460 likes | 614 Views
cs4765. Intro to Cryptography. A brief Ancient history. 1900 B.C. In Egypt using "non-standard" hieroglyphs 1500 B.C. Mesopotamian tablet enciphered formula for making pottery glazes 500-600B.C. Hebrew ATBASH cipher 486 B.C. Greek skytale
E N D
cs4765 Intro to Cryptography
A brief Ancient history • 1900 B.C. In Egypt using "non-standard" hieroglyphs • 1500 B.C. Mesopotamian tablet • enciphered formula for making pottery glazes • 500-600B.C. Hebrew ATBASH cipher • 486 B.C. Greek skytale • 50-60 B.C. Julius Caesar's simple substitution cipher • Kama Sutra of Vatsyayana • lists secret writing as the 44th, secret talking as the 45th of 64 arts men and women should know. • Ancient China allowed only the upper classes to read/write so they could kept "state" secrets
brief current history • Until modern times, cryptography was used the governments/militaries to kept "state" secrets, battle plans, etc. • The general populations didn't use it or used simple cyphers, such as the "Decoder ring".
General Idea of Cryptography • The original message is know as plaintext • If two people (Bob and Alice) want to talk privately, then they covert the plaintext into a ciphertext message. • ciphertext is gibberish, so that nobody else can read it (say Eve). • Bob and Alice can both transform the ciphertext back to plaintext so they can "talk". • The transformation is an algorithm.
The Key • The key is why cryptography works today • Without a key, everyone would have to have different algorithms in order to send encrypted messages to different people, without everyone who knows the algorithm being about to view it. • Same concept as the key to your front door. • There are not that many lock manufactures.
Crypto Toolbox • Symmetric Algorithms • as so called Private-key Encryption • Message Authentication Codes • One-way Hash Algorithms • Public-key Encryption • Digital Signatures
Symmetric Encryption • Each person in the group share the same key. • They use the key to encrypt and decrypt the message. • If you need to cut some out of the group (say Eve), the key is changed. All new messages can't be read by Eve, but she can still read all the old ones. • The algorithm is more than likely known by everyone. • The Data Encryption Standard (DES) has been a standard since 1977
Symmetric Encryption SAME KEY USED FOR BOTH ENRCYPTION AND DECRYPTION SENDER AND RECIPIENT MUST BOTH KNOW THE KEY THIS IS A WEAKNESS SOURCE: STEIN, WEB SECURITY
Common Symmetric Algorithms • DES • triple-DES • RC4 • RC5 • IDEA • Blowfish • AES
Data Encryption Standard (DES) • Symmetric, key-based encryption-decryption standard. • Block cipher: operates on 64-bit blocks • Uses 56-bit key • 16 “rounds” -- key for each round is a 48-bit function of the original 56-bit key. Each key bit participates in an average of 14 rounds • Completely symmetric. Same algorithm decrypts. • Fast implementation in hardware: 1 gigabit/second
Data Encryption Standard (DES) INPUT PERMUTATION 64 BITS OF MESSAGE LEFT HALF OF BLOCK (32 BITS) SUBKEYS: EACH IS A 48-BIT FUNCTION OF A 56-BIT KEY IS EXCLUSIVE-OR f IS A COMPLICATED FUNCTION INVOLVING VARIOUS PERMUTATIONS OUTPUT: 64 BITS OF ENCRYPTED TEXT INVERSE OF INPUT PERMUTATION SOURCE: SCHNEIER, APPLIED CRYPTOGRAPHY
The problem: keys • The key security becomes the new problem. • The data is "protected", but… • How does one distribute keys securely • The keys must stored, used, and destroyed securely. • Worse, is if you are using pairwise keys • 10 users, need 45 keys, 100 users, need 4,950 keys
Attacking Symmetric Algorithms • Known-plaintext attack • analyst has copy of the plaintext and ciphertext • Now they can recover the key and use it on other documents • MS Word docs all start with the same hundreds of bytes, so you recover the keys from that section and then read the rest of the document. • Remember most algorithms are known. • Even if they start out secret they are normally reverse engineered at some point. • 1883 Auguste Kerchkhoffs, "There is no secrecy in the algorithm, it's all the key".
Recognizing PlainText • How do you know when it is plaintext? • Normally it looks like plaintext, ie it's readable message, or data file for an application. • Otherwise, it looks like gibberish or unreadable by the applications.
Unicity distance • measures the amount of ciphertext required such there is only one reasonable plaintext. • the number depends on both the characteristics of the plaintext and key length. • If we encrypt a single ASCII letter. • There are 26 possible plaintexts out of 256 possible decryptions. Any random key to decrypt it has 26/256 chance of producing a valid plaintext. • But looking it you won't know if it is the right plaintext or not. • e-mail message encrypted, eventually a plaintext emerges that look correct, because we know there will be words, phrases, sentences and grammar. Odds are very small it not the correct plaintext.
