190 likes | 342 Views
Cryptography. History of Encryption. Originally used mostly for delivering messages in the military Spartan generals would write messages on a small strip of paper that could only be read when wrapped around a cylinder of the right size.
E N D
History of Encryption • Originally used mostly for delivering messages in the military • Spartan generals would write messages on a small strip of paper that could only be read when wrapped around a cylinder of the right size. • Messages were tattooed on a slave’s scalp, so that once hair has grown in, the message is unnoticeable. • Greeks were among the first to use ciphers, often putting the alphabet into a 5x5 grid and using the coordinates to code and decode messages. • Caesar often coded text by swapping the nth letter in the alphabet with say, the n+3rd letter. • Thomas Jefferson made a decoder with letters randomly arranged on wheels so that when you line them up into a word, the code for it appears on the opposite side. • (Windtalkers) – some messages during WWII were translated into Navaho, a language unfamiliar to most of Europe.
History continued… • Computers made coding and decoding information much faster, and allowed for much more complex algorithms. At the same time made, decrypting messages became easier because computers could just guess every possible key, so encryption had to become more complex and use enough bits so that computers couldn’t guess every key in a reasonable amount of time. • In the 1970’s, the Data Encryption Standard (DES) was introduced and approved by the federal government, but its 56-bit algorithm could be guessed nowadays, so it has since been replaced by the Advanced Encryption Standard, which can use 128,192, or 256-bit encryption, which would take much longer for a computer to decipher. • Now, voice recordings can also be coded once they have been digitized. • It is used in many government activities, as well as banks, credit card companies, and to protect personal information, such as in BC’s AGORA. It is important to have protection for any important information that is sent or stored anywhere on the internet.
What Are Keys? • Often the encryption algorithm used to encrypt plaintext into ciphertext is public, standardized information available to anyone. • Keys are secret values that prevent just anyone from using the encryption algorithm to decrypt the ciphertext • A Key (simply a string of numbers, characters, or both), the plaintext, and the encryption algorithm are the three inputs for encryption, and similarly for decryption inputs are a key, ciphertext, and the decryption algorithm • The two types of key systems are: • Symmetric Key Systems- both users share the same identical key, which is not public information • Public Key Systems – a pair of keys is used, one of which is public information to anyone, the other is known only to one of the two users.
Symmetric Key Systems • One of the first known uses of cryptography was during the time of Julius Caesar, and we will use the algorithm named after him to describe a simple symmetric key system • Caesar cipher – take each letter used in plaintext message and substitute with letter that is k letters later in the alphabet (allowing for wrap around.) The key here is the value you choose for k. • Example: where k = 3, “I LOVE YOU” = • “L ORYH BRX” • A problem with this algorithm is it is easy to break, since there are only 25 possible values of k
Some Other Symmetric Key Systems • Monoalphabetic cipher – key = “mnbvc….rewq” where these letters stand for ciphertext characters for plaintext characters “abcde….wxyz” respectively • This allows for 26! Possible key combinations • Polyalphabetic encryption – key = 2 or more different ciphers (whether they be simple Caesar ciphers of an integer less than or equal to 25, or monoalphabetic ciphers) and a corresponding repeating pattern of use for different ciphers such as: c1-c2-c2-c2-c1-c2
Symmetric Key Systems • Data Encryption Standard (DES) • A symmetric key system standard of The National Institute of Standards and Technology • DES encodes plaintext in 64 bit chunks using a 56-bit Key. • Cipher-Block Chaining • DES has been proven insecure in recent tests, the fastest code break being done in only 22 hours. • Triple DES (3DES) • Advanced Encryption Standard (AES)
Public Key Systems • Public Key Systems work when one user broadcasts his or her public key, and then another user uses that public key to encrypt data according to an algorithm. The receiving user then uses this public key and a secretly held private key to decrypt this data. • One problem with this is that it no longer provides identity authentification because when both parties held the same common secret key that alone proved that the communicating parties were who they said they were. Now without this, to authentificate a user’s identity in public key systems a digital signature is used.
RSA Algorithm • The first step in RSA involves the selection of a public and private key, and it has the following steps: • Choose two large prime numbers, p and q. Compute n = p*q; z = (p-1)*(q-1) • Choose a number e, such that e<n, and e and z share no common factors • Choose a number d, such that (e*d)%z = 1 • Your public key is the set of numbers (n,e) • Your private key is the set of numbers (n,d) • Encryption and Decryption go as follows: • Send, m, while m<n, can be encrypted into the ciphertext value c as: • C = (m^e)%n • Ciphertext value, c, can be decrypted back into plaintext, m, by: • M = (c^d)%n • DES and RSA combined
Key Distribution and Certification • A KDC is a server that sets up different secret symmetric keys with each registered user for use in symmetric key systems • A CA certifies that a particular public key indeed belongs to the user that is claiming ownership of the key for use in public key systems
Cryptanalysis • Cryptanalysis is the process of breaking code • No set method or steps to break code, as there are different processes used to encode text, which may be unknown to code breaker
Types of Cryptanalysis • A standard cryptanalytic attack is to determine the key which maps a known plaintext to a known ciphertext. This plaintext can be known because it is standard or because it is guessed. If the plaintext segment is guessed it is unlikely that its exact position is known however a message is generally short enough for a cryptanalyst to try all possible positions in parallel. In some systems a known ciphertext-plaintext pair will compromise the entire system however a strong encryption algorithm will be unbreakable under this type of attack.
Types Of Cryptanalytic Attacks • Brute force attack requires a large amount of computing power and a large amount of time to run. It consists of trying all possibilities in a logical manner until the correct one is found. For the majority of encryption algorithms a brute force attack is impractical due to the large number of possibilities. • Dictionary attack. This essentially involves running through a dictionary of words in the hope that the key (or the plaintext) is one of them. This type of attack is often used to determine passwords since people usually use easy to remember words.
Ciphertext only attack the cryptanalyst has only the encoded message from which to determine the plaintext, with no knowledge whatsoever of the actual message. A ciphertext only attack is presumed to be possible, if not easy. In fact, an encryption techniques resistance to a ciphertext only attack is considered the basis for its cryptographic security. • Chosen plaintext attack the cryptanalyst has the capability to find the ciphertext corresponding to an arbitrary plaintext message of his or her own choosing. The likelihood of this type of attack being possible is not much. Codes which can survive this attack are considered to be very secure. • Chosen ciphertext attack the cryptanalyst can choose an arbitrary ciphertext and find the corresponding decrypted plaintext. This attack can be used in public key systems, where it may reveal the private key.
Adaptive chosen plaintext attack the cryptanalyst can determine the ciphertext of chosen plaintexts in an iterative process based on previous results
Frequency Tables • The cryptanalysis of single-key cryptosystems depends on one simple fact - that some traces of the original structure of the plaintext may be visible in the ciphertext. For example, in a monoalphabetic substitution cipher where each letter in the plaintext is replaced by a letter in the ciphertext which is the same each time, a simple analysis of a sizeable portion of ciphertext can be used to retrieve most of the plaintext.
Encryption Example • Using Crypto Package from http://www.bouncycastle.org • How to apply this crypto package in a mobile application • Unfortunately, we can’t run it, but a good example nonetheless
SSL • What is SSL? • Sockets • Layering • TLS – Transport Layer Security • TLS Record Protocol • TLS handshake protocol • JSSE and Tomcat
HTTPS • Encrypts and decrypts use page requests • SSL sub-layer • Port 443 instead of 80 • Interacts with lower TCP/IP layer • 40 bit key size