CryptographyCryptography

Gerard KlonaridesGerard Klonarides

What is cryptography?What is cryptography?

Symmetric EncryptionSymmetric Encryption Asymmetric EncryptionAsymmetric Encryption Other cryptographyOther cryptography Digital signaturesDigital signatures PKI PKI

What is Cryptography?What is Cryptography?

Transforming plaintext to Transforming plaintext to ciphertextciphertext

Hello I love you won’t you tell me your name?

’

CryptographyCryptography

Transforming plaintext into Transforming plaintext into ciphertextciphertext SubstitutionSubstitution TranspositionTransposition

SubstitutionSubstitution

123453452345231123453452345231 This = 1234This = 1234 Try and crack this one Try and crack this one

This is his hitThis is his hit 123453452345231123453452345231

TranspositionTransposition

Plaintext elements rearrangedPlaintext elements rearranged This is his hitThis is his hit ihT sis sih tihihT sis sih tih

Plaintext is processedPlaintext is processed

Block cipherBlock cipher A block at a timeA block at a time

Stream cipherStream cipher Processed continuouslyProcessed continuously

The Cipher Process The Cipher Process

KeysKeys Single KeySingle Key Two-key encryptionTwo-key encryption

About KeysAbout Keys

Bigger does not mean better Bigger does not mean better For example IDEA 128 is better For example IDEA 128 is better

than RSA 521than RSA 521 One has to protect the integrity One has to protect the integrity

of the keysof the keys

What does 128 bit encryption What does 128 bit encryption mean?mean?

A 128-bit number has 2A 128-bit number has 2128128 possible values.possible values.

How big is that?How big is that? 2218 18 is how many IPv6 addresses is how many IPv6 addresses

we havewe have 22170 170 is the # of atoms in the earthis the # of atoms in the earth 22190 190 is the # of atoms in the sunis the # of atoms in the sun

Encryption typesEncryption types

Single key EncryptionSingle key Encryption ConventionalConventional SymmetricSymmetric

Two-key EncryptionTwo-key Encryption Asymmetric Asymmetric Public-key Public-key

Symmetric EncryptionSymmetric Encryption

AA type of type of encryptionencryption where the where the same same keykey is used to encrypt and is used to encrypt and decrypt the message. This decrypt the message. This differs from differs from asymmetric (or public-key) encryasymmetric (or public-key) encryptionption, which uses one key to encrypt , which uses one key to encrypt a message and another to a message and another to decrypt the message. decrypt the message.

Asymmetric EncryptionAsymmetric Encryption

cryptographiccryptographic system that uses two system that uses two keyskeys -- a -- a public keypublic key known to known to everyone and a everyone and a privateprivate or or secret keysecret key known only to the recipient of the known only to the recipient of the message. When John wants to send a secure message to Jane, he uses message. When John wants to send a secure message to Jane, he uses Jane's public key to Jane's public key to encryptencrypt the message. Jane then uses her private key the message. Jane then uses her private key to to decryptdecrypt it. it.

An important element to the public key system is that the public and An important element to the public key system is that the public and private keys are related in such a way that only the public key can be private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. private key if you know the public key.

Public-key systems, such as Public-key systems, such as Pretty Good Privacy (PGP)Pretty Good Privacy (PGP), are becoming , are becoming popular for transmitting information via the popular for transmitting information via the InternetInternet. They are extremely . They are extremely secure and relatively simple to use. The only difficulty with public-key secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a systems is that you need to know the recipient's public key to encrypt a message for him or her. What's needed, therefore, is a global registry of message for him or her. What's needed, therefore, is a global registry of public keys, which is one of the promises of the new public keys, which is one of the promises of the new LDAPLDAP technology. technology.

Public key cryptography was invented in 1976 by Whitfield Diffie and Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometime called Martin Hellman. For this reason, it is sometime called Diffie-Hellman Diffie-Hellman encryption.encryption. It is also called It is also called asymmetric encryption asymmetric encryption because it uses two because it uses two keys instead of one key (keys instead of one key (symmetric encryptionsymmetric encryption).).

