in possession of the key, is able to invert the transformation:
X = Dk (Y)
Chapter 2 - 15
ADCS
CS262/0898/V1
Encryption algorithms
• Two basic methods:
– Substitution • Monoalphabetic ciphers• Polyalphabetic ciphers
– Transposition (permutation)
Chapter 2 - 16
ADCS
CS262/0898/V1
Monoalphabetic Ciphers
• Each letter is translated or substituted by a fixed letter after it in the alphabet.
• E.g. Caesar Cipher uses a shift 3.
• The plaintext letter pi is encipher as ciphered letter ci by the rule.
ci = E(pi) = pi + 3
• A translation chart of the Caesar cipher is as shown below.
Plain text ABCD E FG H IJKLMNOPQRSTUVWXYZCipher text defg h ij k lmnopqrstuvwxyzabc
E.g. Happy New Year would be kdssb qhz bhdu
Chapter 2 - 17
ADCS
CS262/0898/V1
Monoalphabetic Cipher Cryptanalysis• Some letters are used more often than others.
• Example of the clues:– The letter E, T and A occur more than J, Q and Z
– The break between the two words, the SS can be translated to VV
• Therefore cryptanalysis uses such occurrence patterns to decipher the cipher text easily
• Count do help to narrow the possibilities • The frequent occurring letters in the ciphertext are likely to be
among the more frequently occurring letters in English
Chapter 2 - 18
ADCS
CS262/0898/V1
A C E G I K M O Q S U W Y SP
20
15
10
5
0
Monoalphabetic Cipher Cryptanalysis
Chapter 2 - 19
ADCS
CS262/0898/V1
• The weakness of monoalphabetic cipher is that their frequency distribution reflects the distribution of the underlaying alphabet.
• A cipher that is more cryptographically secure would display flat distribution.
• One way to flatten the distribution is to combine distribution that are high with that are low.
• Uses multiple mappings between plaintext and ciphertext and it is not just a single mapping
Polyalphabetic Cipher
Chapter 2 - 20
ADCS
CS262/0898/V1
Polyalphabetic Cipher• Example of mapping:
Odd position mapping– ABCDEFGHIJKLMNOPQR S T UVWXYZ….. – Adgjmpsvybehknqtwz c f ilorux
Even position mapping– ABCDEFGHIJKLMN O PQR S TUVWXYZ….. – Nsxchmrwbglqva f kpu z ejotydi
• Example of text:
TREAT YIMPO SSIBL E fumnf dyvtf czysh h
Chapter 2 - 21
ADCS
CS262/0898/V1
Polyalphabetic Cipher• As compared with monoalphabetic cipher
• E.g. encryption using Odd position mapping
TREATY IMPOSSIBLE fzmafu yktq cc ydhm
Chapter 2 - 22
ADCS
CS262/0898/V1
Transposition• Rearrange the order of bits, characters or blocks of
characters that are being encrypted or decrypted.
• The original letters of the plaintext are preserved; only their positions change.
• E.g. Columnar Transposition
– The rearrangement of the characters of the plaintext into columns
– The resulting ciphertext is formed by traversing the columns
Chapter 2 - 23
ADCS
CS262/0898/V1
c1 c2 c3 c4 c5c6 c7 c8 c9 c10c11c12 etc.
