CryptographyA Brief History

Prasenjeet DuttaProgram Manager

Cybernet Software Systems Inc.

pd@cybernetsoft.com

In Today’s Session

Part I The Ciphers

Part II The Politics

Part III Security and Privacy

Part IV Questions

Basic Definitions

Cryptography: The Science of creating coded messages

Cryptanalysis: The Art of breaking coded messages

Cleartext: the original message Ciphertext: the encoded message Key: Input to the cryptographic algorithm Passphrase: User input from which the key

is usually derived

Part IThe Ciphers

◄ contents

Early History: Caesar Cipher

Classically attributed to Julius Caesar Simple “Shift By Three to the Right” Rule

– “ATTACK” would become “DWWDFN”

Easily Breakable if you knew the Rule Today, easily breakable otherwise as well Demo

Transposition Ciphers

Message Written in a Rectangular Block Letters transposed in Pre-arranged order ATTACK CORSICA AT DAWN becomes

A T T A C AKID TCCA TOAW ARAN CSTX

K C O R S

I C A A T

D A W N X

Demo

Vigenère Cipher

Attributed to French mathematician Blaise de Vigenère, 1585

Generalization of the Caesar Cipher Bidirectional n-Shift cipher Considered secure until 1863

– The Kasiski/Kerchoff method of Frequency Analysis and the “Index of Coincidence”

Demo

One Time Pad (“Vernam Ciphers”)

Special Case of the Vigenère Cipher Plaintext length == Key length Key is assumed to be random Proven to be mathematically secure against all

attacks Randomness not easy to generate Non-randomness of key makes algorithm breakable Has been used for ultra-sensitive telephonic hotlines

WWII: The Enigma

Mechanical Device: Gears/Plugs Essentially a complex polyalphabetic cipher Key Transport major issue GCHQ cracked it

– Turning point in the war

Demo

A Taxonomy of Ciphers

Substitution Ciphers: The Ciphertext is formed by mathematically transforming the Plaintext

– Most commonly Used

Transposition Ciphers: The Ciphertext is formed by re-arranging the Plaintext

– Considered Primitive

Concealment Ciphers: The Plaintext is “hidden” away from ordinary view

Substitution Ciphers

Monoalphabetic: only one sort of substitution is used, e.g. Caesar

Polyalphabetic: more than one substitution, e.g. Vigenère, Enigma

Block Cipher: Operates on discrete blocks of plaintext, outputs discrete blocks of ciphertext, e.g. DES, Blowfish, Rijndael– Ideal for offline encryption of large blocks of data

at a time

Substitution Ciphers, contd.

Stream Cipher: generates a keystream and combines with plaintext to form ciphertext, e.g. RSA’s RC4– Suitable for online encryption of smaller chunks of

data, e.g. Encrypting Voice Comms– Approximates a One Time Pad when used this

way– Much faster than block ciphers for online work– Block ciphers can also emulate stream ciphers,

though slowly

Symmetric Ciphers

Used for most heavy-duty encryption today DES, Blowfish, Twofish, Rijndael… One Common Key for Encryption and

Decryption Decryption is the mathematical inverse of

encryption, i.e.:– F(plaintext, key) = ciphertext – F(ciphertext, key) = plaintext

The Key Distribution Problem

Throughout history, ciphers were symmetric Symmetric Ciphers share encryption and

decryption keys Key Dist presents practical problems Prone to Man-in-the-middle attacks This situation lasted until 1976

Enter Public Key Cryptography

Known to British and American Intelligence since the 1960s as “non-secret encryption”

Non-classified invention would take 15 more years

Practical only with large scale computer resources

Concept and Key-Exchange technique proposed by Diffie/Hellman, 1976– No Cryptosystem implementation

R, S and A

First Practical of a Diffie/Hellman Cryptosystem

Rivest, Shamir, Adelman 1978 System allowed Encryption/Decryption, Key

Exchange and Message Signing Other PK algorithms today:

– Diffie/Hellman, ElGamal, DSA

Even today, RSA probably most versatile

The RSA Algorithm

Choose two primes p and q. Compute n = pq and s = (p-1)(q-1). Choose e such that e is relatively prime to s and e <

s. Find d such that de = 1 mod s and d < s. The private key KR = {d, n}. The public key KU = {e, n}. Encryption is: C = me (mod n). Decryption is: M = Cd (mod n).

RSA for Encryption

Let p=7 and q=17. Thus n = pq = 119. Thus s = (p-1)(q-1) = 96. We choose e = 5. We determine ‘d’ to be 77, since 77x5 = 385 = 4x96 + 1, that is,

de=1 mod s and d < s

Encryption (for a plaintext M = 19). (19^5) % 119 = 66

Decryption (for a ciphertext M = 19). (66^77) % 119 = 19

RSA For Signing

Using the same parameters as before, we will encrypt our plaintext (19) using our private key. This is equivalent to “signing”

Signing (for a plaintext M = 19) (19^77) % 119 = 66.

