Title: Part 3: Cryptography
1Part 3 Cryptography
- Large Numbers
- Random Numbers
- Cryptographic Hashes
- Symmetric Encryption
- Asymmetric Encryption (public keys)
- Digital Signatures
- Digital Certificates
- Protocols
2Why Cryptography?
- Authenticate humans and devices
- Communication is private
- Data storage can be made private
- Certificates make no use of shared secrets
- All the technologies are open, trusted, well
known and proven - Software can be attested
- All known network attacks do not work against
cryptographically secure communications - Except Denial of Service
3Cryptography?
- Cryptography provides strong techniques for
- Privacy
- Authentication
- Non-repudiation
- Un-forge-ability
- Most cryptography schemes are based on
- Cryptographic Hashes
- Symmetric encryption
- Public Key Encryption
- Digital Signatures
- Public Key Encryption is the solution to the
problem of shared secrets - And much more
4Large Numbers
Time to crack a key, if 1 trillion keys can be
tested in 1 sec
Total Number of Atoms on Earth 2160
5Random Numbers
- Cryptographically Secure Random Numbers (CSR)
- Can be generated by pseudo-random-number-generator
s (CSRPRNG) - Two 128 bit random numbers cannot be the same
- Will happen once in 1015 million years (!)
- Birthday Paradox may happen as soon as 107 years
- Used to generate keys, identifications
- Cannot guess random numbers
- Ok, maybe 1 in 1015 million years
- One in every few thousand numbers are prime
6Cryptographic Hashes
- A hash of a document is a fixed sized number
(also called message digest) produced by some
hashing algorithm (MD5, SHA-1) - No two documents can have the same hash
- Surprising, but with high level of confidence
- Slight changes in a document causes large changes
in the hash - A hash of any data can be used as a fingerprint
of that data
Document
H
hash
7Hash collisions
- Thought to be impossible
- Only one known so far for a good algorithm
- MD5 hash collision
8Symmetric Encryption
- Same key for encryption and decryption, Ek(Ek(m))
m - Used for privacy
- Many unbreakable schemes exist
- Open algorithms are the best
- DES, 3DES, IDEA, AES
- Key exchange a major problem (shared secret)
Key k
Plaintext m
E
Ciphertext Ek(m)
m
E
k
9Asymmetric Encryption
- Also known as Public Key Encryption
- Different keys for encryption and decryption,
Ek2(Ek1(m)) m - Very varied applications
- Key exchange is trivial
Note k1 and k2 are unrelated, yet
related Cannot find k2 if k1 is given But there
is only one k2, given a k1
Public key k1
m
E
Ek1(m)
m
E
Private key k2
My convention K1A Alices Public Key, K2A
Alices Private Key
10Cryptanalysis
- Breaking encryption using many different
techniques, rather than Brute Force - Known Ciphertext Attack
- Known Plaintext Attack
- Chosen Plain text attack
- Adaptive chosen plaintext attack
- Differential Cryptanalysis
- Linear Cryptanalysis
11Steganography
- Hiding data in data, in some obscure way
- LSB of pictures
- First letter of each paragraph
- Security via obscurity
- Has some important advantages, specially when
steganography is combined with cryptography
By removing all but the last 2 bite of each color
component, an almost completely black image
results. Making the resulting image 85 times
brighter results in the second image
12Kerkhoffs Principle
- Paraphrased, the set of six rules imply
- The security of a cryptosystem must depend on
the key and not the encryption algorithm. The
algorithms must be widely known. - Almost all known situations where the algorithm
was kept secret, have been broken - Enigma
- DVD encryption
- GSM encryption
- RFID encryption
- (net secret, but deployed quickly) WiFi
encryption (WEP)