T H I S I SA M E S S AG E T O S HO W H O W AC O L U M NA R T R A NS P O S I TI O N S W OR K S
Columnar Transposition
Chapter 2 - 24
ADCS
CS262/0898/V1
Columnar Transposition• The plaintext is :
THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION IS WORKING
• The ciphertext is :
TAGO CASIR HMEW ORPOK IETH LTONS SSOO URSS ISSW MAIW SAHA NNTO
Chapter 2 - 25
ADCS
CS262/0898/V1
ISSOPMI wdhuw
Plaintext cihertext
Encryption
Stream Ciphers
• It converts one symbol of plaintext immediately into a symbol of ciphertext
• The transformation depends only on the symbol, the key, and control information of the encipherment algorithm
• E.g. substitution encryption
Key (optional)
Chapter 2 - 26
ADCS
CS262/0898/V1
Stream Ciphers - Advantages
• Speed of transformation
– Each symbol is encrypted without regard for any other plaintext symbols, each symbol can be encrypted as soon as it is read
• Low error propagation
– Each symbol is separately encoded, an error in the encryption process affects only that character
Chapter 2 - 27
ADCS
CS262/0898/V1
Stream Ciphers - Disadvantages
• Low diffusion
– Each symbol is separately enciphered
• Susceptible to malicious insertions and modifications
– Since, each symbol is separately enciphered, an active interceptor who has broken the code can splice together pieces of previous messages and transmit a spurious message that may look authentic
Chapter 2 - 28
ADCS
CS262/0898/V1
OITPYR
Encryption baqckdem
Block Ciphers
• It encrypts a group of plaintext symbols as one block , e.g. 64 bits or more
• It works on blocks of plaintext and produce blocks of ciphertext
• E.g. transposition encryption
Key (optional)
Chapter 2 - 29
ADCS
CS262/0898/V1
Block Ciphers - Advantages
• Diffusion
– Information from plaintext is diffused into several ciphertext symbols
– One ciphertext block may be depend on several plaintext letters
• Immunity of insertions
– Since blocks of symbols are enciphered, it is impossible to insert a single symbol into one block
– The length of the block would then be incorrect, and decipherment would reveal the insertion
Chapter 2 - 30
ADCS
CS262/0898/V1
Block Ciphers - Disadvantages
• Slowness of encryption
– Block ciphers must wait until an entire block of plaintext symbols has been received before sorting the encryption process
• Error propagation
– An error will affect the transformation of all other characters in the same block
Chapter 2 - 31
ADCS
CS262/0898/V1
Key Management Protocols
Attack to Remote communications:
– When two remote systems transfer messages along communication medium, several potential attack scenarios arise. There are three main types of attacks:
• Disclosure to an unauthorised listener.
• Receipt of a message from a masquerading sender.
• Corruption or blocking of sent messages.
Chapter 2 - 32
ADCS
CS262/0898/V1
Key Management Protocolsa. Disclosure to an unauthorised listener:
– Involves a malicious entity or an intruder gaining access to the message by simply observing and interpreting the data travelling along the communication medium.
b. Receipt of a message from a masquerading sender:
– This attack involves an unauthorised masquerading entity claiming to be some authorised entity.
– The result is that a bad message might be sent from an intruder.
Chapter 2 - 33
ADCS
CS262/0898/V1
Key Management Protocols
c. Corruption or blocking of sent messages:
– Refers to messages sent by a sender being corrupted or blocked by an unauthorised intruder.
– Intruders corrupt the “good message” and replace it with a “bad message”.
Chapter 2 - 34
ADCS
CS262/0898/V1
Key Management Protocols• Encryption systems provide an important tool in computer
security, it gives a user the ability to transmit information in a concealed form.
• It is very useful to transmit documents and data over a channel that may be intercepted.
• Protocol is established to orderly sequence the steps of the encryption by two or more parties in their communication
• Three type of encryption protocols:
– Private key protocol
– Public key protocol
– Arbitrated protocol
Chapter 2 - 35
ADCS
CS262/0898/V1
Private Key Protocol
• A protocol that may be used between communicating entities to authenticate systems and hide messages.
• Assumed that communicating entities have access to encryption routines M that encrypts and decrypts using some key K.
• Both sender and receiver knows K.
Sender Receiver
message [M]k [[M]k]k message
encrypt decrypt
Chapter 2 - 36
ADCS
CS262/0898/V1
Encryption With Private Key
Chapter 2 - 37
ADCS
CS262/0898/V1
• Fast
• Useful for encrypting data for a short distance
Private Key Protocol - Advantages
Chapter 2 - 38
ADCS
CS262/0898/V1
• If the key is revealed (stolen etc.), the interceptors can decrypt all the information in both direction.
• Distribution of keys becomes a problem, as keys must be transmitted with utmost security.