The corresponding decryption using our public key is called “verification.”

Decryption (for a signed text S = 66) (66^5) % 119 = 19.

PK vs. Symmetric Ciphers

Symmetric Algorithms not obsolete PK Ciphers far too slow PK ciphers better suited to transporting symmetrical keys or

message digests than general purpose encryption. PK Ciphers require very large keys to attain decent security

– a 128 bit RSA key is very weak compared to a 128 bit Blowfish key.

PK Algorithms tend to be simple mathematically, depending on the NP-hardness of their algorithms for security

Symmetric algorithms tend to be convoluted because of multiple steps, many of them non-linear.

Hashes and Steganography

Hashes Verify Message Integrity– Creates a fixed size output from variable-length input

using a one-way series of transforms– MD5 and SHA-1 are the most used algorithms

Steganography attempts to hide “real” messages within a larger, “innocent” message– Often used to disguise the fact that any message is

being transmitted at all– Demo

Part IIThe Politics

◄ contents

The Politics of Crypto

Cryptography doesn’t occur in a vacuum Crypto exists because bad guys exist Crypto products are munitions according to

the US BXA– Illegal Export is a federal felony– After 9/11, can be a terrorist-abetment offence

If you work on crypto, know your laws!

Indian Law

Import not restricted– License may be required

The IT Act 1999 requires mandatory key surrender if required for national security

US Cryptographic Law

US prohibits export of certain “grades” of cryptographic products– Though they are very easily downloadable over

the Net Most cryptographic functions in US software

used to be crippled badly before export– MSIE 4, 5 with “56 bit” security– Lotus Notes with “64-24 bit” security

Today, general export (except to the Terrorist “T-7” nations) is permitted

US Laws, contd.

Allowed (2002 Rules):– Nearly all Symmetric Algorithms

Lengths above 64 bits require mandatory notification

– PK Ciphers up to 512 bits– Elliptic Curve Ciphers up to 112 bits

Why is US Law so Important?– Largest exporter of Software– Most European Countries have a problem with

this– Germany currently funding GPG

Part IIISecurity and Privacy

◄ contents

The Crypto Wars

Daniel Bernstein waged a legal battle to declare the US Crypto Export Regulations illegal

Philip Zimmerman wrote PGP to take crypto to the masses

The hope was that good, ubiquitous crypto would make computing secure for everyone

Eventually, the Crypto Regulations crumbled Is secure computing there yet?

The Bigger Picture

Cryptography is one step towards achieving a secure system, or our privacy

By itself, it guarantees nothing Security is a Process

– No silver bullets– Not even cryptography– All crypto is breakable, given enough time and

computer resources

The Black Hats Strike Back

BonziBuddy, Kazaa and Nimda– Threats for a new generation

Crypto too hard to use for common users– Despite S/MIME, secure email has not taken off

Palladium (MS) and TCPA (Intel) now aim to take crypto into hardware– But not all the security infrastructure in the world

will help protect non-security-minded users

Pretty Bad Privacy

“In God we trust. All others we monitor.”– Tongue-in-cheek NSA motto

28 dishes 100k simultaneous calls 2 million messages/hr 17.5 billion messages/yr And that’s just one station: Menwith Hill, UK Plus satellite interceptors, undersea taps, etc

And it gets worse

With strong crypto proliferating, NSA stated policy is to now go “beyond crypto”

– Keystroke Logging to capture keystrokes– Van Eck Phreaking to read characters from Electromagnetic

Radiation from monitors– Spy Satellites can now spot 10cm2 objects from orbit– Mandated ISP taps (Carnivore)– Social Engineering

9/11 has added urgency– Intelligence agencies must combine/pool databases– The goal is “Total Information Awareness”

That Said…

…crypto is not totally useless

Good crypto is good enough to stop industrial espionage, network snoopers and casual crackers/script kiddies

Crypto-enabled protocols are much more secure than vanilla FTP, Telnet or HTTP

Improving Computer Security

Become Security Aware– Security is a Process

No Magic Bullets– Windows, Linux, Trusted Solaris: all need work

Encrypt Network Traffic: SSH, HTTPS, SFTP Use IPSec and DNSSec if you can Avoid Single Points of Failure Audit !

Thanks for Listening!

Questions?

◄ contents

Further Exploration

Light Reading– The Code Book, Simon Singh

Introduction– Cryptography and Network Security, William

Stallings

Graduate Level – Handbook of Applied Cryptography

http://www.cacr.math.uwaterloo.ca/hac/

On the Internet

sci.crypt FAQ– http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html

Crypto Link Farm– http://www.cs.auckland.ac.nz/~pgut001/links.html

Crypto-Gram– http://www.counterpane.com/crypto-gram.html

The End