presentations
CS 209: Cryptography Basics
Jack W. Davidson
Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Cryptography
. Crypto: secret graphy: writing “secret writing” . Uses – Confidentiality: prevent an adversary from determining the meaning of a message – Integrity: assure receiver that a message was not altered – Authentication: verify message was sent by a certain entity – Non-repudiation: protect against denial by the entities involved in the communication of having participated in the communication
2 Fall, 2008
1 CS 209: Secrets, Lies and Digital Threats
Types of Encryption Schemes
Ciphers
Classical Modern Rotor Machines
Substitution Transposition Public Key Secret Key
Steganography Stream Block
3 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Terminology . Plaintext: original message to be sent . Encryption algorithm: algorithm for encoding plaintext to hide its meaning . Ciphertext: scrambled message produced by encryption algorithm . Decryption algorithm: algorithm for decoding ciphertext into plaintext . Secret key: input to the encryption and decryption algorithms . Cryptosystem: a system for encryption and decryption
4 Fall, 2008
2 CS 209: Secrets, Lies and Digital Threats
Terminology . Symmetric cryptosystem: same key is used for encryption and decryption . Asymmetric crytposystem: different keys are used for encryption and decryption . Cryptographer: invents cryptosystems . Cryptanalyst: person who breaks cryptosytems . Cryptology: study of crypto systems
5 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Some formalism . Cryptosystem is a 5-tuple (E, D, M, K, C) where – M is a set of plaintexts – K is a set of keys – C is the set of ciphertexts – E: M x K → C is the set of enciphering functions – D: C x K → M is the set of deciphering functions . Often use functional notation C=E(M) and P=D(C)
6 Fall, 2008
3 CS 209: Secrets, Lies and Digital Threats
Symmetric encryption
Hi Bob, Hi Bob, Blah…blah Blah…blah blah…blah blah…blah Sincerely, Sincerely, Alice Alice Ciphertext 324as*&!@__ casdas734328jc kax! @(_casd98123js c09 HI÷;$_^#
Alice encodes her message Bob decrypts Alice’s message using the key that she and Bob using the same secret key. have previously agreed upon.
7 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Substitution ciphers
. Change characters in plaintext to produce cipher text) . The Caesar cipher (purportedly used by Julius Caesar in 75 B.C) – Letters are shifted by a set amount – M = {all sequences of Roman letters} – K = {i | 0 ≤ i ≤ 25}
– E = {Ek | k ∈ K and for all m ∈ M, Ek(M) = (m + k) mod 26}
– D = {Dk | k ∈ K and for all c ∈ C, Dk(M) = (26 + m - k) mod 26}
8 Fall, 2008
4 CS 209: Secrets, Lies and Digital Threats
Example: Code wheel . Mechanical device for simple substitution cipher) – Rotate the inner wheel by the number of jumps indicated at the beginning of the message – And translate… – 4 U K Q O P E J G
9 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
One-time pads . Key string chosen at random, and is at least as long as the message . Used extensively during the Cold War . Sender and receiver must agree on the same random sequence . How to get the key securely to the other party? . Be careful about reusing the key
10 Fall, 2008
5 CS 209: Secrets, Lies and Digital Threats
Transposition ciphers
. Ciphertext is a I AM VERY SECRET permutation of the I plaintext (same letters, A M different order) V . The trick is to describe E R the permutation rule Y concisely S E . Often this is done via a graphical aid, using a C R rectangular grid E T
IA EYSCE MVR ERT
11 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Secret Key Cryptography . We use m to denote plain text (or message)
. C = E(Ke, m) is the cipher text of m using key Ke
Eve
Alice Bob . When Alice sends C, Eve copies C before Bob gets it
12 Fall, 2008
6 CS 209: Secrets, Lies and Digital Threats
Encryption . Alice wants to communicate a message securely to Bob . Eve has the ability to eavesdrop on the channel used by Alice and Bob
. Alice uses key Ke to encrypt the message
. Alice must communicate the key Ke to Bob through some other channel that Eve is not watching . Alice–to–Bob encryption is symmetric
13 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Encryption . Eve will not know what the message is, as
she does not have the key Ke to decrypt . Bob must know the decryption algorithm
as well as the key Ke to decrypt . Kerckhoffs’ principle: encryption must depend on the secrecy of the key and not the algorithm
14 Fall, 2008
7 CS 209: Secrets, Lies and Digital Threats
Public key cryptography . One key is publicly known (public key) . One key kept private by owner (private key) . Keys operate as inverses: one key undoes encryption provided by the other key
. C = E(Kpub, P), send C to receiver
. P = D(Kpriv, C)
15 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
RSA: Rivest, Shami, Adelman . Based on the property that factoring large number is difficult . Besides confidentiality . RSA can be used to provide data and origin authentication – Alice encrypts message using her private key. Anyone can read it, but if it is altered, the altered text cannot be deciphered correctly – Since it can be decrypted using her public key, we know the message is from her.
16 Fall, 2008
8 CS 209: Secrets, Lies and Digital Threats
RSA: Rivest, Shami, Adelman
. Providing confidentiality and authentication requires using the sender’s private key and the recipient’s public key – Alice encrypts message using her private key and then encrypts that using Bob’s public key – The recipient uses their key to decipher the message and the sender’s public key to authenticate it – Bob decipher the message (using his private key) and then uses Alice’s public key to get the plaintext message.
