van ya
TRANSCRIPT
-
8/9/2019 Van Ya
1/15
Abstract
The expansions of the connectivity of computers make ways of protecting data and messages
from tampering important. It is thus up to the user to ensure that communications which are
expected to remain private actually do so. One of the techniques for ensuring privacy of files and
communications is Cryptography. Cryptography is the art of creating and using cryptosystems.
Cryptosystem is the entire process of using cryptography. This includes the actions of encrypting
and decrypting a file or message, or authenticating the sender of an e-mail message.
Encryption is the transformation of data into some unreadable form. Its purpose is to ensure
privacy by keeping the information hidden from anyone for whom it is not intended, even those
who can see the encrypted data. That is encryption is any process to convert plaintext into cipher
text. Decryption is the reverse of encryption; it is the transformation of encrypted data back into
some intelligible form. That is decryption is a process to convert cipher text back into plaintext.
Encryption and decryption requires the use of some secret information, usually referred to as a
key. Depending on the encryption mechanism used, the same key might be used for both
encryption and decryption, while for other mechanisms, the keys used for encryption and
decryption might be different.
Cryptography is about communication in the presence of adversaries. As an example a classic
goal of cryptography is privacy: two parties wish to communicate privately, so that an adversary
knows nothing about what was communicated. A standard cryptographic solution to the privacy
problem is a secret-key cryptosystem, which consists of the following:
1. A message space M: a set of strings (plaintext messages) over some alphabet.
2. A ciphertext space C: a set of strings (cipher-texts) over some alphabet.
3. A key space K: a set of strings (keys) over some alphabet.
4. An encryption algorithm E mapping (K x M) into C.
5. A decryption algorithm D mapping (K x C) into M. The algorithms E and D must have
the property that D(K,E(K,M))=M for all K,M.
Todays cryptography is more than secret writing i.e. more than encryption and decryption.
Authentication is as fundamental a part of our lives as privacy. We use authentication throughout
-
8/9/2019 Van Ya
2/15
our everyday life, for instance when we sign our name to some document we use authentication.
As we move to a world where our decisions and agreements are communicated electronically,
we need to replicate these procedures.
Cryptography provides mechanisms for such procedures. A digital signature binds a document to
the possessor of a particular key, while a digital timestamp binds a document to its creation at a
particular time. But the field of cryptography contains even more when we include some of the
things cryptography enables us to do. With just a few basic tools it is possible to build elaborate
schemes and protocols which allow us to pay using electronic money, to prove we know certain
information without revealing the information itself, and to share a secret quantity in such a way
that no fewer than three from a pool of five people (for instance) can reconstruct the secret.
Introduction
-
8/9/2019 Van Ya
3/15
There are various security requirements for a Cryptographic technique including:
1. Authentication: The process of proving one's identity. (The primary forms of host-to-host
authentication on the Internet today are name-based or address-based, both of which are
notoriously weak.) Privacy/confidentiality: Ensuring that no one can read the message
except the intended receiver.
2. Integrity: Assuring the receiver that the received message has not been altered in any way
from the original.
3. Non-repudiation: A mechanism to prove that the sender really sent this message.
Any new design of Cryptographic technique must accomplish the above requisites.
Cryptography not only protects data from theft or alteration, but can also be used for user
authentication.
Cryptography:
In general, three types of cryptographic schemes are typically used to accomplish these goals:
1. Secret Key Cryptography: Uses a single key for encryption and decryption.
2. Public Key Cryptography: Uses one key for encryption, and another for decryption.
3. Hash Functions: Uses a mathematical transformation to irreversibly encrypt
information.
Secret Key Cryptography:
With secret key cryptography, a single key is used for both encryption and decryption.
The sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to
the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover
the plaintext. Because a single key is used for both functions, secret key cryptography is also
called symmetric encryption.
-
8/9/2019 Van Ya
4/15
-
8/9/2019 Van Ya
5/15
1. Data Encryption Standard (DES): DES is a block-cipher employing a 56-bitkey that
operates on 64-bit blocks. DES has a complex set of rules and transformations that were
designed specifically to yield fast hardware implementations and slow software
implementations.