AlgorithmsAlgorithms

A formula or set of steps for solving a particular A formula or set of steps for solving a particular problem. To be an algorithm, a set of rules must be problem. To be an algorithm, a set of rules must be unambiguous and have a clear stopping point. unambiguous and have a clear stopping point. Algorithms can be expressed in any Algorithms can be expressed in any languagelanguage, from , from natural languagesnatural languages like English or French to like English or French to programming languagesprogramming languages like like FORTRANFORTRAN. .

We use algorithms every day. For example, a We use algorithms every day. For example, a recipe for baking a cake is an algorithm. Most recipe for baking a cake is an algorithm. Most programsprograms, with the exception of some artificial , with the exception of some artificial intelligence applications, consist of algorithms. intelligence applications, consist of algorithms. Inventing elegant algorithms -- algorithms that are Inventing elegant algorithms -- algorithms that are simple and require the fewest steps possible -- is simple and require the fewest steps possible -- is one of the principal challenges in programming.one of the principal challenges in programming.

The RSA AlgorithmThe RSA Algorithm

Developed by Ron Rivest, Adi Developed by Ron Rivest, Adi Shamir, and Len Adlerman from Shamir, and Len Adlerman from MIT in 1977MIT in 1977

The only widely accepted public-The only widely accepted public-key algorithmkey algorithm

A block cipher algorithmA block cipher algorithm 98% 98%

AuthenticationAuthentication

The ability to verify that the The ability to verify that the contents of a message have not contents of a message have not been altered been altered

The ability to identify the owner The ability to identify the owner of that messageof that message

The Authentication ProcessThe Authentication Process

To create an authenticatorTo create an authenticator To check for authenticityTo check for authenticity

Hash Algorithms Hash Algorithms

MD5 -Message Digest AlgorithmMD5 -Message Digest Algorithm SHA - Secure Hash AlgorithmSHA - Secure Hash Algorithm DSS – Digital Signature DSS – Digital Signature

Standard Standard

DSS FIPS 186-2DSS FIPS 186-2

SUMMARY:SUMMARY: The Secretary of Commerce approved The Secretary of Commerce approved Federal Information Processing Standard (FIPS) 186-2, Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS), which supersedes Digital Signature Standard (DSS), which supersedes Federal Information Processing Standard (FIPS) 186-1, Federal Information Processing Standard (FIPS) 186-1, Digital Signature Standard (DSS). FIPS 186-2 expands Digital Signature Standard (DSS). FIPS 186-2 expands FIPS 186-1 by specifying an additional voluntary industry FIPS 186-1 by specifying an additional voluntary industry standard for generating and verifying digital signatures. standard for generating and verifying digital signatures. This action will enable Federal agencies to use the Digital This action will enable Federal agencies to use the Digital Signature Algorithm (Signature Algorithm (DSADSA), which was originally the ), which was originally the single approved technique for digital signatures, as well single approved technique for digital signatures, as well as two new ANSI Standards that were developed for the as two new ANSI Standards that were developed for the financial community. These new standards are ANSI financial community. These new standards are ANSI X9.31, Digital Signature Using Reversible Public Key X9.31, Digital Signature Using Reversible Public Key Cryptography, and ANSI X9.62, Elliptic Curve Digital Cryptography, and ANSI X9.62, Elliptic Curve Digital Signature Algorithm (Signature Algorithm (ECDSAECDSA). ).

EFFECTIVE DATE:EFFECTIVE DATE: This standard is effective June 27, This standard is effective June 27, 2000. 2000.

Diffie-Hellman key agreementDiffie-Hellman key agreement

The Diffie-Hellman key agreement The Diffie-Hellman key agreement protocol (also called exponential key protocol (also called exponential key agreement) was developed by Diffie agreement) was developed by Diffie and Hellman [DH76] in 1976 and and Hellman [DH76] in 1976 and published in the ground-breaking published in the ground-breaking paper ``New Directions in paper ``New Directions in Cryptography.'' The protocol allows Cryptography.'' The protocol allows two users to exchange a secret key two users to exchange a secret key over an insecure medium without over an insecure medium without any prior secrets. any prior secrets.