1 the elements of cryptography chapter 7 copyright 2003 prentice-hall

1

The Elements of Cryptography

Chapter 7

Copyright 2003 Prentice-Hall

2

Figure 7-1: Cryptographic System

ConfidentialityAuthentication

Message IntegrityAnti-Replay Protection

Client PC with Cryptographic

SystemSoftware

Server withCryptographic

SystemSoftware

Secure Communication

ProvidedAutomatically

3

Figure 7-2: Plaintext, Encryption, Ciphertext, and Decryption

Network

Plaintext“Hello”

EncryptionMethod &

Key

Ciphertext “11011101”

EncryptionKey

Ciphertext “11011101” Plaintext“Hello”

DecryptionMethod &

Key

DecryptionKey

Interceptor

Party A

Party B

Note:Interceptor Cannot ReadCiphertext Without the

Decryption Key

4

Figure 7-3: Key Length and Number of Possible Keys

1

Key Lengthin Bits

2

4

8

16

256

65,536

16

4

2

Number of Possible Keys

40 1,099,511,627,776

56 72,057,594,037,927,900

112 5,192,296,858,534,830,000,000,000,000,000,000

5


Key Lengthin Bits

112

168

256

512

1.15792E+77

1.3408E+154

3.74144E+50

5.1923E+33

Number of Possible Keys

6


Notes: Shaded keys, with lengths of more than 100 bits, are considered strong symmetric keys today.

Unshaded keys, with lengths of less than 100 bits, are considered weak symmetric keys today.

Public key/private key pairs must be much longer to be strong because of the disastrous consequences of learning someone’s private key and because private keys cannot be changed rapidly.

7

Figure 7-4: Symmetric Key Encryption for Confidentiality

Network

Plaintext“Hello”

EncryptionMethod &

Key

Ciphertext “11011101”

SymmetricKey

Ciphertext “11011101” Plaintext“Hello”

DecryptionMethod &

Key

SameSymmetric

Key

Interceptor

Party A

Party B

Note:A single key is used to

encrypt and decryptin both directions.

8

Figure 7-5: Data Encryption Standard (DES)

DES EncryptionProcess

64-Bit CiphertextBlock

64-Bit DES Symmetric Key(56 bits + 8 redundant bits)64-Bit Plaintext

Block

9

Figure 7-6: DES-CBC (DES-Cipher Block Chaining)

First64-Bit Plaintext Block


Second64-Bit Plaintext Block

First64-Bit Ciphertext Block

InitializationVector (IV)


Second64-Bit Ciphertext Block

DES Key

DES Key

10

Figure 7-7: Triple DES (3DES)

Sender Receiver

Encrypts plaintext with the1st key

Decrypts ciphertext withthe 3d key

Decrypts output of firststep with the 2nd key

Encrypts output of thefirst step with the 2nd key

Encrypts output of secondstep with the 3d key; givesthe ciphertext to be sent

Decrypts output of secondstep with the 1st key; givesthe original plaintext

168-Bit Encryption with Three 56-Bit Keys

11


Sender Receiver

Encrypts plaintext with the1st key

Decrypts ciphertext withthe 1st key

Decrypts output with the 2nd key

Encrypts output with the2nd key

Encrypts output with the1st key

Decrypts output with the1st key

112-Bit Encryption With Two 56-Bit Keys

12


Sender Receiver

Encrypts plaintext withthe key

Decrypts ciphertext withthe key

Encrypts output with thekey (undoes first step)

Encrypts output with thekey

56-Bit Encryption With One 56-Bit Key(For Compatibility With Receivers

Who Can Handle Only Normal DES)

13

Figure 7-8: DES, 3DES, and AES

DES

56

Weak

Moderate

Moderate

3DES

112 or 168

Strong

High

High

AES

128, 192, 256

Strong

Modest

Modest

Key Length (bits)

Strength

ProcessingRequirements

RAM Requirements

14

Figure 7-9: Public Key Encryption for Confidentiality

Party A Party B

Decrypt withParty A’s Private Key

Encrypt withParty A’s Public Key

Encrypt withParty B’s Public Key

Decrypt withParty B’s Private Key

EncryptedMessage

EncryptedMessage

15

Figure 7-10: Strong Keys for Symmetric and Public Key Encryption

Strong Symmetric Keys Strong Public and Private Keys

Limited damage if cracked, so can be shorter

Changed frequently, so canbe shorter

Serious damage if cracked, somust be longer

Rarely changed, so must belonger

16

Figure 7-10: Strong Keys for Symmetric and Public Key Encryption

Strong Symmetric Keys Strong Public and Private Keys

100 bits or more todayLonger for high-value transactionsLonger tomorrow as cracking power increasesDES: 56-bits (weak), but 3DES gives 112-bit or 168-bit securityAES: Key lengths of 128, 192, or 256; yet places a light load on processor and RAM so can be used by mobile devicesIDEA: 128 bits

1,024 or 2,048 bits for RSA encryption today

512 bits for ECC encryption today

Longer tomorrow as cracking power increases

17

Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol

2.Verifier sends Challenge Message

Challenge

Applicant(Client)

Verifier(Server)

1.Verifier creates

Challenge Message

Note: Both the client and the serverknow the client’s password.

18


3.Applicant (Supplicant)

creates a Response Message:(a) Adds password toChallenge Message

(b) Hashes the resultant bitstring (does not encrypt)

(c) The hash is the ResponseMessage

ChallengePassword

Response

Hashing(Not Encryption)

19


4.Applicant sends Response Message without encryption

Transmitted Response

20


ChallengePassword

Expected Response

Hashing

5.Verifier adds password to theChallenge Message it sent.

Hashes the combination. Thisis the expected Response

Message.

21


Expected ResponseTransmitted Response =?

6.If the two Response Messages are equal, the

applicant knows the password and is authenticated.Sever logs Client in.

7.Note that only hashing is involved.

There is no encryption.

22

Figure 7-12: Encryption Versus Hashing

Encryption

Uses a key as aninput to an encryption method

Output is similar inlength to input

Reversible; ciphertextcan be decryptedback to plaintext

Use of Key

Length of Result

Reversibility

Hashing

Key is usually addedto text; the two arecombined, and thecombination is hashed

Output is of a fixedshort length, regardless of input

One-way function; hashcannot be “de-hashed” back to the original string

23

Figure 7-13: Digital Signature for Message-by-Message Authentication

To Create the Digital Signature:

1. Hash the plaintext to create abrief message digest; this is NOT the Digital Signature.

2. Sign (encrypt) the messagedigest with the sender’s private

key to create the digital signature.

3. Transmit the plaintext + digitalsignature, encrypted withsymmetric key encryption.

Plaintext

MD

DS

DS Plaintext

Hash

Sign (Encrypt)with Sender’sPrivate Key

24


4. Encrypted withSession Key

DS Plaintext

Sender Receiver

25


To Test the Digital Signature

5. Hash the received plaintextwith the same hashing algorithm

the sender used. This givesthe message digest.

6. Decrypt the digital signaturewith the sender’s public key.

This also should give themessage digest.

7. If the two match, themessage is authenticated.

Received Plaintext

MD

DS

MD

5. 6.

HashDecrypt withTrue Party’sPublic Key

7.Are they equal?

26

Figure 7-14: Public Key Deception

Impostor

“I am the True Person.”

“Here is TP’s public key.”(Sends Impostor’s public key)

“Here is authenticationbased on TP’s private key.”(Really Impostor’s private key)

Decryption of message from Verifierencrypted with Imposter’s public key,so Impostor can decrypt it

Verifier

Must authenticate True Person.

Believes now hasTP’s public key

Believes True Personis authenticated

based on Impostor’s public key

“True Person,here is a message encrypted

with your public key.”

CriticalDeception

27

Figure 7-15: Important X.509 Digital Certificate Fields

Field Description

VersionNumber

Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard.

Issuer Name of the Certificate Authority (CA).

SerialNumber

Unique serial number for the certificate, set by the CA.

28


Field Description

Subject The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party.

Public KeyThe public key of the subject—the public key of the true party.

Public KeyAlgorithm

The algorithm the subject uses to sign messages with digital signatures.

29


Field Description

ValidPeriod

The period before which and after which the certificate should not be used.Note: Certificate may be revoked before the end of this period.

DigitalSignature

The digital signature of the certificate, signed by the CA with the CA’s own private key.Provides authentication and certificate integrity.User must know the CA’s public key independently.

30


Field Description

SignatureAlgorithmIdentifier

The digital signature algorithm the CA uses to signits certificates.

31

Figure 7-16: Digital Signature and Digital Certificate in Authentication

Digital Certificate Digital Signature

Authentication

Public Key ofTrue Party

Signature to BeTested with

Public Key ofTrue Party

32

Figure 7-17: Public Key Infrastructure (PKI) with a Certificate Authority

Create &Distribute

(1) Private Keyand

(2) Digital Certificate

4.Certificate

for Lee

3.Request Certificate

for Lee

5.Certificate

for Lee

6. Request CertificateRevocation List (CRL)

7. Copy of CRL

Verifier(Brown)

Applicant (Lee)

Verifier(Cheng)

CertificateAuthority

PKI Server

33

Figure 7-18: Public Key Distribution for Symmetric Session Keys

Party A Party B

1. CreateSymmetric

Session Key

34

Figure 7-18: Public Key Distribution for Symmetric Session Keys

Party A Party B

2. EncryptSession Key with

Party B’s Public Key

4. DecryptSession Key with

Party B’s Private Key

3. Send the SymmetricSession Key Encrypted

for Confidentiality

5. Subsequent Encryption withSymmetric Session Key

35

Figure 7-19: Diffie-Hellman Key Agreement

Party X Party Y

1. Agree on Diffie-Hellman Groupp (prime) and g (generator)

2.GeneratesRandom

Number x

2.GeneratesRandom

Number y

36


Party X Party Y

3.Computes

x’=g^x mod p

3.Computes

y’=g^y mod p4.

Exchange x’ and y’Without Security

37


Party X Party Y

5.Compute Key=

y’^x mod p=g^(xy) mod p

5.Compute Key=

x’^y mod p=g^(xy) mod p6. Subsequent Encryption

with SymmetricSession Key

38

Figure 7-20: Replay Attacks

Replay Attacks Retransmit an intercepted message

Message is encrypted so that replay attacker cannot read it

Why Replay Attacks Repetition might work—for instance, replaying an

encrypted username and password might result in access to a poorly designed system

39

Figure 7-20: Replay Attacks

Preventing Replay Attacks

Insert a time stamp in messages and accept messages only if they are very recent

Insert a sequence number in each message

Insert a nonce (random number selected for the occasion) in a request message; only accept a reply message with the same nonce. Other party does not accept a request message with a previous nonce

40

Figure 7-21: Quantum Computing and Steganography

Quantum Computing Quantum Bits (Q-Bits)

In ordinary computers, each bit is either a zero or a one at any time

In quantum computers, each quantum bit (q-bit) can be both a zero and a one at any moment

When decohered, the q-bit becomes a classic one or zero randomly

41


Quantum Computing Quantum Key Distributions (QKD)

Two particles representing q-bits can be entangled so that both will be up or down when read

The two entangled particles are sent to the two communicating parties

Both will always read the bit the same way—as a one or a zero

42


Quantum Computing Quantum Key Distributions (QKD)

They will both read the stream of decohered q-bits as a key

Interception of q-bits en route by an eavesdropper is detected easily

QKD is becoming commercially viable

43


Quantum Computing Quantum Key Cracking

For determining private keys from public keys An array of N q-bits can represent all possible

keys of length N Operations can be performed on all possible

keys simultaneously Results are put in a results register Decoherence gives one result randomly from all

possible results

44



This single result can be used to compute the private key

Not instantaneous, but much faster than exhaustive search

45



Not practical today

We can only build quantum computers with a few q-bits

Quantum computers with 1000 or more q-bits are some time off

46


Steganography Steganography means hidden writing

Hiding a message in an image Every image is made of pixels There often is about one byte per pixel for each

color: red, green, and blue One bit in each byte is the least significant—

changing it will alter the color by only 1/256 The process steals the least significant bit from

each byte

47


Steganography Hiding a message in an image

The message is written into these bits

The message may be encrypted before writing it into the bits

The picture will look unchanged

48


Steganography

Digital Watermarking

Using steganography to hide identifying information in a document

To prove copyright ownership

To identify different copies of a document

49

Figure 7-22: Cryptographic Goals and Methods

Confidentiality Authentication

Applicable. Senderencrypts with key shared with the receiver.

Not applicable.SymmetricKeyEncryption

Applicable. Senderencrypts with receiver’spublic key.

Applicable. Senderencrypts with ownprivate key.

PublicKeyEncryption

Not applicable.Applicable. Used in MS-CHAP andHMACs discussed in thenext chapter.

Hashing

1 the elements of cryptography chapter 7 copyright 2003 prentice-hall

Documents