1 the elements of cryptography chapter 7 panko, corporate computer and network security copyright...

1

The Elements of Cryptography

Chapter 7

Panko, Corporate Computer and Network SecurityCopyright 2004 Prentice-Hall

2

Figure 7-1: Cryptographic System

ConfidentialityAuthentication

Message IntegrityAnti-Replay Protection

Client PC with Cryptographic

SystemSoftware

Server withCryptographic

SystemSoftware

Secure Communication

ProvidedAutomatically

3

Figure 7-2: Plaintext, Encryption, Ciphertext, and Decryption

Network

Plaintext“Hello”

EncryptionMethod &

Key

Ciphertext “11011101”

EncryptionKey

Ciphertext “11011101” Plaintext“Hello”

DecryptionMethod &

Key

DecryptionKey

Interceptor

Party A

Party B

Note:Interceptor Cannot ReadCiphertext Without the

Decryption Key

4

Figure 7-3: Key Length and Number of Possible Keys

1

Key Lengthin Bits

2

4

8

16

256

65,536

16

4

2

Number of Possible Keys

40 1,099,511,627,776

56 72,057,594,037,927,900

112 5,192,296,858,534,830,000,000,000,000,000,000

5


Key Lengthin Bits

112

168

256

512

1.15792E+77

1.3408E+154

3.74144E+50

5.1923E+33

Number of Possible Keys

6


Notes: Shaded keys, with lengths of more than 100 bits, are considered strong symmetric keys today.

Unshaded keys, with lengths of less than 100 bits, are considered weak symmetric keys today.

Public key/private key pairs must be much longer to be strong because of the disastrous consequences of learning someone’s private key and because private keys cannot be changed rapidly.

7

Figure 7-4: Symmetric Key Encryption for Confidentiality

Network

Plaintext“Hello”

EncryptionMethod &

Key

Ciphertext “11011101”

SymmetricKey

Ciphertext “11011101” Plaintext“Hello”

DecryptionMethod &

Key

SameSymmetric

Key

Interceptor

Party A

Party B

Note:A single key is used to

encrypt and decryptin both directions.

8

Figure 7-5: Data Encryption Standard (DES)

DES EncryptionProcess

64-Bit CiphertextBlock

64-Bit DES Symmetric Key(56 bits + 8 redundant bits)64-Bit Plaintext

Block

9

Figure 7-6: DES-CBC (DES-Cipher Block Chaining)

First64-Bit Plaintext Block


Second64-Bit Plaintext Block

First64-Bit Ciphertext Block

InitializationVector (IV)


Second64-Bit Ciphertext Block

DES Key

DES Key

10

Figure 7-7: Triple DES (3DES)

Sender Receiver

Encrypts plaintext with the1st key

Decrypts ciphertext withthe 3d key

Decrypts output of firststep with the 2nd key

Encrypts output of thefirst step with the 2nd key

Encrypts output of secondstep with the 3d key; givesthe ciphertext to be sent

Decrypts output of secondstep with the 1st key; givesthe original plaintext

168-Bit Encryption with Three 56-Bit Keys

11


Sender Receiver

Encrypts plaintext with the1st key

Decrypts ciphertext withthe 1st key

Decrypts output with the 2nd key

Encrypts output with the2nd key

Encrypts output with the1st key

Decrypts output with the1st key

112-Bit Encryption With Two 56-Bit Keys

12


Sender Receiver

Encrypts plaintext withthe key

Decrypts ciphertext withthe key

Encrypts output with thekey (undoes first step)

Encrypts output with thekey

56-Bit Encryption With One 56-Bit Key(For Compatibility With Receivers

Who Can Handle Only Normal DES)

13

Figure 7-8: DES, 3DES, and AES

DES

56

Weak

Moderate

Moderate

3DES

112 or 168

Strong

High

High

AES

128, 192, 256

Strong

Modest

Modest

Key Length (bits)

Strength

ProcessingRequirements

RAM Requirements

14

Symmetric Key Encryption

RC4 Only 40-bit encryption

Very weak

Used in wired equivalent privacy security for 802.11 initially

New

15

Figure 7-9: Public Key Encryption for Confidentiality

Party A Party B

Decrypt withParty A’s Private Key

Encrypt withParty A’s Public Key

Encrypt withParty B’s Public Key

Decrypt withParty B’s Private Key

EncryptedMessage

EncryptedMessage

16

Figure 7-10: Strong Keys for Symmetric and Public Key Encryption

Strong Symmetric Keys Strong Public and Private Keys

Limited damage if cracked, so can be shorter

Changed frequently, so canbe shorter

Serious damage if cracked, somust be longer

Rarely changed, so must belonger

17

Figure 7-10: Strong Keys for Symmetric and Public Key Encryption

Strong Symmetric Keys Strong Public and Private Keys

100 bits or more todayLonger for high-value transactionsLonger tomorrow as cracking power increasesDES: 56-bits (weak), but 3DES gives 112-bit or 168-bit securityAES: Key lengths of 128, 192, or 256; yet places a light load on processor and RAM so can be used by mobile devicesIDEA: 128 bits

1,024 or 2,048 bits for RSA encryption today

512 bits for ECC encryption today

Longer tomorrow as cracking power increases

18

Figure 7-11: MS-CHAP Challenge-Response Authentication Protocol

2.Verifier sends Challenge Message

Challenge

Applicant(Client)

Verifier(Server)

1.Verifier creates

Challenge Message

Note: Both the client and the serverknow the client’s password.

19


3.

Applicant (Supplicant)creates a Response Message:

(a) Adds password toChallenge Message

(b) Hashes the resultant bitstring (does not encrypt)

(c) The hash is theResponse Message

ChallengePassword

Response

Hashing(Not Encryption)

20


4.Applicant sends Response Message without encryption

Transmitted Response

21


ChallengePassword

Expected Response

Hashing

5.

Verifier adds password to theChallenge Message it sent.

Hashes the combination.This is the expectedResponse Message.

22


Expected ResponseTransmitted Response =?

6.If the two Response Messages are equal, the

applicant knows the password and is authenticated.Sever logs Client in.

7.Note that only hashing is involved.

There is no encryption.

23

Hashing

Hashing is a one-way function. It cannot be reversed From the hash, you cannot compute the original

message

Hashing is repeatable If two parties apply the same hashing method to the

same bit string, they will get the same hash

24

Figure 7-12: Encryption Versus Hashing

Encryption

Uses a key as aninput to an encryption method

Output is similar inlength to input

Reversible; ciphertextcan be decryptedback to plaintext

Use of Key

Length of Result

Reversibility

Hashing

Key is usually addedto text; the two arecombined, and thecombination is hashed

Output is of a fixedshort length, regardless of input

One-way function; hashcannot be “de-hashed” back to the original string

25

Figure 7-13: Digital Signature for Message-by-Message Authentication

To Create the Digital Signature:

1. Hash the plaintext to create abrief message digest; this is NOT the Digital Signature.

2. Sign (encrypt) the messagedigest with the sender’s private

key to create the digital signature.

3. Transmit the plaintext + digitalsignature, encrypted withsymmetric key encryption.

Plaintext

MD

DS

DS Plaintext

Hash

Sign (Encrypt)with Sender’sPrivate Key

26


4. Encrypted withSession Key

DS Plaintext

Sender Receiver

27


To Test the Digital Signature

5. Hash the received plaintextwith the same hashing algorithm

the sender used. This givesthe message digest.

6. Decrypt the digital signaturewith the sender’s public key.

This also should give themessage digest.

7. If the two match, themessage is authenticated.

Received Plaintext

MD

DS

MD

5. 6.

HashDecrypt withTrue Party’sPublic Key

7.Are they equal?

28

Figure 7-14: Public Key Deception

Impostor

“I am the True Person.”

“Here is TP’s public key.”(Sends Impostor’s public key)

“Here is authenticationbased on TP’s private key.”(Really Impostor’s private key)

Decryption of message from Verifierencrypted with Imposter’s public key,so Impostor can decrypt it

Verifier

Must authenticate True Person.

Believes now hasTP’s public key

Believes True Personis authenticated

based on Impostor’s public key

“True Person,here is a message encrypted

with your public key.”

CriticalDeception

29

Figure 7-15: Important X.509 Digital Certificate Fields

Field Description

VersionNumber

Version number of the X.509. Most certificates follow Version 3. Different versions have different fields. This figure reflects the Version 3 standard.

Issuer Name of the Certificate Authority (CA).

SerialNumber

Unique serial number for the certificate, set by the CA.

30


Field Description

Subject The name of the person, organization, computer, or program to which the certificate has been issued. This is the true party.

Public KeyThe public key of the subject—the public key of the true party.

Public KeyAlgorithm

The algorithm the subject uses to sign messages with digital signatures.

31


Field Description

ValidPeriod

The period before which and after which the certificate should not be used.Note: Certificate may be revoked before the end of this period.

DigitalSignature

The digital signature of the certificate, signed by the CA with the CA’s own private key.Provides authentication and certificate integrity.User must know the CA’s public key independently.

32


Field Description

SignatureAlgorithmIdentifier

The digital signature algorithm the CA uses to signits certificates.

33

Figure 7-16: Digital Signature and Digital Certificate in Authentication

Digital Certificate

Authentication

Public Key ofTrue Party

Signature to BeTested with

Public Key ofTrue Party

Digital Signature

34

Figure 7-17: Public Key Infrastructure (PKI) with a Certificate Authority

Create &Distribute

(1) Private Keyand

(2) Digital Certificate

4.Certificate

for Lee

3.Request Certificate

for Lee

5.Certificate

for Lee

6. Request CertificateRevocation List (CRL)

7. Copy of CRL

Verifier(Brown)

Applicant (Lee)

Verifier(Cheng)

CertificateAuthority

PKI Server

35

Certificate Authority (CA)

CAs are not regulated in any country today Anyone can be a CA

Even an organized crime syndicate

Some, such as VeriSign, are widely trusted

Companies can be their own CAs Assign keys and certificates to their internal

computers

This gets around the need to trust public CAs

36

Figure 7-18: Public Key Distribution for Symmetric Session Keys

Party A Party B

1. CreateSymmetric

Session Key

37

Figure 7-18: Public Key Distribution for Symmetric Session Keys

Party A Party B

2. EncryptSession Key with

Party B’s Public Key

4. DecryptSession Key with

Party B’s Private Key

3. Send the SymmetricSession Key Encrypted

for Confidentiality

5. Subsequent Encryption withSymmetric Session Key

38

Figure 7-19: Diffie-Hellman Key Agreement

Party X Party Y

1. Agree on Diffie-Hellman Groupp (prime) and g (generator)

2.GeneratesRandom

Number x

2.GeneratesRandom

Number y

39


Party X Party Y

3.Computes

x’=g^x mod p

3.Computes

y’=g^y mod p4.

Exchange x’ and y’Without Security

40


Party X Party Y

5.Compute Key=

y’^x mod p=g^(xy) mod p

5.Compute Key=

x’^y mod p=g^(xy) mod p6. Subsequent Encryption

with SymmetricSession Key

41

Figure 7-20: Replay Attacks

Replay Attacks Retransmit an intercepted message

Message is encrypted so that replay attacker cannot read it

Why Replay Attacks Repetition might work—for instance, replaying an

encrypted username and password might result in access to a poorly designed system

42

Figure 7-20: Replay Attacks

Preventing Replay Attacks

Insert a time stamp in messages and accept messages only if they are very recent

Insert a sequence number in each message

Insert a nonce (random number selected for the occasion) in a request message; only accept a reply message with the same nonce. Other party does not accept a request message with a previous nonce

43

Figure 7-21: Quantum Computing and Steganography

Quantum Computing Quantum Bits (Q-Bits)

In ordinary computers, each bit is either a zero or a one at any time

In quantum computers, each quantum bit (q-bit) can be both a zero and a one at any moment

When decohered, the q-bit becomes a classic one or zero randomly

44


Quantum Computing Quantum Key Distribution (QKD)

Two particles representing q-bits can be entangled so that both will be up or down when read

The two entangled particles are sent to the two communicating parties

Both will always read the bit the same way—as a one or a zero

45


Quantum Computing Quantum Key Distribution (QKD)

They will both read the stream of decohered q-bits as a key

Easy to detect interception of q-bits en route by an eavesdropper

QKD is becoming commercially viable

46


Quantum Computing Quantum Key Cracking

For determining private keys from public keys An array of N q-bits can represent all possible

keys of length N Operations can be performed on all possible

keys simultaneously Results are put in a results register Decoherence gives one result randomly from all

possible results

47



This single result can be used to compute the private key

Not instantaneous, but much faster than exhaustive key search

48



Not practical today

We can only build quantum computers with a few q-bits

Quantum computers with 1000 or more q-bits are some time off

49


Steganography Steganography means hidden writing

Hiding a message in an image Every image is made of pixels There often is about one byte per pixel for each

color: red, green, and blue One bit in each byte is the least significant—

changing it will alter the color by only 1/256 The process steals the least significant bit from

each byte

50


Steganography Hiding a message in an image

The message is written into these bits

The message may be encrypted before writing it into the bits

The picture will look unchanged

51


Steganography

Digital Watermarking

Using steganography to hide identifying information in a document

To prove copyright ownership

To identify different copies of a document

52

Figure 7-22: Cryptographic Goals and Methods

Confidentiality Authentication

Applicable. Senderencrypts with key shared with the receiver.

Not applicable.SymmetricKeyEncryption

Applicable. Senderencrypts with receiver’spublic key.

Applicable. Senderencrypts with ownprivate key.

PublicKeyEncryption

Not applicable.Applicable. Used in MS-CHAP andHMACs discussed in thenext chapter.

Hashing

Recap:Not in Book

53

Topics Covered

Cryptographic Systems Provide protections to dialog automatically

Secure communication involves Confidentiality Authentication Message integrity Anti-replay protection

54

Topics Covered

Encryption Concepts Plaintext

Encryption with encryption method and key

Ciphertext, which is is transmitted

Decryption with decryption method and decryption key

Plaintext

55

Topics Covered

Key Random bit string of a particular length

Cryptanalysts try to crack keys

Exhaustive search is thwarted by having long keys

Symmetric key encryption uses a single key for both encryption and decryption in both directions

Public key encryption uses four different keys for encrytpion and decryption in both directions

56

Topics Covered

Symmetric Key Encryption Methods DES (56-bit block encryption method)

Weak: 100 bits needed for strong symmetric key encryption

DES-Cipher Block Chaining Encryption input has three parts

Plaintext block Key Previous ciphertext block or initialization vector

3DES Apply DES three times with 1, 2, or 3 keys With 3 keys, 168-bit encryption

57

Topics Covered

Symmetric Key Encryption Methods DES and its variants has dominated in the past

Advanced Encryption Standard (AES) New, becoming dominant rapidly Key Length

128 bits 192 bits 256 bits

Low processing and memory requirements Can even be done on hand-held devices

58

Topics Covered

Public Key Encryption Each party has a secret private key and a public

key

Sender uses the receiver’s public key to encrypt for confidentiality

Receiver uses the receiver’s private key to decrypt messages

Never say “the public key” or “the private key”—always refer to a specific party’s public or private key

59

Topics Covered

Public Key Encryption Methods RSA

Dominates public key encryption today 1,024 or 2,048 bits to be strong today

Elliptic curve cryptosystem (ECC) 512 bits to be strong today (more efficient than

RSA)

In contrast, symmetric key methodologies only need key lengths of 100 bits to be strong today

60

Topics Covered

MS-CHAP Used in initial authentication

Shared secret is the user’s password

Applicant’s computer adds password to a challenge message and hashes the combined bit string

Applicant’s computer sends the hash as the response message

Problem is that process is only as secure as the strength of the user’s password

61

Topics Covered

Hashing Often used in authentication

Hashing is NOT encryption

Hashing produces a result (hash) that is always the same small length regardless of the input

Hashing is repeatable: given the same bit string, will always give the same hash No key

Hashing is irreversible

62

Topics Covered

Digital Signatures Used in message-by-message authentication

Applicant hashes plaintext message to produce a short message digest

Applicant signs message digest (encrypts it with the Applicant’s private key) to produce the digital signature

Verifier uses the true party’s public key to test the digital signature

63

Topics Covered

Digital Certificates Verifier uses the true party’s public key to test the

digital signature—not the sender’s public key

Where does the verifier get the true party’s public key?

Digital certificates give the true party’s name and public key

Note that both a digital signature and a digital certificate (to test the digital signature) are needed in authentication. Neither alone is enough.

64

Topics Covered

Public Key Infrastructure Digital certificates

Do not vouch for the goodness of the true party—only the true party’s public key

Follow the X.509 standard

PKI Server Distributes private keys securely Distributes public keys in digital certificates Provides certification revocation list (CRL) to

ensure that digital certificate is still valid

65

Topics Covered

Certificate Authorities (CA) Manage the PKI

If the CA is set up by an attacker, cannot trust its digital certificates

Not regulated

66

Topics Covered

Confidentiality Authentication

Applicable. Senderencrypts with key shared with the receiver.

Not applicable.SymmetricKeyEncryption

Applicable. Senderencrypts with receiver’spublic key.

Applicable. Senderencrypts with ownprivate key.

PublicKeyEncryption

Not applicable.Applicable. Used in MS-CHAP andHMACs discussed in thenext chapter.

Hashing

Recap:Not in Book

67

Topics Covered

Key Distribution Symmetric keys must be distributed securely

between the two parties

Session keys are only used during a single communication session to prevent cryptanalysts from getting enough traffic to crack the key

68

Topics Covered

Public Key Distribution One party randomly generates a symmetric session

key

Encrypts the key with the other party’s public key

Both have the symmetric session key, use it

Diffie-Hellman Key Agreement Mathematical way to exchange information to allow

the two parties to compute the same symmetric session key

69

Topics Covered

Replay Attacks Attacker resends message

May be effective even if the attacker cannot decrypt the message

To thwart replay attacks, use Time stamps Sequence numbers Different nonces for each command/response

cycle

1 the elements of cryptography chapter 7 panko, corporate computer and network security copyright...

Documents