2. Triple DES (3DES): A variant of DES that employs up to three 56-bit keys and makes
three encryption/decryption passes over the block; 3DES is also described in FIPS 46-
3and is the recommended replacement to DES.
3. DESX: A variant devised by Ron Rivets. By combining 64 additional key bits to the
plain text prior to encryption, effectively increases the key length to 120 bits.
4. Advanced Encryption Standard (AES): This algorithm use a variable block length and
key length; the latest specification allowed any combination of keys lengths of128, 192,
or 256 bits and blocks of length128, 192, or 256 bits. Similarly, there are Several
Algorithms like Blowfish, International Data Encryption Algorithm (IDEA), two fish,
Camellia, Secure and Fast Encryption Routine (SAFER), SEED, Skipjack. These are
algorithms are designed extending the ideas already available.
Public Key Cryptography:
Public-key cryptography has been said to be the most significant new development in securecommunication over a non-secure communications channel without having to share a secret key.
Public Key Cryptography or Asymmetric cryptography provides the same message security
guarantees as symmetric cryptography, but additionally provides the non-repudiation guarantee.
Asymmetric refers to the fact that different keys are used for encryption and decryption.
One key is kept secret (secret key) and the other is made public (public key), and are
both unique. The recipients public key should be used during the encryption process to ensure
message confidentiality as only the recipient has the necessary secret key to decrypt the message.
If, however, the message is encrypted using the senders private key the sender cannot deny
sending the message as his private key is unique and is only known to him.
Typical asymmetric algorithms include RSA, El Gamal and DSA. Asymmetric
cryptography is extremely powerful, but this comes at a cost. Especially for longer messages and
keys, it is much slower than its symmetric cryptography counterparts. This is due in part to the
-
8/9/2019 Van Ya
6/15
fact that, in order to achieve comparable security, asymmetric keys are generally around an order
of magnitude longer than symmetric keys.
PKC depends upon the existence of so-called one-way functions, or mathematical
functions that are easy to computer where as their inverse function are relatively difficult to
compute. Let me give you two simple examples: In public-key cryptosystems, the public key
may be freely distributed, while its paired private key must remain secret. The public key is
typically used for encryption, while the private or secret key is used for decryption. Diffie and
Hellman showed that public-key cryptography was possible by presenting the Diffie-Hellman
key exchange protocol.
In addition to encryption, public-key cryptography can be used to implement digital
signature schemes. A digital signature is reminiscent of an ordinary signature; they both have the
characteristic that they are easy for a user to produce, but difficult for anyone else to forge.
Digital signatures can also be permanently tied to the content of the message being signed; they
cannot then be 'moved' from one document to another, for any attempt will be detectable.
In digital signature schemes, there are two algorithms: one for signing, in which a secret key is
used to process the message (or a hash of the message, or both), and one for verification, in
which the matching public key is used with the message to check the validity of the signature.
RSA and DSA are two of the most popular digital signature schemes. Digital signatures are
central to the operation of public key infrastructures and many network security schemes (e.g.,
SSL/TLS, many VPNs, etc).
Public-key algorithms are most often based on the computational complexity of "hard"
problems, often from number theory. For example, the hardness of RSA is related to the integer
factorization problem. More recently, elliptic curve cryptography has developed in which
security is based on number theoretic problems involving elliptic curves. Because of the
difficulty of the underlying problems, most public-key algorithms involve operations such as
modular multiplication and exponentiation, which are much more computationally expensive
than the techniques used in most block ciphers, especially with typical key sizes. As a result,
public-key cryptosystems are commonly hybrid cryptosystems, in which a fast high-quality
symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric
key is sent with the message, but encrypted using a public-key algorithm. Similarly, hybrid
-
8/9/2019 Van Ya
7/15
signature schemes are often used, in which a cryptographic hash function is computed, and only
the resulting hash is digitally signed.
Hash Functions:
Hash functions, also called message digests and one-way encryption, and are algorithms that, in
some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext
that makes it impossible for either the contents or length of the plaintext to be recovered. Hash
algorithms are typically used to provide a digital fingerprint of a file's contents often used to
ensure that the file has not been altered by an intruder or virus. Hash functions are also
commonly employed by many operating systems to encrypt passwords. Hash functions, then,
provide a measure of the integrity of a file.