• The number of keys increases with the square of the number of users exchanging secret information.
Private Key Protocol - Disadvantages
Chapter 2 - 39
ADCS
CS262/0898/V1
Public Key Protocol
• Deviced by Whitfield Diffie and Martin Hellman in 1996.
• This scheme overcomes the exchange of private key problem.
• Makes use of two encryption keys, public key and private key.
• Allows remote entities to advertise part of the encryption key, that is public key.
• Requires both public key and private key to encrypt and decrypt a message.
• Addresses several problems of key distribution and key loss issues.
Chapter 2 - 40
ADCS
CS262/0898/V1
Encryption with Public Keys
Chapter 2 - 41
ADCS
CS262/0898/V1
Public Key Protocol
• Based on mathematical functions rather than on substitution and permutation
• Asymmetric involving the use of two separate keys, in contrast to symmetric conventional encryption, which uses only one key
• Has profound consequences in the area of confidentiality, key distribution, and authentication
Chapter 2 - 42
ADCS
CS262/0898/V1
Public Key Cryptosystem
• Each end system in a network generates a pair of keys to be used for encryption and decryption of messages that it will receive
• Each system publishes it’s encryption key by placing it in a public register or file. This is the public key. The companion key is kept private (eg. Verisign provide security service for international e-commerce, DigiCert mainly for local e-commerce)
• If A wishes to send a message to B, it encrypts the message using B’s public key
• When B receives the message, B decrypts it using B’s private key. No other recipient can decrypt the message because only B knows B’s private key.
Chapter 2 - 43
ADCS
CS262/0898/V1
Public Key - Advantages
• All participants have access to public keys and private keys are generated locally by each participant and therefore need never be distributed
• As long as system controls it’s private key, its incoming communication is secure
• At any time,a system can change its private key and publish the companion public key to replace its old public key
• It is computationally infeasible to deduce the private key from the public key
• Anyone who has a public key can encrypt information but cannot decrypt it
• Only the person who has the corresponding private key can decrypt the information
Chapter 2 - 44
ADCS
CS262/0898/V1
Public Key – Examples
• Elgamal (named for its investor, Taher Elgamal)
• RSA (named for its investors; Ron Rivest, Adi Shamir and Leonard Adleman)
• Diffie-Hellman (named for its investors)
• DSA – Digital Signature Algorithm (invented by David Kravitz)
Chapter 2 - 45
ADCS
CS262/0898/V1
Public Key Cryptosystem : Encryption
Plaintext
input
Plaintext
output
Alice’s public key ring: Joy, Mike, Bob etc
Encryption Algorithm
Decryption Algorithm
Bob’s public key
Bob’s private key
Transmitted chipertext
Encryption algorithm eg. RSA
Decryption algorithm (reverse of encryption algorithm
Chapter 2 - 46
ADCS
CS262/0898/V1
Public Key Cryptosystem : Authentication
Plaintext
input
Plaintext
output
Bob’s public key ring: Joy, Mike, Alice etc
Encryption Algorithm
Decryption Algorithm
Alice’s private key
Alice’s public key
Transmitted chipertext
Encryption algorithm eg. RSA
Decryption algorithm (reverse of encryption algorithm
Chapter 2 - 47
ADCS
CS262/0898/V1
Public Key Cryptosystem Applications
Message source
Message dest.
Encryption Algorithm
Decryption Algorithm
Source A Source B
Encryption Algorithm
Decryption Algorithm
X XY YZ
Key pair source
Key pair source
Public Key A
Private Key A Public Key B
Private Key B
Chapter 2 - 48
ADCS
CS262/0898/V1
Public Key Protocol
Sender (B) Receiver (A)
Message [[M]SB]PA [[[[M]SB]PA]SA]PB Message Encrypt Decrypt
Legend:
SB:Secret key of B PB:Public key of B
SA:Secret key of A PA:Public key of A
Chapter 2 - 49
ADCS
CS262/0898/V1
Arbitration Protocols with Third Party• An alternative to the point key management protocols
between senders and receivers.
