Cryptography

11

CryptographyCryptography

Troy LatchmanTroy Latchman

Byungchil KimByungchil Kim

22

FundamentalsFundamentals

We know that the medium we use We know that the medium we use to transmit data is insecure, e.g. to transmit data is insecure, e.g. can be sniffed.can be sniffed.

Cryptography allows a sender to Cryptography allows a sender to disguise data in hopes that an disguise data in hopes that an intruder can gain no information intruder can gain no information from the intercepted data.from the intercepted data.

33


Alice and Bob are two innocent people.Alice and Bob are two innocent people. Trudy is an intruder.Trudy is an intruder.

44


Alice generates some data that is in Alice generates some data that is in plaintext. She then uses a key (Ka) and plaintext. She then uses a key (Ka) and an encryption algorithm to transform an encryption algorithm to transform the data into ciphertext.the data into ciphertext.

The data is transmitted and sniffed The data is transmitted and sniffed along the way. Trudy gains no along the way. Trudy gains no information about the contents of the information about the contents of the message because the data is in message because the data is in ciphertext (encrypted).ciphertext (encrypted).

Bob receives the ciphertext and uses a Bob receives the ciphertext and uses a key (Kb) and a decryption algorithm to key (Kb) and a decryption algorithm to transform the data into plaintext. transform the data into plaintext.

55


Shortened Notation:Shortened Notation: Alice starts with message ‘m’ and applies Alice starts with message ‘m’ and applies

her key as well as ‘m’ to an encryption her key as well as ‘m’ to an encryption algorithm to get the ciphertext Ka(m)algorithm to get the ciphertext Ka(m)

Bob receives Ka(m) and applies this as Bob receives Ka(m) and applies this as well as his key to the decryption well as his key to the decryption algorithm to get the original message: algorithm to get the original message: Kb(Ka(m)) = mKb(Ka(m)) = m

m => Ka(m) => Kb(Ka(m)) => mm => Ka(m) => Kb(Ka(m)) => m

66

KeysKeys

Symmetric KeySymmetric Key– Alice’s and Bob’s keys are identical Alice’s and Bob’s keys are identical

and are private.and are private. Public KeyPublic Key

– Two keys are used. One of the keys Two keys are used. One of the keys is public (the whole world knows it). is public (the whole world knows it). The other key is known either by The other key is known either by Alice or Bob, not both.Alice or Bob, not both.

77

Symmetric KeySymmetric Key

Caesar cipher is a very old and simple Caesar cipher is a very old and simple symmetric key algorithm:symmetric key algorithm:

Take each letter in the plaintext message Take each letter in the plaintext message and translate it into another letter.and translate it into another letter.

The translation is done by adding a The translation is done by adding a constant, k, to the plaintext letter.constant, k, to the plaintext letter.

The number for each letter is its position The number for each letter is its position in the alphabet, e.g. A=1, Z=26. The in the alphabet, e.g. A=1, Z=26. The alphabet has wrap around where A comes alphabet has wrap around where A comes after Z.after Z.

88


Caesar cipher example:Caesar cipher example:

Let k=3 (the key)Let k=3 (the key) Plaintext: BOB, I LOVE YOU. ALICEPlaintext: BOB, I LOVE YOU. ALICE Ciphertext: ERE, L ORYH BRX. DOLFHCiphertext: ERE, L ORYH BRX. DOLFH

Note that Caesar cipher only has 25 Note that Caesar cipher only has 25 possible keys, so a brute force method possible keys, so a brute force method to break the encryption can be used.to break the encryption can be used.

99


Monoalphabetic cipher - an Monoalphabetic cipher - an improvement over Caesar cipherimprovement over Caesar cipher

Each letter gets translated to a set Each letter gets translated to a set random letter by a 1 to 1 random letter by a 1 to 1 algorithm.algorithm.

26! possible pairings (keys).26! possible pairings (keys). Monoalphabetic cipher was later Monoalphabetic cipher was later

improved by polyalphabetic improved by polyalphabetic encryption.encryption.

1010


Data Encryption Standard (DES)Data Encryption Standard (DES)http://http://www.aci.net/kalliste/des.htmwww.aci.net/kalliste/des.htm

Created in 1977 and updated in Created in 1977 and updated in 1993. The algorithm works by 1993. The algorithm works by manipulating input on the bit level.manipulating input on the bit level.

The algorithm needs an input The algorithm needs an input (limited to 64 bits) and a 64 bit key (limited to 64 bits) and a 64 bit key (effectively only 56 bits due to 8 (effectively only 56 bits due to 8 parity bits)parity bits)

1111


Basic operation of DESBasic operation of DES

1212


The 56-bit DES is considered too insecure. The 56-bit DES is considered too insecure. The encryption was cracked in 22 hours in The encryption was cracked in 22 hours in 2002 using a special purpose computer.2002 using a special purpose computer.