Hash functions are sometimes misunderstood and some sources claim that no two files can have
the same hash value. This is, in fact, not correct. Consider a hash function that provides a 128-bit
hash value. There are, obviously, 2128 possible hash values. But there are a lot more than 212
possible files. Therefore, there have to be multiple files in fact; there have to be an infinite
number of files. By the above basics about the Cryptography and the study is about the
Cryptographic Schemes available and their methodology of handling keys and way of Encoding
generated each class of Techniques.
Validity and Trust:
Every user in a public key system is vulnerable to mistaking a phony key (Certificate) for a real
one. Validity is confidence that a public key certificate belongs to its purported owner. Validity
is essential in a public key environment where you must constantly establish whether or not a
particular certificate is authentic.
When youve assured yourself that a certificate belonging to someone else is valid, you can sign
the copy on your keyring to attest to the fact that youve checked the certificate and that its an
authentic one. If you want others to know that you gave the certificate your stamp of approval,
you can export the signature to a certificate server so that others can see it.
-
8/9/2019 Van Ya
8/15
As described in the section, Public Key Infrastructures. some companies designates one or
more Certification Authorities (CAs) to indicate certificate validity. In an organization using a
PKI with X.509certificates, it is the job of the CA to issue certificates to users a process which
generally entails responding to a users request for a certificate. In an organization using PGP
certificates without a PKI, it is the job of the CA to check the authenticity of all PGP certificates
and then sign the good ones. Basically, the main purpose of a CA is to bind a public key to the
identification information contained in the certificate and thus assure third parties that some
measure of care was taken to ensure that this binding of the identification information and key is
valid.
The CA is the Grand Pooh-bah of validation in an organization; someone whom everyone trusts,
and in some organizations, like those using a PKI, no certificate is considered valid unless it has
been signed by a trusted CA.
Checking Validity:
One way to establish validity is to go through some manual process. There are several ways to
accomplish this. You could require your intended recipient to physically hand you a copy of hisor her public key. But this is often inconvenient and inefficient.
Another way is to manually check the certificates fingerprint. Just as every humans fingerprints
are unique, every PGP certificates fingerprint is unique. The fingerprint is a hash of the users
certificate and appears as one of the certificates properties. In PGP, the fingerprint can appear as
a hexadecimal number or a series of so-called biometric words, which are phonetically distinct
and are used to make the fingerprint identification process a little easier.
You can check that a certificate is valid by calling the keys owner (so that you originate the
transaction) and asking the owner to read his or her keys fingerprint to you and verifying that
fingerprint against the one you believe to be the real one. This works if you know the owners
voice, but, how do you manually verify the identity of someone you dont know? Some people
-
8/9/2019 Van Ya
9/15
put the fingerprint of their key on their business cards for this very reason.
Another way to establish validity of someones certificate is to trust that a third individual has
gone through the process of validating it.
A CA, for example, is responsible for ensuring that prior to issuing to a certificate, he or she
carefully checks it to be sure the public key portion really belongs to the purported owner.
Anyone who trusts the CA will automatically consider any certificates signed by the CA to be
valid.
Another aspect of checking validity is to ensure that the certificate has not been revoked.
Establishing Trust:
You validate certificates. You trust people. More specifically, you trust people to validate other
people certificates. Typically, unless the owner hands you the certificate, you have to go by
someone elses word that it is valid.
Meta and Trusted Introducers:
In most situations, people completely trust the CA to establish certificates validity. This means
that everyone else relies upon the CA to go through the whole manual validation process for
them. This is fine up to a certain number of users or number of worksites, and then it is not
possible for the CA to maintain the same level of quality validation. In that case, adding other
validators to the system is necessary.
A CA can also be a meta-introducer. A meta-introducer bestows not only validity on keys, but
bestows the ability to trust keys upon others. Similar to the king who hands his seal to his trusted
advisors so they can act on his authority, the meta-introducer enables others to act as trusted
introducers. These trusted introducers can validate keys to the same effect as that of the meta-
-
8/9/2019 Van Ya
10/15
introducer. They cannot, however, create new trusted introducers.
