380 likes | 548 Views
Cryptography A Brief History. Prasenjeet Dutta Program Manager Cybernet Software Systems Inc. pd@cybernetsoft.com. In Today’s Session. Part I The Ciphers Part II The Politics Part III Security and Privacy Part IV Questions. Basic Definitions.
E N D
CryptographyA Brief History Prasenjeet Dutta Program Manager Cybernet Software Systems Inc. pd@cybernetsoft.com
In Today’s Session Part I The Ciphers Part II The Politics Part III Security and Privacy Part IV Questions
Basic Definitions • Cryptography: The Science of creating coded messages • Cryptanalysis: The Art of breaking coded messages • Cleartext: the original message • Ciphertext: the encoded message • Key: Input to the cryptographic algorithm • Passphrase: User input from which the key is usually derived
Part IThe Ciphers ◄ contents
Early History: Caesar Cipher • Classically attributed to Julius Caesar • Simple “Shift By Three to the Right” Rule • “ATTACK” would become “DWWDFN” • Easily Breakable if you knew the Rule • Today, easily breakable otherwise as well • Demo
Transposition Ciphers • Message Written in a Rectangular Block • Letters transposed in Pre-arranged order ATTACK CORSICA AT DAWN becomes A T T A C AKID TCCA TOAW ARAN CSTX K C O R S I C A A T D A W N X • Demo
Vigenère Cipher • Attributed to French mathematician Blaise de Vigenère, 1585 • Generalization of the Caesar Cipher • Bidirectional n-Shift cipher • Considered secure until 1863 • The Kasiski/Kerchoff method of Frequency Analysis and the “Index of Coincidence” • Demo
One Time Pad (“Vernam Ciphers”) • Special Case of the Vigenère Cipher • Plaintext length == Key length • Key is assumed to be random • Proven to be mathematically secure against all attacks • Randomness not easy to generate • Non-randomness of key makes algorithm breakable • Has been used for ultra-sensitive telephonic hotlines
WWII: The Enigma • Mechanical Device: Gears/Plugs • Essentially a complex polyalphabetic cipher • Key Transport major issue • GCHQ cracked it • Turning point in the war • Demo
A Taxonomy of Ciphers • Substitution Ciphers: The Ciphertext is formed by mathematically transforming the Plaintext • Most commonly Used • Transposition Ciphers: The Ciphertext is formed by re-arranging the Plaintext • Considered Primitive • Concealment Ciphers: The Plaintext is “hidden” away from ordinary view
Substitution Ciphers • Monoalphabetic: only one sort of substitution is used, e.g. Caesar • Polyalphabetic: more than one substitution, e.g. Vigenère, Enigma • Block Cipher: Operates on discrete blocks of plaintext, outputs discrete blocks of ciphertext, e.g. DES, Blowfish, Rijndael • Ideal for offline encryption of large blocks of data at a time
Substitution Ciphers, contd. • Stream Cipher: generates a keystream and combines with plaintext to form ciphertext, e.g. RSA’s RC4 • Suitable for online encryption of smaller chunks of data, e.g. Encrypting Voice Comms • Approximates a One Time Pad when used this way • Much faster than block ciphers for online work • Block ciphers can also emulate stream ciphers, though slowly
Symmetric Ciphers • Used for most heavy-duty encryption today • DES, Blowfish, Twofish, Rijndael… • One Common Key for Encryption and Decryption • Decryption is the mathematical inverse of encryption, i.e.: • F(plaintext, key) = ciphertext • F(ciphertext, key) = plaintext
The Key Distribution Problem • Throughout history, ciphers were symmetric • Symmetric Ciphers share encryption and decryption keys • Key Dist presents practical problems • Prone to Man-in-the-middle attacks • This situation lasted until 1976
Enter Public Key Cryptography • Known to British and American Intelligence since the 1960s as “non-secret encryption” • Non-classified invention would take 15 more years • Practical only with large scale computer resources • Concept and Key-Exchange technique proposed by Diffie/Hellman, 1976 • No Cryptosystem implementation
R, S and A • First Practical of a Diffie/Hellman Cryptosystem • Rivest, Shamir, Adelman 1978 • System allowed Encryption/Decryption, Key Exchange and Message Signing • Other PK algorithms today: • Diffie/Hellman, ElGamal, DSA • Even today, RSA probably most versatile
The RSA Algorithm • Choose two primes p and q. • Compute n = pq and s = (p-1)(q-1). • Choose e such that e is relatively prime to s and e < s. Find d such that de = 1 mod s and d < s. • The private key KR = {d, n}. • The public key KU = {e, n}. • Encryption is: C = me (mod n). • Decryption is: M = Cd (mod n).
