lesson 12-encryption

Lesson 12-Encryption

Overview

Understand basic encryption concepts.

Understand private key encryption.

Understand public key encryption.

Understand digital signatures.

Understand key management.

Understand trust in the system.

Understand Basic Encryption Concepts

Encryption is simply the obfuscation of information in such

a way so as to allow authorized individuals to see it, but to

hide it from unauthorized individuals.

Individuals having the appropriate key to decrypt the

information are defined as authorized.


Security Services with encryption:

Confidentiality: Used to hide information from unauthorized

individuals, either in transit or in storage.

Integrity: Used to identify changes to information either in

transit or in storage.

Accountability: Used to authenticate the origin of information

and prevent the origin of information from repudiating the fact

that the information came from that origin.


Encryption terms:

Plaintex

Ciphertex

Algorithm

Key

Encryption


Encryption terms (continued):

Decryption

Cryptography

Cryptographer

Cryptanalysis

Cryptanalyst


Encryption systems can be attacked in three ways:

Through weaknesses in the algorithm.

Through brute force against the key.

Through weaknesses in the surrounding system.

Understand Private Key Encryption

Private key encryption:

Requires all parties who are authorized to read the information

to have the same key.

Reduces the overall problem of protecting the information to

one of protecting the key.

Is the most widely used encryption.

Understand Private Key Encryption

What is private key encryption?

Substitution ciphers.

One-time pads.

Triple DES.

Data encryption standard.

Password encryption.

What is Private Key Encryption?

Private key encryption is also known as symmetric key

encryption because it uses the same key to encrypt

information as is needed to decrypt.

Private key encryption provides for the confidentiality of the

information while it is encrypted.

Only those who know the key can decrypt the message.

What is Private Key Encryption?

Private key algorithm

Substitution Ciphers

Julius Caesar used a substitution cipher called the Caesar

cipher.

This cipher consists of replacing each letter with the letter

three positions later in the alphabet.

Substitution Ciphers

Substitution ciphers suffer from one primary weakness—the

frequency of the letters in the original alphabet does not

change.

Further development of frequency analysis also shows that

certain two- and three-letter combinations show up

frequently.

One Time Pads

The One Time Pads (OTPs) system is the only theoretically

unbreakable encryption system.

An OTP is a list of numbers, in a completely random order.

It is used to encode a message.

As its name implies, the OTP is only used once.

OTPs are used (but only for short messages) in very high-

security environments.

Data Encryption Standard

The algorithm for the Data Encryption Standard (DES) was

developed by IBM in the early 1970s.

DES uses a 56-bit key. The key uses 7 bits of eight 8-bit bytes

(the 8th bit of each byte is used for parity).

DES is a block cipher that operates on one 64-bit block of

plaintext at a time.

There are 16 rounds of encryption in DES, where each round

uses a different subkey.


DES Block Diagram


There are four modes of operation for DES:

Electronic code book.

Cipher block chaining.

Cipher feedback.

Output feedback.

Triple DES

Triple DES functional Diagram

Password Encryption

The standard Unix password encryption scheme is a

variation of DES. The password encryption function is

actually a one-way function.

Each user chooses a password. The algorithm uses the first

eight characters of the password.

Password Encryption

The system then chooses a 12-bit number based on the

system time. This is called the salt.

Most Unix systems now offer the option of using shadow

password files for just this reason.

The Advanced Encryption Standard: Rijndael

At the end of 2000, NIST announced that Joan Daemen and

Vincent Rijmen, cryptographers from Belgium, had won the

competition with their algorithm Rijndael.

Rijndael is a block cipher that uses keys and blocks of 128,

192, or 256 bits. These key lengths make brute-force attacks

computationally infeasible at this time.

The algorithm consists of 10 to 14 rounds, depending on the

size of the plaintext block and the size of the key.

Other Private Key Algorithms

There are several other private key algorithms available in

various security systems. Among them are the following:

The International Data Encryption Algorithm (IDEA) was

developed in Switzerland. IDEA uses a 128-bit key and is also

used in Pretty Good Privacy (PGP).

RC5 was developed by Ron Rivest at MIT. It allows for variable

length keys.

Other Private Key Algorithms

Private key algorithms (continued):

Skipjack was developed by the United States government for

use with the Clipper Chip. It uses an 80-bit key, which may be

marginal in the near future.

Blowfish allows for variable length keys up to 448 bits and was

optimized for execution on 32-bit processors.

Understand Public Key Encryption

Public Key encryption is a more recent invention than

private key encryption.

The primary difference between the two types of encryption

is the number of keys used in the operation.

The private key encryption uses a single key to both,

encrypt and decrypt information.

The public key encryption uses two keys. One key is used to

encrypt information and a different key, to decrypt it.

Understand Public Key Encryption

What is public key encryption?

Diffe-Hellman key exchange.

RSA.

What is Public Key Encryption

The public key is published with information as to who is

the owner.

Another property of public key encryption is that if you

have one of the keys of a pair, you cannot compute the

other key.

