presentations CS 209: Cryptography Basics Jack W. Davidson Fall, 2008 CS 209: Secrets, Lies and Digital Threats Cryptography . Crypto: secret graphy: writing “secret writing” . Uses – Confidentiality: prevent an adversary from determining the meaning of a message – Integrity: assure receiver that a message was not altered – Authentication: verify message was sent by a certain entity – Non-repudiation: protect against denial by the entities involved in the communication of having participated in the communication 2 Fall, 2008 1 CS 209: Secrets, Lies and Digital Threats Types of Encryption Schemes Ciphers Classical Modern Rotor Machines Substitution Transposition Public Key Secret Key Steganography Stream Block 3 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Terminology . Plaintext: original message to be sent . Encryption algorithm: algorithm for encoding plaintext to hide its meaning . Ciphertext: scrambled message produced by encryption algorithm . Decryption algorithm: algorithm for decoding ciphertext into plaintext . Secret key: input to the encryption and decryption algorithms . Cryptosystem: a system for encryption and decryption 4 Fall, 2008 2 CS 209: Secrets, Lies and Digital Threats Terminology . Symmetric cryptosystem: same key is used for encryption and decryption . Asymmetric crytposystem: different keys are used for encryption and decryption . Cryptographer: invents cryptosystems . Cryptanalyst: person who breaks cryptosytems . Cryptology: study of crypto systems 5 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Some formalism . Cryptosystem is a 5-tuple (E, D, M, K, C) where – M is a set of plaintexts – K is a set of keys – C is the set of ciphertexts – E: M x K → C is the set of enciphering functions – D: C x K → M is the set of deciphering functions . Often use functional notation C=E(M) and P=D(C) 6 Fall, 2008 3 CS 209: Secrets, Lies and Digital Threats Symmetric encryption Hi Bob, Hi Bob, Blah…blah Blah…blah blah…blah blah…blah Sincerely, Sincerely, Alice Alice Ciphertext 324as*&!@__ casdas734328jc kax! @(_casd98123js c09 HI÷;$_^# Alice encodes her message Bob decrypts Alice’s message using the key that she and Bob using the same secret key. have previously agreed upon. 7 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Substitution ciphers . Change characters in plaintext to produce cipher text) . The Caesar cipher (purportedly used by Julius Caesar in 75 B.C) – Letters are shifted by a set amount – M = {all sequences of Roman letters} – K = {i | 0 ≤ i ≤ 25} – E = {Ek | k ∈ K and for all m ∈ M, Ek(M) = (m + k) mod 26} – D = {Dk | k ∈ K and for all c ∈ C, Dk(M) = (26 + m - k) mod 26} 8 Fall, 2008 4 CS 209: Secrets, Lies and Digital Threats Example: Code wheel . Mechanical device for simple substitution cipher) – Rotate the inner wheel by the number of jumps indicated at the beginning of the message – And translate… – 4 U K Q O P E J G 9 Fall, 2008 CS 209: Secrets, Lies and Digital Threats One-time pads . Key string chosen at random, and is at least as long as the message . Used extensively during the Cold War . Sender and receiver must agree on the same random sequence . How to get the key securely to the other party? . Be careful about reusing the key 10 Fall, 2008 5 CS 209: Secrets, Lies and Digital Threats Transposition ciphers . Ciphertext is a I AM VERY SECRET permutation of the I plaintext (same letters, A M different order) V . The trick is to describe E R the permutation rule Y concisely S E . Often this is done via a graphical aid, using a C R rectangular grid E T IA EYSCE MVR ERT 11 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Secret Key Cryptography . We use m to denote plain text (or message) . C = E(Ke, m) is the cipher text of m using key Ke Eve Alice Bob . When Alice sends C, Eve copies C before Bob gets it 12 Fall, 2008 6 CS 209: Secrets, Lies and Digital Threats Encryption . Alice wants to communicate a message securely to Bob . Eve has the ability to eavesdrop on the channel used by Alice and Bob . Alice uses key Ke to encrypt the message . Alice must communicate the key Ke to Bob through some other channel that Eve is not watching . Alice–to–Bob encryption is symmetric 13 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Encryption . Eve will not know what the message is, as she does not have the key Ke to decrypt . Bob must know the decryption algorithm as well as the key Ke to decrypt . Kerckhoffs’ principle: encryption must depend on the secrecy of the key and not the algorithm 14 Fall, 2008 7 CS 209: Secrets, Lies and Digital Threats Public key cryptography . One key is publicly known (public key) . One key kept private by owner (private key) . Keys operate as inverses: one key undoes encryption provided by the other key . C = E(Kpub, P), send C to receiver . P = D(Kpriv, C) 15 Fall, 2008 CS 209: Secrets, Lies and Digital Threats RSA: Rivest, Shami, Adelman . Based on the property that factoring large number is difficult . Besides confidentiality . RSA can be used to provide data and origin authentication – Alice encrypts message using her private key. Anyone can read it, but if it is altered, the altered text cannot be deciphered correctly – Since it can be decrypted using her public key, we know the message is from her. 16 Fall, 2008 8 CS 209: Secrets, Lies and Digital Threats RSA: Rivest, Shami, Adelman . Providing confidentiality and authentication requires using the sender’s private key and the recipient’s public key – Alice encrypts message using her private key and then encrypts that using Bob’s public key – The recipient uses their key to decipher the message and the sender’s public key to authenticate it – Bob decipher the message (using his private key) and then uses Alice’s public key to get the plaintext message. 17 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Confidentiality Bob’s public-key ring Alice’s private key Alice’s public key Encryption Decryption Plaintext Algorithm Algorithm Plaintext Transmitted cyphertext 18 Fall, 2008 9 CS 209: Secrets, Lies and Digital Threats Authentication Alice’s public-key ring Bob’s private key Bob’s public key Encryption Decryption Plaintext Algorithm Algorithm Plaintext Transmitted cyphertext 19 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Public key encryption . Why we need public key encryption? . Alice may want to communicate with Bob and 10 other people . Alice shares her secret key with all 11 people . If any one of the 11 persons is untrustworthy, then the key is compromised . It is not practical for Alice to have 11 separate secret keys . If every pair of persons in the above scenario uses a separate key, how many keys will be needed? 20 Fall, 2008 10 CS 209: Secrets, Lies and Digital Threats Public key encryption . Alice and Bob register with a trusted third party (TTP) . TTP provides a public, private key pair for each individual . Any message m encrypted with the public key Kp can be decrypted using only the corresponding private key Ks . C = E(Kp, m) and m = D(Ks, C) . Public key can be used with any number of users 21 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Public key encryption . Is public key then the preferred solution? . Answer is ‘No’ in general because public key is: - Complex - Slow - Expensive . Preferred solution is the ‘best of both methods’ scenario: - Use a symmetric key but communicate the symmetric key using the public key encryption - Untrustworthy partners could still compromise the key but in such cases the symmetric key could be changed quickly 22 Fall, 2008 11 CS 209: Secrets, Lies and Digital Threats Digital Signatures . Digital signatures authenticate a user . Digital signature is a legal entity in U.S. and many other countries . Usually digital signatures are computed by complex algorithms by the sender’s computer . This opens up the potential excuse that some one hacked the system to generate the digital signature without the knowledge of the secret key owner 23 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Digital Signatures . Digital signatures are the public key equivalent of MAC . Alice uses her secret key Ks to sign the message, creating the value s (similar to the MAC). The algorithm to create s is made public by the TTP. Bob or any one else can use Alice’s public key Kp with the verification algorithm provided by TTP to find s, thus authenticating the message 24 Fall, 2008 12 CS 209: Secrets, Lies and Digital Threats Encryption . Why should the algorithm be open? – Algorithms are usually used in software or firmware – Algorithms are used for a long period of time – Crypto systems are built for use by large number of people who could use the same algorithm but with different keys – Open algorithms build confidence in users 25 Fall, 2008 CS 209: Secrets, Lies and Digital Threats Attacks . Attacks on information systems can be protected using cryptography . Ciphertext-only attack – attacker discovers the encryption key using means such as cryptanalysis . Known plaintext attack – attacker knows both the plaintext and the associated encrypted text but not the encryption key . E.g., in wireless networks the access point gives these types of information 26 Fall, 2008 13 CS 209: Secrets, Lies and Digital Threats Attacks . Chosen plaintext attack – attacker chooses the plaintext and is able to get the corresponding ciphertext . E.g., in businesses information obtained from a vendor is passed onto a partner. Vendor information gets encrypted and passed onto partner. Attacker could emulate the vendor and choose the plaintext and see how it gets encrypted.