1. Lecture 3:Cryptographic Tools

2. Cryptographic Tools Cryptographic algorithms important element in security services review various types of elements symmetric encryption public-key (asymmetric) encryption digital signatures and key management secure hash functions 3. Symmetric Encryption universal technique for providingconfidentiality also referred to as single-key encryption two requirements for secure use: need a strong encryption algorithm sender and receiver must have obtained copies ofthe secret key in a secure fashion and must keep the key secure 4. Symmetric Encryption 5. Attacking Symmetric Encryption Cryptanalytic AttacksBrute-Force Attack rely on: try all possible keys on some nature of the algorithm ciphertext until an intelligible plus some knowledge of the general translation into plaintext is characteristics of the plaintextobtained even some sample plaintext- ciphertext pairson average half of all possible keysmust be tried to achieve success exploits the characteristics of thealgorithm to attempt to deduce aspecific plaintext or the key beingused if successful all future and pastmessages encrypted with that keyare compromised 6. Average Time for Exhaustive Search Number of Time Required at 1Time Required atKey Size (bits) Alternative Keys Decryption/s 106 Decryptions/s32232 = 4.3 109 231 s = 35.8 minutes 2.15 milliseconds56256 = 7.2 1016255 s = 1142 years10.01 hours 1282128 = 3.4 1038 2127 s= 5.4 1024 years 5.4 1018 years 1682168 = 3.7 1050 2167 s= 5.9 1036 years 5.9 1030 years26 characters26! = 4 10262 1026 s = 6.4 1012 years6.4 106 years(permutation) 7. Symmetric Encryption Algorithms 8. Data Encryption Standard (DES) most widely used encryption scheme referred to as the Data Encryption Algorithm uses 64 bit plaintext block and 56 bit key toproduce a 64 bit ciphertext block strength concerns: concerns about algorithm DES is the most studied encryption algorithm in existence use of 56-bit key Electronic Frontier Foundation (EFF) announced in July 1998that it had broken a DES encryption 9. Data Encryption Standard (DES) Linux machines have deleted DES from VPNnegotiations because it takes minutes or less tobreak. This breaks the standard for VPN negotiations. Windows 2000 server shows 3DES butnegotiates DES. 10. Time to Break a Codeassuming 106 decryptions/ms 11. Triple DES (3DES) repeats basic DES algorithm three times usingeither two or three unique keys attractions: 168-bit key length overcomes the vulnerability tobrute-force attack of DES underlying encryption algorithm is the same as inDES drawbacks: algorithm is sluggish in software uses a 64-bit block size 12. Advanced Encryption Standard (AES) needed aNIST called forselectedreplacement forproposals for a Rijndael in 3DES new AES in 1997November 2001should have a security strength equal to or better than 3DESsignificantly improved 3DES was notefficiencyreasonable for long published as FIPS 197 term use symmetric block cipher128 bit data and128/192/256 bit keys 13. Practical Security Issues typically data unit is larger than a single 64-bit or128-bit block electronic codebook (ECB) mode the simplest approach to multiple-block encryption each block is encrypted using the same key exploit regularities in the plaintext modes of operation alternative techniques to increase the security forlarge sequences overcomes the weaknesses of ECB 14. Block Cipher EncryptionStreamEncryption 15. Block & Stream Ciphers Block Cipher processes the input one block of elements at a time produces an output block for each input block can reuse keys more commonStream Cipher processes the input elements continuously produces output one element at a time primary advantage is that they are almost always fasterand use far less code encrypts plaintext one byte at a time pseudorandom stream is one that is unpredictablewithout knowledge of the input key 16. Random and XORPseudorandom is nort random. Linux has areal random number generator./dev/randomAnd the pseudorandom is /dev/urandom.The pseudorandom is fast.You can program it to collect real randomdata.Random XOR with real random is notbreakable until you get access to the key. 17. Quantum computingA formula to factor large numbers can breakmany formulas.Quantum computers can break almost anynormal encryption.Random XOR is theoretically not breakableby the availability of both.Many people who want to control informationshall not like the use of RXOR and shallresist it. 18. GPGGPG is available for windows also. Need asimple way to run it.Assignment.Gnu Privacy Guard.