Embed Size (px)
Citation preview
CRYPTOGRAPHY
TROY ESPIRITU & MARICON RAFOL
Presenters
Brief History
2000 B.C.-Origin of Cryptography• Egyptian practice of Hieroglyphics.
100 to 44 B.C.-Use of a Modern Cipher• Julius Caesar (Substitution Cipher)
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Transform to
DEFGHIJKLMNOPQRSTUVWXYZABC
Caesar C3 Substitution Cipher
Cont. Ex. of Julius Caesar message:
ATTACK AT DAWN
DWWDFNDWGCZQ
1980’s & 1990’s- Evolved into a digital world• With microprocessor and PC
CRYPTOGRAPHY
The science of hiding the meaning of communication from unintended recipients. The word is derived from the Greek kryptos (hidden) & graphein (to write).
Purpose of Cryptography
To protect transmitted information from being read and understood by anyone except the intended recipient.
How it is done?
First the original text is changed into a cipher text then back to the original text. In this manner, no one can understand the cipher text, except the sender and receiver.• For example there is a word ABCD which
means it can be 1234. This order is sent afterwards to the receiver.
Key Terms
AlgorithmsComplex mathematical formulas that dictate how plain
text can be turned into cipher (encrypted) text.
KeysAre random or pseudo random bits/data that will be
inserted into the algorithm for the encryption/decryption to work.
Cipher textEncrypted message
Objectives of cryptography concerns the following :
1) Confidentiality (the information cannot be understood by anyone for whom it was unintended)
2) Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected)
Cont.
3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information)
4) Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information)
* Will be discussed later on how these can be achieved
Data Confidentiality (Privacy) Cryptographic operations for the purpose of data
privacy (confidentiality) prevent an unauthorized person from reading a message.
The following operations are included in data privacy:
Encrypt/Decrypt The encrypt operation changes plaintext data into
cipher text through the use of a cipher algorithm and key. To restore the plaintext data, the decrypt operation must employ the same algorithm and key.
Three levels of Encryption/decryption:
Field level encryption With field level encryption, the user application explicitly
requests cryptographic services. The user application completely controls key generation, selection, distribution, and what data to encrypt.
Session level encryption With encryption at the session layer, the system requests
cryptographic services instead of an application. The application may or may not be aware that encryption is happening.
Link level encryption Link level encryption is performed at the lowest level of the
protocol stack, usually by specialized hardware.
Types of Ciphers
SubstitutionReplaces bits, characters, or blocks with different bits,
characters, or blocks.- Caesar C3 Substitution Cipher TranspositionMoves around the bits, characters, and blocks without
replacing the original
* It is the key which will determine what will be substituted with what, or where it will be moved to.
Other novel ciphers
Running Key- Clever steps in the real world.
(3rd book in volume, 23rd page, 5 line down, 8th letter can be written as 32358)
Concealment- Message is concealed within a larger message
ConcealmentAn example employment review:
1. Bob Smith, my assistant programmer, can always be found2. hard at work in his cubicle. Bob works independently, without3. wasting company time talking to colleagues. Bob never4. thinks twice about assisting fellow employees, and he always5. finishes given assignments on time. Often Bob takes extended6. measures to complete his work, sometimes skipping coffee7. breaks. Bob is a dedicated individual who has absolutely no8. vanity in spite of his high accomplishments and profound9. knowledge in his field. I firmly believe that Bob can be10. classed as a high-caliber employee, the type which cannot be11. dispensed with. Consequently, I duly recommend that Bob be12. promoted to executive management, and a proposal will be13. executed as soon as possible. Odd lines show true message
Methods of Encryption
1. Private Key or Symmetric key algorithm, the key is a shared secret between two communicating parties. Encryption and decryption both use the same key.
Sender:
Plain text -> Algorithm -> Use secret key -> Secret message
Receiver:
Secret Message -> Algorithm -> Use same secret key -> Plain text
Symmetric Cryptography
There are two types of symmetric key algorithms:
Block ciphers
• In a block cipher, the actual encryption code works on a fixed-size block of data.
• Usually Software driven as its easier to manipulate blocks of data using software programs
Stream ciphers
• Stream ciphers do not work on a block basis, but convert 1 bit (or 1 byte) of data at a time.
