Encryption No. 1 Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin...

Encryption No. 1Seattle Pacific University

Encryption:Protecting Your Data While in Transit

Kevin BoldingElectrical Engineering

Seattle Pacific University

Based on Chapter 18 of William Stallings, Data and Computer Communication, 6th Ed.


Living in a Glass House

• Public networks are public...

• Chances for eavesdropping or worse

• LANs – may broadcast all packets to all stations within your collision domain

• WANs - shared public resources• Service providers• Hackers at every point...

• Network model is inherently insecure

• Passing data to an unreliable third party many times over


The Need for Encryption

• Transmission of sensitive data

• Classical use of encryption

• Sender encodes data in such a way that only the intended recipient(s) can decipher it

• Identity verification

• Sender provides a digital signature that cannot be easily produced by any other entity

• Receiver can easily verify signature

Data encoding and Digital Signatures can be provided using encryption


Goals for an Encryption Scheme• Difficult to break

• Probability of breaking the code within any reasonable amount of time should be very small

• Fast encoding and decoding

• If encoding/decoding is too complex or too slow, users will bypass it

• Easy distribution of keys

• Secret key distribution can be an issue

• Frequent key changes needed for security


Code Breaking

• Assume that the attacker has:

• Samples of matched plaintext and ciphertext• Lots of computing power• Knowledge of the plaintext language

• Cryptanalysis

• Gather information that you can• Size of documents, plaintext/ciphertext pairs,

frequency of documents, language

• Think really hard

• Brute force

• Randomly try keys until something works

Bits in key Time to crack(106 encryptions/s)

32 35.8 min56 1142 years128 5.4 x 1024 years168 5.9 x 1036 years


Symmetric Encryption

• Sender and all recipients use the same key

• Sender encrypts plaintext using the common secret key

• Encrypted ciphertext is sent over a public channel

• Receiver decrypts ciphertext back into plaintext using the common secret key

Plaintext Ciphertext PlaintextCiphertextPublicNetwork

Symmetric Encryption requires that sender and receiver both know the same secret key


DES - Data Encryption Standard

• DES – US government standard from 1977-2001

• Symmetric encryption

• 56-bit key

• Basic idea: Repeatedly XOR and shift

XORing - Great for encryption10001110 plaintext

xor 01101101 key11100011 ciphertext

xor 01101101 key

10001110 plaintext

A special DES-cracking machine built by the Electronic Frontier Foundation in 1999 can crack DES in under three days.

--> DES is dead


Replacing DES

• Triple DES (TDEA)

• Run DES three times, yielding a key length of 168 bits

• Short-term replacement for DES

• Advanced Encryption Standard (AES) / Rijndael

• US Approved in 2002

• Block algorithm, 128, 192, or 256-bit key

• 128-bit approved through US “Secret”

• 192+ bits approved for US “Top Secret”


Key Distribution

• With symmetric codes, both sender and receiver need to have the secret key

• How does the sender safely send the key?

• 1. Send it manually via secure courier

• Expensive, time-consuming

• 2. Send a new key using the previous key

• Fine, but what if the old key was compromised?

• 3. Use a key distribution center

• Sender requests that a session key be sent to both the sender and receiver

• Key is used for this session only


Public-Key Encryption• Receiver has two matched keys - Public and Private

• Public key can only encode – private key needed to decode

• Sender encrypts plaintext using the Public Key

• Encrypted ciphertext is sent over a public channel

• Receiver decrypts ciphertext back into plaintext using the Receiver’s Private Key

• Receiver sends Receiver’s Public Key to the Sender

PublicNetwork

Pub

PrivPub

Priv

Sender

ReceiverPlaintext Ciphertext PlaintextCiphertext

Pub


RSA Public Key Encryption

• Rivest, Shamir, Adleman (1977)

• Involves the use of the product of two (large) prime numbers

• Public and Private Keys include the above product and some mathematical functions of the prime factors

• Cracking the code

• Factoring the product will crack the code...

• RSA authors (in 1977) predicted a 428-bit code would take 40,000,000,000,000 years to crack

• Internet consortium cracked it in 1994

• 1024-bit or more keys are used today...


Public Key Issues• Man-in-the-Middle Imposters

• An imposter might send you an encrypted message

• Requires sender authentication

• RSA is slow

• Complicated math, 1024-bit (or more) keys

• Symmetric codes are faster

• Use a combined public key/symmetric method

• Establish a session using public key methods• Send the receiver a session key for a symmetric

method

• Use the symmetric key for the rest of the session


Sender Authentication

Plaintext Ciphertextof Hash

PlaintextCiphertextof Hash

PublicNetwork

Pub

PrivPub

Priv

Sender Receiver

Pub

• Sender “encrypts” document using sender’s private key

• This document is sent to the receiver

• Receiver decrypts signature using sender’s public key

• If document is readable, it must have been encrypted using the sender’s private key, which only the sender has access to


Public-Key Encryption + Authentication• Sender sends document using public key encryption

DigitalSignature

Ciphertextof DS

DigitalSignature

Ciphertextof DS

PublicNetwork

Pub

PrivPub

Priv

Sender

ReceiverPlaintext Ciphertext PlaintextCiphertext

Pub

Pub

• Sender computes a digital signature of the document using a one-way hash function

• Sender sends digital signature of document using authentication methods

=?

• Receiver authenticates encrypted message message by confirming that digital signature matches received plaintext

Encryption No. 1 Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin...

Documents

Transcript of Encryption No. 1 Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin...