Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Menu Class 4: • Some loose ends on WWII Modern •Maurice Burnett Cryptography • Modern Cryptography – Modern symmetric ciphers – Public-key cryptosystems http://www.cs.virginia.edu/jillcrypto JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 2 British Cipher Machine German Code-Breaking Efforts • Design based on commercial Enigma • About 6,000 people (compare to 12,000 working at Bletchley Park) • 5 rotor wheels (instead • Decentralized: each military branch had of 3 in Enigma) their own, didn’t share what they learned • Multiple rings per rotor • Effective against manual codes: broke • Last 2 rotor wheels about 50% of manually coded messages didn’t rotate • Didn’t attempt to break rotor-based • British attempted to ciphers – so confident Enigma was break it (without unbreakable, didn’t try to Typex and success) similar machines Typex Machine JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 3 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 4 Lorenz Cipher From http://www.codesandciphers.org.uk/lorenz/fish.htm JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 5 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 6 1 Modern Symmetric Ciphers Modern Ciphers A billion billion is a large number, but it's not that large a number. Whitfield Diffie • AES (Rijndael) successor to DES selected 2001 • Same idea but: • 128-bit keys, encrypt 128-bit blocks –Use digital logic instead of • Brute force attack (around 1030 times mechanical rotors harder than Lorenz) –Larger keys (random bits, not rotor – Try 1 Trillion keys per second – Would take 10790283070806000000 years alignments) to try all keys! 12 9 •Lorenz ≈ 5 < 10 – If that’s not enough, can use 256-bit key •Modern ≥ 128 bits > 1037 • No known techniques that do better –Encrypt blocks of letters at a time than brute force search JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 7 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 8 Login Process Sending Passwords Terminal Login: alyssa Password: fido login sends Trusted Subsystem Encrypt The Internet <“alyssa”, “fido”> Eve User Server JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 9 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 10 The Internet Ciphertext Plaintext Encrypt Decrypt Plaintext Key Agreement Demo K K User Server (Animated version at C = EncryptK (P) end of slides.) P = DecryptK (C) JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 11 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 12 2 Asymmetric Cryptosystems One-Way Functions • Easy to compute, hard to invert • Need a hard problem (like symmetric • Trap-door one way function: cryptosystems) – D (E (M)) = M • With a trap door: if you know a – E and D are easy to compute. secret, the hard problem becomes – Revealing E doesn’t reveal an easy way easy to compute D. – Hence, anyone who knows E can encrypt, but only someone who knows D can decrypt JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 13 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 14 RSA [Rivest, Shamir, Adelman 78] Security of RSA One-way function: multiplication is easy, factoring is hard • n is public, but not p and q where n = Trap-door: number theory (Euler and Fermat) pq • How much work is factoring n? Number Field Sieve (fastest known factoring algorithm) is: O(e1.9223((ln (n))1/3 (ln (ln (n)))2/3) n ~200 digits – would take quintillions of years JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 15 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 16 Asymmetric Cryptosystems Public-Key Applications: Privacy Bob • Encryption and Decryption are done Alice Ciphertext with different keys Plaintext Encrypt Decrypt Plaintext • Keep one of the keys secret, reveal the other Bob’s Public Key Bob’s Private Key • Alice encrypts message to Bob using EKRA (EKUA (M)) = M Bob’s Public Key Alice’s Public Key: KUA Only KRA can decrypt • Only Bob knows Bob’s Private Key ⇒ a message encrypted only Bob can decrypt message Alice’s Private Key: KRA using KUA. JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 17 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 18 3 Signatures Bob Alice Signed The Internet Message Plaintext Encrypt Decrypt Plaintext Ciphertext Alice’s Private Key Alice’s Public Key Plaintext Encrypt Decrypt Plaintext • Bob knows it was from Alice, since only Alice knows Alice’s Private Key • Non-repudiation: Alice can’t deny signing KUS KRS message (except by claiming her key was stolen!) User Public Key Private Key Server • Integrity: Bob can’t change message (doesn’t know Alice’s Private Key) How does User know the public key to use? JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 19 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 20 Approach 1: Meet Secretly • User and Server Operator meet secretly and swap public keys Key Management – If you can do that, might as well agree on a secret (symmetric key) instead – Doesn’t work for Internet transactions JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 21 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 22 Approach 2: Public Announcement Approach 3: Public Directory • Trusted authority maintains directory • Publish public keys in a public mapping names to public keys forum • Entities register public keys with – Append to email messages authority in some secure way – Post on web site • Authority publishes directory – New York Time classifieds – Print using watermarked paper, special • Easy for rogue to pretend to be fonts, etc. someone else – Allow secure electronic access • Depends on secure distribution of directory’s – Forge email, alter web site, lie to New key York Times JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 23 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 24 4 Approach 4: Certificates SSL (Secure Sockets Layer) Browser Server VeriSign Hello KUS $$$$ KRCA[Server Identity, KUS] C = E [“Server”, KU ] Check Certificate S KRVeriSign S using KUCA Request Pick random K KUS[K] Find K using Note: This is slightly CS simplified from the actual KRS SSL protocol. This version User Server is vulnerable to a person-in- the-middle attack! EKUVeriSign (CS) = [“Server”, KUS] Knows KRS Secure channel using K JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 25 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 26 Data encrypted using secret key exchanged using some public key associated with some certificate. JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 27 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 28 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 29 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 30 5 SSL Recap Browser Server Hello KRCA[Server Identity, KUS] Check Certificate Questions? using KUCA Pick random K KUS[K] Find K using Note: This is slightly simplified from the actual KRS SSL protocol. This version is vulnerable to a person-in- the-middle attack! Secure channel using K JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 31 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 32 Padlocked Boxes Animated version of Asymmetric Cryptography Hi! Demo Alice JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 33 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 34 Padlocked Boxes Padlocked Boxes Alice’s Padlock Shady Sammy’s Slimy ! i Shipping Alice H Alice Service Alice’s Padlock Key Alice’s Padlock Key JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 35 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 36 6 Padlocked Boxes Padlocked Boxes Bob’s Padlock ! i Alice Alice H ! i H Alice’s Padlock Key Bob Alice’s Padlock Key Bob Bob’s Padlock Key Bob’s Padlock Key JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 37 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 38 Padlocked Boxes Padlocked Boxes ! i Alice H Alice ! i H Alice’s Padlock Key Bob Bob Bob’s Padlock Key Bob’s Padlock Key JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 39 JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 40 Padlocked Boxes Hi! Alice ! i H Bob Bob’s Padlock Key JILL WWII Crypto Spring 2006 - Class 4: Modern Cryptography 41 7.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages7 Page
-
File Size-