“it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.”
Bruce Schneier
CryptologyCryptology
Jason SamsonRyan BranderShawn Greencorn
November 9,2000CS 465 Presentation
Outline
• What is cyrptology?• History behind cryptology.• Security Threats.• Define convention and public key encryption and compare the uses of both methods.• Discuss encryption management.• Indicate approaches to incorporating encryption in a network.• Discuss applications of encryption to network security.• Digital Signatures.
What is Cryptology?• the discipline of cryptography and cryptanalysis combined.
Cryptography: encoding of messages into an unintelligible form that can be reversed by mathematical computation.
• concerned with 2 aspects: 1. privacy of communication2. authenticity of communication
• based on problems that are difficult to solve.
• ENCRYPTION: fundamental tool at the heart of virtually all secure mechanisms.
What is Cryptology? (2)
Cryptanalysis: the art of breaking or solving code without the key.a.k.a. HACKER
• requires study, experience, perseverance, imagination, and LUCK!
History• Ancient Greeks 1. Spartans (wound belt around stick)
2. Caesar (replaced letters with letters 3 places over)
• Gabriel Lavinde (1379) - published first manual on cryptography
• Cardinal Richelieu (1600’s) - invented the “grille”
• Sir Charles Wheatson (1867) - British Scientist - invented the Wheatson Cipher Device
• Etienne Bazaries (1891) - French Cryptologist - invented the Cylindrical Cipher Device
Security Threats
• Active Attack:- modification of data- eg. unauthorized access of computer systems
• Passive Attack:- eavesdropping, monitoring transmissions- eg. e-mail, file transfers, client/server exchange
Methods of Encryption
1. Symmetric (Conventional Encryption)- cryptosystem where encryption/decryption is performed using the same key
2. Assymmetric (Public Key)- cryptosystem where encryption/decryption is performed using 2 keys (public key and private key)
Conventional Encryption
5 step scheme
1. Plaintext: original message2. Encryption Algorithm: substitutions/transformation3. Secret Key: shared by sender/recipient4. Ciphertext:scrambled text5. Decryption Algorithm: #2 reversed, produces #1
** see F3.pdf
Conventional Encryption (2)
Approaches for Attacking:
• Cryptanalysis: - exploits characteristics of algorithm attempting to deduce plaintext or key used. - EFFECT: all past/future messages using same key are jeopardized.
• Brute Force: - trial & error - try all possible keys until ciphertext is decrypted. - avg of 1/2 keys must be tried.
Conventional Encryption (3)
Average Time Required for Exhaustive Key SearchKey Size Number of Time Required at Time Required at
(bits) Alternative Keys 1 Decryption per us 10^6 Decryption per us32 2 3̂2 35.8 mins 2.15 milliseconds56 2 5̂6 1142 years 10 hours
128 2 1̂28 5.4*10 2̂4 years 5.4*10 1̂8 years168 2 1̂68 5.9*10 3̂6 years 5.9*10 3̂0 years
Conventional Encryption (4)DES (Data Encryption Standard) - 1977
- algorithm is referred to as DEA
Data Encryption Algorithm - 2 inputs1. Plaintext (64 bits)2. Key (56 bits)
downfall: potentially vulnerable to brute force attack
- July 1998 - EEF (Electronic Frontier Foundation) broke DES using special “DES Cracker” machine - < $250k - 3 days (attack)
- decreasing cost of hardware & inc speed made DES worthless
Conventional Encryption (5)Alternative to DEA: TDEA (Triple Data Encryption Algorithm)
attractions - 1. 3 distinct keys (168 bits) 2. Algorithm is the same as DEA
downfall - sluggish - won’t last long term
Alternative to TDEA:AES (Advanced Encryption Standard)
- began search in 1997- must have >= of TDEA
more effiecient than TDEA support 128,192,256 bit keys
- finalized by Summer 2001
Public Key• First proposed in 1976.
• First revolutionary advance in encryption in literally 1000’s of years.
• Based on mathematic functions rather than simple ops on bit patterns.
• Involves 2 separate keys: Public - for others to use Private - known only to owner
• Advantages in areas of:- confidentiality- key distribution- authentication
Public Key (2)
5 step scheme
1. Plaintext: original message2. Encryption Algorithm: transformation3. Public/Private Keys: if one key is used for encryption, the other
key is used for decryption4. Ciphertext:scrambled text5. Decryption Algorithm: accepts ciphertext & matching key to
produce plaintext
** see F5.pdf
Encryption Management•Looks at two issues
1. Where in the communication process encryption Should be carried out.2. The issues of Key Distribution.
• A information network has many locations where security Threats may occur.
•Encryption is one way to counter these threats
• Need to decide what to encrypt• Where encryption should be located
Two Alternative’s
•Link encryption• each vulnerable communication link is equipped with an encryption device.•This makes communication links secure.
•End To End Encryption
•The process is carried out at both the sender and the receiver ends.
Advantages & Disadvantages Link Encryption:
Advantage• Number of Encryption devices is much smaller than the number of sender-reciever pairs that use such a network.
Disadvantage• Part of the message must be decripted each time it enters the packet switch.• Vunerable at each switch.
Advantages/Disadvantages
End-To-End Encrption:
Advantage• Unultered Across The Network To The Destination Terminal or Host.
Disadvantage• User’s data is secure but the traffic pattern is not.
Key Distribution• For conventional encryption to work, two parties must have thethe same key and that key must be protected• There are four ways to accomplish this:
1. Physical delivery2. Third party selection and physical delivery3. If a party has a current key, transmit the new key encrypted with the old key4. Third party selects a key, encrypts it, then transmits it to the party
Option four leads to KDC (Key Distribution Center)
Key Distribution Center
• Two approaches:• One time session key - Used only for the duration of theof that session. At the conclusion of the session the key is destroyed• Permanent key - A permanent key is a key used between entities for the purpose of distributing session keys
Show figure
Digital Signatures
What is Digital Signature?
•An authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
• The recipient of the message knows the message is from the sender.
How Does Digital Signature Work?
There are two process:
Digital Signature Creation: • The singner uses a “hash result” derived from, and unique to, both the signed message and a given private key.
Digital Signature Verification:• The Reciever references the original message and a given public Key.
Advantages/Disadvantages of Digital Signatures
Advantages:• More reliable authentication of messages.• Decreases the risk of Hackers.• Decreases the risk of tampering and forgery.
Disadvantages:• Institutional Overhead - High cost to get started.• Subscriber and Relying party costs.