Basic cryptography • How cryptography works... • Symmetric cryptography... • Public key cryptography... • Online Resources... • Printed Resources... I VP R 1 © Copyright 2002-2007 Haim Levkowitz How cryptography works • Plaintext • Ciphertext • Cryptographic algorithm • Key Decryption Key Algorithm Plaintext Ciphertext Encryption I VP R 2 © Copyright 2002-2007 Haim Levkowitz Simple cryptosystem ... ! ABCDEFGHIJKLMNOPQRSTUVWXYZ ! DEFGHIJKLMNOPQRSTUVWXYZABC • Caesar Cipher • Simple substitution cipher • ROT-13 • rotate by half the alphabet • A => N B => O I VP R 3 © Copyright 2002-2007 Haim Levkowitz Keys cryptosystems … • keys and keyspace ... • secret-key and public-key ... • key management ... • strength of key systems ... I VP R 4 © Copyright 2002-2007 Haim Levkowitz Keys and keyspace … • ROT: key is N • Brute force: 25 values of N • IDEA (international data encryption algorithm) in PGP: 2128 numeric keys • 1 billion keys / sec ==> >10,781,000,000,000,000,000,000 years I VP R 5 © Copyright 2002-2007 Haim Levkowitz Symmetric cryptography • DES • Triple DES, DESX, GDES, RDES • RC2, RC4, RC5 • IDEA Key • Blowfish Plaintext Encryption Ciphertext Decryption Plaintext Sender Recipient I VP R 6 © Copyright 2002-2007 Haim Levkowitz DES • Data Encryption Standard • US NIST (‘70s) • 56-bit key • Good then • Not enough now (cracked June 1997) • Discrete blocks of 64 bits • Often w/ CBC (cipherblock chaining) • Each blocks encr. depends on contents of previous => detect missing block I VP R 7 © Copyright 2002-2007 Haim Levkowitz Triple DES, DESX, GDES, RDES • Variants on DES: decrease risk of brute-force guessing • Triple-DES • 1. encrypt W/ Key 1 (56-bit) • 2. encrypt W/ Key 2 • 3. encrypt W/ Key 1 • ==> Effective key length 112 bits I VP R 8 © Copyright 2002-2007 Haim Levkowitz RC2, RC4, RC5 • Proprietary (RSA Data Security, Inc.) • Variable length keys (up to 2,048 bits) • Outside US: 40-bit versions of RC2 & RC4 • ==> Web browsers & servers I VP R 9 © Copyright 2002-2007 Haim Levkowitz IDEA • Int’l Data Encryption Algorithm • Patented (AscomTech AG) • Popular in Europe • 128-bit key ==> more secure than DES • (One of) at heart of PGP • (Other is RSA) I VP R 10 © Copyright 2002-2007 Haim Levkowitz Blowfish • Unpatented (Bruce Schneier) • In many commercial & freeware • Var-length key (up to 448 bits) I VP R 11 © Copyright 2002-2007 Haim Levkowitz Symmetric not fit for Internet • Spontaneous comm ==> can’t exchange keys • Multiway comm ==> key secrecy compromised I VP R 12 © Copyright 2002-2007 Haim Levkowitz Public key cryptography • Two-in-one • Cryptography • Digital signatures I VP R 13 © Copyright 2002-2007 Haim Levkowitz Public key cryptography • Asymmetric Key Key Plaintext Encryption Ciphertext Decryption Plaintext Recipient’s Recipient’s public key secret key Recipient Senders I VP R 14 © Copyright 2002-2007 Haim Levkowitz Digital signatures • But, problem ... Authenticate Key Key d Plaintext Plaintext Encryption Digital Decryption y =? signature Sender’s Sender’s secret key public key Sender Recipient I VP R 15 © Copyright 2002-2007 Haim Levkowitz Problem ... • Can cut & paste from older • Solutions • A --> B: random “challenge” phrase • B --> A: sign w/ secret key, return • A: decrypts w/ B’s public key, compare to original • Or, message digest functions Cryptography and digital signature: “challenge” Key Signature text Signature text Key (“challenge”) (“challenge”) Message Sender’s text secret key Sender’s y public key =? Authenticate Digital d Message signature Key Key Ciphertext text sig. Recipient’s Recipient’s Recipient Sender public key secret key I VP R 17 © Copyright 2002-2007 Haim Levkowitz Cryptography and digital signature: digest Hash function Hash function ==> “message Key ==> “message Key digest” (unique) digest” (unique) Message Sender’s secret key Sender’s text y public key =? Authenticate Digital d Message signature Key Key Ciphertext text sig. Recipient’s Recipient’s Recipient public key secret key Sender I VP R 18 © Copyright 2002-2007 Haim Levkowitz Message digest functions & message integrity • One-way hashes • Digital fingerprint for original message • Sender ... • Recipient I VP R 19 © Copyright 2002-2007 Haim Levkowitz Sender • 1. Run message through digest function • 2. Sign hash with secret key • 3. Send signed hash & original message to recipient I VP R 20 © Copyright 2002-2007 Haim Levkowitz Recipient • Decrypt hash w/ sender’s public key • Compare with result of running message through digest function • Match ==> verified integrity • In SSL (later): Message Authenticity Check (MAC) • MAC = digest(secret + digest(secret - message)) I VP R 21 © Copyright 2002-2007 Haim Levkowitz Message Digest Algorithms • MD4 (Rivest, MIT) • 128-bit hashes • Weaknesses ==> (randomness) • MD5 (Rivest) • Most widely used • SHA: Secure Hash Algorithm (NIST/NSA) • 160-bit hash Digital envelopes • Public key encryption SLOWER than symmetric ==> Hybrid • 1. Random secret key (“session key”; discard when done) • 2. Encrypt message w/ session key & symmetric alg. • Encrypt session key w/ recipient’s public key (==> “digital envelope”) • Send encrypted message + digital envelope Digital envelopes Key Key Message Message Ciphertext plaintext plaintext Session Session key key Key Key Recipient’s Recipient’s secret key public key Recipient Sender I VP R 24 © Copyright 2002-2007 Haim Levkowitz Certifying authorities & public key infrastructure • Large public-key database • ==> management? Trusted third party • Certifying authorities (CA)... I VP R 25 © Copyright 2002-2007 Haim Levkowitz Certifying authorities (CA) Key Certifying Authority (CA): 1. Verify individual’s ID 2. Create certificate 3. Generate message digest from certificate, signs hash w/ its secret key Individual’s 4. Return certificate to individual public key Key Individual’s CA’s secret Signed Certificate key distinguished request certificate name (w/ public key) $$$ Pay CA’s fee ID info I VP R 26 © Copyright 2002-2007 Haim Levkowitz Public key infrastructure • Site certificates: authenticate Web servers • Personal certificate: individuals • SW publisher certificates: executables • Certifying authority certificates • Common format: X.509v3 • CPS: certification practice statement I VP R 27 © Copyright 2002-2007 Haim Levkowitz Root CAs & certificate chains • Browsers delivered w/ signed certificates of well-known CAs (root) • Root CAs can sign • End user’s public key • Another (secondary) CA’s public key • ==> Signing authority • ==> Certificate chain • ==> “Hierarchy of trust” I VP R 28 © Copyright 2002-2007 Haim Levkowitz Certificate expiration and revocation list • Invalidate public/secret key pair • Loss/corruption/theft of secret key • Change in ID info in certificate • Compromise of CA’s secret key • CRL: Certificate Revocation List • Certificate expiration date (1 year) I VP R 29 © Copyright 2002-2007 Haim Levkowitz Diffie-Helman: encrypton without authentication • Encryption + authentication usually together • At least one party produces signed certificate ==> no anonymous comm. • Diffie-Helman key exchange: negotiate session key w/o sending key • Each party picks partial key independently I VP R 30 © Copyright 2002-2007 Haim Levkowitz Diffie-Helman (cont.) • Send part of key info • Other side calculates common key value • Eavesdropper can’t reconstruct key • Use symmetric algorithm • Discard session key at end • No authentication ==> “man-in-the-middle” attack I VP R 31 © Copyright 2002-2007 Haim Levkowitz Man-in-the-middle attack • A, B want to communicate • C imposes in network between two wo arousing suspicions • A negotiates w/ C thinking it’s B • B negotiates w/ C thinking it’s A • A & B sending messages, C relaying • A & B think comm is secure; C reads & can modify • Hard to accomplish Securing private (secret) keys • Stored on hard disk encrypted • When first invoked, prompt for pass phrase to unlock • Key read into memory • Problem: virus/other sw looking for private keys • Solution: on removable (take away) I VP R 33 © Copyright 2002-2007 Haim Levkowitz Key length and security • Longer key ==> more secure message • How long? How secure? • Good alg. + implementation + key management ==> brute-force only • Cost to crack vs. cost of normal use • Estimated cracking cost... I VP R 34 © Copyright 2002-2007 Haim Levkowitz Estimated cracking cost... Cost ($) Key length $ thousands $ millions 40 bits Seconds < 1 Second 56 bits Days Hours 64 bits Months Days 80 bits Eons Millennia 128 bits > Age of universe > Age of universe I VP R 35 © Copyright 2002-2007 Haim Levkowitz Key length & US encryption policy (old = history) • Strong encryption classified as munition • SW must get export license • RC2, RC4 w/ 40-bit keys (or less) • RSA w/ 512-bit keys • Digital signature but no encryption • Financial app’s (e.g., Quicken) I VP R 36 © Copyright 2002-2007 Haim Levkowitz US policy (cont.) • Slowing effect on SW dev • Online products limited to export version • ==> Most browsers crippled • Servers overseas crippled • Must have both side for secure transaction • Versions of Netscape + IE exempt ==>128-bit keys I VP R 37 © Copyright 2002-2007 Haim Levkowitz RSA PKI math • Separate I VP R 38 © Copyright 2002-2007 Haim Levkowitz Problems • Usability!!!! I VP R 39 © Copyright 2002-2007 Haim Levkowitz Resources • Schneier’s blogs • Several books/articles/Web-sites • Stein’s on-line resource • B. Schneier: Practical Cryptography, 2nd Edition (Wiley, 1995) • R. E. Smith: Internet Cryptography (Addison-Wesley, 1997) I VP R 40 © Copyright 2002-2007 Haim Levkowitz.