17 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Confidentiality Bob’s public-key ring
Alice’s private key
Alice’s public key
Encryption Decryption Plaintext Algorithm Algorithm Plaintext Transmitted cyphertext
18 Fall, 2008
9 CS 209: Secrets, Lies and Digital Threats
Authentication Alice’s public-key ring
Bob’s private key
Bob’s public key
Encryption Decryption Plaintext Algorithm Algorithm Plaintext Transmitted cyphertext
19 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Public key encryption . Why we need public key encryption? . Alice may want to communicate with Bob and 10 other people . Alice shares her secret key with all 11 people . If any one of the 11 persons is untrustworthy, then the key is compromised . It is not practical for Alice to have 11 separate secret keys . If every pair of persons in the above scenario uses a separate key, how many keys will be needed?
20 Fall, 2008
10 CS 209: Secrets, Lies and Digital Threats
Public key encryption . Alice and Bob register with a trusted third party (TTP) . TTP provides a public, private key pair for each individual . Any message m encrypted with the public key Kp can be decrypted using only the corresponding private key Ks . C = E(Kp, m) and m = D(Ks, C) . Public key can be used with any number of users
21 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Public key encryption . Is public key then the preferred solution? . Answer is ‘No’ in general because public key is: - Complex - Slow - Expensive . Preferred solution is the ‘best of both methods’ scenario: - Use a symmetric key but communicate the symmetric key using the public key encryption - Untrustworthy partners could still compromise the key but in such cases the symmetric key could be changed quickly
22 Fall, 2008
11 CS 209: Secrets, Lies and Digital Threats
Digital Signatures . Digital signatures authenticate a user . Digital signature is a legal entity in U.S. and many other countries . Usually digital signatures are computed by complex algorithms by the sender’s computer . This opens up the potential excuse that some one hacked the system to generate the digital signature without the knowledge of the secret key owner
23 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Digital Signatures . Digital signatures are the public key equivalent of MAC
. Alice uses her secret key Ks to sign the message, creating the value s (similar to the MAC). The algorithm to create s is made public by the TTP. . Bob or any one else can use Alice’s public key Kp with the verification algorithm provided by TTP to find s, thus authenticating the message
24 Fall, 2008
12 CS 209: Secrets, Lies and Digital Threats
Encryption . Why should the algorithm be open? – Algorithms are usually used in software or firmware – Algorithms are used for a long period of time – Crypto systems are built for use by large number of people who could use the same algorithm but with different keys – Open algorithms build confidence in users
25 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Attacks . Attacks on information systems can be protected using cryptography . Ciphertext-only attack – attacker discovers the encryption key using means such as cryptanalysis . Known plaintext attack – attacker knows both the plaintext and the associated encrypted text but not the encryption key . E.g., in wireless networks the access point gives these types of information
26 Fall, 2008
13 CS 209: Secrets, Lies and Digital Threats
Attacks . Chosen plaintext attack – attacker chooses the plaintext and is able to get the corresponding ciphertext . E.g., in businesses information obtained from a vendor is passed onto a partner. Vendor information gets encrypted and passed onto partner. Attacker could emulate the vendor and choose the plaintext and see how it gets encrypted.
27 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Attacks . Chosen-ciphertext attack – attacker chooses a number of ciphertexts and is then given the corresponding plaintexts decrypted with the target’s private key . In this method, the attacker can choose a ciphertext and get its corresponding plaintext. By observing these results, the attacker may be able to determine the decryption key
28 Fall, 2008
14 CS 209: Secrets, Lies and Digital Threats
Attacks . Birthday attack – it means that in a room with 23 or more people there is a 50% probability that two people will have the exact birth date. For our purposes, this means that data collisions come faster than expected . E.g., in a 64-bit authentication key system there are 264 ≈ 18 billion possible keys. But collisions occur after 232 ≈ 4 billion transactions.
29 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Attacks . Hacker watches the initial transactions which is usually “Are you ready to receive?” . Authentication keys may be different for each transaction but they happen to repeat after a while . Two transactions with the same authentication key use the same MAC value . Once an authentication key is known the hacker can insert any message with the authentication key and hope to get it accepted
30 Fall, 2008
15 CS 209: Secrets, Lies and Digital Threats
Attacks . Meet-in-the-middle attack – variation of birthday attack . Attacker pre-calculates 232 random 64-bit keys and determines their MAC value for the message “Are you ready to receive?”. The results are stored in a table. . Attacker keeps listening to traffic and compares the MAC value in the table with the MAC value in the transaction for the first message. Using the collision principle described above, one MAC value has to repeat and the hacker picks up the key based on that single repeat value.
31 Fall, 2008
CS 209: Secrets, Lies and Digital Threats
Performance . Security is not cheap . Cryptographic methods consume resources . Business practices demand speed . Security demands validation . There are many insecure but fast systems . Half measures in security cost nearly as much as full measures
32 Fall, 2008
16 CS 209: Secrets, Lies and Digital Threats
Web resources . Cryptography FAQ . Bouncy Castle Crypto Package . Bruce Schneier’s Crypto Resources . American Cryptogram Association . Crypto Corner
33 Fall, 2008
17