Lmt Cryptography

8/14/2019 Lmt Cryptography

1/18

Cryptography

By

Amit Kumar Bhardwaj


2/18

Agenda

Pros and cons of data encryption

Single key encryption

Two-key encryption Combining single and two-key

encryption

Message integrity Digital certificates

PKI


3/18

Encryption is a method of changing a message sothat its content isnt intelligible to a casual viewer.Using something that only the sender and receiverknow, the message is turned from readable tononsense before it is sent and restored to readableform when it is received. Encryption is the primarytechnique for protecting the content of a datacommunications message while it is traveling outsidethe local network on which it originated. Encryption

can also be used to protect data stored on a harddisk.


4/18

Pros and cons of dataencryption

Encrypting and decrypting messages

consumes a lot of computing power,slowing down data communications.

Negotiating the type of encryption to be

used during a communications sessionlengthens the time needed to set up thesession.

Using encryption and digital certificatesfor authentication requires thedevelopment and maintenance of a PKI,which can be costly for a small

organization.


5/18

Cont ..

You cant process data in encrypted form; it must bedecrypted. If you use encryption to protect data storedon your servers, for example, it must be decryptedevery time a user needs to search for or display data.This can significantly increase processing time.

The secret keys for many well-known encryptionalgorithms can be cracked by todays high-endcomputers. Therefore, no encryption method should beconsidered totally uncrackable, especially when the

problem is distributed among Internet users whosecomputers run a brute force attack during idle periods.


6/18


7/18

Substitution Cyphers

Single key encryption methods are essentially

substitution cyphers , where one character issubstituted for another based on a transformationthat process is used to decrypt the message. Whenone character is substituted for another, we call it a

stream cypher ; when a longer key is applied to agroup of characters, we call it a block cypher. Mostof the substitution cyphers in use today are blockcyphers because they are more secure than

stream cyphers.


8/18

(DES)

The Data Encryption Standard (DES) was the U.S.governments first successful attempt at

standardizing the encryption used to communicatewith government agencies. It was formally adoptedas a Federal Information Processing Standard(FIPS) in 1976.

However, its short key length has made itrelatively easy to crack with todays computingpower (less than 24 hours), and although you mayfind it still in use commercially,

It has been replaced for government use by AES

DES works much like the second version of thesample substitution cypher


9/18

Cont .. The DES key is 64 bits in length, although only 56 bits actually areused in the encryption; the remainder are parity bits used for errorchecking.

The plaintext is modified in 64-bit chunks. Each time a key is used, itis exclusive-ORd (XORd) with the plaintext. Encrypting a single 64-bit block of plaintext with DES is not as simple as our example,however. It involves 16 rounds of plaintext transformations,including breaking the plaintext into two 32-bit chunks that areswapped repeatedly during the rounds. Each round also expands the

32- bit block to 48 bits, which are then XORd with a 48-bit subkey.The subkey has been generated by a key schedule, an algorithmthat creates the 48-bit subkeys based on the original 56-bit key.After XORing with the subkey, the 48-bit plaintext block is dividedinto 6-bit chunks (S-boxes), which then output 4-bit blocks, reducingthe overall plaintext block back to its original 32-bits. (The security

of DES rests with the transformation that occurs in the S-blocks.)Decryption is similar to encryption with the exception that the keytransformations must be generated and applied in the reverse order.Because of its computational complexity, DES was oftenimplemented in hardware.


10/18

Triple DESThe vulnerabilities in DES became very well known. Therefore, cryptographers developed an interim

version, for use until another encryption method wasadopted, called Triple DES . Triple DES uses a 192-bit key, three times the length of the 64-bit DES key.

The algorithm repeats the DES encryption process

three times, each time using a different 64 bits ofthe 192-bit key.

Because Triple DES is essentially DES performed three

times, it is more than three times harder to crack. Itis also three times slower to implement andtherefore was never considered as a permanentencryption standard.


11/18

v yStandard

TheAdvanced Encryption Standard(AES) was developedin 1998 by Vincent Rijmen and Joan Daemen from theirproprietary encryption scheme named Rijndael. (AESuses the same algorithms as Rijndael, but requires fixedkey and plaintext block sizes; Rijndael can handle keysand block sizes in varying multiples of 32 bits between

128 and 256 bits.) AES is similar to DES in that it uses key transformations

for security. However, its keys are longer128, 192, or256 bitsand it works on 128- bit blocks of plaintext. Italso uses S-boxes to output chunks of cyphertext

through 10, 12, or 14 rounds of key transformations.(The number of rounds corresponds to the length of thekey.)


12/18

Schemes

The serious key management issues surrounding symmetric keyencryption methods prompted the development of an encryptionmethod that didnt require the presharing of a secret key. Three

researchersRonald L. Rivest, Adi Shamir, and Leonard Adlemanproposedpublic key encryption (PKE) in 1977.

The developers of public key encryption are the source of theacronym RSA, the name of their company that currently acts asone of the major issuers of digital certificates.

PKE is sometimes also called asymmetric key encryption todifferentiate it from symmetric key encryption.

The basic idea behind PKE is that you have different encryption anddecryption keys. You publish the encryption key freely so thatanyone can encrypt messages to send to you. However, your

secret decryption key is the only key that can decrypt themessage.


13/18


14/18

Ensuring Message Integrity Encryption ensures message privacy, preventing unauthorized people from

viewing the content of a message. It does not, however, ensure messageintegrity, preventing someone from changing the message while it is in transit.

One widely used solution is to create a message digest, or digital signature, acompressed transformation of the message that has the property that a smallchange in the input (the message) produces a large change in the output (themessage digest). The message digest is computed as the message is assembledfor transmission and attached to the message itself. The recipient thenrecomputes the message digest and compares it to what was received. If the two

digests dont match, then the message was altered during transmission. Most message digests are created using a process called hashing, which takes an

input string and puts it through a predefined transformation. The output is ashorter string of some fixed length. In the case of message digests, the output ofthe most widely used algorithms is between128 and 160 bits.


15/18

Good hashing algorithms are one-way, in thesense that you cant reconstruct the messagefrom the hashed output. Having the messagedigest doesnt allow a system cracker to

determine the message in a packet. The mostcommon way to use message digests in acracking attempt is a brute force attack that runsmillions of potential messages through the

algorithm to find matching digests. When thedigests match, then the system cracker hasdetermined the message.


16/18

Message Digest Algorithms MD5: MD5 was developed in 1991 by Ronald Rivest as a

successor to MD4 and MD2. It produces a 128-bit output

string that is generally considered quite secure. Research byRSA indicates that it would take a computer designedspecifically to crack MD5 24 days to generate a collision.

SHA-1: SHA-1 is an alternative to MD5 that was developed

by NIST. It produces a 160-bit output string. Because it has alonger output string, it is considered more resilient tobruteforce cracking attempts than MD5.

HMAC: HMAC is an extension to both MD5 and SHA-1 thatadds a password, further increasing the security of bothalgorithms.


17/18

Checksums

Another way to ensure message integrity isto use a checksum, a simpler form of amessage digest. Because they are not as

secure as message digests checksums aremost commonly used to indicate accidentalmodifications to data during transmission,rather than malicious modifications.


18/18

CRC Checksums

Documents

Lmt Cryptography