RSA for Encryption • Let p=7 and q=17. • Thus n = pq = 119. • Thus s = (p-1)(q-1) = 96. • We choose e = 5. • We determine ‘d’ to be 77, since 77x5 = 385 = 4x96 + 1, that is, de=1 mod s and d < s Encryption (for a plaintext M = 19). (19^5) % 119 = 66 Decryption (for a ciphertext M = 19). (66^77) % 119 = 19
RSA For Signing • Using the same parameters as before, we will encrypt our plaintext (19) using our private key. This is equivalent to “signing” Signing (for a plaintext M = 19) (19^77) % 119 = 66. • The corresponding decryption using our public key is called “verification.” Decryption (for a signed text S = 66) (66^5) % 119 = 19.
PK vs. Symmetric Ciphers • Symmetric Algorithms not obsolete • PK Ciphers far too slow • PK ciphers better suited to transporting symmetrical keys or message digests than general purpose encryption. • PK Ciphers require very large keys to attain decent security • a 128 bit RSA key is very weak compared to a 128 bit Blowfish key. • PK Algorithms tend to be simple mathematically, depending on the NP-hardness of their algorithms for security • Symmetric algorithms tend to be convoluted because of multiple steps, many of them non-linear.
Hashes and Steganography • Hashes Verify Message Integrity • Creates a fixed size output from variable-length input using a one-way series of transforms • MD5 and SHA-1 are the most used algorithms • Steganography attempts to hide “real” messages within a larger, “innocent” message • Often used to disguise the fact that any message is being transmitted at all • Demo
Part IIThe Politics ◄ contents
The Politics of Crypto • Cryptography doesn’t occur in a vacuum • Crypto exists because bad guys exist • Crypto products are munitions according to the US BXA • Illegal Export is a federal felony • After 9/11, can be a terrorist-abetment offence • If you work on crypto, know your laws!
Indian Law • Import not restricted • License may be required • The IT Act 1999 requires mandatory key surrender if required for national security
US Cryptographic Law • US prohibits export of certain “grades” of cryptographic products • Though they are very easily downloadable over the Net • Most cryptographic functions in US software used to be crippled badly before export • MSIE 4, 5 with “56 bit” security • Lotus Notes with “64-24 bit” security • Today, general export (except to the Terrorist “T-7” nations) is permitted
US Laws, contd. • Allowed (2002 Rules): • Nearly all Symmetric Algorithms • Lengths above 64 bits require mandatory notification • PK Ciphers up to 512 bits • Elliptic Curve Ciphers up to 112 bits • Why is US Law so Important? • Largest exporter of Software • Most European Countries have a problem with this • Germany currently funding GPG
Part IIISecurity and Privacy ◄ contents
The Crypto Wars • Daniel Bernstein waged a legal battle to declare the US Crypto Export Regulations illegal • Philip Zimmerman wrote PGP to take crypto to the masses • The hope was that good, ubiquitous crypto would make computing secure for everyone • Eventually, the Crypto Regulations crumbled • Is secure computing there yet?
The Bigger Picture • Cryptography is one step towards achieving a secure system, or our privacy • By itself, it guarantees nothing • Security is a Process • No silver bullets • Not even cryptography • All crypto is breakable, given enough time and computer resources
The Black Hats Strike Back • BonziBuddy, Kazaa and Nimda • Threats for a new generation • Crypto too hard to use for common users • Despite S/MIME, secure email has not taken off • Palladium (MS) and TCPA (Intel) now aim to take crypto into hardware • But not all the security infrastructure in the world will help protect non-security-minded users
Pretty Bad Privacy • “In God we trust. All others we monitor.” • Tongue-in-cheek NSA motto • 28 dishes • 100k simultaneous calls • 2 million messages/hr • 17.5 billion messages/yr • And that’s just one station: Menwith Hill, UK • Plus satellite interceptors, undersea taps, etc
And it gets worse • With strong crypto proliferating, NSA stated policy is to now go “beyond crypto” • Keystroke Logging to capture keystrokes • Van Eck Phreaking to read characters from Electromagnetic Radiation from monitors • Spy Satellites can now spot 10cm2 objects from orbit • Mandated ISP taps (Carnivore) • Social Engineering • 9/11 has added urgency • Intelligence agencies must combine/pool databases • The goal is “Total Information Awareness”
That Said… • …crypto is not totally useless • Good crypto is good enough to stop industrial espionage, network snoopers and casual crackers/script kiddies • Crypto-enabled protocols are much more secure than vanilla FTP, Telnet or HTTP
Improving Computer Security • Become Security Aware • Security is a Process • No Magic Bullets • Windows, Linux, Trusted Solaris: all need work • Encrypt Network Traffic: SSH, HTTPS, SFTP • Use IPSec and DNSSec if you can • Avoid Single Points of Failure • Audit !
Thanks for Listening! Questions? ◄ contents
Further Exploration • Light Reading • The Code Book, Simon Singh • Introduction • Cryptography and Network Security, William Stallings • Graduate Level • Handbook of Applied Cryptography • http://www.cacr.math.uwaterloo.ca/hac/
On the Internet • sci.crypt FAQ • http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html • Crypto Link Farm • http://www.cs.auckland.ac.nz/~pgut001/links.html • Crypto-Gram • http://www.counterpane.com/crypto-gram.html