Meta-introducer and trusted introducer are PGP terms. In an X.509 environment, the meta-
introducer is called the root Certification Authority (root CA) and trusted introducers subordinate
Certification Authorities.
The root CA uses the private key associated with a special certificate type called a root CA
certificate to sign certificates. Any certificate signed by the root CA certificate is viewed as valid
by any other certificate signed by the root. This validation process works even for certificates
signed by other CAs in the system as long as the root CA certificate signed the subordinate
CAs certificate, any certificate signed by the CA is considered valid to others within the
hierarchy. This process of checking backup through the system to see who signed whose
certificate is called tracing a certification path or certification chain.
Trust Models
In relatively closed systems, such as within a small company, it is easy to trace a certification
path back to the root CA. However, users must often communicate with people outside of their
corporate environment, including some whom they have never met, such as vendors, customers,clients, associates, and so on. Establishing a line of trust to those who have not been explicitly
trusted by your CA is difficult.
Companies follow one or another trust model, which dictates how users will go about
establishing certificate validity. There are three different models:
1. Direct Trust
2. Hierarchical Trust
3. A Web of Trust
-
8/9/2019 Van Ya
11/15
Direct Trust
Direct trust is the simplest trust model. In this model, a user trusts that a key is valid because he
or she knows where it came from. All cryptosystems use this form of trust in some way. For
example, in web browsers, the root Certification Authority keys are directly trusted because they
were shipped by the manufacturer. If there is any form of hierarchy, it extends from these
directly trusted certificates.
In PGP, a user who validates keys herself and never sets another certificate to be a trusted
introducer is using direct trust.
Hierarchical Trust
In a hierarchical system, there are a number of root certificates from which trust extends.
These certificates may certify certificates themselves, or they may certify certificates that certify
still other certificates down some chain. Consider it as a big trust tree. The leaf certificate's
validity is verified by tracing backward from its certifier, to other certifiers, until a directly
trusted root certificate is found.
Web of Trust
A web of trust encompasses both of the other models, but also adds the notion that trust is in the
eye of the beholder (which is the real-world view) and the idea that more information is better. It
is thus a cumulative trust model. A certificate might be trusted directly, or trusted in some chain
going back to a directly trusted root certificate (the meta-introducer), or by some group of
introducers.
Perhaps youve heard of the term Six degrees of separation, which suggests that any person in
the world can determine some link to any other person in the world using six or fewer other
people as intermediaries. This is a web of introducers.
-
8/9/2019 Van Ya
12/15
It is also the PGP view of trust. PGP uses digital signatures as its form of introduction. When any
user signs anothers key, he or she becomes an introducer of that key. As this process goes on, it
establishes a web of trust.
In a PGP environment, any user can act as a certifying authority. Any PGP user can validate
another PGP users public key certificate. However, such a certificate is only valid to another
user if the relying party recognizes the validator as a trusted introducer. (That is, you trust my
opinion that others keys are valid only if you consider me to be a trusted introducer. Otherwise,
my opinion on other keys validity is moot.)
Stored on each users public keyring are indicators of:
1. Whether or not the user considers a particular key to be valid.
2. The level of trust the user places on the key that the keys owner can serve as certifier of
others keys
You indicate, on your copy of my key, whether you think my judgment counts. Its really a
reputation system: certain people are reputed to give good signatures, and people trust them to
attest to other keys validity.
Certificate Revocation
Certificates are only useful while they are valid. It is unsafe to simply assume that a certificate is
valid forever. In most organizations and in all PKIs, certificates have a restricted lifetime. This
constrains the period in which a system is vulnerable should a certificate compromise occur.
Certificates are thus created with a scheduled validity period: a start date/time and an expiration
date/time. The certificate is expected to be usable for its entire validity period (its lifetime).When
the certificate expires; it will no longer be valid, as the authenticity of its key/identification pair
is no longer assured. (The certificate can still be safely used to reconfirm information that was
encrypted or signed within the validity periodit should not be trusted for cryptographic tasks
-
8/9/2019 Van Ya
13/15
moving forward, however.)
There are also situations where it is necessary to invalidate a certificate prior to its expiration
date, such as when the certificate holder terminates employment with the company or suspects
that the certificates corresponding private key has been compromised. This is called revocation.
