Embed Size (px)
Citation preview
CrytographyChapter 8
Cryptology
Cryptography Comes from Greek Kryptos meaning “hidden” Grahein meaning “to write” Process of making and using codes to
secure the transmission of information
Cryptanalysis Process of obtaining the original
message form encrypted message
Cryptology
Encryption Process of converting an original
message into a form that is unreadable to unauthorized individuals
Decryption Process of converting the encrypted
message (cipertext) into an easily read message (plain text)
Basic Definitions
Algorithm Programmatic steps to encrypt message
Cipher Encryption method or process
Ciphertext or cryptogram Encrypted message
Code Process of converting unencrypted
components into encrypted components
Basic Definitions
Decipher Convert to plaintext
Encipher To encrypt
Key or crypto-variable Information used with the algorithm to
encrypt
Key-space Entire range of values that can possibly be
used to construct an individual key
Basic Definitions Link encryption
Series of encryptions /decryptions between a number of systems
Plaintext or clear text The original message
Steganography Process of hiding messages
Work factor Amount - effort required to perform
cryptanalysis
Cipher methods
Bit stream method Each bit in the plaintext is transformed
bit by bit Most common use XOR
Block cipher method Messaged divided into blocks Each block is encoded Substitution, transposition, XOR or
combination
Substitution Cipher
Substitute one value for another 3 character substitution to the right
Original alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Encrypted alphabet:
DEFGHIJKLMNOPQRSTUVWXYZABC
Simple by itself – powerful when combined with other operations
Substitution Cipher
Polyalphabetic substitution
Orig: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Sub1: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Sub2: G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
Sub3: J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
Sub4: M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
Sub5: P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Using this technique what is? ZTPG
3 shift to the right is know as the Caesar Cipher
Vigenere Cipher
Implemented using the Vigenere Square
26 distinct cipher alphabets Header row – normal order Each additional row – shift right Start in first row and find a substitution
for one letter Move down the rows for each
subsequent letter of plaintext
Transposition Cipher
Simply rearranges the values within a block Can be done at the bit level or the byte
level
Key pattern: 1 4, 2 8, 3 1, 4 5,5 7,
7 6,8 3 Julius Caesar was associated with the early
version of this cipher also Larger blocks or keys makes cipher stronger
Exclusive OR (XOR)
Function of Boolean algebra Two bits are compared If identical, result is binary 0 If not identical, result is binary 1 Very simple encryption Not very secure
Vernam Cipher
One-time pad Uses a set of characters only one time for
each encryption process Each character of the plaintext is turned
into a number and a pad value for that position is added
Sum is then converted back to a cipher text
Decryption requires knowledge of pad values or difficult cryptanalysis.
Book or Running Key Cipher
Cipher text List of codes representing a
page number, line number, and word number of the plaintext word.
Must know which book was used
Hash functions
Not an encryption methodology Mathematical algorithm -generates a
message summary or digest Fingerprinting Used to determine if it is the same
message Not used to decypher Message always provide same hash
value if unaltered
Hash functions
Do not require keys Uses Message Authentication
Code (MAC) Key-dependent Used in password verification
systems
Secure Hash Standard (SHS)
Secure algorithm Standard issued by National Institute of
Standards and Technology (NIST) SHA-1 Produces a 160 bit digest Family of SHA SHA-256
A 256-bit cipher algorithm Creates a key - encrypting the intermediate
hash value with the message block functioning as the key
Cryptographic Algorithms
Symmetric and asymmetric and hybrid Distinguished by the types of keys they
use Symmetric Encryption
Requires the same secret key
Encryption methods use mathematical operations
Both the sender and receiver must have the secret key
Primary challenge – getting key to receiver
Symmetric Encryption Cryptosystems Data Encryption Standard (DES)
Key length of 128 bits
64-bit block size
56-bit key
Too weak
Triple DES (3DES)
Advanced Encryption Standards Used by federal agencies other than
national defense
Declassified, publicly disclosed, royalty-free
Uses block cipher, variable length block, key length of 128, 192, or 256
Asymmetric Encryption
Uses two different but related keys Either key can encrypt or decrypt Must use other to perform other function One key private One key public Also know as public key encryption Based on one-way functions One is simple to compute , the opposite
is complex
Asymmetric Encryption
Based on hash value Uses mathematical trapdoor
Secret mechanism that enable you to easily accomplish the reverse function in a one-way function.
