1 the elements of cryptography chapter 7 copyright 2003 prentice-hall
TRANSCRIPT
1
The Elements of Cryptography
Chapter 7
Copyright 2003 Prentice-Hall
2
Figure 7-1: Cryptographic System
ConfidentialityAuthentication
Message IntegrityAnti-Replay Protection
Client PC with Cryptographic
SystemSoftware
Server withCryptographic
SystemSoftware
Secure Communication
ProvidedAutomatically
3
Figure 7-2: Plaintext, Encryption, Ciphertext, and Decryption
Network
Plaintext“Hello”
EncryptionMethod &
Key
Ciphertext “11011101”
EncryptionKey
Ciphertext “11011101” Plaintext“Hello”
DecryptionMethod &
Key
DecryptionKey
Interceptor
Party A
Party B
Note:Interceptor Cannot ReadCiphertext Without the
Decryption Key
4
Figure 7-3: Key Length and Number of Possible Keys
1
Key Lengthin Bits
2
4
8
16
256
65,536
16
4
2
Number of Possible Keys
40 1,099,511,627,776
56 72,057,594,037,927,900
112 5,192,296,858,534,830,000,000,000,000,000,000
5
Figure 7-3: Key Length and Number of Possible Keys
Key Lengthin Bits
112
168
256
512
1.15792E+77
1.3408E+154
3.74144E+50
5.1923E+33
Number of Possible Keys
6
Figure 7-3: Key Length and Number of Possible Keys
Notes: Shaded keys, with lengths of more than 100 bits, are considered strong symmetric keys today.
Unshaded keys, with lengths of less than 100 bits, are considered weak symmetric keys today.
Public key/private key pairs must be much longer to be strong because of the disastrous consequences of learning someone’s private key and because private keys cannot be changed rapidly.
7
Figure 7-4: Symmetric Key Encryption for Confidentiality
Network
Plaintext“Hello”
EncryptionMethod &
Key
Ciphertext “11011101”
SymmetricKey
Ciphertext “11011101” Plaintext“Hello”
DecryptionMethod &
Key
SameSymmetric
Key
Interceptor
Party A
Party B
Note:A single key is used to
encrypt and decryptin both directions.
8
Figure 7-5: Data Encryption Standard (DES)
DES EncryptionProcess
64-Bit CiphertextBlock
64-Bit DES Symmetric Key(56 bits + 8 redundant bits)64-Bit Plaintext
Block
9
Figure 7-6: DES-CBC (DES-Cipher Block Chaining)
First64-Bit Plaintext Block
DES EncryptionProcess
Second64-Bit Plaintext Block
First64-Bit Ciphertext Block
InitializationVector (IV)
DES EncryptionProcess
Second64-Bit Ciphertext Block
DES Key
DES Key
10
Figure 7-7: Triple DES (3DES)
Sender Receiver
Encrypts plaintext with the1st key
Decrypts ciphertext withthe 3d key
Decrypts output of firststep with the 2nd key
Encrypts output of thefirst step with the 2nd key
Encrypts output of secondstep with the 3d key; givesthe ciphertext to be sent
Decrypts output of secondstep with the 1st key; givesthe original plaintext
168-Bit Encryption with Three 56-Bit Keys
11
Figure 7-7: Triple DES (3DES)
Sender Receiver
Encrypts plaintext with the1st key
Decrypts ciphertext withthe 1st key
Decrypts output with the 2nd key
Encrypts output with the2nd key
Encrypts output with the1st key
Decrypts output with the1st key
112-Bit Encryption With Two 56-Bit Keys
12
Figure 7-7: Triple DES (3DES)
Sender Receiver
Encrypts plaintext withthe key
Decrypts ciphertext withthe key
Encrypts output with thekey (undoes first step)
Encrypts output with thekey
56-Bit Encryption With One 56-Bit Key(For Compatibility With Receivers
Who Can Handle Only Normal DES)
13
Figure 7-8: DES, 3DES, and AES
DES
56
Weak
Moderate
Moderate
3DES
112 or 168
Strong
High
High
AES
128, 192, 256
Strong
Modest
Modest
Key Length (bits)
Strength
ProcessingRequirements
RAM Requirements
14
Figure 7-9: Public Key Encryption for Confidentiality
Party A Party B
Decrypt withParty A’s Private Key
Encrypt withParty A’s Public Key
Encrypt withParty B’s Public Key
Decrypt withParty B’s Private Key
EncryptedMessage
EncryptedMessage
15
Figure 7-10: Strong Keys for Symmetric and Public Key Encryption
Strong Symmetric Keys Strong Public and Private Keys
Limited damage if cracked, so can be shorter
Changed frequently, so canbe shorter
Serious damage if cracked, somust be longer
Rarely changed, so must belonger
16
Figure 7-10: Strong Keys for Symmetric and Public Key Encryption
Strong Symmetric Keys Strong Public and Private Keys
100 bits or more todayLonger for high-value transactionsLonger tomorrow as cracking power increasesDES: 56-bits (weak), but 3DES gives 112-bit or 168-bit securityAES: Key lengths of 128, 192, or 256; yet places a light load on processor and RAM so can be used by mobile devicesIDEA: 128 bits
1,024 or 2,048 bits for RSA encryption today
512 bits for ECC encryption today
Longer tomorrow as cracking power increases
17
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
2.Verifier sends Challenge Message
Challenge
Applicant(Client)
Verifier(Server)
1.Verifier creates
Challenge Message
Note: Both the client and the serverknow the client’s password.