A revoked certificate is much more suspect than an expired certificate. Expired certificates are
unusable, but do not carry the same threat of compromise as a revoked certificate.
Anyone who has signed a certificate can revoke his or her signature on the certificate (provided
he or she uses the same private key that created the signature). A revoked signature indicates that
the signer no longer believes the public key and identification information belong together, or
that the certificates public key (or corresponding private key) has been compromised. A revoked
signature should carry nearly as much weight as a revoked certificate.
With X.509 certificates, a revoked signature is practically the same as a revoked certificate given
that the only signature on the certificate is the one that made it valid in the first placethe
signature of the CA. PGP certificates provide the added feature that you can revoke your entire
certificate (not just the signatures on it) if you yourself feel that the certificate has been
compromised.
Only the certificates owner (the holder of its corresponding private key) or someone whom the
certificates owner has designated as a revoker can revoke a PGP certificate. (Designating a
revoker is a useful practice, as its often the loss of the pass phrase for the certificates
corresponding private key that leads a PGP user to revoke his or her certificatea task that is
only possible if one has access to the private key.) Only the certificates issuer can revoke an
X.509 certificate.
Communicating That a Certificate Has Been Revoked
When a certificate is revoked, it is important to make potential users of the certificate aware that
it is no longer valid. With PGP certificates, the most common way to communicate that a
-
8/9/2019 Van Ya
14/15
certificate has been revoked is to post it on a certificate server so others who may wish to
communicate with you are warned not to use that public key.
In a PKI environment, communication of revoked certificates is most commonly achieved via a
data structure called a Certificate Revocation List, or CRL, which is published by the CA. The
CRL contains a time-stamped, validated list of all revoked, unexpired certificates in the system.
Revoked certificates remain on the list only until they expire, then they are removed from the list
this keeps the list from getting too long.
The CA distributes the CRL to users at some regularly scheduled interval (and potentially off-
cycle, whenever a certificate is revoked). Theoretically, this will prevent users from unwittingly
using a compromised certificate. It is possible though, that there may be a time period between
CRLs in which a newly compromised certificate is used.
What is a Passphrase?
Most people are familiar with restricting access to computer systems via a password, which is a
unique string of characters that a user types in as an identification code.
A passphrase is a longer version of a password, and in theory, a more secure one. Typically
composed of multiple words, a pass phrase is more secure against standard dictionary attacks,
where in the attacker tries all the words in the dictionary in an attempt to determine your
password. The best passphrases are relatively long and complex and contain a combination of
upper and lowercase letters, numeric and punctuation characters.
PGP uses a passphrase to encrypt your private key on your machine. Your private key is
encrypted on your disk using a hash of your pass phrase as the secret key. You use the
passphrase to decrypt and use your private key. A pass phrase should be hard for you to forget
and difficult for others to guess. It should be something already firmly embedded in your long-
term memory, rather than something you make up from scratch. Why? Because if you forget
your passphrase; you are out of luck. Your private key is totally and absolutely useless without
-
8/9/2019 Van Ya
15/15
your passphrase and nothing can be done about it. Remember, PGP is cryptography that will
keep major governments out of your files. It will certainly keep you out of your files, too. Keep
that in mind when you decide to change your passphrase to the punch line of that joke you can
never quite remember.
Key Splitting
They say that a secret is not a secret if it is known to more than one person. Sharing a private key
pair poses such a problem. While it is not a recommended practice, sharing a private key pair is
necessary at times. Corporate Signing Keys, for example, are private keys used by a company to
sign for example legal documents, sensitive personnel information, or press releases to
authenticate their origin. In such a case, it is worthwhile for multiple members of the company to
have access to the private key. However, this means that any single individual can act fully on
behalf of the company.
In such a case it is wise to split the key among multiple people in such a way that more than one
or two people must present a piece of the key in order to reconstitute it to a usable condition. If
too few pieces of the key are available, then the key is unusable.
Some examples are to split a key into three pieces and require two of them to reconstitute the
key, or split it into two pieces and require both pieces. If a secure network connection is used
during the reconstitution process, the keys shareholders need not be physically present in order
to rejoin the key.