13Pitfalls of Proprietary Algorithms
- Proprietary algorithms violate Kerkhoffs
principle, even if the designers did not want to
violate the principle - Designers of cryptosystems fail to see its flaws
- Even without knowing the cipher, the ciphers are
broken - Open standards are very important in
cryptography, they algorithms must be scrutinized
heavily
14Substitution Ciphers
- Substitute a letter with another letter
- Caesar Cipher
- Mono alphabetic
- Very easy to break
- Vigenere Cipher
- Poly alphabetic
- Took 300 years to break
- Kasiski Attack
- Now we know it is easily breakable
Vigenere Cipher Table A B C D E F G H I J K L
M N O P A A B C D E F G H I J K L M N O P B
B C D E F G H I J K L M N O P Q C C D E F G H I
J K L M N O P Q R D D E F G H I J K L M N O P
Q R S E E F G H I J K L M N O P Q R S T F
F G H I J K L M N O P Q R S T U G G H I J K L
M N O P Q R S T U V H H I J K L M N O P Q R S
T U V W I I J K L M N O P Q R S T U V W X J
J K L M N O P Q R S T U V W X Y K K L M N O
P Q R S T U V W X Y Z
15Unbreakable Cipher
- Unconditionally secure
- Cannot be broken with brute force
- ONE TIME PAD
- Not practically usable either
16Block and Stream Ciphers
Plaintext
- Block CipherN bit block of data is encrypted
with N bits of key to produce N bits of output - DES, AES, IDEA
- Most of the current ciphers
- Stream Cipher
- Works one bit at a time of plaintext
- Good for hardware implementations
- RC4, SEAL
Encrypter
Key
Ciphertext
Key
State Machine
Plaintext
Ciphertext
17DES
- Data Encryption Standard (DES) was created in
after a NIST issued RFP in 1973, which culminated
in the winner Lucifer. Lucifer was modified by
NSA to yield DES - Plaintext -gt Initial Permutation -gt 16 rounds
-gt final permutation -gtCiphertext - S-BOX Confusion
- P-BOX Permutation
18DES Round
PBOX0 16 1 72 203 21 4 29 5 12 6
28 7 17 8 1 9 15 10 23 11 26 12 5
13 18 14 31
SBOX0 14 1 42 133 1 4 2 5 15 6 11 7
8 8 3 9 10 10 6 11 12 12 5 13 9 14
0
L
R
Key
52
32
32
shift
shift
Expansion
Compression
48
48
S-Box
32
P-Box
Key
L
R
19Crypto Protocols
- Cryptographic Protocols are self enforcing
protocols - As opposed to arbitrated or adjudicated protocols
- They are used for
- Privacy,
- Integrity,
- Authentication,
- Non-repudiation,
- Access Control,
- Anonymity
- Time stamping
- Voting
- Cash
- and much more
20Coin Tossing
- Alice and Bob wants to toss a coin, on the
telephone - Alice chooses a random number R
- Alice sends to Bob an N bit cryptographic hash(R)
- Bob guesses even or odd
- Alice send Bob R
- How does that work?
- It does, and there are many more coin toss
protocols
21Communication
- Symmetric Key Communication
- Alice and Bob agrees on a key K
- Alice sends Bob a message M encrypted in K using
algorithm E - A -gt B Ek(M) Bob decrypts message
Dk(Ek(M)) M - B-gtA Ek(M) Alice decrypts message Dk(Ek(M))
M - How does Alice and Bob exchange K?
- key exchange
22Key Exchange
- Diffie Helman Key Exchange
- Public Key based Key exchange
- Bob sends the communication key S (session key)
to Alice, encrypted in Alices public key - No one other than Alice can find the session key
- Can be done over insecure networks
- Vulnerability Man in the middle attacks
- Solution Use digital certificates
K1A
Alice
Bob
EK1A(S)
Bob
Alice
K1A Alices Public Key, K2A Alices Private
Key
23Authentication
- Bob sends a challenge to Alice
- Challenge random number
- Alice responds with the number, encrypted in
Alices private key - Bob knows Alices public key, hence decrypts the
response and finds its the same as the random
number she sent - No one other than Alice can do this
- Alice never exposes the private key
- Public Key User ID
- Private Key Password
- NO LEAKAGE POSSIBLE!
