1 / 28

Module 4 Enhancing Cryptographic security & Modes Of Encryption

Module 4 Enhancing Cryptographic security & Modes Of Encryption. MModified by :Ahmad Al Ghoul PPhiladelphia University FFaculty Of Administrative & Financial Sciences BBusiness Networking & System Management Department RRoom Number 32406 EE-mail Address: ahmad4_2_69@hotmail.com.

Download Presentation

Module 4 Enhancing Cryptographic security & Modes Of Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Module 4 Enhancing Cryptographic security & Modes Of Encryption • MModified by :Ahmad Al Ghoul • PPhiladelphia University • FFaculty Of Administrative & Financial Sciences • BBusiness Networking & System Management Department • RRoom Number 32406 • EE-mail Address: ahmad4_2_69@hotmail.com Ahmad Al-Ghoul 2010-2011

  2. Objectives • Key Escrow • Types of Ciphers • General Types of Ciphers • Some encryption Trends • Monoalphabetic Substitution Ciphers • Polyalphabetic Substitution Ciphers • Transposition Ciphers • DES • RSA • Error Prevention and Detection • Cipher Block Chain • One Way Encryption Ahmad Al-Ghoul 2010-2011

  3. Encyption – can it be broken? • Theoretically, it is possible to devise unbreakable cryptosystems • However, practical cryptosystems almost always are breakable, given adequate time and computing power • The trick is to make breaking a cryptosystem hard enough for the intruder Ahmad Al-Ghoul 2010-2011

  4. Types of Ciphers • Ciphers can be broadly classified into the following two categories depending upon whether • a symbol of plaintext is immediately converted into a symbol of ciphertext (Stream Ciphers) • or a group of plaintext symbols are converted as a block into a group of ciphertext symbols (Block Ciphers) • Speed of Encryption • stream symmetric > block symmetric > asymmetric Ahmad Al-Ghoul 2010-2011

  5. Stream Ciphers • A symbol of plaintext is immediately converted into a symbol of ciphertext • Advantages • Speed of transformation • Low error propagation • Disadvantages • Low diffusion (Change in the plaintext should affect many parts of the ciphertext) • Susceptible to malicious insertions and modifications Ahmad Al-Ghoul 2010-2011

  6. Block Ciphers • A group of plaintext symbols are converted as a block into a group of ciphertext symbols • Advantages • Diffusion • Immunity to insertions • Disadvantages • Slowness of encryption • Error propagation Ahmad Al-Ghoul 2010-2011

  7. Trends • Block size:larger block sizes mean greater security • Key Size:larger key size means greater security • Number of rounds:multiple rounds offer increasing security Ahmad Al-Ghoul 2010-2011

  8. DES DES developed at IBM, every five years re-certification is held, it is a block cipher algorithm, it maps 64-bit plaintext into 64 block of cipher text, keys are 56 bit long, the procedures is repeated several time, the brute force approach to decipher requires 70 million billion trials (2 raised on 56) Ahmad Al-Ghoul 2010-2011

  9. Overview of DES DES is a careful combination of two fundamental building blocks of encryption: substitution and permutation (transposition) Algorithm repeats these operation in 16 cycles Algorithm uses only standard arithmetic and logical operation on up to 64 numbers, although complex, the algorithm is repetitive, making it suitable for implementation on a single purpose chip, Several such chips are available on the market Ahmad Al-Ghoul 2010-2011

  10. Rivest-Shamir-Adleman Encryption RSA incorporates results from number theory, combined with the difficulties of determining the prime factors of a target RSA operates with arithmetic mod n Two keys d and e are used for encryption and decryption They are interchangeable, the plain text is encrypted as P(e)mod n The decrypting key d is chosen, so that ((P(e)d) mod n=P The underlying problem on which the RSA is based is that of factoring large numbers Ahmad Al-Ghoul 2010-2011

  11. RSA Because of symmetry in modular arithmetic, encryption and decryption are mutual inverse and commutative The encryption key consists of a pair of integers (e,n) and the decryption key is (d,n), e and d are used as: P=C mod n = (P ) mod n = (P ) mod n The value of n should be quite large, a product of two primes p and q Both should be large themselves, 100 digits each, and n is 200 digits long Ahmad Al-Ghoul 2010-2011

  12. the RSA power To give an intuitive feel what this means, suppose we have to find the two factors of the number 437, which two numbers multiplied together give 437. This can be solved easily by a calculator, but numbers made sufficiently large, like those requiring several hundreds or thousand of bits to represent them make this task even difficult for computers The state of art in factoring in 1994 was demonstrated by well publicized event - the factoring of a 129 digit (429 bit) RSA modules. The total processing power required was 4 600 MIPS years or to a processing done by Pentium 100 running non stop for 46 year. Today it is considered that 1024 bit modules provide enough protection even for the computer power beyond year 2000 Ahmad Al-Ghoul 2010-2011

  13. ALGORITHM • Key Generation • Generate two large prime numbers, p and q • Let n = pq • Let m = (p-1)(q-1) • Choose a small number e, coprime to m • Find d, such that de % m = 1 • Publish e and n as the public key.Keep d and n as the secret key. • Encryption • C = Pe % n • Decryption • P = Cd % n • x % y means the remainder of x divided by y Ahmad Al-Ghoul 2010-2011

  14. Key Generation • 1) Generate two large prime numbers, p and q • To make the example easy to follow I am going to use small numbers, but this is not secure. To find random primes, we start at a random number and go up ascending odd numbers until we find a prime. Lets have: • p = 7q = 19 Ahmad Al-Ghoul 2010-2011

  15. Key Generation • 2) Let n = pq • n = 7 * 19 = 133 • 3) Let m = (p - 1)(q - 1) • m = (7 - 1)(19 - 1) = 6 * 18 = 108 Ahmad Al-Ghoul 2010-2011

  16. Key Generation • 4) Choose a small number, e coprime to m • e coprime to m, means that the largest number that can exactly divide both e and m (their greatest common divisor, or gcd) is 1. Euclid's algorithm is used to find the gcd of two numbers, but the details are omitted here. • e = 2 => gcd(e, 108) = 2 (no)e = 3 => gcd(e, 108) = 3 (no)e = 4 => gcd(e, 108) = 4 (no)e = 5 => gcd(e, 108) = 1 (yes!) Ahmad Al-Ghoul 2010-2011

  17. Key Generation • 5) Find d, such that de % m = 1 • This is equivalent to finding d which satisfies de = 1 + nm where n is any integer. We can rewrite this as d = (1 + nm) / e. Now we work through values of n until an integer solution for e is found: • n = 0 => d = 1 / 5 (no)n = 1 => d = 109 / 5 (no)n = 2 => d = 217 / 5 (no)n = 3 => d = 325 / 5 = 65 (yes!) Ahmad Al-Ghoul 2010-2011

  18. Key Generation • To do this with big numbers, a more sophisticated algorithm called extended Euclid must be used. • Public Key • n = 133e = 5 • Secret Key • n = 133d = 65 Ahmad Al-Ghoul 2010-2011

  19. Communication • Encryption • The message must be a number less than the smaller of p and q. However, at this point we don't know p or q, so in practice a lower bound on p and q must be published. This can be somewhat below their true value and so isn't a major security concern. For this example, lets use the message "6". • C = Pe % n = 65 % 133 = 7776 % 133 = 62 Ahmad Al-Ghoul 2010-2011

  20. Decryption • This works very much like encryption, but involves a larger exponation, which is broken down into several steps • P = Cd % n = 6265 % 133 = 62 * 6264 % 133 = 62 * (622)32 % 133 = 62 * 384432 % 133 = 62 * (3844 % 133)32 % 133 = 62 * 12032 % 133 Ahmad Al-Ghoul 2010-2011

  21. Decryption • We now repeat the sequence of operations that reduced 6265 to 12032 to reduce the exponent down to 1. • = 62 * 3616 % 133 = 62 * 998 % 133 = 62 * 924 % 133 = 62 * 852 % 133 = 62 * 43 % 133 = 2666 % 133 = 6 Ahmad Al-Ghoul 2010-2011

  22. Java RSA Code • A Java implementation of RSA is just a transcription of the algorithm: • import java.math.BigInteger;import java.security.SecureRandom;class Rsa{private BigInteger n, d, e;public Rsa(int bitlen){ SecureRandom r = new SecureRandom(); BigInteger p = new BigInteger(bitlen / 2, 100, r); BigInteger q = new BigInteger(bitlen / 2, 100, r); n = p.multiply(q); BigInteger m = (p.subtract(BigInteger.ONE)) .multiply(q.subtract(BigInteger.ONE)); e = new BigInteger("3"); while(m.gcd(e).intValue() > 1) e = e.add(new BigInteger("2")); d = e.modInverse(m); }public BigInteger encrypt(BigInteger message){return message.modPow(e, n); }public BigInteger decrypt(BigInteger message){return message.modPow(d, n); }} Ahmad Al-Ghoul 2010-2011

  23. Enhancing Cryptographic Security • Currently 3DES and RSA(1024) are believed to be secure • An intruder is unlikely to discover the content of a message encrypted under one of them • But some systems based on these cryptosystem may not achieve their goals • block replay • operation mode dependent Ahmad Al-Ghoul 2010-2011

  24. Error Prevention and Detection • In the DES and any block Cipher each block is an entity. • An interceptor who understood the format of a sender’s messages could modify messages without needing to break the encryption. Ahmad Al-Ghoul 2010-2011

  25. Block 1 Block 2 Block 3 Block 4 Block 5 Name Account Amount Encrypted Error Prevention and Detection • Attack : Block Replay • If ECB mode (each block encrypted separately) is used, then intruder can replace the forth block arbitrarily using the previously used data • Solution • Block Chaining • Error propagation - cannot reconstruct the whole ciphertext • Initial Chaining Value(Initial Vector) • randomize the first block • candidates : random number, date, time, etc. Ahmad Al-Ghoul 2010-2011

  26. One-Way Functions • One-way functions are relatively easy to compute, but significantly harder to reverse. That is, given x it is easy to compute f(x), but given f(x) it is hard to compute x. In this context, “hard” is defined as something like: It would take millions of years to compute x from f(x), even if all the computers in the world were assigned to the problem. • Breaking a plate is a good example of a one-way function. It is easy to smash a plate into a thousand tiny pieces. However, it’s not easy to put all of those tiny pieces back together into a plate. Ahmad Al-Ghoul 2010-2011

  27. One Way Encryption • one-way encryption, allows for the encryption of some plain text, but does not provide a way in which to convert the cipher text back to its original form. • it is a widely used technique for ensuring the integrity of system passwords. • if the one-way encrypted passwords somehow fall into the hands of a third-party, it isn't going to do much good because they can never be converted back to plain text. Ahmad Al-Ghoul 2010-2011

  28. One Way Encryption • The user enter his password, the input ( password ) is encrypted using the one-way algorithm. • The password that encrypted with one way encryption compared with the stored encrypted password. • If they match, the input password must be correct. • The input parameter input_string is just the string that you would like to encrypt. • The second, optional input parameter salt refers to a bit-string that will influence the encryption outcome to further eliminate the possibility of what are known as precomputation attacks Ahmad Al-Ghoul 2010-2011

More Related