18
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
3.Applicant (Supplicant)
creates a Response Message:(a) Adds password toChallenge Message
(b) Hashes the resultant bitstring (does not encrypt)
(c) The hash is the ResponseMessage
ChallengePassword
Response
Hashing(Not Encryption)
19
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
4.Applicant sends Response Message without encryption
Transmitted Response
20
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
ChallengePassword
Expected Response
Hashing
5.Verifier adds password to theChallenge Message it sent.
Hashes the combination. Thisis the expected Response
Message.
21
Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol
Expected ResponseTransmitted Response =?
6.If the two Response Messages are equal, the
applicant knows the password and is authenticated.Sever logs Client in.
7.Note that only hashing is involved.
There is no encryption.
22
Figure 7-12: Encryption Versus Hashing
Encryption
Uses a key as aninput to an encryption method
Output is similar inlength to input
Reversible; ciphertextcan be decryptedback to plaintext
Use of Key
Length of Result
Reversibility
Hashing
Key is usually addedto text; the two arecombined, and thecombination is hashed
Output is of a fixedshort length, regardless of input
One-way function; hashcannot be “de-hashed” back to the original string
23
Figure 7-13: Digital Signature for Message-by-Message Authentication
To Create the Digital Signature:
1. Hash the plaintext to create abrief message digest; this is NOT the Digital Signature.
2. Sign (encrypt) the messagedigest with the sender’s private
key to create the digital signature.
3. Transmit the plaintext + digitalsignature, encrypted withsymmetric key encryption.
Plaintext
MD
DS
DS Plaintext
Hash
Sign (Encrypt)with Sender’sPrivate Key
24
Figure 7-13: Digital Signature for Message-by-Message Authentication
4. Encrypted withSession Key
DS Plaintext
Sender Receiver
25
Figure 7-13: Digital Signature for Message-by-Message Authentication
To Test the Digital Signature
5. Hash the received plaintextwith the same hashing algorithm
the sender used. This givesthe message digest.
6. Decrypt the digital signaturewith the sender’s public key.
This also should give themessage digest.
7. If the two match, themessage is authenticated.
Received Plaintext
MD
DS
MD
5. 6.
HashDecrypt withTrue Party’sPublic Key
7.Are they equal?
26
Figure 7-14: Public Key Deception
Impostor
“I am the True Person.”
“Here is TP’s public key.”(Sends Impostor’s public key)
“Here is authenticationbased on TP’s private key.”(Really Impostor’s private key)
Decryption of message from Verifierencrypted with Imposter’s public key,so Impostor can decrypt it
Verifier
Must authenticate True Person.
Believes now hasTP’s public key
Believes True Personis authenticated
based on Impostor’s public key
“True Person,here is a message encrypted
with your public key.”
CriticalDeception
27
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
VersionNumber
Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard.
Issuer Name of the Certificate Authority (CA).
SerialNumber
Unique serial number for the certificate, set by the CA.
28
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
Subject The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party.
Public KeyThe public key of the subject—the public key of the true party.
Public KeyAlgorithm
The algorithm the subject uses to sign messages with digital signatures.
29
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
ValidPeriod
The period before which and after which the certificate should not be used.Note: Certificate may be revoked before the end of this period.
DigitalSignature
The digital signature of the certificate, signed by the CA with the CA’s own private key.Provides authentication and certificate integrity.User must know the CA’s public key independently.
30
Figure 7-15: Important X.509 Digital Certificate Fields
Field Description
SignatureAlgorithmIdentifier
The digital signature algorithm the CA uses to signits certificates.