R
Alice
Bob
EK2A(R)
Bob
Alice
24RSA
- Rivest Shamir Adelman
- Patented in 1983, expired in 2000
- Based on difficulty of factorization
- Choose two large random prime numbers p and q,
- Compute n pq
- Compute f(n) (p-1)(q-1)
- Choose an integer e, such that e, is coprime to
f(n) - -- e, n are released as the public key
- Compute d, to satisfy (de) mod f(n) 1
- -- d, is kept as the private key
25Secure Hybrid Communication
K1A Alices Public Key, K2A Alices Private
Key
- Protocol 1
- Alice -gt Bob Hello Alice
- Bob -gt Alice AliceBob, EK2B(hash(Alice
Bob)) - Protocol 2
- Alice -gt Bob Hello Alice
- Bob -gt Alice Bob, K1B
- Alice -gt Bob Prove it
- Bob -gt Alice AliceBob, EK2B(hash(Alice
Bob))
26Secure Hybrid Communication
- Protocol 3
- Alice -gt Bob Hello Alice
- Bob -gt Alice Bob, Bobs Certificate
- Alice -gt Bob Prove it
- Bob -gt Alice AliceBob, EK2B(hash(Alice
Bob)) - Protocol 4
- Alice -gt Bob Hello Alice
- Bob -gt Alice Bob, Bobs Certificate
- Alice -gt Bob Prove it
- Bob -gt Alice AliceBob, EK2B(hash(Alice
Bob)) - Alice -gt Bob EK1B(KEY)
- all communications EKEY (message)
Discussed later
27Man in the Middle
- Without certificates MITM attacks possible on
public key protocols - Certificate issuance, verification and
Certificate Authority public Key distribution
forms the underlying infrastructure of PKI - PKI Public Key Infrastructure
- Web of Trust can also be used
- Certificates are covered after Digital
Signatures
28Digital Signatures
- Digital Signatures are like real paper
signatures, but much better - Properties include
- Verifiably Authentic (with high degree of
confidence) - Unforgeable Another person cannot sign
- Not reusable Cannot lift signature from one
document to another - Unalterable The signed document cannot be
altered - Non repudiable The person signing cannot claim
she did not sign it - Simple Signature Scheme
- Alice signs a document EK2A(DOCUMENT)
K1A Alices Public Key, K2A Alices Private
Key
29Digital Signatures
Signature of H EK2A(H)
D
H
S
D Document
Cryptographic Hash of D
- An electronic document can be signed
- E.g. a check via Email!
- The document cannot be altered, forged,
repudiated - Very powerful technique, much better than paper
signatures
30Digital Certificates
- Digital signatures and public key authentication
assumes you know a persons public key - How do you know for sure?
- A digital certificate is a ID-Card, with a
persons identity and public key and a
certificate authoritys (CA) signature - Can be verified
- Provides safe authentication
- Safe from most attacks, cannot be forged, cannot
be misused
Name and Information for Alice
Alices Public Key
Signature of Certificate Authority
Digital certificate
31Communication with Certificates
- Certificates can be used to determine identity
without any attack possibilities - As long as the certificate authority is trusted
- Since certificates are PKI based, key exchange is
simple - Protocol 4 (from earlier) is used
32Message Authentication Codes
- To preserve message integrity
- Makes sure no one tampers, or replaces and sender
is authenticated on every message - EKEY(message, EKEY( h (message)))
Added number of bits is small
33Hierarchical Certificates
rCA
CA1
Pub Key
rCA Sig
CA3
CA2
CA1
Alice
CA1
Pub Key
rCA Sig
Alice
Pub Key
CA1 Sig
34Attacks on Public Keys
- Alice meets Bob and knows his public key
- Alice send a random number to Bob for challenge
response and Bob encrypts the number using
private key and returns - Alice can fool Bob into decrypting documents,
signing documents - Alice sends Bob a good document
- Bob signs and returns
- Alice can fool Bob into signing a bad document
- Birthday Attack
35Birthday Paradox
There are N people in a room. What is the
probability that two people have the same
birthday?
36Match Probabilities
- Choose a number (0..9)
- Now pick a number at random, what is the
probability of getting the chosen number?
Pick numbers at random (0..9) What is the
probability that you get two numbers with same
value?
37How to do a Birthday Attack
- Create a Good Document
- Create a Bad Documents
- Perturb or change the documents a million
times - Hash them and see if there is a match between a
good document and bad document - With 80 bit hashes, chances are quite high
- Moral Use 160bit hashes
38The final PKI lesson
- Never encrypt something that was given to you
with private key and let others know the result.
Change it first. - Never sign something that was given to you.
Change it first.
39Other Protocols
- Cryptographic Protocols exist for
- Timestamping
- Group communication
- Group signatures
- Secret sharing, secret splitting
- Secure multiparty computations
- Blinding and cut and choose
- Coin tossing, card dealing
- Secure electronic elections
- Digital cash and micropayments
- Many more