1 / 38

Cryptography A Brief History

Cryptography A Brief History. Prasenjeet Dutta Program Manager Cybernet Software Systems Inc. pd@cybernetsoft.com. In Today’s Session. Part I The Ciphers Part II The Politics Part III Security and Privacy Part IV Questions. Basic Definitions.

talmai
Download Presentation

Cryptography A Brief History

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CryptographyA Brief History Prasenjeet Dutta Program Manager Cybernet Software Systems Inc. pd@cybernetsoft.com

  2. In Today’s Session Part I The Ciphers Part II The Politics Part III Security and Privacy Part IV Questions

  3. Basic Definitions • Cryptography: The Science of creating coded messages • Cryptanalysis: The Art of breaking coded messages • Cleartext: the original message • Ciphertext: the encoded message • Key: Input to the cryptographic algorithm • Passphrase: User input from which the key is usually derived

  4. Part IThe Ciphers ◄ contents

  5. Early History: Caesar Cipher • Classically attributed to Julius Caesar • Simple “Shift By Three to the Right” Rule • “ATTACK” would become “DWWDFN” • Easily Breakable if you knew the Rule • Today, easily breakable otherwise as well • Demo

  6. Transposition Ciphers • Message Written in a Rectangular Block • Letters transposed in Pre-arranged order ATTACK CORSICA AT DAWN becomes A T T A C AKID TCCA TOAW ARAN CSTX K C O R S I C A A T D A W N X • Demo

  7. Vigenère Cipher • Attributed to French mathematician Blaise de Vigenère, 1585 • Generalization of the Caesar Cipher • Bidirectional n-Shift cipher • Considered secure until 1863 • The Kasiski/Kerchoff method of Frequency Analysis and the “Index of Coincidence” • Demo

  8. One Time Pad (“Vernam Ciphers”) • Special Case of the Vigenère Cipher • Plaintext length == Key length • Key is assumed to be random • Proven to be mathematically secure against all attacks • Randomness not easy to generate • Non-randomness of key makes algorithm breakable • Has been used for ultra-sensitive telephonic hotlines

  9. WWII: The Enigma • Mechanical Device: Gears/Plugs • Essentially a complex polyalphabetic cipher • Key Transport major issue • GCHQ cracked it • Turning point in the war • Demo

  10. A Taxonomy of Ciphers • Substitution Ciphers: The Ciphertext is formed by mathematically transforming the Plaintext • Most commonly Used • Transposition Ciphers: The Ciphertext is formed by re-arranging the Plaintext • Considered Primitive • Concealment Ciphers: The Plaintext is “hidden” away from ordinary view

  11. Substitution Ciphers • Monoalphabetic: only one sort of substitution is used, e.g. Caesar • Polyalphabetic: more than one substitution, e.g. Vigenère, Enigma • Block Cipher: Operates on discrete blocks of plaintext, outputs discrete blocks of ciphertext, e.g. DES, Blowfish, Rijndael • Ideal for offline encryption of large blocks of data at a time

  12. Substitution Ciphers, contd. • Stream Cipher: generates a keystream and combines with plaintext to form ciphertext, e.g. RSA’s RC4 • Suitable for online encryption of smaller chunks of data, e.g. Encrypting Voice Comms • Approximates a One Time Pad when used this way • Much faster than block ciphers for online work • Block ciphers can also emulate stream ciphers, though slowly

  13. Symmetric Ciphers • Used for most heavy-duty encryption today • DES, Blowfish, Twofish, Rijndael… • One Common Key for Encryption and Decryption • Decryption is the mathematical inverse of encryption, i.e.: • F(plaintext, key) = ciphertext • F(ciphertext, key) = plaintext

  14. The Key Distribution Problem • Throughout history, ciphers were symmetric • Symmetric Ciphers share encryption and decryption keys • Key Dist presents practical problems • Prone to Man-in-the-middle attacks • This situation lasted until 1976

  15. Enter Public Key Cryptography • Known to British and American Intelligence since the 1960s as “non-secret encryption” • Non-classified invention would take 15 more years • Practical only with large scale computer resources • Concept and Key-Exchange technique proposed by Diffie/Hellman, 1976 • No Cryptosystem implementation

  16. R, S and A • First Practical of a Diffie/Hellman Cryptosystem • Rivest, Shamir, Adelman 1978 • System allowed Encryption/Decryption, Key Exchange and Message Signing • Other PK algorithms today: • Diffie/Hellman, ElGamal, DSA • Even today, RSA probably most versatile

  17. The RSA Algorithm • Choose two primes p and q. • Compute n = pq and s = (p-1)(q-1). • Choose e such that e is relatively prime to s and e < s. Find d such that de = 1 mod s and d < s. • The private key KR = {d, n}. • The public key KU = {e, n}. • Encryption is: C = me (mod n). • Decryption is: M = Cd (mod n).