• Usually hardware driven as its easier to manipulate bits or bytes on the hardware level
Symmetric Cryptography
Strengths:- Much faster than asymmetric systems.- Hard to break if the key is of very large size.
Weaknesses:- Key DistributionDelivery of keys should be secure.
- ScalabilityOne key for each pair of users.
- Limited securityCan provide confidentiality, but using the same key to encrypt/decrypt has no way
to prove authenticity or non-repudiation.
Symmetric Sample
DES Data Encryption Standard• Block Encryption Algorithm
• 64 bits of plain text goes in, 64 bits of cipher text goes out
• Order of 16 substitutions and transpositions depend on the key. Each character of the block is encrypted one at a time
• Has 4 different encryption modes• Electronic Code Book
• Specific plain text will always return the same cipher text
• Cipher Block Chaining• Uses key and previous block value on the current block
• Cipher Feedback• Uses the previous cipher text to create the random bits
• Output Feedback• Functions like feedback mode, but generates a stream of bits
Methods of Encryption 2
2. Public key or asymmetric key algorithm• Pair of keys is used. One of the keys, the private key, is
kept secret and not shared with anyone. The other key, the public key, is not secret and can be shared with anyone. • Private key: only known to the owner of the key-pair
• Public key: available to anyone
• When data is encrypted by one of the keys, it can only be decrypted and recovered by using the other key.
• The two keys are mathematically related, but it is virtually impossible to derive the private key from the public key.
Asymmetric Cryptography
Sender:Plain text -> Algorithm -> Use private key -> Secret message
Receiver:Secret Message -> Algorithm -> Use public key -> Plain text
OrSender:Plain text -> Algorithm -> Use public key -> Secret message
Receiver:Secret Message -> Algorithm -> Use private key -> Plain text
Asymmetric CryptographyScenario 1
Open Message Format• Provides Authenticity/non-repudiation
Message is encrypted with the private key.Message is decrypted with the public key.
Good: We are assured that message came from holder of private key. (Assume that holder is authentic)
Bad: Everybody can read the message. (everyone has the public key)
Asymmetric CryptographyScenario 2
Secure Message Format• Provides Confidentiality
Message is encrypted with the public key. Message is decrypted with the private key.
Good: Nobody can decrypt the message except the holder of the private key.
Bad: Anybody could have encrypted and sent it. (everyone has the public key)
Asymmetric CryptographyScenario 3
Secure and Signed Message Format
• Provides both Confidentiality and Authenticity
• Use of 2 pairs of asymmetric keys. Each user having their own key pairs.
• Secret/Private Keys are not compromised through delivery
Asymmetric CryptographyScenario 3 Message is encrypted with sender's private key.
• (Providing authenticity/non-repudiation by ensuring that only the public key of the sender can decrypt this message.)
Message is again encrypted receiver's public key• (Providing confidentiality by ensuring that only the receiver's
private key can decrypt this message.)
Message is first decrypted with receiver's private key Message is then decrypted with the sender's public key
Asymmetric Cryptography
Strengths:
-Better Key distribution
-Better Scalability
-Can provide Confidentiality, Authenticity, and Non-repudiation
Weakness:
-Works much slower than symmetric systems
Asymmetric Sample
RSA (Inventors initials)• Based on the difficulty of factoring large numbers.
El Gamal• Based on calculating discreet logarithms in a finite
field
Data Integrity, Authenticity, & Non-repudiation
Encrypted data does not mean the data can not be manipulated (e.g. repeated, deleted, or even altered). To rely on data, you need to know that it comes from an authorized source and is unchanged.
Additional cryptographic operations:Hash (Message Digest) A cryptographic hash operation produces a fixed-length output string (often
called a digest) from a variable-length input string. For all practical purposes, the following statements are true of a good hash function:
• Collision resistant: If any portion of the data is modified, a different hash will be generated.
• One-way: The function is irreversible. That is, given a digest, it is not possible to find the data that produces it.
Cont.
