Download - Class 17
Cryptography, Codes and Cipher, Data Encryption
standard
Cryptography• Cryptography is a method of storing and
transmitting data in a particular form so that only those for whom it is intended can read and process it.
Some Basic Terminology• plaintext - original message • ciphertext - coded message • cipher - algorithm for transforming plaintext to
ciphertext • key - info used in cipher known only to
sender/receiver • encipher (encrypt) - converting plaintext to
ciphertext • decipher (decrypt) - recovering ciphertext from
plaintext• cryptography - study of encryption
principles/methods• cryptanalysis (codebreaking) - study of
principles/ methods of deciphering ciphertext without knowing key
• cryptology - field of both cryptography and cryptanalysis
History – The Manual Era• Dates back to at least 2000 B.C.• Pen and Paper Cryptography
– Scytale – Spartan method involved wrapping a belt around a rod of a given diameter and length
– Atbash – Hewbrew cipher which mirrored the normal alphabet (shown in The DaVinci Code)
– Caesar – Shift all letters by a given number of letters in the alphabet
– Vignère – Use of a key and multiple alphabets to hide repeated characters in an encrypted message
History – The Mechanical Era• Invention of cipher machines• Examples
– Confederate Army’s Cipher Disk– Japanese Red and Purple Machines– German Enigma
History – The Modern Era• Computers!• Examples
– Lucifer– Rijndael– RSA– ElGamal
Cryptosystem Services• Confidentiality – Only authorized entities are
allowed to view• Integrity – Ensures the message was not altered
by unauthorized individuals• Authenticity – Validates the source of a message,
to ensure the sender is properly identified• Nonrepudiation – Establishes sender identity so
that the entity cannot deny having sent the message
• Access Control – Access to an object requires access to the associated crypto keys in many systems (e.g. login)
Cryptographic Methods• Symmetric
– Same key for encryption and decryption– Key distribution problem
• Asymmetric– Mathematically related key pairs for
encryption and decryption– Public and private keys
Symmetric• Fast• Only provide confidentiality• Need secure channel for key distribution• Key management headaches from large
number of key pairs to maintain
Symmetric or Private Key
Asymmetric• Large mathematical operations make it slower
than symmetric algorithms• No need for out of band key distribution (public
keys are public!)• Scales better since only a single key pair
needed per individual• Can provide authentication and nonrepudiation
Asymmetric or Public Key
Hybrid• Combines strengths of both methods• Asymmetric distributes symmetric key
– Also known as a session key
• Symmetric provides bulk encryption• Example:
– SSL negotiates a hybrid method
Key Distribution• Given parties A and B have various key
distribution alternatives:• A can select key and physically deliver to
B• third party can select & deliver key to A &
B• if A & B have communicated previously
can use previous key to encrypt a new key
• if A & B have secure communications with a third party C, C can relay key between A & B
Key Distribution Scenario
Ciphertext• PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO
EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: 'DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?'
Any Guesses???
THE SOLUTIONCode• X Z A V O I D B Y G E R S P C F H J K L M N Q T U
W• A B C D E F G H I J K L M N O P Q R S T U V W X Y
Z
Plaintext• Now during this time Shahrazad had
borne King Shahriyar three sons. On the thousand and first night, when she had ended the tale of Ma'aruf, she rose and kissed the ground before him, saying: 'Great King, for a thousand and one nights I have been recounting to you the fables of past ages and the legends of ancient kings. May I make so bold as to crave a favour of your majesty?’
Data Encryption Standard (DES)• The most widely used private key block
cipher, is the Data Encryption Standard (DES).
• It was adopted in 1977 by the National Bureau of Standards as Federal Information Processing Standard 46 (FIPS PUB 46).
• DES encrypts data in 64-bit blocks using a 56-bit key.
• The DES enjoys widespread use.
DES History• IBM developed Lucifer cipher
– by team led by Feistel in late 60’s– used 64-bit data blocks with 128-bit key
• then redeveloped as a commercial cipher with input from NSA and others
• in 1973 NBS issued request for proposals for a national cipher standard
• IBM submitted their revised Lucifer which was eventually accepted as the DES
Multiple Encryption & DES• clear a replacement for DES was needed
– theoretical attacks that can break it– demonstrated exhaustive key search attacks
• AES is a new cipher alternative– prior to this alternative was to use multiple
encryption with DES implementations– Triple-DES is the chosen form
Double-DES?• could use 2 DES encrypts on each block
– C = EK2(EK1(P))
• issue of reduction to single stage• and have “meet-in-the-middle” attack
– works whenever use a cipher twice– since X = EK1(P) = DK2(C)– attack by encrypting P with all keys and store– then decrypt C with keys and match X value– takes O(256) steps
Triple-DES with Two-Keys• hence must use 3 encryptions
– would seem to need 3 distinct keys
• but can use 2 keys with E-D-E sequence– C = EK1(DK2(EK1(P)))– nb encrypt & decrypt equivalent in security– if K1=K2 then can work with single DES
• standardized in ANSI X9.17 & ISO8732• no current known practical attacks
– several proposed impractical attacks might become basis of future attacks
Triple-DES with Three-Keys• although no practical attacks on two-key
Triple-DES have some concerns– Two-key: key length = 56*2 = 112 bits– Three-key: key length = 56*3 = 168 bits
• can use Triple-DES with Three-Keys to avoid even these– C = EK3(DK2(EK1(P)))
• has been adopted by some Internet applications, eg PGP, S/MIME
Triple DES
Public Key Infrastructure• All components needed to enable secure
communication– Policies and Procedures– Keys and Algorithms– Software and Data Formats
• Assures identity to users• Provides key management features
– Issuance– Revocation – Recovery – Distribution – History
PKI Components• Digital Certificates
– Contains identity and verification info
• Certificate Authorities– Trusted entity that issues certificates
• Registration Authorities– Verifies identity for certificate requests
• Certificate Revocation List (CRL)