Public key becomes the true key Private is derived form public key
using trapdoor
Public Key
RSA (Rivest-Shamir-Adlemann) First public key encryption algorithm Published for commercial use E-commerce browsers Has become the de facto standard
Encryption Key Size
Cryptovariable or key size must be decided Length of key increase the number of
random selections to be guessed Length of key influences strength The security of encrypted data is NOT
dependent on keeping the algorithm secret Depends on keeping some or all of the
elements of the keys secret See table on page 367
Public Key Infrastructure (PKI)
Integrated system of software, encryption methodologies, protocols, legal agreements, and 3rd part services
Based on public key Include digital certificates and
certificate authorities
Digital Certificates
Public key container files that allow computer program to validate the key and identify to whom it belongs.
Allows integration of key characteristics to be integrated into business practices Authentication Integrity Privacy Authorization Non-repudiation
Digital Certificate
Used by third party Certifies the authenticity of the Digital signature is attached
Certify that file is from the entity that it claims to be Has not been modified
Certificate authority Software agent Manages the issuance of certificates Serves as the electronic notary pubic Verify the certificates worth and integrity
PKI
Common implementation Systems to issue digital certificates
to users and servers Directory enrollment Key issuing systems Tools for managing the key issuance Verification and return cetificates
Digital Signatures
Created to verify information transferred using electronic systems
Currently asymmetric encryption processes are used to create digital signatures
Encrypted messages that can be mathematically authentic
Used when using DSS (digital Signature Standard)
Digital Signatures
Process Create a message digest using the hash
Input into the digital signature algorithm along with a random number to be used for generating the digital signature
Depends upon the sender’s private key and other info provided by the CA
Verified by the recipient through use of the sender’s public key
Hybrid Cryptography Systems
Pure asymmetric keys encryption is not widely used except in digital certificates
More widely used as part of hybrid system
Diffie-Hellman Key Exchange method Exchanging private keys using public key
encryption Asymmetric encryption is used to exchange
session keys Limited use keys Temporary communications
Steganography
Process of hiding information Not technically a form of cryptography Most popular version
Hiding information within files that appear to contain digital picture or other images
Use one bit per color or 3 bits per pixel to store information.
Compute files that don’t use all available bits
Protocols for Secure Communication
Secure Socket Layer (SSL) Used public key encryption to secure channel Support by most internet browsers Client and server establish HTTP session Client requests access part of web site - requires
secure communications Server sends message to client Client respond - sending its public key & security
parameters Server finds a public key match Sends a digital certificate to the client Client must verify - digital certificate –received,
valid & trustworthy Lasts for duration of session
Protocols for Secure Communication
SSL Two layers of protocol
SSL Record Protocol Compression, encryption and attachment of
SSL header
Received encrypted messages are decrypted and reassembled
Basic security at top level of SSL protocol stack
Standard HTTP Internet communication services
Protocols for Secure Communication
S-HTTP (Secure Hypertext Transfer Protocol) Extended version of hypertext
transfer protocol Provides for encryption of individual
messages between client and server No session Designed for sending individual
messages
Securing E-mail
Secure Multipurpose Internet mail Extensions (S/MIME) Adds encryption of MIME (Multipurpose
Internet Mail Extensions)
PEM Uses 3DES symmetric key encryption and
RSA for key exchanges and digital signature
PGP Pretty Good Privacy Used IDEA Cipher