  18. RSA for Encryption • Let p=7 and q=17. • Thus n = pq = 119. • Thus s = (p-1)(q-1) = 96. • We choose e = 5. • We determine ‘d’ to be 77, since 77x5 = 385 = 4x96 + 1, that is, de=1 mod s and d < s Encryption (for a plaintext M = 19). (19^5) % 119 = 66 Decryption (for a ciphertext M = 19). (66^77) % 119 = 19

  19. RSA For Signing • Using the same parameters as before, we will encrypt our plaintext (19) using our private key. This is equivalent to “signing” Signing (for a plaintext M = 19) (19^77) % 119 = 66. • The corresponding decryption using our public key is called “verification.” Decryption (for a signed text S = 66) (66^5) % 119 = 19.

  20. PK vs. Symmetric Ciphers • Symmetric Algorithms not obsolete • PK Ciphers far too slow • PK ciphers better suited to transporting symmetrical keys or message digests than general purpose encryption. • PK Ciphers require very large keys to attain decent security • a 128 bit RSA key is very weak compared to a 128 bit Blowfish key. • PK Algorithms tend to be simple mathematically, depending on the NP-hardness of their algorithms for security • Symmetric algorithms tend to be convoluted because of multiple steps, many of them non-linear.

  21. Hashes and Steganography • Hashes Verify Message Integrity • Creates a fixed size output from variable-length input using a one-way series of transforms • MD5 and SHA-1 are the most used algorithms • Steganography attempts to hide “real” messages within a larger, “innocent” message • Often used to disguise the fact that any message is being transmitted at all • Demo

  22. Part IIThe Politics ◄ contents

  23. The Politics of Crypto • Cryptography doesn’t occur in a vacuum • Crypto exists because bad guys exist • Crypto products are munitions according to the US BXA • Illegal Export is a federal felony • After 9/11, can be a terrorist-abetment offence • If you work on crypto, know your laws!

  24. Indian Law • Import not restricted • License may be required • The IT Act 1999 requires mandatory key surrender if required for national security

  25. US Cryptographic Law • US prohibits export of certain “grades” of cryptographic products • Though they are very easily downloadable over the Net • Most cryptographic functions in US software used to be crippled badly before export • MSIE 4, 5 with “56 bit” security • Lotus Notes with “64-24 bit” security • Today, general export (except to the Terrorist “T-7” nations) is permitted

  26. US Laws, contd. • Allowed (2002 Rules): • Nearly all Symmetric Algorithms • Lengths above 64 bits require mandatory notification • PK Ciphers up to 512 bits • Elliptic Curve Ciphers up to 112 bits • Why is US Law so Important? • Largest exporter of Software • Most European Countries have a problem with this • Germany currently funding GPG

  27. Part IIISecurity and Privacy ◄ contents

  28. The Crypto Wars • Daniel Bernstein waged a legal battle to declare the US Crypto Export Regulations illegal • Philip Zimmerman wrote PGP to take crypto to the masses • The hope was that good, ubiquitous crypto would make computing secure for everyone • Eventually, the Crypto Regulations crumbled • Is secure computing there yet?

  29. The Bigger Picture • Cryptography is one step towards achieving a secure system, or our privacy • By itself, it guarantees nothing • Security is a Process • No silver bullets • Not even cryptography • All crypto is breakable, given enough time and computer resources

  30. The Black Hats Strike Back • BonziBuddy, Kazaa and Nimda • Threats for a new generation • Crypto too hard to use for common users • Despite S/MIME, secure email has not taken off • Palladium (MS) and TCPA (Intel) now aim to take crypto into hardware • But not all the security infrastructure in the world will help protect non-security-minded users

  31. Pretty Bad Privacy • “In God we trust. All others we monitor.” • Tongue-in-cheek NSA motto • 28 dishes • 100k simultaneous calls • 2 million messages/hr • 17.5 billion messages/yr • And that’s just one station: Menwith Hill, UK • Plus satellite interceptors, undersea taps, etc

  32. And it gets worse • With strong crypto proliferating, NSA stated policy is to now go “beyond crypto” • Keystroke Logging to capture keystrokes • Van Eck Phreaking to read characters from Electromagnetic Radiation from monitors • Spy Satellites can now spot 10cm2 objects from orbit • Mandated ISP taps (Carnivore) • Social Engineering • 9/11 has added urgency • Intelligence agencies must combine/pool databases • The goal is “Total Information Awareness”

  33. That Said… • …crypto is not totally useless • Good crypto is good enough to stop industrial espionage, network snoopers and casual crackers/script kiddies • Crypto-enabled protocols are much more secure than vanilla FTP, Telnet or HTTP

  34. Improving Computer Security • Become Security Aware • Security is a Process • No Magic Bullets • Windows, Linux, Trusted Solaris: all need work • Encrypt Network Traffic: SSH, HTTPS, SFTP • Use IPSec and DNSSec if you can • Avoid Single Points of Failure • Audit !

  35. Thanks for Listening! Questions? ◄ contents

  36. Further Exploration • Light Reading • The Code Book, Simon Singh • Introduction • Cryptography and Network Security, William Stallings • Graduate Level • Handbook of Applied Cryptography • http://www.cacr.math.uwaterloo.ca/hac/

  37. On the Internet • sci.crypt FAQ • http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html • Crypto Link Farm • http://www.cs.auckland.ac.nz/~pgut001/links.html • Crypto-Gram • http://www.counterpane.com/crypto-gram.html

  38. The End

More Related