• Protocol that uses third party to ensure authentication between communicating entities.
• Two types of arbitrated key management protocols might be envisioned.
Chapter 2 - 50
ADCS
CS262/0898/V1
Arbitration Protocols with Third Party
1) All data communication is performed through a third party, so that A might communicate with C through arbiter B. This requires that A and B agree on some key management protocol and that B and C agree on a protocol as well.
A B C
Arbitrator
A sends message to C
B routes message to C
from A
C receives message from
A
Chapter 2 - 51
ADCS
CS262/0898/V1
Arbitration Protocols with Third Party
2) The third party arbiter establishing authentication between the sender and receiver e.g. visiting prisoner at prison, have to go thru the prison warden
A
B
C
Arbitrator
1) request comm with C
2) establish communications
3) communications between A and C
Chapter 2 - 52
ADCS
CS262/0898/V1
Reasons why an arbiter is not desirable• Difficult to find a trusted arbitrator e.g. recognize and valid
authority
• Cause delay in communication e.g. have to go thru arbiter for any communication
• Costly in maintaining an arbiter e.g. fees payment, service charges
• Bottleneck happens if many users access to same arbiter e.g. delay in communication
• Not secure since arbiter has access to sensitive information e.g. no 100% confidentiality
Chapter 2 - 53
ADCS
CS262/0898/V1
Key Distribution• This scheme involves distribution of public and secret keys
by transmission over a secure channel.
• Uses private key management protocol between remote systems and the KDC - Key Distribution Centre.
• This approach allows two entities to receive keys from KDC for their communication.
• Secrecy of their transmission to the KDC is assured by the distribution process.
Chapter 2 - 54
ADCS
CS262/0898/V1
Pretty Good Privacy (PGP)• It is a hybrid cryptosystem by Philip Zimmerman
• Fast ,easy and free ported to most popular computer platforms, PCs and Macs as well to protect messages on the Internet
• Used in email e.g. Netscape Messager, MS Outlook Express and Qualcomm Eudora Pro
Chapter 2 - 55
ADCS
CS262/0898/V1
PGP Encryption • PGP compresses the plaintext to save transmission time
and disk space and to strengthen cryptographic security
• Compression reduces plaintext pattern and enhances resistance to cryptanalysis
• PGP creates session key, one-time-only secret key from the random movement of user’s mouse and keystrokes type
• Using the IDEA algorithm with the session key, the message is encrypted.
• The session key is encrypted with the RSA algorithm and the recipient’s public key
• The encrypted message and session key is then bundled together and ready to be mailed or stored
Chapter 2 - 56
ADCS
CS262/0898/V1PGP Encryption
Chapter 2 - 57
ADCS
CS262/0898/V1
PGP Decryption • The recipients copy of PGP uses his/her the private key to
recover the temporary session key
• Then, PGP uses it to decrypt the ciphertext
Chapter 2 - 58
ADCS
CS262/0898/V1PGP Decryption
Chapter 2 - 59
ADCS
CS262/0898/V1
Secure Socket Layer (SSL)
• Developed by Netscape in 1994
• Provides two functions:
– Encrypting the information flow between client and server
– Client/server authentication
• Latest version is SSL 3.0 (1996)
• Supported by:
– Client applications (Netscape Navigator, Microsoft Internet Explorer)
– Server applications (Netscape, Microsoft, Apache, Oracle, NSCA etc.)
– Certification Authorities (VeriSign)
Chapter 2 - 60
ADCS
CS262/0898/V1
Secure Socket Layer (SSL)
• Comes with two strength: 40-bit and 128-bit which refer to the length of the “session key” generated by every encrypted transaction
• HTTPS - Hypertext Transfer Protocol Secure
• https:// represent secure site using SSL services (HTTP + SSL)
Chapter 2 - 61
ADCS
CS262/0898/V1
Secure Socket Layer (SSL)
Fundamental concerns about communication over the Internet and other TCP/IP networks:
• SSL server authentication allows a user to confirm a server's identity
• SSL client authentication allows a server to confirm a user's identity
• An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality