330 likes | 400 Views
Cryptography. Troy Latchman Byungchil Kim. Fundamentals. We know that the medium we use to transmit data is insecure, e.g. can be sniffed. Cryptography allows a sender to disguise data in hopes that an intruder can gain no information from the intercepted data. Fundamentals.
E N D
Cryptography Troy Latchman Byungchil Kim
Fundamentals • We know that the medium we use to transmit data is insecure, e.g. can be sniffed. • Cryptography allows a sender to disguise data in hopes that an intruder can gain no information from the intercepted data.
Fundamentals • Alice and Bob are two innocent people. • Trudy is an intruder.
Fundamentals • Alice generates some data that is in plaintext. She then uses a key (Ka) and an encryption algorithm to transform the data into ciphertext. • The data is transmitted and sniffed along the way. Trudy gains no information about the contents of the message because the data is in ciphertext (encrypted). • Bob receives the ciphertext and uses a key (Kb) and a decryption algorithm to transform the data into plaintext.
Fundamentals Shortened Notation: • Alice starts with message ‘m’ and applies her key as well as ‘m’ to an encryption algorithm to get the ciphertext Ka(m) • Bob receives Ka(m) and applies this as well as his key to the decryption algorithm to get the original message: Kb(Ka(m)) = m • m => Ka(m) => Kb(Ka(m)) => m
Keys • Symmetric Key • Alice’s and Bob’s keys are identical and are private. • Public Key • Two keys are used. One of the keys is public (the whole world knows it). The other key is known either by Alice or Bob, not both.
Symmetric Key Caesar cipher is a very old and simple symmetric key algorithm: • Take each letter in the plaintext message and translate it into another letter. • The translation is done by adding a constant, k, to the plaintext letter. • The number for each letter is its position in the alphabet, e.g. A=1, Z=26. The alphabet has wrap around where A comes after Z.
Symmetric Key Caesar cipher example: • Let k=3 (the key) • Plaintext: BOB, I LOVE YOU. ALICE • Ciphertext: ERE, L ORYH BRX. DOLFH Note that Caesar cipher only has 25 possible keys, so a brute force method to break the encryption can be used.
Symmetric Key Monoalphabetic cipher - an improvement over Caesar cipher • Each letter gets translated to a set random letter by a 1 to 1 algorithm. • 26! possible pairings (keys). • Monoalphabetic cipher was later improved by polyalphabetic encryption.
Symmetric Key • Data Encryption Standard (DES) http://www.aci.net/kalliste/des.htm • Created in 1977 and updated in 1993. The algorithm works by manipulating input on the bit level. • The algorithm needs an input (limited to 64 bits) and a 64 bit key (effectively only 56 bits due to 8 parity bits)
Symmetric Key Basic operation of DES
Symmetric Key • The 56-bit DES is considered too insecure. The encryption was cracked in 22 hours in 2002 using a special purpose computer. • 3DES is more secure. This runs DES 3 times with 3 different keys. • Advanced Encryption Standard (AES) is the successor to DES. It uses key lengths of 128, 192, and 256 bits. It is estimated that a computer that could break 56-bit DES encryption in 1 second would take approximately 149 trillion years to crack 128-bit AES encryption.
Public Key • One short fall to using a symmetric key is that both parties must know the key before they start the encrypted communication. • How do the parties initially get the key? • They could meet in person so that the communication would be secure, but this is usually inconvenient. • Elegant Solution: public key encryption.
Public Key • Instead of Alice and Bob having the same secret key. Bob will have 2 keys, a public key (Kb+) which the whole world knows, and a private key that only Bob knows (Kb-). • This eliminates the need for distributing secret keys.
Public Key Overview of public key encryption
Public Key • Alice fetches Bob’s pubic key (Kb+) • She encrypts her message with the key to get: Kb+(m) • Bob receives the ciphertext and applies his private key in order to extract the message: Kb-(Kb+(m)) = m IMPORTANT: Kb+(Kb-(m)) = m (We will see the importance of this later)
Public Key RSA – a public key encryption algorithm named after its founders (Ron Rivest, Adi Shamir, and Leonard Adleman): • Choose 2 large prime numbers ‘p’ and ‘q’. • Compute n = p*q • Compute z = (p-1)*(q-1) • Choose a number ‘e’ that is less than ‘n’ which has no common factors (besides 1) with z • Find a number ‘d’ such that e*d-1 is divisible by ‘z’ with no remainder • Kb+ = (n,e) • Kb- = (n,d)
Public Key • We now have (n,e) and (n,d), that is Kb+ and Kb-. • Alice obtains (n,e) and does the following to each letter of her message (again A=1 and Z=26): • c = m^e mod n where ‘m’ is the numeric value of the letter and ‘c’ is the cipher output
Public Key • Bob is the only one who has (n,d), that is Kb-, and does the following on each letter once he receives the ciphertext form Alice: • m = c^d mod n where ‘m’ is the recovered message
Public Key RSA example: Bob does the following: • Chooses p=5 and q=7 - Thus, n=35 and z=24 • Chooses e=5 since 5 and 24 have no common factors • Chooses d=29 since 5*29-1 is divisible by 24 So we have Kb+ = (35,5) and Kb- = (35,29) Suppose Alice wants to send ‘l’ ‘o’ ‘v’ ‘e’ to Bob…
Integrity • There is a short fall to using public key encryption - Trudy, the intruder, can claim she is Alice! • We didn’t have to worry about these false claims in symmetric key encryption because the mere fact that the user on the other end had the correct key (which is private) was proof enough they were who they said they were. • How do we regain the integrity that we lost?
Integrity • Bob can sign his message – proving that the messages are coming from Bob. • All he has to do is a apply his private key to the data he sends Alice: Kb-(m) • Alice then receives this and applies Bob’s public key: Kb+(Kb-(m)) = m (This is the important part from slide 16)
Integrity • But signing over the entire message is computationally expensive. • Want a less costly way to have integrity. • Answer: Message Digest
Integrity • Message digest algorithms take a message ‘m’ or arbitrary length and compute a fixed-length output known as a message digest: H(m) • The algorithm is basically a many to one hash function. • A good algorithm will make it inconceivable for 2 messages to hash to the same value (message digest).
Integrity • Now that we have a small “summary” of what is in the message, we can use this to obtain integrity when using public key encryption. • All Bob needs to do is to apply his private key to the message digest. This is much more efficient than applying it to the entire message: Kb-(H(m)) which is called a digital signature
Integrity • Now when Bob wants to communicate, he can just send ‘m’ and Kb-(H(m)) • When Alice receives these two items, she computes H(m) two different ways: Directly from ‘m’ (like Bob did when sending the message) By applying Bob’s public key to the digital signature: Kb+(Kb-(H(m)) = H(m) • Alice then compares the two message digests and see if they match.
Integrity • How do we compute H(m)? • There are widely used algorithms to do so. • MD5 and SHA-1 are examples of such algorithms. MD5 computes a 128-bit message digest in a four-step process. • http://www.faqs.org/rfcs/rfc1321.html
The Lab • Be sure to thoroughly read and understand the previous slides. • We will be doing exercises with built in functions in Linux. • We will examine: DES, RSA, MD5, and SHA-1.
References All figures and tables throughout this presentation came from one source: • Kurose, Charlie and Ross, Keith. Computer Networking: A Top-Down Approach Featuring the Internet. New York, NY: Addison Wesley, 2003.