290 likes | 413 Views
Raval • Fichadia John Wiley & Sons, Inc. 2007. Basic Cryptography. Chapter Five Prepared by: Raval, Fichadia. Chapter Five Objectives. Describe the nature and characteristics of cryptography. Interpret the role of cryptography in achieving security objectives.
E N D
Raval • Fichadia John Wiley & Sons, Inc. 2007 Basic Cryptography Chapter Five Prepared by: Raval, Fichadia
Chapter Five Objectives • Describe the nature and characteristics of cryptography. • Interpretthe role of cryptography in achieving security objectives. • Explainsecret key cryptography and its strengths and weaknesses. • Explainpublic key cryptography and its strengths and weaknesses. • Infer the role of secret key and public key cryptography approaches in achieving security.
Basic Concepts • Meaning of cryptography: Cryptography is the field that offers techniques and methods of managing secrets. • Purposes of cryptography • To preserve confidentiality • To authenticate senders and receivers of messages • To facilitate message integrity • To ensure that the sender will not be able to deny transfer of message (nonrepudiation)
Terms and Definitions • Text: Any message or content. • Plaintext: Text in humanly-readable form. • Ciphertext: Text in garbled (encrypted) form. • Method: The procedure used to encrypt or decrypt a message. • Example: Caesar’s cipher • Key: The value of a variable that drives the encryption/decryption process. • Example: Replace each character using a character in the alphabet three positions forward (D for A, for example).
Process Components • Encryption process: Using plaintext as input, the encryption process produces output in the garbled (encrypted) form, call ciphertext. The process uses a method (an algorithm) and a key. • Decryption process: Using ciphertext as input, the decryption process produces output in plaintext (de-garbled or decrypted) form. The process uses a method (an algorithm) and a key. • Method (algorithm) used in both encryption and decryption of a message should be the same.
Role Players • Cryptographer: An expert in the field of design and use of cryptographic techniques. • Cryptanalyst: An expert who tries to unscramble ciphertext without the key, uncovering the plaintext. • Cryptologist: A cryptologist is either a cryptographer or a cryptanalyst.
Using Cryptography • The decision to use cryptography should be based on decision criteria. • Decision criteria may include types of risks to be managed, cost of using cryptography, and value of such use of cryptography. • Cost-benefit analysis is essential to arrive at a decision. • Examples of costs: cost of system components, additional processing time required, effect on system performance. • Examples of value: protecting private information and intellectual property, enhancing the firm’s image, complying with regulatory requirements.
Secret Key Cryptography • Basic approaches to designing ciphers • Substitution: One character of the plaintext is replaced by a designated character in the ciphertext. • Transposition: The order of characters in the plaintext is changed, although plaintext characters remain the same in the garbled message. • Ways of scrambling content: • Confusion: Involves more complex transpositions and substitutions. • Diffusion: Changing the order of characters plus one other additional function.
Cryptographic Algorithms • Simple substitution ciphers • Substitute a character in the plaintext with a designated character in the ciphertext. • A character gets substituted by the same designated character, every time the character appears in the plaintext. • This allows cryptanalysts to de-garble the message using frequency analysis of characters in the ciphertext. • A polyalphabetic substitution cipher • The characters in the key determine displacement, that is, designated character that will replace the plaintext character. • Because of this, the same character in the plaintext may be represented by a different designated character. • Cryptanalysis of ciphertext developed using a polyalphabetic cipher is therefore difficult, if not impossible. • An example is: Vigenere cryptosystem
Cryptographic Algorithms • Transposition ciphers • The order of characters in the plaintext is changed, although plaintext characters remain the same in the garbled message. • More than one transposition schemes can be used in cipher. • A substitution scheme can be combined with the use of a transposition scheme. • Exclusive Or (XOR) • Is a substitution cipher in binary terms. • Indicates that either one condition is true (equals bit value of “1”), or the other is true, but not both. • The scheme compares well with the concept of parity bit. Exclusive Or is a result that is more like maintaining an even parity bit.
Block and Stream Ciphers • A block cipher operates on a fixed length of contiguous characters at a time. • Each block is considered independent, requiring the use of the key repeatedly for each block of data. • To keep the block size constant, the tail end of the message, if it results in less than block length, is padded to make it equal to the block. • Block ciphers are standardized and more widely available. • A stream cipher treats the message to be encrypted as one continuous stream of characters. • Stream ciphers are generally considered as unique, or nonstandardized and are dedicated between the sender and the receiver. • One time pad can be considered a stream cipher where the key length equals the message length.