Unicity distance (2) • For English, the unicity distance is K/6.8 characters • Where K is the key length • 6.8 is a measure of the natural redundancy of English • for DES-encrypted ASCII the unicity distance is 8.2 bytes, for 128-bit ciphers it about 19 bytes. • For an English message longer than 19 bytes, a decryptions that looks like english is mostly the correct plaintext. • we'll get back to key length later on.
Message Authentication Codes • don't protect privacy, instead ensure authentication and integrity. • use a shared secret key, like symmetric encryption. • When Alice wants to send a message to bob, she computes the MAC of the message (using the key) and appends to the message, since every message has unique MAC for each key • Bob then computes its MAC again (same key) and compares it to the MAC in the message. • If they match, it's from Alice and the original message.
Message Authentication Codes (2) • While Eve can read the message, she can't change it, nor can she fake an e-mail from Alice to Bob. • Assuming she doesn't have key. • Commonly used by banks, IP traffic. • Can be used in Databases, to ensure the data is correct as well.
One-Way hash functions • Like digital fingerprints or digital signature. • small pieces of data and can identify larger digital objects • Called one-way, because you can't reproduce the object from the hash. • Common ones: SHA-1, SHS, RIPEMD-160, MD4, MD5 • Common computer use: • Downloading ISO images of linux distro's • Get the ISO image (normally about 650MBs), • get the md5sum from the distro's website (32 characters). • run md5sum on the ISO to produce the md5sum • If they match, it's correct. If not, delete it and download again.
Public-key Encryption • The problem with MAC and symmetric encryption is the shared key. • Public-key encryption or asymmetric encryption fixes this. • There is no shared secret key. • 1976 is publicly explained by Diffie and Hellman • British intelligence figured it years before • Ellis, Cocks, and Williamson
Basic idea • Based on a mathematical function that is easy to compute in one direction, but hard to computer in the other • Example: • Given 2 numbers, it easy to multiply them together • Given a single product, it difficult to find the correct two factors.
Public-key Encryption (2) • Instead of a single key, there are two keys • a public key and private key • public key is the encryption key, private is the decryption key • 1 key can't be used the compute the other key. • So now Bob can publish his public key and Alice can send him a message. • Or anyone else who can find his public key
Public-Key (Asymmetric) Encryption 3. SITE USES ITS PRIVATE KEY FOR DECRYPTION 2. SENDERS USE SITE’S PUBLIC KEY FOR ENCRYPTION 4. ONLY WEBSITE CAN DECRYPT THE CIPHERTEXT. NO ONE ELSE KNOWS HOW 1. USERS WANT TO SEND PLAINTEXT TO RECIPIENT WEBSITE SOURCE: STEIN, WEB SECURITY
Public-Key Encryption • Alice wants to send Bob a secure message M. • Alice uses Bob’s public key to encrypt M. • Bob uses his private key to decrypt M. • Bob is the ONLY ONE who can do this,so M is secure. BOB’SPUBLIC KEY BOB’SPRIVATE KEY BOB DECRYPTS WITH HIS PRIVATE KEY ALICE ENCRYPTS WITH BOB’S PUBLIC KEY ALICE’SCLEARTEXT ALICE’SCODEDTEXT ALICE’SCODEDTEXT ALICE’SCLEARTEXT TRANSM ISSION
Alice and Bob. • Alice, Bob, and Eve have a long and sordid tale in this field. • If you are interested: • http://en.wikipedia.org/wiki/Alice_and_Bob • http://downlode.org/Etext/alicebob.html • http://xkcd.com/177/
Common use • The method described is not actually how it is done. • Instead they use a hybrid method • uses a symmetric algorithm to encrypt the message with a random key (session key). She then encrypts the session key with Bob's public key and sends both to Bob. • Bob decrypts the session key and then uses that key to decrypt the message. • It's faster!
Problems • Anyone could have sent it the message. • Bob's key is public after all • Was it really Alice? • How does Alice find Bob's key? • His current key • And is it really Bob's key? • Could be an impostor, say Eve. • We'll get back to this later one
Digital Signatures • Like MAC, but using public keys. • We reverse the use of the keys. • The private key is used to encrypt the message and the public decrypts the message • Now we know it can only be from that person. • This has some problems. • Anyone can read it.
Digital Signatures • Alice wants to send Bob a message M so that Bob is sure Alice is the sender. • Alice uses her own private key to encrypt M. • Bob uses Alice’s public key to decrypt M. • Alice is the ONLY ONE who could have sent it. ALICE’S PRIVATE KEY ALICE’S PUBLIC KEY BOB DECRYPTS WITH ALICE’S PUBLIC KEY ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE’SCLEARTEXT ALICE’SCODEDTEXT ALICE’SCODEDTEXT ALICE’SCLEARTEXT TRANSM ISSION
Digital Signatures (2) • So instead, a message key is used • A message key is the hash of the message. • The hash is encrypted with the private key • The cyphertext has is appended to the end of the message. Like MAC. • Again faster and simpler . • Also you don't have to decrypt the message to read it, just to make sure the message is authentic.
