Cryptography and Java

1
Cryptography and Java
Andrea Piras
2
Contents
Whats criptography? Cryptography
Applications U.S. government Cryptography Java
Packages Key Random Numbers Cipher Feistel
Cipher ECB CBC CFB OFB LFSR Attacks
3
Contents
Hash One Way Function Some HOW Functions
Example MAC One-Time Pad Symmetric
Cryptography Attacks DES After DES? Rijndael Examp
le
4
Contents
Asymmetric Cryptography Encryption-Decryption Sign
ature Attacks Some Asymmetric Cipher RSA Example S
ymmetric vs. Asymmetric Hybrid Cryptography Biblio
graphy
5
Whats cryptography?
kryptos logos hidden word
Encryption
Decryption
Trasformation of data into an impossible form to
read without the appropriate knowledge
Trasformation of encrypted data into an
intellegible form
Cryptanalysis the science of breaking the
cryptography
6
Cryptography Applications

• Secure communication
• (exchange messages whitout that third part
  eavesdropping is able to decipher them)
• Identification Authentication
• (verifying someones or somethings identity
  not necessarily involve identifying, es. Internet
  account)
• Secret sharing
• (n parts, k, kltn, k people can determine the
  secret but no k-1)
• Electronic Commerce
• (sending private data whit security)

7
Cryptography Applications

• Certification
• (certifying authority vouch for the user)
• Key Recovery
• (lost key law agency want to eavesdrop on
  criminals)
• Remote Access
• (when the password not be enough)

8
U.S. government Cryptography
For many years, it was possible to export
cryptographic products with limited key size.
Exporting cryptographic products whitout limits,
less Cuba, Iran, Iraq, Libia, Corea del Nord,
Serbia, Sudan, Siria, Afghanistan.
January 2000
NSA (National Security Agency) NIST (National
Institute of Standards and Technology) BXA
(Bureau of Export Administration)
9
Java Packages

• java.security included in JDK, few algorithms
• JCE (java cryptography extension) defined by
  Sun, little algorithms, package javax.crypto
• CryptixJCE open-source, good number of
  algorithms, package cryptix, modified packages
  java.lang, java.security, different API
• OpenJCE free, developed by Australian Business
  Access, good number of algorithms, packages
  au.net.aba.crypto, javax.crypto
• IAIK-JCE developed by Institut für Angewandte
  Informationsverarbeitung und Kommunikationstechnol
  ogie - Technische Universität Graz, free for
  researchers, a lot of algorithms, packages iaik,
  javax.crypto

10
Java Packages
For using the algorithms, its necessary to
install the package as a provider.
Static Add Modify the file java.security, adding
the line security.provider.n nameprovider
(ex. security.provider.2 iaik.security.provider
.IAIK)
Dynamic Add java.Security.addProvider(new
nameprovider()) (ex. java.Security.addProvider(ne
w iaik.security.provider.IAIK())
11
Key
It is a sequence of bits that allowing the
encryption and the decryption. All the
cryptography depends by it.
12
Random Numbers
For computers, they dont exist, they are
pseudo-random number
Because the generator is an algorithm that,
starting by seed, output numbers where in
possible to find a period.
Seed UP
13
Cipher
Block cipher encryption algorithm that trasforms
a fixed-length block of plaintext into a block of
ciphertext of same lenght
Stream cipher block cipher that works on smaller
units (bits, bytes) of plaintext
14
Feistel Cipher

• The plaintext is split into two halves (Ro,Lo)
• More rounds, more security

15
ECB(Electronic Code Book)

• Plaintext m is split in i blocks
• Each block is encrypted independently from others
• Allows parallelization

16
CBC(Cipher Block Chaining)

• Plaintext m is split in i blocks
• Each block is XORed with the previous ciphertext
  block and then encrypted
• Co is the inizialization vector and it can be
  send into plain mode

17
CFB(Cipher FeedBack)

• Plaintext m is split in i blocks
• The previous ciphertext block is encrypted and
  the output is XORed with the current plaintext
  block
• Co is the inizialization vector and it can be
  send into plain mode

18
OFB(Output FeedBack)

• Plaintext m is split in i blocks
• So is the inizialization vector and it can be
  send into plain mode
• The Si is encrypted and the output is XORed with
  the current plaintext block
• Any bit errors occur during transmission arent
  propagated at other blocks by decryption

19
LFRS(Linear FeedBack Shift Register)

• Its a stream cipher
• The register consists of a series of cells setted
  by the key
• Its regulated by a counter
• The contents of the cells are shifted right by
  one position and XORed with some ones.
• The output bits are XORed with the plaintext.