MAC (Message Authentication Code) A MAC operation uses a secret key and cipher
algorithm to produce a value (the MAC) which later can be used to ensure the data has not been modified. Typically, a MAC is appended to the end of a transmitted message. The receiver of the message uses the same MAC key, and algorithm as the sender to reproduce the MAC. If the receiver's MAC matches the MAC sent with the message, the data has not been altered.
Cont.
HMAC (Hash MAC) An HMAC operation uses a cryptographic hash function and a
secret shared key to produce an authentication value. It is used in the same way a MAC is used.
Sign/Verify A sign operation produces an authentication value called a
digital signature. A sign operation works as follows: • The data to be signed is hashed, to produce a digest.
• The digest is encrypted using a PKA algorithm and a private key, to produce the signature.
The verify operation works as follows: • The signature is decrypted using the sender's PKA public key, to produce digest.
• The data that was signed is hashed, to produce digest.
• If the two digests are equal, the signature is valid.
Public Key Cryptography
Hybrid of Symmetric and Asymmetric algorithms.• Remember:
• Symmetric: faster, but only confidentiality is secured
• Asymmetric: slower, but confidentiality, authenticity, and non-repudiation is secured
So what if we are to send large amounts of data?
PKC Continued
Use a hybrid system!• Use symmetric algorithms to encrypt the
actual message (faster encrypt/decrypt)
• Use asymmetric algorithms to encrypt and send the secret key of the symmetric algorithm (secure delivery of key)
Public Key Infrastructure
Consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptography mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion
PKI Continued
Is different from Public Key Cryptography in that PKC is one piece of the PKI.
PKI contains the pieces that will identify users, create and distribute/maintain and revoke certificates, manage keys, and enable all these technologies to communicate and work together for the purpose of encrypted communication.
Provides Confidentiality, Access Control, Integrity, Authentication, and Non-repudiation
PKI – Key Components
Certificates• Mechanism to bind a public key to a collection
of components sufficient to uniquely authenticate the claimed owner
Certificate Authority• Organization that maintains and issues the
certificates. Certificates will be validated against the database of the CA.
PKI – Steps in General
Request for a certificate from the CA CA provides certificate and keys Request for a recipients public key Send encrypted message along with certificate Recipient checks certificate with CA CA confirms certificate Public Key Cryptography commences
PKI Components CA RA (Registration Authority) Certificate Repository Certificate Revocation System Key Backup and Recovery System Automatic Key update Management of key histories Cross certification with other CAs Time-stamping Client-side software
Cryptographic Attacks
Brute Force• Trying every possible combination of key
patterns.
Known Plaintext• The attacker has a copy of the plaintext
corresponding to the cipher text.
Chosen Plaintext• Chosen plaintext is encrypted and the output
cipher text is obtained
Adaptive Chosen Plaintext• A form of a chosen plaintext attack where the
selection of the plaintext is altered according to the previous results.
Ciphertext Only• Only the ciphertext is available.
Chosen Ciphertext• Portions of the ciphertext are selected for trial
decryption while having access to the corresponding decrypted plaintext.
Cont.
Cont. Adaptive Chosen Ciphertext
• A form of a chosen ciphertext attack where the selection of the portions of ciphertext for the attempted decryption is based on the results of previous attempts.
Birthday Attacks• Usually applied to the probability of two different messages
using the same hash function that produces a common message digest; or a given message and its corresponding message digest finding another message that when passed through the same hash generates the same specific message digest.
Meet-in-the-Middle• Is applied to double encryption schemes by encrypting
known plaintext from one end with each possible key and comparing the result in the middle with the decryption of the corresponding ciphertext with each possible key.
Cont. Man-in-the-Middle
• An attacker taking advantage of the store and forward nature of most networks by intercepting messages and forwarding modified version of the original message while in between two parties attempting secure communications.
Differential Cryptanalysis• Is applied to private key cryptographic systems by
looking at ciphertext pairs, which were generated through the encryption of plaintext pairs, with specific differences and analyzing the effect of these differences.
Cont.
Linear Cryptanalysis• Using parts of known plaintext and corresponding
ciphertext to generate a linear approximation of a portion of the key.
Differential Linear Cryptanalysis• Using both differential and linear approaches.
Factoring• Using mathematical approach to determine the prime
factors of large numbers. Statistical
• Exploiting the lack of randomness in key generation.
End