3DES is more secure. This runs DES 3 times 3DES is more secure. This runs DES 3 times with 3 different keys.with 3 different keys.

Advanced Encryption Standard (AES) is the Advanced Encryption Standard (AES) is the successor to DES. It uses key lengths of 128, successor to DES. It uses key lengths of 128, 192, and 256 bits. It is estimated that a 192, and 256 bits. It is estimated that a computer that could break 56-bit DES computer that could break 56-bit DES encryption in 1 second would take encryption in 1 second would take approximately 149 trillion years to crack 128-approximately 149 trillion years to crack 128-bit AES encryption.bit AES encryption.

1313

Public KeyPublic Key

One short fall to using a symmetric key One short fall to using a symmetric key is that both parties must know the key is that both parties must know the key before they start the encrypted before they start the encrypted communication.communication.

How do the parties initially get the key?How do the parties initially get the key? They could meet in person so that the They could meet in person so that the

communication would be secure, but this communication would be secure, but this is usually inconvenient.is usually inconvenient.

Elegant Solution: public key encryption.Elegant Solution: public key encryption.

1414


Instead of Alice and Bob having Instead of Alice and Bob having the same secret key. Bob will the same secret key. Bob will have 2 keys, a public key (Kb+) have 2 keys, a public key (Kb+) which the whole world knows, and which the whole world knows, and a private key that only Bob knows a private key that only Bob knows (Kb-).(Kb-).

This eliminates the need for This eliminates the need for distributing secret keys.distributing secret keys.

1515


Overview of public key encryptionOverview of public key encryption

1616


Alice fetches Bob’s pubic key (Kb+)Alice fetches Bob’s pubic key (Kb+) She encrypts her message with the key She encrypts her message with the key

to get: Kb+(m)to get: Kb+(m) Bob receives the ciphertext and applies Bob receives the ciphertext and applies

his private key in order to extract the his private key in order to extract the message: message:

Kb-(Kb+(m)) = mKb-(Kb+(m)) = m

IMPORTANT: Kb+(Kb-(m)) = mIMPORTANT: Kb+(Kb-(m)) = m

(We will see the importance of this later)(We will see the importance of this later)

1717


RSA – a public key encryption algorithm RSA – a public key encryption algorithm named after its founders (Ron Rivest, Adi named after its founders (Ron Rivest, Adi Shamir, and Leonard Adleman):Shamir, and Leonard Adleman):

Choose 2 large prime numbers ‘p’ and ‘q’.Choose 2 large prime numbers ‘p’ and ‘q’. Compute n = p*qCompute n = p*q Compute z = (p-1)*(q-1)Compute z = (p-1)*(q-1) Choose a number ‘e’ that is less than ‘n’ which Choose a number ‘e’ that is less than ‘n’ which

has no common factors (besides 1) with zhas no common factors (besides 1) with z Find a number ‘d’ such that e*d-1 is divisible Find a number ‘d’ such that e*d-1 is divisible

by ‘z’ with no remainderby ‘z’ with no remainder Kb+ = (n,e) Kb+ = (n,e) Kb- = (n,d)Kb- = (n,d)

1818


We now have (n,e) and (n,d), that We now have (n,e) and (n,d), that is Kb+ and Kb-.is Kb+ and Kb-.

Alice obtains (n,e) and does the Alice obtains (n,e) and does the following to each letter of her following to each letter of her message (again A=1 and Z=26):message (again A=1 and Z=26):

c = m^e mod n c = m^e mod n where ‘m’ is the numeric value of where ‘m’ is the numeric value of the letter and ‘c’ is the cipher the letter and ‘c’ is the cipher outputoutput

1919


Bob is the only one who has (n,d), Bob is the only one who has (n,d), that is Kb-, and does the following that is Kb-, and does the following on each letter once he receives on each letter once he receives the ciphertext form Alice:the ciphertext form Alice:

m = c^d mod nm = c^d mod n

where ‘m’ is the recovered where ‘m’ is the recovered messagemessage

2020


RSA example:RSA example:Bob does the following:Bob does the following:

Chooses p=5 and q=7Chooses p=5 and q=7- Thus, n=35 and z=24- Thus, n=35 and z=24

Chooses e=5 since 5 and 24 have no common Chooses e=5 since 5 and 24 have no common factors factors

Chooses d=29 since 5*29-1 is divisible by 24Chooses d=29 since 5*29-1 is divisible by 24So we have Kb+ = (35,5) and Kb- = (35,29)So we have Kb+ = (35,5) and Kb- = (35,29)

Suppose Alice wants to send ‘l’ ‘o’ ‘v’ ‘e’ to Suppose Alice wants to send ‘l’ ‘o’ ‘v’ ‘e’ to Bob…Bob…

2121


2222

IntegrityIntegrity

There is a short fall to using public key There is a short fall to using public key encryption - Trudy, the intruder, can claim encryption - Trudy, the intruder, can claim she is Alice!she is Alice!