20
Attacks

• Ciphertext Only Attach obtain a ciphertext
  starting by a null plaintext
• Chosen Plaintext Attack from chosen plaintext to
  ciphertext
• Adaptive Chosen Plaintext Attack from
  dymanically chosen plaintext to ciphertext

21
Attacks

• Chosen Ciphertext Attack to attempt to obtain
  the decrypted plaintext starting by ciphertext
• Adaptive Chosen Ciphertext Attack to attempt to
  obtain the decrypted plaintext starting by
  dynamically chosen ciphertext
• Exhaustive Key Search generate and try all
  possible keys

22
Hash One Way Function

• Its easy to compute in one direction and hard in
  the opposite
• Input can be of any lenght
• Output has a fixed lenght
• Collision free
• Message digest

23
Some HOW Functions

• SHA-SHA1 (Secure Hash Algorithm)
• Input lt 264 bits
• Output 160 bit
• P(collision) 2-160
• By NIST

MD5 (Message Digest) Input splits in 512-bit
blocks Output 128 bit P(collision) 2-128 By
Ron Rivest
24
Example
import java.security. public class Example1
public static void main(String args)
byte byteMessage, byteDigest, byteAdd
MessageDigest md MessageDigest.getInstance(S
HA) md.update(byteMessage)
md.add(byteAdd) byteDigest md.digest()

25
MAC(Message Authentication Code)
Its a checksum derived by applying a scheme
with the key to a message Can be hash function
based, stream cipher based, block cipher based
26
One-Time Pad

• By Mauborgne-Vernam, 1917
• Used during the cold-war
• Perfect
• Key length data to encrypt
• ci XOR(mi, ki)

27
Symmetric Cryptography
The some key is used for encrypting and
decrypting data
key
key
ENCRYPT
HI
DECRYPT
HI
kdW3e4rf
Problem secure key exchange
28
Attacks

• Differential cryptanalysis analyze the
  differents by two plaintexts encrypted with the
  same key
• Linear cryptanalisys study many pairs
  plaintext-ciphertext
• Weak keys keys for wich encryption is equal to
  decryption
• Algebraic attacks using mathematical techniques

29
DES(Data Encryption Standard)

• by NIST
• the best and widely used in the world
• 64 bits klock size
• 56 bits key size ( 8 parity bits)
• used for encrypt-decrypt message and MAC
• 4 weak keys

IT HAS BEEN BROKEN
30
After DES?

• DESede
• Now, its the encryption standard
• Each block of plaintext is encrypted in 3 times
  using 3 different DES key (168 bits)
• Advanced Encryption Standard Initiative
• Announced in 9/1997 by NIST for finding the DES
  successor

31
Rijndael
NIST announces that Rijndael has been selected as
the proposed AES.
October 2, 2000

• Fast, versatile, simple, sicure and well-suited
  for smart-card
• 128, 192, 256 bits key length (extended to
  multiple 32 bits)
• Based on 128 bits block cipher (Square)

32
Example
import java.security. import javax.crypto. pu
blic class Example2 public static void
main(String args) byte byteData,
byteEncrypted, byteDecrypted
Security.addProvider(new iaik.security.provider.IA
IK()) KeyGenerator kg
KeyGenerator.getInstance(DES)
kg.initialize(new SecureRandom()) Key
key kg.generateKey()
33
Example
Cipher cipher Cipher.getIstance(DES/ECB
/PKCS5Padding) cipher.init(Cipher.ENCRYP
T_MODE, key) byteEncrypted
cipher.doFinal(byteData)
cipher.init(Cipher.DECRYPT_MODE, key)
byteDecrypted cipher.doFinal(byteEncrypted)

34
Asymmetric Cryptography
Based on discrete logarithm problem, elliptic
curve discrete logarithm problem, factoring
problem, e-root problem
Key Pair Public (can be showed), Private (kept
secret)
35
Encryption-DecryptionAsymmetric Cryptography
A
B
data
public key
private key
ENCRYPT
DECRYPT
data
36
SignatureAsymmetric Cryptography
A
B
public key
data
private key
ENCRYPT
DECRYPT
data
37
Attacks
Man In The Middle
A
B
38
Some Asymmetric Cyphers
Diffie-Hellman the first (1976), the public key
are exchanged for creating a common symmetric
key DSA (Digital Signature Encryption) by NIST,
used only for signature, considered secure with
1024-bit key, 64-bits increments El-Gamal
encryption and signature
39
RSARivest-Shamir-Adleman
Key length 768, 1024, 2048 (512 broken in 7
months) De Facto Standard
September 2000
released into the public domain
40
Example
import java.security. import javax.crypto. pu
blic class Example3 public static void
main(String args) byte byteData,
byteEncrypted, byteDecrypted
Security.addProvider(new iaik.security.provider.IA
IK()) KeyPairGenerator kpg
KeyPairGenerator.getInstance(RSA)
kpg.initialize(1024, new SecureRandom())
KeyPair asymmetricKey kpg.generateKeyPair()

41
Example
Cipher cipher Cipher.getIstance(RSA)
cipher.init(Cipher.ENCRYPT_MODE,
asymmetricKey.getPrivate()) byteEncrypted
cipher.doFinal(byteData)
cipher.init(Cipher.DECRYPT_MODE,
asymmetricKey.getPublic()) byteDecrypted
cipher.doFinal(byteEncrypted)
42
Symmetric vs. Asymmetric
43
Hybrid Cryptography
data
Sym. Encrypt
symKey
Asym. Encrypt
symKey
asymKey
44
Bibliography

• RSA Security Faqs (http//www.rsasecurity.com/rsa
  labs/faq)
• Ferragina, Luccio, Appunti di crittografia,
• Università degli Studi di Pisa - Dipartimento
  di Informatica,
• settembre 2000
• Knudsen, Java Cryptography, OReilly, may 1998
• Java 2 Platform, API Specification
• CryptixJCE (http//www.cryptix.org)
• IAIK-JCE (http//jcewww.iaik.tu-graz.ac.at)
• NIST (http//www.nist.gov)
• OpenJCE (http//www.openjce.org)