BOB’S PUBLIC ALICE’S PRIVATE ALICE ENCRYPTS WITH HER PRIVATE KEY ALICE ENCRYPTS WITH BOB’S PUBLIC KEY ALICE’S PUBLIC BOB’S PRIVATE ALICE’SCODED ANDSIGNED TEXT ALICE’SCODED ANDSIGNED TEXT T R A N S M I BOB DECRYPTS WITH ALICE’S PUBLIC KEY BOB DECRYPTS WITH HIS PRIVATE KEY T ALICE’SCLEAR TEXT (DECRYPTED AND AUTHENTICATED) ALICE’SCODEDTEXT (AUTHENTICATED) ALICE’SCLEARTEXT ALICE’SCODEDTEXT Secure Authenticated Messages 4 KEYS NEEDED: • Alice must send Bob a secret & authenticated message M so Bob is sure it was sent by Alice. Use both encryption and signature.
Why any of these algorithms can fail • Random numbers • Key Length
Random Numbers • The generation of random numbers is too important to be left to chance. • Robert R. Coveyou • Anyone who considers arithmetic methods of producing random digits is, of course, in a state of sin. • John Von Neumann • In other words, getting random numbers from a deterministic computer is impossible!
Random Numbers (2) • Instead we get numbers that are hopefully unpredictable and irreproducible. • Otherwise, the encryption is pointless. • Methods used to create "random numbers" • noisy diodes in hardware, Geiger counters, radio-noise receivers, air turbulences in disk drives, "random" arrival time of successive network packets, and time. • One system on the internet used a digital camera directed at a set of lava lamps. • random movements of the mouse, typing, even gargle into a microphone
Random Numbers (3) • Whatever it is, it needs to be "unpredictable" otherwise, it is repeatable. • Random number generators use these inputs directly or as seeds for mathematical random number generators. • Other places in COSC, the seed value is as way to get the same set of random number for test sets.
Key Length • Big… BIG debates over key length and what that means! • First the actual key length • for a brute-force attack, if a key is n bits long then there are 2n possible keys. 40-bit key, there are about a trillion possible keys • So on average the computer needs to try about half of the trillion keys. (less than 18 minutes on average)
Brute-forcing keys • in 98 a machine called DES Deep Crack tried 90 billion keys per second • average 4.5 days for a 56-bit DES key • All brute force scale linearly; twice the number of computer can try twice the keys, etc… • but add 1 bit, takes twice as long, 2-bits, 4-times as long, 10-bits is about thousand times. • Triple-DES has 112-bit (2112 could take a million years), over a thousand times longer for 128-bit key • But experts are recommending 1,024-bit keys or longer • Why?????? And does it actually work?
Key length and entropy • Entropy in cryptography is a measure of uncertainly. • The more uncertain something is the more entropy, which is a good thing for cryptography • Example: • A random person from the general public is either male or female, 1 bit of uncertainly. • IE, I have a max of 2 guesses. But on average how many guesses will I make? • The same question for this class? Still a max of two guesses, but the answer is much more certain, so what is entropy for this course?
Key length and entropy • The same is true for key lengths. • just because it is 128-bits doesn't mean there is 128 bits of entropy • IE I don't have two try 2128 keys, probably far fewer. • Key length assumes all possible keys are likely. • Will a random number generator produce all possible keys or are certain groups of keys more likely?
Key length, entropy, and pass-phrases • Many keys are generated from passwords or pass-phrases. • 10-character ASCII passwords might require 80-bits to represent, but have fare less then 80 bits of entropy. • High-order ASCII bits won't appear and passwords are normally close to real words, instead of random character strings • Some entropy estimates are 4-bits of entropy per character for a password
Key length, entropy, and pass-phrases (2) • 8-character passwords are about the same as a 32-bit key. • If you want to 128-bit key, you are going to need a 98-character English pass-phrase. • This causes much of cryptography for fall apart. • Think about using an Windows password for 128-bit encryption scheme. • Even PGP fails on face if you choose short or bad pass-phrases. • This is also what causes may cryptography algorithms to be abandoned, to easy to brute force the keys.
Examples • Netscape 1.1 SSL failed because the while the algorithm used 128-bit keys, the random number generator only had 20-bit entropy • IE it was broken in the same time as 20-bit key • European GSM Cell phones used A5/1 algorithm with a 64-bit key. • A flaw in the algorithm allowed the key to be broken in the time it takes to brute-force a 30-bit key.
References • Computer Security, Dieter Gollmann, Wiley, 2003 • Secrets & lies Digital Security in a Networked World, Bruce Schneier, Wiley, 2004 • Practical Cryptography, Ferguson & Schneier, Wiley, 2003
Next time • Putting these "primitives" together to form protocols for applications.
Q A &