If confidentiality is desired, encryption is performed with

the public key.

What is Public Key Encryption

Public key encryption

Diffe-Hellman Key Exchange

The Diffe-Hellman key exchange was developed to solve

the problem of key distribution for private key encryption

systems.

The idea was to allow a secure method of agreeing on a

private key without the expense of sending the key through

another method.


Functioning of Diffe-Hellman algorithm:

Assume we have two people who need to communicate securely

and thus need to agree on an encryption key.

P1 and P2 agree on two large integers a and b such that 1 < a <

b.

P1 then chooses a random number i and computes I = ai mod b.

P1 sends I to P2.


Functioning of Diffe-Hellman algorithm (continued):

P2 then chooses a random number j and computes J = aj

mod b. P2 sends J to P1.

P1 computes k1 = Ji mod b.

P2 computes k2 = Ij mod b.

We have k1 = k2 = aij mod b and thus k1 and k2 are the

secret keys to use for the other transmission.

RSA

In 1978, Ron Rivest, Adi Shamir, and Len Adleman released

the Rivest-Shamir-Adleman (RSA) public key algorithm.

Unlike the Diffe-Hellman algorithm, RSA can be used for

encryption and decryption.

Also unlike Diffe-Hellman, the security of RSA is based on

the difficulty of factoring large numbers.

RSA

The basic algorithm for confidentiality is very simple:

ciphertext = (plaintext)e mod n

plaintext = (ciphertext)d mod n

private key = {d, n}

public key = {e, n}

The difficulty in calculating d given e and n provides the

security.

Generating RSA keys

To generate an RSA key pair, follow these steps:

Choose two prime numbers p and q and keep them secret.

Calculate n = pq.

Calculate φ(n) = (p – 1)(q – 1).

Select e such that e is relatively prime to φ(n).

Determine d such that (d)(e) = 1 mod φ(n) and that d < φ(n).

Understand Digital Signatures

Digital signature is a method of authenticating electronic

information using encryption.

Digital signatures protect information from modification

after it has been received and decrypted.


Digital signatures put information through a hash function

to create a checksum that is encrypted with a private key

and travels with the information.

This checksum can be used to verify that the information

was not modified.


The security and usefulness of a digital signature depend

on the protection of the user’s private key and a secure

hash function.

A hash function is secure if:

the function is one-way, and

it is difficult to construct two pieces of information that provide

the same checksum when run through the function.


Secure hash functions should create a checksum of at least

128 bits.

The two most common hash functions are MD5 and SHA.


Digital Signature operation

Understand Key Management

Key management is one of the most critical aspects of an

encryption system.

It includes creating strong keys, distributing them securely,

certifying them correct, protecting while in use, and revoking

them when they are compromised or expired.

Most encryption systems have a method for users to

generate keys—in many cases, the user chooses a password.


Keys must be transported securely to ensure the integrity

of the keys.

If keys are transmitted, they must be checked on arrival to

ensure they have not been manipulated (usually done

manually or by digital signatures).


Certificate Authorities (CAs) ensure the integrity of the keys

and prevent an attacker from introducing their own keys.

Public keys require integrity protection (provided by

certification), but they do not require confidentiality

protection. However, all copies of the private key of a public

key system must be protected at all times.


Session keys may only exist for a given session and may be

deleted after the session.

Public key pairs are generally certified for one or two years.

If a key is lost or compromised, the owner of the key should

inform users that it is not to be used.

In the case of a public key encryption system, the owner

must post the revocation to all of the potential key servers.

Understand trust in the System

Trust is the underlying concept of all security and

encryption.

There are two primary models that are used for trust:

Hierarchical trust

Web of trust


The Hierarchical Trust model is based on a chain of authority, in

which you trust someone if someone higher up in the chain

certifies it.

The Hierarchical Trust model is complicated to put into practice

because there is no real root-level CA.

Establishing an internal CA and public key infrastructure for a

business is a challenging task that demands a lot of resources.


The Web of Trust model was first used by Pretty Good Privacy

(PGP).

It is based on the concept that each user certifies their own

certificate and passes that certificate off to known associates.

The primary advantage is that there is no large investment in

infrastructure.

The primary disadvantage is a lack of scalability.

Summary

Encryption is simply the obfuscation of information in such a

way so as to allow authorized individuals to see it, but to hide

it from unauthorized individuals.

The Private Key encryption requires all parties authorized to

read the information to have the same key.

The Public Key encryption uses two keys. One key is used to

encrypt information and another key is used to decrypt it.

Summary

A digital signature is a method of authenticating electronic

information using encryption.

Key Management includes creating strong keys, distributing

them securely, certifying that they are correct, protecting

them while they are in use, and revoking them when they are

compromised or expired.

There are two primary models that are used for trust:

Hierarchical Trust and Web of Trust.

lesson 12-encryption

Documents

public key encryption

symmetric key encryption

password encryption

key management

appropriate key

unbreakable encryption

data encryption standard

origin of information