We didn’t have to worry about these false We didn’t have to worry about these false claims in symmetric key encryption claims in symmetric key encryption because the mere fact that the user on because the mere fact that the user on the other end had the correct key (which the other end had the correct key (which is private) was proof enough they were is private) was proof enough they were who they said they were.who they said they were.

How do we regain the integrity that we How do we regain the integrity that we lost?lost?

2323

IntegrityIntegrity

Bob can sign his message – proving Bob can sign his message – proving that the messages are coming from that the messages are coming from Bob.Bob.

All he has to do is a apply his private All he has to do is a apply his private key to the data he sends Alice: Kb-(m)key to the data he sends Alice: Kb-(m)

Alice then receives this and applies Alice then receives this and applies Bob’s public key: Kb+(Kb-(m)) = mBob’s public key: Kb+(Kb-(m)) = m

(This is the important part from slide 16)(This is the important part from slide 16)

2424

IntegrityIntegrity

2525

IntegrityIntegrity

But signing over the entire But signing over the entire message is computationally message is computationally expensive.expensive.

Want a less costly way to have Want a less costly way to have integrity.integrity.

Answer: Message DigestAnswer: Message Digest

2626

IntegrityIntegrity

Message digest algorithms take a Message digest algorithms take a message ‘m’ or arbitrary length and message ‘m’ or arbitrary length and compute a fixed-length output known compute a fixed-length output known as a message digest: H(m)as a message digest: H(m)

The algorithm is basically a many to The algorithm is basically a many to one hash function.one hash function.

A good algorithm will make it A good algorithm will make it inconceivable for 2 messages to hash inconceivable for 2 messages to hash to the same value (message digest).to the same value (message digest).

2727

IntegrityIntegrity

Now that we have a small “summary” of Now that we have a small “summary” of what is in the message, we can use this to what is in the message, we can use this to obtain integrity when using public key obtain integrity when using public key encryption.encryption.

All Bob needs to do is to apply his private All Bob needs to do is to apply his private key to the message digest. This is much key to the message digest. This is much more efficient than applying it to the more efficient than applying it to the entire message:entire message:

Kb-(H(m)) which is called a Kb-(H(m)) which is called a digital digital signaturesignature

2828

IntegrityIntegrity

Now when Bob wants to communicate, Now when Bob wants to communicate, he can just send ‘m’ and Kb-(H(m))he can just send ‘m’ and Kb-(H(m))

When Alice receives these two items, When Alice receives these two items, she computes H(m) two different ways:she computes H(m) two different ways:Directly from ‘m’ (like Bob did when Directly from ‘m’ (like Bob did when sending the message)sending the message)By applying Bob’s public key to the By applying Bob’s public key to the digital signature: Kb+(Kb-(H(m)) = H(m)digital signature: Kb+(Kb-(H(m)) = H(m)

Alice then compares the two message Alice then compares the two message digests and see if they match. digests and see if they match.

2929

IntegrityIntegrity

3030

IntegrityIntegrity

3131

IntegrityIntegrity

How do we compute H(m)?How do we compute H(m)? There are widely used algorithms There are widely used algorithms

to do so.to do so. MD5 and SHA-1 are examples of MD5 and SHA-1 are examples of

such algorithms.such algorithms.MD5 computes a 128-bit message MD5 computes a 128-bit message digest in a four-step process.digest in a four-step process.

http://www.faqs.org/rfcs/rfc1321.hhttp://www.faqs.org/rfcs/rfc1321.htmltml

3232

The LabThe Lab

Be sure to thoroughly read and Be sure to thoroughly read and understand the previous slides.understand the previous slides.

We will be doing exercises with We will be doing exercises with built in functions in Linux.built in functions in Linux.

We will examine: DES, RSA, MD5, We will examine: DES, RSA, MD5, and SHA-1.and SHA-1.

3333

ReferencesReferences

All figures and tables throughout All figures and tables throughout this presentation came from one this presentation came from one source:source:

Kurose, Charlie and Ross, Keith. Kurose, Charlie and Ross, Keith. Computer Networking: A Top-Down Computer Networking: A Top-Down Approach Featuring the InternetApproach Featuring the Internet. . New York, NY: Addison Wesley, New York, NY: Addison Wesley, 2003.2003.

Cryptography

Documents

Transcript of Cryptography