Encryption No. 1 Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin...
-
Upload
geraldine-jacobs -
Category
Documents
-
view
217 -
download
0
Transcript of Encryption No. 1 Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin...
Encryption No. 1Seattle Pacific University
Encryption:Protecting Your Data While in Transit
Kevin BoldingElectrical Engineering
Seattle Pacific University
Based on Chapter 18 of William Stallings, Data and Computer Communication, 6th Ed.
Encryption No. 2Seattle Pacific University
Living in a Glass House
• Public networks are public...
• Chances for eavesdropping or worse
• LANs – may broadcast all packets to all stations within your collision domain
• WANs - shared public resources• Service providers• Hackers at every point...
• Network model is inherently insecure
• Passing data to an unreliable third party many times over
Encryption No. 3Seattle Pacific University
The Need for Encryption
• Transmission of sensitive data
• Classical use of encryption
• Sender encodes data in such a way that only the intended recipient(s) can decipher it
• Identity verification
• Sender provides a digital signature that cannot be easily produced by any other entity
• Receiver can easily verify signature
Data encoding and Digital Signatures can be provided using encryption
Encryption No. 4Seattle Pacific University
Goals for an Encryption Scheme• Difficult to break
• Probability of breaking the code within any reasonable amount of time should be very small
• Fast encoding and decoding
• If encoding/decoding is too complex or too slow, users will bypass it
• Easy distribution of keys
• Secret key distribution can be an issue
• Frequent key changes needed for security
Encryption No. 5Seattle Pacific University
Code Breaking
• Assume that the attacker has:
• Samples of matched plaintext and ciphertext• Lots of computing power• Knowledge of the plaintext language
• Cryptanalysis
• Gather information that you can• Size of documents, plaintext/ciphertext pairs,
frequency of documents, language
• Think really hard
• Brute force
• Randomly try keys until something works
Bits in key Time to crack(106 encryptions/s)
32 35.8 min56 1142 years128 5.4 x 1024 years168 5.9 x 1036 years
Encryption No. 6Seattle Pacific University
Symmetric Encryption
• Sender and all recipients use the same key
• Sender encrypts plaintext using the common secret key
• Encrypted ciphertext is sent over a public channel
• Receiver decrypts ciphertext back into plaintext using the common secret key
Plaintext Ciphertext PlaintextCiphertextPublicNetwork
Symmetric Encryption requires that sender and receiver both know the same secret key
Encryption No. 7Seattle Pacific University
DES - Data Encryption Standard
• DES – US government standard from 1977-2001
• Symmetric encryption
• 56-bit key
• Basic idea: Repeatedly XOR and shift
XORing - Great for encryption10001110 plaintext
xor 01101101 key11100011 ciphertext
xor 01101101 key
10001110 plaintext
A special DES-cracking machine built by the Electronic Frontier Foundation in 1999 can crack DES in under three days.
--> DES is dead
Encryption No. 8Seattle Pacific University
Replacing DES
• Triple DES (TDEA)
• Run DES three times, yielding a key length of 168 bits
• Short-term replacement for DES
• Advanced Encryption Standard (AES) / Rijndael
• US Approved in 2002
• Block algorithm, 128, 192, or 256-bit key
• 128-bit approved through US “Secret”
• 192+ bits approved for US “Top Secret”
Encryption No. 9Seattle Pacific University
Key Distribution
• With symmetric codes, both sender and receiver need to have the secret key
• How does the sender safely send the key?
• 1. Send it manually via secure courier
• Expensive, time-consuming
• 2. Send a new key using the previous key
• Fine, but what if the old key was compromised?
• 3. Use a key distribution center
• Sender requests that a session key be sent to both the sender and receiver
• Key is used for this session only
Encryption No. 10Seattle Pacific University
Public-Key Encryption• Receiver has two matched keys - Public and Private
• Public key can only encode – private key needed to decode
• Sender encrypts plaintext using the Public Key
• Encrypted ciphertext is sent over a public channel
• Receiver decrypts ciphertext back into plaintext using the Receiver’s Private Key
• Receiver sends Receiver’s Public Key to the Sender
PublicNetwork
Pub
PrivPub
Priv
Sender
ReceiverPlaintext Ciphertext PlaintextCiphertext
Pub
Encryption No. 11Seattle Pacific University
RSA Public Key Encryption
• Rivest, Shamir, Adleman (1977)
• Involves the use of the product of two (large) prime numbers
• Public and Private Keys include the above product and some mathematical functions of the prime factors
• Cracking the code
• Factoring the product will crack the code...
• RSA authors (in 1977) predicted a 428-bit code would take 40,000,000,000,000 years to crack
• Internet consortium cracked it in 1994
• 1024-bit or more keys are used today...
Encryption No. 12Seattle Pacific University
Public Key Issues• Man-in-the-Middle Imposters
• An imposter might send you an encrypted message
• Requires sender authentication
• RSA is slow
• Complicated math, 1024-bit (or more) keys
• Symmetric codes are faster
• Use a combined public key/symmetric method
• Establish a session using public key methods• Send the receiver a session key for a symmetric
method
• Use the symmetric key for the rest of the session
Encryption No. 13Seattle Pacific University
Sender Authentication
Plaintext Ciphertextof Hash
PlaintextCiphertextof Hash
PublicNetwork
Pub
PrivPub
Priv
Sender Receiver
Pub
• Sender “encrypts” document using sender’s private key
• This document is sent to the receiver
• Receiver decrypts signature using sender’s public key
• If document is readable, it must have been encrypted using the sender’s private key, which only the sender has access to
Encryption No. 14Seattle Pacific University
Public-Key Encryption + Authentication• Sender sends document using public key encryption
DigitalSignature
Ciphertextof DS
DigitalSignature
Ciphertextof DS
PublicNetwork
Pub
PrivPub
Priv
Sender
ReceiverPlaintext Ciphertext PlaintextCiphertext
Pub
Pub
• Sender computes a digital signature of the document using a one-way hash function
• Sender sends digital signature of document using authentication methods
=?
• Receiver authenticates encrypted message message by confirming that digital signature matches received plaintext