Cryptanalysis – Secret Key Cryptography • Cryptanalysis is the process used to unscramble ciphertext without the key. • A cryptanalyst could most likely be the person who is unauthorized to see the plaintext. • Brute-force attack is one technique used by cryptanalysts to break the code. • Such an attack attempts every possible key on the ciphertext in a certain order. • This is continued until the actual key is found, which reveals the message. • If only simple substitution is used to encrypt a message, frequency analysis of characters in the encrypted message could reveal which character in the ciphertext represents a character in the plaintext. (e.g., “d” for “a”). This is because pattern of frequency of characters in a typical English text is known. • Often, in such analysis, you do not need to unscramble every character in the ciphertext. Once a few characters in the plaintext are identified, the rest may be guessed. This is because there is considerable redundancy in English text.
Current Secret Key Algorithms • DES: Data Encryption Standard • DES is a block cipher. • Encrypts a block of 64 bits at a time. • Several iterations of a subprocess are performed to create ciphertext. • The method, apparently complex, is efficient. • Since DES is now vulnerable to attacks, 3DES (triple DES) is often used, where the process is repeated three times using various keys.
Current Secret Key Algorithms • AES: Advanced Encryption Standard • NIST invited entries for a new secret key standard that could be a strong alternative to DES. • The final choice was what is called Rijndael encryption algorithm. • Two Belgian researchers developed the algorithm. • Rijndael is a block algorithm, with variable block length and variable key length.
Message Digests • A message digest is an abridged version of the message. • Message digest is a fixed length abridgement of the message, regardless of the length of the message. • Message digests are used to obtain message integrity assurances. • The receiver of a message achieves this assurance by comparing sent message digest value with the one that the receiver computes from the received message. • To produce the message digest of a message, you need to select a message digest method. • Message digest methods • Role in cryptography
Message Digest Characteristics • If the original message is unaltered (that is, the message has integrity), its digest value will be same as initially computed, no matter who computes the digest and when is the digest computed. A comparison of the original digest value with newly produced value provides the assurance of message integrity (or lack thereof). • Knowing the digest value is not enough to recreate the original message. You can compute digest value from a message, but you cannot reverse the process (compute the message from a message digest). This characteristic is called onewayness. • If an effective message digest method (algorithm) is used, even the slighted modification, such as adding a space somewhere in the message, will result in a different digest value. This characteristic of a message digest method suggests that the method is collision-proof. That is, no two values of the digest will agree to the same message.
Advantages of Secret Key Cryptography • It is understandable and easy to use. • It is efficient. • Efficiency is a key consideration when messages are transmitted frequently and/or are lengthy.
Limitations of Secret Key Cryptography • The users must share the same secret key. • During transmission of the key, someone may intercept the key. • The number of keys required increases at a rapid rate as the number of users in the network increases. • Because of these reasons, secret key management challenges are significant. • A key distribution center (KDC) – a trusted third party – may be used for managing and distributing keys. • Secret key cryptography cannot provide an assurance of authentication.
Public Key Cryptography (PKC) • A pair of related key, one is called private key and other, public key. • Private key remains with the owner; public key is distributed. • This solves the key distribution problem encountered in the use of secret keys. • One may own more than one keys pairs. • Knowledge of public key does not help in finding/deriving the related private key. • Both keys work in a complementary manner; any plaintext encrypted with a private key can be decrypted using the related public key, and vice versa. • If a message is encrypted using private key, its decryption using the related public key proves that the message must be have been sent by the owner of the public-private key pair. Technologically, this facilitates sender authentication.
RSA: A Current Public Key Algorithm • Created by Rivest, Shamir, and Adelman, named RSA. • RSA algorithm is currently in use. • The company website is: www.rsasecurity.com • Based on the notion that a product of two large prime numbers cannot be easily factored to determine the two prime numbers. • That is, going from results (the product of prime numbers) to inputs (prime numbers) is a nearly impossible task. • Although a public key is related to private key, it is nearly impossible to calculate the private key using the knowledge of its related public key.
Advantages of PKC • There is no need to communicate private key; related public key is widely distributed (not kept secret). • A sender who private-key encrypts the message or any part thereof can be authenticated because no one else is supposed to have the sender’s private key. • External parties can confidentially communicate with an owner of the key pair by sending a message encrypted using the owner’s public key. • A brute-force attack on a message encrypted using PKC is time consuming and is nearly impossible.
Limitations of PKC • The use of PKC takes a significant amount of processing power; it is computationally intensive. • Therefore, it negatively affects efficiency of communication. • Consequently, it is used selectively. For example an entire message may not be encrypted using PKC. • Since public keys are publicly distributed, it is possible for anyone to open a private-key encrypted message (assuming no other protection is used). An assurance of confidentiality is not possible under these conditions, and will require additional measures to ensure confidentiality. • Published keys may be altered by someone. Additional measures are necessary to ensure that a valid public key of the owner is obtained before its use.
Implications for Assurance • The secret key approach can facilitate the confidentiality objective. • Sender authentication is not possible using only a secret key. • The use of a message digest facilitates assurance of message integrity. • Security solutions that seek confidentiality, authentication, and message integrity concurrently may require an approach where both secret key and public key cryptography are employed.