31
Figure 7-16: Digital Signature and Digital Certificate in Authentication
Digital Certificate Digital Signature
Authentication
Public Key ofTrue Party
Signature to BeTested with
Public Key ofTrue Party
32
Figure 7-17: Public Key Infrastructure (PKI) with a Certificate Authority
Create &Distribute
(1) Private Keyand
(2) Digital Certificate
4.Certificate
for Lee
3.Request Certificate
for Lee
5.Certificate
for Lee
6. Request CertificateRevocation List (CRL)
7. Copy of CRL
Verifier(Brown)
Applicant (Lee)
Verifier(Cheng)
CertificateAuthority
PKI Server
33
Figure 7-18: Public Key Distribution for Symmetric Session Keys
Party A Party B
1. CreateSymmetric
Session Key
34
Figure 7-18: Public Key Distribution for Symmetric Session Keys
Party A Party B
2. EncryptSession Key with
Party B’s Public Key
4. DecryptSession Key with
Party B’s Private Key
3. Send the SymmetricSession Key Encrypted
for Confidentiality
5. Subsequent Encryption withSymmetric Session Key
35
Figure 7-19: Diffie-Hellman Key Agreement
Party X Party Y
1. Agree on Diffie-Hellman Groupp (prime) and g (generator)
2.GeneratesRandom
Number x
2.GeneratesRandom
Number y
36
Figure 7-19: Diffie-Hellman Key Agreement
Party X Party Y
3.Computes
x’=g^x mod p
3.Computes
y’=g^y mod p4.
Exchange x’ and y’Without Security
37
Figure 7-19: Diffie-Hellman Key Agreement
Party X Party Y
5.Compute Key=
y’^x mod p=g^(xy) mod p
5.Compute Key=
x’^y mod p=g^(xy) mod p6. Subsequent Encryption
with SymmetricSession Key
38
Figure 7-20: Replay Attacks
Replay Attacks Retransmit an intercepted message
Message is encrypted so that replay attacker cannot read it
Why Replay Attacks Repetition might work—for instance, replaying an
encrypted username and password might result in access to a poorly designed system
39
Figure 7-20: Replay Attacks
Preventing Replay Attacks
Insert a time stamp in messages and accept messages only if they are very recent
Insert a sequence number in each message
Insert a nonce (random number selected for the occasion) in a request message; only accept a reply message with the same nonce. Other party does not accept a request message with a previous nonce
40
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Bits (Q-Bits)
In ordinary computers, each bit is either a zero or a one at any time
In quantum computers, each quantum bit (q-bit) can be both a zero and a one at any moment
When decohered, the q-bit becomes a classic one or zero randomly
41
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Distributions (QKD)
Two particles representing q-bits can be entangled so that both will be up or down when read
The two entangled particles are sent to the two communicating parties
Both will always read the bit the same way—as a one or a zero
42
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Distributions (QKD)
They will both read the stream of decohered q-bits as a key
Interception of q-bits en route by an eavesdropper is detected easily
QKD is becoming commercially viable
43
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Cracking
For determining private keys from public keys An array of N q-bits can represent all possible
keys of length N Operations can be performed on all possible
keys simultaneously Results are put in a results register Decoherence gives one result randomly from all
possible results
44
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Cracking
This single result can be used to compute the private key
Not instantaneous, but much faster than exhaustive search
45
Figure 7-21: Quantum Computing and Steganography
Quantum Computing Quantum Key Cracking
Not practical today
We can only build quantum computers with a few q-bits
Quantum computers with 1000 or more q-bits are some time off
46
Figure 7-21: Quantum Computing and Steganography
Steganography Steganography means hidden writing
Hiding a message in an image Every image is made of pixels There often is about one byte per pixel for each
color: red, green, and blue One bit in each byte is the least significant—
changing it will alter the color by only 1/256 The process steals the least significant bit from
each byte
47
Figure 7-21: Quantum Computing and Steganography
Steganography Hiding a message in an image
The message is written into these bits
The message may be encrypted before writing it into the bits
The picture will look unchanged
48
Figure 7-21: Quantum Computing and Steganography
Steganography
Digital Watermarking
Using steganography to hide identifying information in a document
To prove copyright ownership
To identify different copies of a document
49
Figure 7-22: Cryptographic Goals and Methods
Confidentiality Authentication
Applicable. Senderencrypts with key shared with the receiver.
Not applicable.SymmetricKeyEncryption
Applicable. Senderencrypts with receiver’spublic key.
Applicable. Senderencrypts with ownprivate key.
PublicKeyEncryption
Not applicable.Applicable. Used in MS-CHAP andHMACs discussed in thenext chapter.
Hashing